[Closed] Rootkit found

Status
Not open for further replies.
OK hope that went as desired. Will just report that the AVAST message about Rootkit appeared again:

SVC:mrxsmb14>system32\DRIVERS\mrxsmb10.SysE'
 
Here is the EXTRAS.TXT

OTL Extras logfile created on: 11/20/2012 8:46:32 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Padredw\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 52.71% Memory free
7.81 Gb Paging File | 5.81 Gb Available in Paging File | 74.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.24 Gb Total Space | 71.45 Gb Free Space | 64.23% Space Free | Partition Type: NTFS

Computer Name: ZENBOOK | User Name: Padredw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07A99DB6-FEB6-432B-8B6A-F700E24B99BC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{12D04B65-7E09-4963-9D0C-41499B6A6BFF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{166FA973-2B64-4DD0-BE66-963A0758E1AF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{17F486CE-63E5-47E0-BF95-0D5830D841C9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2E0E9E85-043E-4036-81BA-0A5BDD62C97C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3CEC3A54-1617-4468-A250-A2CA67D1A543}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E63850B-B151-4A10-AD01-2CEC6F3B045A}" = lport=139 | protocol=6 | dir=in | app=system |
"{3ED4FC2A-3D2A-42F6-A2FF-9249A9BE3EB2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{699F7A6F-D63E-4B59-92A4-89706F2BB345}" = rport=139 | protocol=6 | dir=out | app=system |
"{7081D260-9409-4793-B02F-BE1796177D39}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7C1141BC-88FC-4B1E-8C95-EABFB3D9A901}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{838273E3-16C9-421A-A695-32BE9C70AF3D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A6FA3F52-DACD-4DC6-9760-F0940C776AED}" = lport=137 | protocol=17 | dir=in | app=system |
"{A73DE6D3-EA1F-4D7F-8118-A9AC01593523}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A7F1DCEE-E13E-4CF3-8D2E-07CAC64A8503}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A9B37307-27C3-4E2F-8604-6FF568BA3BB5}" = lport=445 | protocol=6 | dir=in | app=system |
"{AD2D4D0C-7ADB-4E22-BD70-B16DC3A384BE}" = rport=138 | protocol=17 | dir=out | app=system |
"{BBA1DEB4-7C45-4558-B84E-A61924C65606}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D253A2C5-80B0-48CC-BE41-4B373152E316}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D397B4BD-AA49-4229-89DF-2609DFCA57F0}" = rport=137 | protocol=17 | dir=out | app=system |
"{D5F4D59D-7748-4FC5-A043-9B5E7B385D04}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DB502312-15E2-4562-8580-0BF9A2875BA0}" = rport=445 | protocol=6 | dir=out | app=system |
"{E162F97B-257C-452A-A0CD-32FB98F550F1}" = lport=138 | protocol=17 | dir=in | app=system |
"{F1C3E909-19A2-4A13-9284-721D2B7BC942}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F44A415D-3D6B-401B-BF79-2D514D4A233C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F7D4F805-DFFE-429A-B989-E45733AA6D02}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AFA925B-1969-44FE-9AB1-9D782E64625B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0B8AC230-A037-4717-BBCD-7625506A1CC0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{0FBDDCC9-B056-4B02-BC2D-C06B9FD82797}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{12A6E9C4-4F97-431A-BB28-2EDFEAC40596}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{195329F7-49B7-47FA-BF4D-5FC738502C34}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{225CFD1A-2CD5-41D7-BC8B-13AF16C2AA76}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{376B9571-92E4-40A8-AE23-DDC139496954}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{3D7DC975-F348-4850-8388-2D5A41952924}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{42EE006C-425E-4ABE-BAC7-8625CD2FC7A1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4A1F0DE7-9A6A-4849-92B5-EE9E8E2EEA18}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4A5A04A5-8160-41A6-AB35-934975C4EABD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4D0B191E-57C3-4B04-879A-1E9FA3B66207}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{500C108A-1176-4B64-884D-3883489B9F3E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{61516047-33BC-4408-A48E-CAE4FA977599}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{63A1D1AC-CC3F-4CC0-A2B4-B57AF2AFACA6}" = protocol=6 | dir=out | app=system |
"{796C8EE3-3B18-46C6-B44C-95B1311573DA}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{7A6DB55B-0EBE-4A17-940C-B816E6E74017}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7DE2D04C-A5DB-40A8-8713-C07D08E266BB}" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"{8607BF7E-409B-469D-B20C-D0BE78E6194F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8ACA1F4B-7A70-4445-BBB3-9F7A0FB410EA}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{8DB2682B-C240-49D4-83FC-99199D766EB5}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{927088F2-C849-4406-97F8-841DA95370C7}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{9311E0C9-43C4-48F1-BFA3-46CC37CA7E24}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{AC727256-6EE0-45C6-8065-4D9A01BBE041}" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"{AD69F378-F196-4D6F-96C0-A43714E3DF48}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B604405B-D902-4921-96AD-B1A8638A0D8B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B8C0BFC5-4657-4259-9B6F-1056C919280A}" = dir=in | app=c:\users\padredw\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{BF0F0FA6-8F7E-48A5-B40A-3F1AD3E9A295}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D2D63729-28A7-4FA0-A0FC-D1B47BCE6E92}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D4CD7096-AE21-49E2-A045-CA2A364614DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E59846E7-A660-43D6-B551-F16FCDCCF83C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E6D7B2A9-4522-47EF-BA12-74B1972425B6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E86FB507-1818-4FC7-B382-C9C9779666E1}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{E97023BE-1B03-425C-B768-0A4C9BF81586}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{FA329BE1-0283-4DC5-A450-2488C445FDCC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E66AC4-B28B-494C-993D-3CD17020BEBC}" = Fresco Logic USB3.0 Host Controller
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.441
"{3CE222BA-66A6-4D18-BEE9-5D21C5798C3E}" = Windows Live Family Safety
"{3D7F836A-AE1F-4FA6-8DB9-4FE06697AB0A}" = Windows Live Family Safety
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DDCFF78-6F91-438C-9567-C5CAA9D7F56C}" = Windows Live Family Safety
"{749BE6FF-815E-4F36-901B-7AC301B50330}" = Windows Live Family Safety
"{761C6783-D3BC-48AB-8E7C-61CE918A8436}" = ASUS Secure Delete
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E01819BD-709F-43A1-9600-6F5E4C584C37}" = Windows Live Family Safety
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"Elantech" = ETDWare PS/2-X64 10.0.5.2_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{54A168C9-2250-4058-80EB-1F4A4192548A}" = AX88772B Windows 7 Drivers
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS FaceLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AD1FE8DD-0A6A-46E7-9B5F-8A70DD75CA93}" = ThumbsPlus
"{AECA3622-E634-4A55-A696-70A511CBE06E}" = ASUS USB Charger Plus
"{B2DB883F-1AF3-4BE6-BE04-710D9C556C44}" = ASUS PowerWiz
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{C4BC5A5F-4A97-47CC-99C3-AB8E10572AFE}" = Wireless Console 3
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F992409C-9D10-4AE2-BAEB-B5409AD3785E}" = 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)
"{F9C62746-BB57-48B2-853D-38DE983A703C}" = IncrediMail
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"avast" = avast! Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"FileZilla Client" = FileZilla Client 3.5.3
"Google Chrome" = Google Chrome
"Icon Restore_is1" = Icon Restore 1.0
"IncrediMail" = IncrediMail 2.0
"InstallShield_{54A168C9-2250-4058-80EB-1F4A4192548A}" = AX88772B Windows 7 Drivers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nvu_is1" = Nvu 1.0PR
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"TeamViewer 7" = TeamViewer 7
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoforFiles" = GoforFiles
"ThumbsPlus" = ThumbsPlus

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/18/2012 4:58:13 PM | Computer Name = Zenbook | Source = Windows Search Service | ID = 7010
Description =

Error - 11/18/2012 4:58:43 PM | Computer Name = Zenbook | Source = Windows Search Service | ID = 3057
Description =

Error - 11/18/2012 4:58:43 PM | Computer Name = Zenbook | Source = Windows Search Service | ID = 3029
Description =

Error - 11/18/2012 4:58:54 PM | Computer Name = Zenbook | Source = ESENT | ID = 490
Description = Windows (5776) Windows: An attempt to open the file "C:\Windows\system32\Windows.edb"
for read / write access failed with system error 5 (0x00000005): "Access is denied.
". The open file operation will fail with error -1032 (0xfffffbf8).

Error - 11/18/2012 4:58:54 PM | Computer Name = Zenbook | Source = Windows Search Service | ID = 9000
Description =

Error - 11/18/2012 4:58:54 PM | Computer Name = Zenbook | Source = Windows Search Service | ID = 7040
Description =

Error - 11/18/2012 4:58:54 PM | Computer Name = Zenbook | Source = Windows Search Service | ID = 9002
Description =

Error - 11/18/2012 4:58:54 PM | Computer Name = Zenbook | Source = Windows Search Service | ID = 3029
Description =

Error - 11/18/2012 4:58:54 PM | Computer Name = Zenbook | Source = Windows Search Service | ID = 3029
Description =

Error - 11/18/2012 4:58:54 PM | Computer Name = Zenbook | Source = Windows Search Service | ID = 3028
Description =

Error - 11/18/2012 4:58:54 PM | Computer Name = Zenbook | Source = Windows Search Service | ID = 3058
Description =

Error - 11/18/2012 4:58:54 PM | Computer Name = Zenbook | Source = Windows Search Service | ID = 7010
Description =

[ System Events ]
Error - 10/29/2012 5:03:02 PM | Computer Name = Zenbook | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1075

Error - 10/29/2012 5:03:02 PM | Computer Name = Zenbook | Source = Service Control Manager | ID = 7003
Description = The Workstation service depends the following service: MRxSmb20. This
service might not be installed.

Error - 10/29/2012 5:03:02 PM | Computer Name = Zenbook | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1075

Error - 10/29/2012 5:03:02 PM | Computer Name = Zenbook | Source = Service Control Manager | ID = 7003
Description = The Workstation service depends the following service: MRxSmb20. This
service might not be installed.

Error - 10/29/2012 5:03:02 PM | Computer Name = Zenbook | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1075

Error - 10/29/2012 5:03:02 PM | Computer Name = Zenbook | Source = Service Control Manager | ID = 7003
Description = The Workstation service depends the following service: MRxSmb20. This
service might not be installed.

Error - 10/29/2012 5:03:02 PM | Computer Name = Zenbook | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1075

Error - 10/29/2012 5:03:02 PM | Computer Name = Zenbook | Source = Service Control Manager | ID = 7003
Description = The Workstation service depends the following service: MRxSmb20. This
service might not be installed.

Error - 10/29/2012 5:03:02 PM | Computer Name = Zenbook | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1075

Error - 10/29/2012 5:03:02 PM | Computer Name = Zenbook | Source = Service Control Manager | ID = 7003
Description = The Workstation service depends the following service: MRxSmb20. This
service might not be installed.


< End of report >
 
Open OTL, click the None button, copy and paste this to the Custom Scans/Fixes box and hit Run Scan:

2083006
 
OK, if I understood correctly, I get this much shorter txt file:

OTL logfile created on: 11/21/2012 11:22:05 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Padredw\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 58.15% Memory free
7.81 Gb Paging File | 6.00 Gb Available in Paging File | 76.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.24 Gb Total Space | 73.89 Gb Free Space | 66.42% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 133.93 Gb Free Space | 89.88% Space Free | Partition Type: FAT32
Drive E: | 58.20 Gb Total Space | 57.19 Gb Free Space | 98.27% Space Free | Partition Type: FAT32

Computer Name: ZENBOOK | User Name: Padredw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< 2083006 >

< End of report >
 
If I may post an image file. This is the original report of problem:

RR.jpg
 
That's right. Good job. Sorry for delay. I just came back from my short vacation. :)

Open OTL, click the None button, copy and paste this to the Custom Scans/Fixes box and hit Run Scan:

mrxsmb*
mrxsmb*.*
 
Hope this will send [not too many characters] REPORT:

OTL logfile created on: 11/23/2012 2:00:24 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Padredw\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 49.36% Memory free
7.81 Gb Paging File | 5.66 Gb Available in Paging File | 72.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.24 Gb Total Space | 73.35 Gb Free Space | 65.94% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 133.93 Gb Free Space | 89.88% Space Free | Partition Type: FAT32

Computer Name: ZENBOOK | User Name: Padredw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Modules (No Company Name) ==========

MOD - [2012/10/08 18:58:29 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/09/08 07:08:43 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/08/31 04:59:23 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/08/31 04:59:19 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2012/04/23 16:35:09 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/03/21 16:32:36 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/02/10 17:31:42 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2012/02/10 17:31:41 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2012/02/10 17:31:40 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2011/12/05 16:21:50 | 000,369,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS PowerWiz\AsBatInfo.dll
MOD - [2011/10/04 14:14:06 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2011/09/09 00:10:06 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
MOD - [2010/11/04 19:58:16 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/11/04 19:58:12 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/11/04 19:58:06 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010/11/04 19:57:48 | 000,610,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MOD - [2009/06/10 15:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2009/06/10 15:14:46 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
MOD - [2009/06/10 15:14:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
MOD - [2009/06/10 15:14:43 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
MOD - [2003/02/21 18:38:54 | 000,028,672 | ---- | M] () -- D:\Program Files (x86)\ThumbsPlus\Bin\cwebpage.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/05/08 14:14:30 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2010/11/29 17:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/08 07:08:43 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/16 08:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/16 17:04:18 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/11/21 13:22:08 | 000,080,512 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2011/11/21 13:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/02 16:31:22 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/08/02 16:13:24 | 000,103,584 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/03/01 22:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/02 15:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/11/01 21:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 10:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/23 14:13:10 | 002,796,544 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/10/18 11:47:12 | 000,198,448 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/10/17 21:41:44 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/17 21:41:44 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/16 23:29:08 | 000,202,496 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)
DRV:64bit: - [2011/10/16 23:29:08 | 000,069,888 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)
DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/15 21:35:40 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/09/15 21:35:18 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/02 16:22:52 | 000,511,136 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/08/02 16:22:06 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/08/02 16:21:50 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/08/02 16:21:20 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/08/02 16:21:04 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/08/02 16:20:50 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/08/02 16:20:34 | 000,110,240 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011/08/02 16:20:18 | 000,330,912 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/05/13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/04/25 21:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/15 04:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011/02/25 19:42:18 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2010/11/29 17:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/20 07:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/04/28 11:59:16 | 000,027,264 | ---- | M] (ASUS Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\assd.sys -- (assd)
DRV:64bit: - [2009/07/20 03:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 14:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/23 16:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/09/07 08:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 16:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Window?\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http:?/go?mic?osoft.com/f?lin?/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.babylon.com/?affID=1...HP_ss&mntrId=1ef4549b000000000000e0b9a5d37e3b
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.babylon.com/?q={sear...SP_ss&mntrId=1ef4549b000000000000e0b9a5d37e3b
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=1pb9F3Lvbfa
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://dwilliamson.com/"
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Padredw\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/06/01 15:51:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/06/01 15:51:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/15 20:21:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 07:08:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 07:08:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/05/29 16:00:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Extensions
[2012/11/15 20:31:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\2lavxh9e.default-1347472641346\extensions
[2012/11/15 20:31:38 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\2lavxh9e.default-1347472641346\extensions\foxmarks@kei.com
[2012/09/12 11:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\lbdejzv4.default\extensions
[2012/06/02 18:56:45 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\lbdejzv4.default\extensions\plugin@yontoo.com
[2012/11/19 17:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/19 17:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2012/11/15 20:21:10 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/09/08 07:08:44 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/19 17:10:14 | 000,002,351 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/09/08 07:08:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/08 07:08:42 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://isearch.babylon.com/?affID=1...HP_ss&mntrId=1ef4549b000000000000e0b9a5d37e3b
CHR - default_search_provider: MyStart Search ()
CHR - default_search_provider: search_url = http://mystart.incredimail.com//?loc=GC_Default_Search&search={searchTerms}&a=1pb9F3Lvbfa
CHR - default_search_provider: suggest_url =
CHR - homepage: http://isearch.babylon.com/?affID=1...HP_ss&mntrId=1ef4549b000000000000e0b9a5d37e3b
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Search = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Web Assistant = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.441_0\
CHR - Extension: avast! WebRep = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Gmail = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/11/17 07:27:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [QuickTime Task] D:\Program Files (x86)\QT\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Padredw\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Padredw\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Padredw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_61846147.lnk = C:\Users\Padredw\AppData\Local\Temp\_uninst_61846147.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O13 - gopher Prefix: missing
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85784282-9EB5-42AE-B0D6-79E47DDB0569}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\javascript - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local - No CLSID value found
O18:64bit: - Protocol\Handler\mailto - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\javascript - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\local - No CLSID value found
O18 - Protocol\Handler\mailto - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/22 14:51:26 | 000,000,000 | ---D | M] - D:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
PART TWO: same report

========== Files/Folders - Created Within 30 Days ==========

[2012/11/21 09:03:39 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\Wisdom-soft
[2012/11/21 09:03:27 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
[2012/11/21 09:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
[2012/11/21 09:03:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free
[2012/11/20 14:04:58 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\Akamai
[2012/11/20 10:19:31 | 000,000,000 | ---D | C] -- C:\Users\Padredw\Desktop\Active TXT
[2012/11/19 17:10:04 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\Babylon
[2012/11/19 17:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/11/19 17:09:59 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\GoforFiles
[2012/11/19 17:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoforFiles
[2012/11/18 15:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/11/18 07:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2012/11/18 07:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2012/11/17 08:09:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/17 07:14:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/17 07:14:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/17 07:14:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/17 07:10:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/17 07:09:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/16 14:12:16 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/11/16 14:12:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/11/16 14:03:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/16 14:03:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/16 14:03:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/16 14:03:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/16 14:03:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/11/16 14:03:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/16 14:03:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/16 14:03:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/16 14:03:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/11/16 14:03:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/16 14:03:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/11/16 14:03:02 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/16 14:02:58 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/11/16 14:02:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/16 14:02:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/11/16 14:02:06 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/11/16 14:02:04 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/11/16 14:02:03 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/11/16 14:02:02 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/11/16 10:20:21 | 064,010,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/11/16 06:51:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Windows.edb
[2012/11/16 06:51:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\GatherLogs
[2012/11/15 16:08:20 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/11/15 16:08:20 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/11/15 16:08:20 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/11/15 16:08:10 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/11/15 16:08:10 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/11/15 16:08:10 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/11/15 16:08:09 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/11/15 16:08:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/11/15 16:08:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/11/15 16:06:17 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/15 16:06:17 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/10 10:59:10 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\{34776BE7-FC1D-4ABB-B3B6-473668DB797E}
[2012/11/09 16:23:50 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\{BA473950-0598-4D31-B9DF-56C2DE35F2C4}
[2012/11/02 15:38:36 | 000,862,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
[2012/11/02 15:38:36 | 000,828,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110.dll
[2012/11/02 15:38:36 | 000,661,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110.dll
[2012/11/02 15:38:36 | 000,534,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
[2012/11/02 15:38:36 | 000,354,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll
[2012/11/02 15:38:36 | 000,251,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
[2012/11/02 15:38:36 | 000,050,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\point64.sys
[2012/11/01 21:52:50 | 001,795,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
[2012/11/01 21:52:50 | 000,075,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dc3d.sys
[2012/10/29 15:47:49 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012/10/29 15:47:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012/10/29 15:47:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012/10/29 15:47:44 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012/10/29 15:47:44 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2012/10/29 15:47:44 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012/10/29 15:47:40 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012/10/29 15:47:40 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012/10/29 15:47:40 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012/10/29 15:47:39 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012/10/29 15:47:39 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012/10/29 15:47:39 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012/10/29 15:47:39 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012/10/29 15:47:39 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012/10/29 15:47:39 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012/10/29 15:47:39 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012/10/29 15:47:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012/10/29 15:47:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012/10/29 15:47:38 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/10/29 15:47:38 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/10/29 15:47:38 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012/10/29 15:47:38 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012/10/29 15:47:37 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/10/29 15:47:36 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/10/29 15:47:35 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/10/29 15:45:12 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/10/29 15:45:12 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/10/29 15:44:33 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/29 15:44:29 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/29 15:44:28 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/29 15:44:15 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/29 15:41:15 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/29 15:41:15 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/10/29 14:04:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LOCALAPPDATA%
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/23 14:02:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 14:02:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 13:56:30 | 000,020,121 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_04 Nov. 23 13.56.jpg
[2012/11/23 13:55:06 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
[2012/11/23 13:55:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/23 13:54:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/23 13:54:54 | 3144,658,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/21 13:17:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/21 12:21:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1503925453-3831833974-1368267004-1001UA.job
[2012/11/21 09:21:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1503925453-3831833974-1368267004-1001Core.job
[2012/11/21 09:08:07 | 000,041,225 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_03 Nov. 21 09.08.jpg
[2012/11/21 09:07:48 | 000,000,285 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_02 Nov. 21 09.07.jpg
[2012/11/21 09:06:49 | 000,044,890 | ---- | M] () -- C:\Users\Padredw\Desktop\RR.jpg
[2012/11/21 09:03:27 | 000,002,020 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter 6.0 Free.lnk
[2012/11/20 15:02:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/11/20 14:43:29 | 000,373,343 | ---- | M] () -- C:\Users\Padredw\Desktop\WinFlash_Win7_64_Z2411.zip
[2012/11/20 14:18:29 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini
[2012/11/20 13:17:57 | 332,335,858 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/19 15:51:54 | 000,165,376 | ---- | M] () -- C:\Users\Padredw\Desktop\SystemLook_x64(1).exe
[2012/11/18 15:07:25 | 000,001,015 | ---- | M] () -- C:\Users\Padredw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_61846147.lnk
[2012/11/18 07:10:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012/11/18 06:56:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012/11/17 07:27:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/17 06:58:30 | 000,277,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/16 11:15:56 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/09 16:20:04 | 000,002,380 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/02 15:38:36 | 000,862,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
[2012/11/02 15:38:36 | 000,828,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110.dll
[2012/11/02 15:38:36 | 000,661,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110.dll
[2012/11/02 15:38:36 | 000,534,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
[2012/11/02 15:38:36 | 000,354,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll
[2012/11/02 15:38:36 | 000,251,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
[2012/11/02 15:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\point64.sys
[2012/11/01 21:52:50 | 001,795,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
[2012/11/01 21:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dc3d.sys
[2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/10/30 17:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/30 17:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/10/30 17:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/10/29 21:32:32 | 064,010,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/10/29 14:40:35 | 000,000,794 | ---- | M] () -- C:\Users\Padredw\Desktop\ThumbsPlus 8 SP1.lnk
[2012/10/29 12:53:45 | 000,000,023 | ---- | M] () -- C:\Users\Padredw\AppData\Roaming\Thumbs8.ini
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/23 13:56:30 | 000,020,121 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_04 Nov. 23 13.56.jpg
[2012/11/21 09:08:07 | 000,041,225 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_03 Nov. 21 09.08.jpg
[2012/11/21 09:07:48 | 000,000,285 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_02 Nov. 21 09.07.jpg
[2012/11/21 09:06:49 | 000,044,890 | ---- | C] () -- C:\Users\Padredw\Desktop\RR.jpg
[2012/11/21 09:03:27 | 000,002,020 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter 6.0 Free.lnk
[2012/11/20 14:26:06 | 000,373,343 | ---- | C] () -- C:\Users\Padredw\Desktop\WinFlash_Win7_64_Z2411.zip
[2012/11/20 14:18:29 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2012/11/19 15:55:27 | 000,165,376 | ---- | C] () -- C:\Users\Padredw\Desktop\SystemLook_x64(1).exe
[2012/11/18 15:07:25 | 000,001,015 | ---- | C] () -- C:\Users\Padredw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_61846147.lnk
[2012/11/18 07:10:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012/11/18 06:56:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012/11/17 07:14:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/17 07:14:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/17 07:14:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/17 07:14:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/17 07:14:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/16 14:12:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/16 14:02:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/10/29 12:53:45 | 000,000,023 | ---- | C] () -- C:\Users\Padredw\AppData\Roaming\Thumbs8.ini
[2012/09/12 06:09:13 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/06/21 12:17:37 | 000,005,120 | ---- | C] () -- C:\Users\Padredw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/09 12:14:02 | 000,000,251 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/05/29 15:38:01 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2011/10/20 00:47:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/10/20 00:46:59 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/10/20 00:46:55 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/10/20 00:46:53 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/10/20 00:46:50 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/10/17 22:17:57 | 000,811,800 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< mrxsmb* >

< mrxsmb*.* >

< End of report >
 
========== Files/Folders - Created Within 30 Days ==========

[2012/11/21 09:03:39 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\Wisdom-soft
[2012/11/21 09:03:27 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
[2012/11/21 09:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
[2012/11/21 09:03:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free
[2012/11/20 14:04:58 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\Akamai
[2012/11/20 10:19:31 | 000,000,000 | ---D | C] -- C:\Users\Padredw\Desktop\Active TXT
[2012/11/19 17:10:04 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\Babylon
[2012/11/19 17:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/11/19 17:09:59 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\GoforFiles
[2012/11/19 17:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoforFiles
[2012/11/18 15:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/11/18 07:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2012/11/18 07:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2012/11/17 08:09:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/17 07:14:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/17 07:14:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/17 07:14:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/17 07:10:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/17 07:09:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/16 14:12:16 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/11/16 14:12:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/11/16 14:03:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/16 14:03:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/16 14:03:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/16 14:03:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/16 14:03:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/11/16 14:03:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/16 14:03:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/16 14:03:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/16 14:03:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/11/16 14:03:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/16 14:03:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/11/16 14:03:02 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/16 14:02:58 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/11/16 14:02:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/16 14:02:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/11/16 14:02:06 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/11/16 14:02:04 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/11/16 14:02:03 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/11/16 14:02:02 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/11/16 10:20:21 | 064,010,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/11/16 06:51:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Windows.edb
[2012/11/16 06:51:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\GatherLogs
[2012/11/15 16:08:20 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/11/15 16:08:20 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/11/15 16:08:20 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/11/15 16:08:10 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/11/15 16:08:10 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/11/15 16:08:10 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/11/15 16:08:09 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/11/15 16:08:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/11/15 16:08:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/11/15 16:06:17 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/15 16:06:17 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/10 10:59:10 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\{34776BE7-FC1D-4ABB-B3B6-473668DB797E}
[2012/11/09 16:23:50 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\{BA473950-0598-4D31-B9DF-56C2DE35F2C4}
[2012/11/02 15:38:36 | 000,862,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
[2012/11/02 15:38:36 | 000,828,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110.dll
[2012/11/02 15:38:36 | 000,661,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110.dll
[2012/11/02 15:38:36 | 000,534,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
[2012/11/02 15:38:36 | 000,354,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll
[2012/11/02 15:38:36 | 000,251,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
[2012/11/02 15:38:36 | 000,050,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\point64.sys
[2012/11/01 21:52:50 | 001,795,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
[2012/11/01 21:52:50 | 000,075,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dc3d.sys
[2012/10/29 15:47:49 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012/10/29 15:47:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012/10/29 15:47:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012/10/29 15:47:44 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012/10/29 15:47:44 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2012/10/29 15:47:44 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012/10/29 15:47:40 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012/10/29 15:47:40 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012/10/29 15:47:40 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012/10/29 15:47:39 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012/10/29 15:47:39 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012/10/29 15:47:39 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012/10/29 15:47:39 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012/10/29 15:47:39 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012/10/29 15:47:39 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012/10/29 15:47:39 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012/10/29 15:47:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012/10/29 15:47:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012/10/29 15:47:38 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/10/29 15:47:38 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/10/29 15:47:38 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012/10/29 15:47:38 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012/10/29 15:47:37 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/10/29 15:47:36 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/10/29 15:47:35 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/10/29 15:45:12 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/10/29 15:45:12 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/10/29 15:44:33 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/29 15:44:29 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/29 15:44:28 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/29 15:44:15 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/29 15:41:15 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/29 15:41:15 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/10/29 14:04:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LOCALAPPDATA%
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/23 14:02:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 14:02:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 13:56:30 | 000,020,121 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_04 Nov. 23 13.56.jpg
[2012/11/23 13:55:06 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
[2012/11/23 13:55:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/23 13:54:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/23 13:54:54 | 3144,658,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/21 13:17:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/21 12:21:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1503925453-3831833974-1368267004-1001UA.job
[2012/11/21 09:21:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1503925453-3831833974-1368267004-1001Core.job
[2012/11/21 09:08:07 | 000,041,225 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_03 Nov. 21 09.08.jpg
[2012/11/21 09:07:48 | 000,000,285 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_02 Nov. 21 09.07.jpg
[2012/11/21 09:06:49 | 000,044,890 | ---- | M] () -- C:\Users\Padredw\Desktop\RR.jpg
[2012/11/21 09:03:27 | 000,002,020 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter 6.0 Free.lnk
[2012/11/20 15:02:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/11/20 14:43:29 | 000,373,343 | ---- | M] () -- C:\Users\Padredw\Desktop\WinFlash_Win7_64_Z2411.zip
[2012/11/20 14:18:29 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini
[2012/11/20 13:17:57 | 332,335,858 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/19 15:51:54 | 000,165,376 | ---- | M] () -- C:\Users\Padredw\Desktop\SystemLook_x64(1).exe
[2012/11/18 15:07:25 | 000,001,015 | ---- | M] () -- C:\Users\Padredw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_61846147.lnk
[2012/11/18 07:10:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012/11/18 06:56:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012/11/17 07:27:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/17 06:58:30 | 000,277,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/16 11:15:56 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/09 16:20:04 | 000,002,380 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/02 15:38:36 | 000,862,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
[2012/11/02 15:38:36 | 000,828,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110.dll
[2012/11/02 15:38:36 | 000,661,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110.dll
[2012/11/02 15:38:36 | 000,534,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
[2012/11/02 15:38:36 | 000,354,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll
[2012/11/02 15:38:36 | 000,251,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
[2012/11/02 15:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\point64.sys
[2012/11/01 21:52:50 | 001,795,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
[2012/11/01 21:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dc3d.sys
[2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/10/30 17:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/30 17:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/10/30 17:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/10/29 21:32:32 | 064,010,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/10/29 14:40:35 | 000,000,794 | ---- | M] () -- C:\Users\Padredw\Desktop\ThumbsPlus 8 SP1.lnk
[2012/10/29 12:53:45 | 000,000,023 | ---- | M] () -- C:\Users\Padredw\AppData\Roaming\Thumbs8.ini
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/23 13:56:30 | 000,020,121 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_04 Nov. 23 13.56.jpg
[2012/11/21 09:08:07 | 000,041,225 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_03 Nov. 21 09.08.jpg
[2012/11/21 09:07:48 | 000,000,285 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_02 Nov. 21 09.07.jpg
[2012/11/21 09:06:49 | 000,044,890 | ---- | C] () -- C:\Users\Padredw\Desktop\RR.jpg
[2012/11/21 09:03:27 | 000,002,020 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter 6.0 Free.lnk
[2012/11/20 14:26:06 | 000,373,343 | ---- | C] () -- C:\Users\Padredw\Desktop\WinFlash_Win7_64_Z2411.zip
[2012/11/20 14:18:29 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2012/11/19 15:55:27 | 000,165,376 | ---- | C] () -- C:\Users\Padredw\Desktop\SystemLook_x64(1).exe
[2012/11/18 15:07:25 | 000,001,015 | ---- | C] () -- C:\Users\Padredw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_61846147.lnk
[2012/11/18 07:10:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012/11/18 06:56:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012/11/17 07:14:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/17 07:14:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/17 07:14:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/17 07:14:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/17 07:14:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/16 14:12:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/16 14:02:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/10/29 12:53:45 | 000,000,023 | ---- | C] () -- C:\Users\Padredw\AppData\Roaming\Thumbs8.ini
[2012/09/12 06:09:13 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/06/21 12:17:37 | 000,005,120 | ---- | C] () -- C:\Users\Padredw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/09 12:14:02 | 000,000,251 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/05/29 15:38:01 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2011/10/20 00:47:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/10/20 00:46:59 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/10/20 00:46:55 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/10/20 00:46:53 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/10/20 00:46:50 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/10/17 22:17:57 | 000,811,800 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< mrxsmb* >

< mrxsmb*.* >

< End of report >
 
I think the second part of the report was duplicated. Some error in sending. Let me know if it did not come through.
 
Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • One to Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these one to two log files in your next reply.
 
However. I got these same two messages at startup just before reading your instructions and scanning as directed:


SC4.jpg



RR.jpg
 
So here is the file I was trying to send:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 1.696000 GHz
Memory total: 4192882688, free: 2586247168

------------ Kernel report ------------
11/24/2012 10:36:51
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\Drivers\assd.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\rdbss.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\AiCharger.sys
\SystemRoot\system32\DRIVERS\FLxHCIc.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbfiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\FLxHCIh.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\Drivers\RtsUVStor.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\point64.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\TurboB.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btath_rcp.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\DRIVERS\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\kernel32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msctf.dll
\Windows\System32\oleaut32.dll
\Windows\System32\shell32.dll
\Windows\System32\iertutil.dll
\Windows\System32\nsi.dll
\Windows\System32\normaliz.dll
\Windows\System32\ws2_32.dll
\Windows\System32\setupapi.dll
\Windows\System32\usp10.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\msvcrt.dll
\Windows\System32\user32.dll
\Windows\System32\gdi32.dll
\Windows\System32\sechost.dll
\Windows\System32\psapi.dll
\Windows\System32\imm32.dll
\Windows\System32\difxapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\Wldap32.dll
\Windows\System32\advapi32.dll
\Windows\System32\wininet.dll
\Windows\System32\lpk.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ole32.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8008b31270
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007e\
Lower Device Object: 0xfffffa8008ab5b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004dbc060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xfffffa80047c4050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.11.24.06
Downloaded database version: v2012.11.19.01
Initializing...
Done!
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004dbc060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004c539d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004dbc060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800478f640, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80047c4050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xfffff8a00350e700, 0xfffffa8004dbc060, 0xfffffa8003ed4790
Lower DeviceData: 0xfffff8a00bb31ca0, 0xfffffa80047c4050, 0xfffffa8004079090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 13BA8FCF

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 233287680
Partition file system is NTFS
Partition is bootable

Partition 1 type is Other (0x1c)
Partition is NOT ACTIVE.
Partition starts at LBA: 233289728 Numsec = 16777216

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 128035676160 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-250049680-250069680)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8008b31270, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008a9d4d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008b31270, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008ab5b60, DeviceName: \Device\0000007e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xfffff8a00d5aa7b0, 0xfffffa8008b31270, 0xfffffa8004b2f790
Lower DeviceData: 0xfffff8a00b7e2f20, 0xfffffa8008ab5b60, 0xfffffa80096c81e0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5B6AC646

Partition information:

Partition 0 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 312576642

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 1.696000 GHz
Memory total: 4192882688, free: 2562359296
 
OTL logfile created on: 11/25/2012 1:14:25 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Padredw\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 61.15% Memory free
7.81 Gb Paging File | 6.16 Gb Available in Paging File | 78.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.24 Gb Total Space | 71.68 Gb Free Space | 64.43% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 133.93 Gb Free Space | 89.88% Space Free | Partition Type: FAT32

Computer Name: ZENBOOK | User Name: Padredw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Modules (No Company Name) ==========

MOD - [2012/08/31 04:59:23 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/08/31 04:59:19 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2012/04/23 16:35:09 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/03/21 16:32:36 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/02/10 17:31:42 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2012/02/10 17:31:41 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2012/02/10 17:31:40 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2011/12/05 16:21:50 | 000,369,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS PowerWiz\AsBatInfo.dll
MOD - [2011/10/04 14:14:06 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2011/09/09 00:10:06 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
MOD - [2010/11/04 19:58:16 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/11/04 19:58:12 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/11/04 19:58:06 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010/11/04 19:57:48 | 000,610,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MOD - [2009/06/10 15:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2009/06/10 15:14:46 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
MOD - [2009/06/10 15:14:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
MOD - [2009/06/10 15:14:43 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/05/08 14:14:30 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2010/11/29 17:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/08 07:08:43 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/16 08:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/16 17:04:18 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/11/21 13:22:08 | 000,080,512 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2011/11/21 13:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/02 16:31:22 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/08/02 16:13:24 | 000,103,584 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/03/01 22:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/02 15:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/11/01 21:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 10:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/23 14:13:10 | 002,796,544 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/10/18 11:47:12 | 000,198,448 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/10/17 21:41:44 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/17 21:41:44 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/16 23:29:08 | 000,202,496 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)
DRV:64bit: - [2011/10/16 23:29:08 | 000,069,888 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)
DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/15 21:35:40 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/09/15 21:35:18 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/02 16:22:52 | 000,511,136 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/08/02 16:22:06 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/08/02 16:21:50 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/08/02 16:21:20 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/08/02 16:21:04 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/08/02 16:20:50 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/08/02 16:20:34 | 000,110,240 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011/08/02 16:20:18 | 000,330,912 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/05/13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/04/25 21:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/15 04:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011/02/25 19:42:18 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2010/11/29 17:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/20 07:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/04/28 11:59:16 | 000,027,264 | ---- | M] (ASUS Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\assd.sys -- (assd)
DRV:64bit: - [2009/07/20 03:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 14:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/23 16:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/09/07 08:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 16:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Window?\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http:?/go?mic?osoft.com/f?lin?/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.babylon.com/?affID=1...HP_ss&mntrId=1ef4549b000000000000e0b9a5d37e3b
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.babylon.com/?q={sear...SP_ss&mntrId=1ef4549b000000000000e0b9a5d37e3b
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=1pb9F3Lvbfa
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://dwilliamson.com/"
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Padredw\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/06/01 15:51:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/06/01 15:51:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/15 20:21:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 07:08:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 07:08:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/05/29 16:00:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Extensions
[2012/11/15 20:31:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\2lavxh9e.default-1347472641346\extensions
[2012/11/15 20:31:38 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\2lavxh9e.default-1347472641346\extensions\foxmarks@kei.com
[2012/09/12 11:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\lbdejzv4.default\extensions
[2012/06/02 18:56:45 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\lbdejzv4.default\extensions\plugin@yontoo.com
[2012/11/19 17:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/19 17:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2012/11/15 20:21:10 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/09/08 07:08:44 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/19 17:10:14 | 000,002,351 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/09/08 07:08:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/08 07:08:42 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://isearch.babylon.com/?affID=1...HP_ss&mntrId=1ef4549b000000000000e0b9a5d37e3b
CHR - default_search_provider: MyStart Search ()
CHR - default_search_provider: search_url = http://mystart.incredimail.com//?loc=GC_Default_Search&search={searchTerms}&a=1pb9F3Lvbfa
CHR - default_search_provider: suggest_url =
CHR - homepage: http://isearch.babylon.com/?affID=1...HP_ss&mntrId=1ef4549b000000000000e0b9a5d37e3b
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Search = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Web Assistant = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.441_0\
CHR - Extension: avast! WebRep = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Gmail = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/11/17 07:27:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [QuickTime Task] D:\Program Files (x86)\QT\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Padredw\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Padredw\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\Padredw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_61846147.lnk = C:\Users\Padredw\AppData\Local\Temp\_uninst_61846147.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O13 - gopher Prefix: missing
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85784282-9EB5-42AE-B0D6-79E47DDB0569}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\javascript - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local - No CLSID value found
O18:64bit: - Protocol\Handler\mailto - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\javascript - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\local - No CLSID value found
O18 - Protocol\Handler\mailto - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/22 14:51:26 | 000,000,000 | ---D | M] - D:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
OTL Fix

Please run OTL


Then, once that's done, run one more scan from OTL and post a FULL log, please. :)
 
========== Files/Folders - Created Within 30 Days ==========

[2012/11/24 10:32:49 | 000,000,000 | ---D | C] -- C:\Users\Padredw\Desktop\mbar
[2012/11/21 09:03:39 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\Wisdom-soft
[2012/11/21 09:03:27 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
[2012/11/21 09:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
[2012/11/21 09:03:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free
[2012/11/20 14:04:58 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\Akamai
[2012/11/20 10:19:31 | 000,000,000 | ---D | C] -- C:\Users\Padredw\Desktop\Active TXT
[2012/11/19 17:10:04 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\Babylon
[2012/11/19 17:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/11/19 17:09:59 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\GoforFiles
[2012/11/19 17:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoforFiles
[2012/11/18 15:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/11/18 07:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2012/11/18 07:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2012/11/17 08:09:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/17 07:14:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/17 07:14:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/17 07:14:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/17 07:10:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/17 07:09:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/16 14:12:16 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/11/16 14:12:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/11/16 14:03:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/16 14:03:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/16 14:03:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/16 14:03:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/16 14:03:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/11/16 14:03:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/16 14:03:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/16 14:03:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/16 14:03:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/11/16 14:03:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/16 14:03:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/11/16 14:03:02 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/16 14:02:58 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/11/16 14:02:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/16 14:02:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/11/16 14:02:06 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/11/16 14:02:04 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/11/16 14:02:03 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/11/16 14:02:02 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/11/16 10:20:21 | 064,010,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/11/16 06:51:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Windows.edb
[2012/11/16 06:51:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\GatherLogs
[2012/11/15 16:08:20 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/11/15 16:08:20 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/11/15 16:08:20 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/11/15 16:08:10 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/11/15 16:08:10 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/11/15 16:08:10 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/11/15 16:08:09 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/11/15 16:08:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/11/15 16:08:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/11/15 16:06:17 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/15 16:06:17 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/10 10:59:10 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\{34776BE7-FC1D-4ABB-B3B6-473668DB797E}
[2012/11/09 16:23:50 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\{BA473950-0598-4D31-B9DF-56C2DE35F2C4}
[2012/11/02 15:38:36 | 000,862,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
[2012/11/02 15:38:36 | 000,828,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110.dll
[2012/11/02 15:38:36 | 000,661,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110.dll
[2012/11/02 15:38:36 | 000,534,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
[2012/11/02 15:38:36 | 000,354,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll
[2012/11/02 15:38:36 | 000,251,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
[2012/11/02 15:38:36 | 000,050,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\point64.sys
[2012/11/01 21:52:50 | 001,795,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
[2012/11/01 21:52:50 | 000,075,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dc3d.sys
[2012/10/29 15:47:49 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012/10/29 15:47:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012/10/29 15:47:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012/10/29 15:47:44 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012/10/29 15:47:44 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2012/10/29 15:47:44 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012/10/29 15:47:40 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012/10/29 15:47:40 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012/10/29 15:47:40 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012/10/29 15:47:39 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012/10/29 15:47:39 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012/10/29 15:47:39 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012/10/29 15:47:39 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012/10/29 15:47:39 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012/10/29 15:47:39 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012/10/29 15:47:39 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012/10/29 15:47:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012/10/29 15:47:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012/10/29 15:47:38 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/10/29 15:47:38 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/10/29 15:47:38 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012/10/29 15:47:38 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012/10/29 15:47:37 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/10/29 15:47:36 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/10/29 15:47:35 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/10/29 15:45:12 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/10/29 15:45:12 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/10/29 15:44:33 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/29 15:44:29 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/29 15:44:28 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/29 15:44:15 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/29 15:41:15 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/29 15:41:15 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/10/29 14:04:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LOCALAPPDATA%
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/25 13:17:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/25 13:14:19 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/25 13:14:19 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/25 13:07:05 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
[2012/11/25 13:07:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/25 13:06:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/25 13:06:52 | 3144,658,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/24 19:20:16 | 000,040,663 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_06 Nov. 24 19.20.jpg
[2012/11/24 10:48:45 | 000,053,262 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_05 Nov. 24 10.48.jpg
[2012/11/23 18:21:02 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1503925453-3831833974-1368267004-1001UA.job
[2012/11/23 13:56:30 | 000,020,121 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_04 Nov. 23 13.56.jpg
[2012/11/21 09:21:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1503925453-3831833974-1368267004-1001Core.job
[2012/11/21 09:08:07 | 000,041,225 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_03 Nov. 21 09.08.jpg
[2012/11/21 09:07:48 | 000,000,285 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_02 Nov. 21 09.07.jpg
[2012/11/21 09:06:49 | 000,044,890 | ---- | M] () -- C:\Users\Padredw\Desktop\RR.jpg
[2012/11/21 09:03:27 | 000,002,020 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter 6.0 Free.lnk
[2012/11/20 15:02:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/11/20 14:43:29 | 000,373,343 | ---- | M] () -- C:\Users\Padredw\Desktop\WinFlash_Win7_64_Z2411.zip
[2012/11/20 14:18:29 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini
[2012/11/20 13:17:57 | 332,335,858 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/19 15:51:54 | 000,165,376 | ---- | M] () -- C:\Users\Padredw\Desktop\SystemLook_x64(1).exe
[2012/11/18 15:07:25 | 000,001,015 | ---- | M] () -- C:\Users\Padredw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_61846147.lnk
[2012/11/18 07:10:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012/11/18 06:56:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012/11/17 07:27:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/17 06:58:30 | 000,277,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/16 11:15:56 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/09 16:20:04 | 000,002,380 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/02 15:38:36 | 000,862,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
[2012/11/02 15:38:36 | 000,828,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110.dll
[2012/11/02 15:38:36 | 000,661,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110.dll
[2012/11/02 15:38:36 | 000,534,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
[2012/11/02 15:38:36 | 000,354,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll
[2012/11/02 15:38:36 | 000,251,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
[2012/11/02 15:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\point64.sys
[2012/11/01 21:52:50 | 001,795,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
[2012/11/01 21:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dc3d.sys
[2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/10/30 17:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/30 17:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/10/30 17:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/10/29 21:32:32 | 064,010,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/10/29 14:40:35 | 000,000,794 | ---- | M] () -- C:\Users\Padredw\Desktop\ThumbsPlus 8 SP1.lnk
[2012/10/29 12:53:45 | 000,000,023 | ---- | M] () -- C:\Users\Padredw\AppData\Roaming\Thumbs8.ini
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/24 19:20:15 | 000,040,663 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_06 Nov. 24 19.20.jpg
[2012/11/24 10:48:45 | 000,053,262 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_05 Nov. 24 10.48.jpg
[2012/11/23 13:56:30 | 000,020,121 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_04 Nov. 23 13.56.jpg
[2012/11/21 09:08:07 | 000,041,225 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_03 Nov. 21 09.08.jpg
[2012/11/21 09:07:48 | 000,000,285 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_02 Nov. 21 09.07.jpg
[2012/11/21 09:06:49 | 000,044,890 | ---- | C] () -- C:\Users\Padredw\Desktop\RR.jpg
[2012/11/21 09:03:27 | 000,002,020 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter 6.0 Free.lnk
[2012/11/20 14:26:06 | 000,373,343 | ---- | C] () -- C:\Users\Padredw\Desktop\WinFlash_Win7_64_Z2411.zip
[2012/11/20 14:18:29 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2012/11/19 15:55:27 | 000,165,376 | ---- | C] () -- C:\Users\Padredw\Desktop\SystemLook_x64(1).exe
[2012/11/18 15:07:25 | 000,001,015 | ---- | C] () -- C:\Users\Padredw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_61846147.lnk
[2012/11/18 07:10:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012/11/18 06:56:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012/11/17 07:14:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/17 07:14:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/17 07:14:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/17 07:14:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/17 07:14:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/16 14:12:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/16 14:02:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/10/29 12:53:45 | 000,000,023 | ---- | C] () -- C:\Users\Padredw\AppData\Roaming\Thumbs8.ini
[2012/09/12 06:09:13 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/06/21 12:17:37 | 000,005,120 | ---- | C] () -- C:\Users\Padredw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/09 12:14:02 | 000,000,251 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/05/29 15:38:01 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2011/10/20 00:47:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/10/20 00:46:59 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/10/20 00:46:55 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/10/20 00:46:53 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/10/20 00:46:50 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/10/17 22:17:57 | 000,811,800 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
 
Here is the first short file. I will now run OTL the second time.


Files\Folders moved on Reboot...
C:\Users\Padredw\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
PART ONE:

OTL logfile created on: 11/26/2012 12:36:57 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Padredw\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 58.72% Memory free
7.81 Gb Paging File | 6.01 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.24 Gb Total Space | 71.98 Gb Free Space | 64.71% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 133.93 Gb Free Space | 89.88% Space Free | Partition Type: FAT32

Computer Name: ZENBOOK | User Name: Padredw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/20 08:45:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Padredw\Downloads\OTL(1).exe
PRC - [2012/10/30 17:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/09 10:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Padredw\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/07/16 08:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/06/20 17:21:46 | 001,556,640 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2012/05/08 14:14:30 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/02/16 17:04:20 | 000,289,408 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
PRC - [2012/02/16 17:04:18 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
PRC - [2011/12/23 15:39:38 | 000,174,720 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2011/12/22 18:58:42 | 000,318,080 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2011/12/05 16:21:50 | 000,646,808 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS PowerWiz\PowerWiz.exe
PRC - [2011/11/21 13:22:08 | 000,080,512 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2011/11/21 13:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2011/10/24 16:20:38 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2011/10/04 14:14:10 | 000,082,944 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2011/10/04 14:14:06 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2011/10/03 13:45:58 | 000,375,424 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/09 00:10:06 | 002,317,312 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2011/08/02 16:31:22 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/06/29 18:16:10 | 000,503,728 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/12/20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/06/19 09:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 09:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2008/12/22 16:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/13 20:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/31 04:59:23 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/08/31 04:59:19 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2012/04/23 16:35:09 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/03/21 16:32:36 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/02/10 17:31:42 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2012/02/10 17:31:41 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2012/02/10 17:31:40 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2011/12/05 16:21:50 | 000,369,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS PowerWiz\AsBatInfo.dll
MOD - [2011/10/04 14:14:06 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2011/09/09 00:10:06 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
MOD - [2010/11/04 19:58:16 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/11/04 19:58:12 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/11/04 19:58:06 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010/11/04 19:57:48 | 000,610,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MOD - [2009/06/10 15:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2009/06/10 15:14:46 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
MOD - [2009/06/10 15:14:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
MOD - [2009/06/10 15:14:43 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/05/08 14:14:30 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2010/11/29 17:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/08 07:08:43 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/16 08:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/16 17:04:18 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/11/21 13:22:08 | 000,080,512 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2011/11/21 13:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/02 16:31:22 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/08/02 16:13:24 | 000,103,584 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/03/01 22:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/02 15:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/11/01 21:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 10:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/23 14:13:10 | 002,796,544 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/10/18 11:47:12 | 000,198,448 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/10/17 21:41:44 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/17 21:41:44 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/16 23:29:08 | 000,202,496 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)
DRV:64bit: - [2011/10/16 23:29:08 | 000,069,888 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)
DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/15 21:35:40 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/09/15 21:35:18 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/02 16:22:52 | 000,511,136 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/08/02 16:22:06 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/08/02 16:21:50 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/08/02 16:21:20 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/08/02 16:21:04 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/08/02 16:20:50 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/08/02 16:20:34 | 000,110,240 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011/08/02 16:20:18 | 000,330,912 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/05/13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/04/25 21:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/15 04:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011/02/25 19:42:18 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2010/11/29 17:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/20 07:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/04/28 11:59:16 | 000,027,264 | ---- | M] (ASUS Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\assd.sys -- (assd)
DRV:64bit: - [2009/07/20 03:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 14:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/23 16:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/09/07 08:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 16:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Window?\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http:?/go?mic?osoft.com/f?lin?/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://dwilliamson.com/"
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Padredw\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/15 20:21:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 07:08:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 07:08:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/05/29 16:00:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Extensions
[2012/11/15 20:31:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\2lavxh9e.default-1347472641346\extensions
[2012/11/15 20:31:38 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\2lavxh9e.default-1347472641346\extensions\foxmarks@kei.com
[2012/09/12 11:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\lbdejzv4.default\extensions
[2012/06/02 18:56:45 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Padredw\AppData\Roaming\Mozilla\Firefox\Profiles\lbdejzv4.default\extensions\plugin@yontoo.com
[2012/11/19 17:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/19 17:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2012/11/15 20:21:10 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/09/08 07:08:44 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/19 17:10:14 | 000,002,351 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/09/08 07:08:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/08 07:08:42 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://isearch.babylon.com/?affID=1...HP_ss&mntrId=1ef4549b000000000000e0b9a5d37e3b
CHR - default_search_provider: MyStart Search ()
CHR - default_search_provider: search_url = http://mystart.incredimail.com//?loc=GC_Default_Search&search={searchTerms}&a=1pb9F3Lvbfa
CHR - default_search_provider: suggest_url =
CHR - homepage: http://isearch.babylon.com/?affID=1...HP_ss&mntrId=1ef4549b000000000000e0b9a5d37e3b
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Search = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: avast! WebRep = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Gmail = C:\Users\Padredw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/11/17 07:27:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [QuickTime Task] D:\Program Files (x86)\QT\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Padredw\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Padredw\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O13 - gopher Prefix: missing
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85784282-9EB5-42AE-B0D6-79E47DDB0569}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85784282-9EB5-42AE-B0D6-79E47DDB0569}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\javascript - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local - No CLSID value found
O18:64bit: - Protocol\Handler\mailto - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\javascript - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\local - No CLSID value found
O18 - Protocol\Handler\mailto - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/22 14:51:26 | 000,000,000 | ---D | M] - D:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
PART TWO:



========== Files/Folders - Created Within 30 Days ==========

[2012/11/26 12:29:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/24 10:32:49 | 000,000,000 | ---D | C] -- C:\Users\Padredw\Desktop\mbar
[2012/11/21 09:03:39 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\Wisdom-soft
[2012/11/21 09:03:27 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
[2012/11/21 09:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
[2012/11/21 09:03:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free
[2012/11/20 14:04:58 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\Akamai
[2012/11/20 10:19:31 | 000,000,000 | ---D | C] -- C:\Users\Padredw\Desktop\Active TXT
[2012/11/19 17:10:04 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\Babylon
[2012/11/19 17:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/11/19 17:09:59 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Roaming\GoforFiles
[2012/11/19 17:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoforFiles
[2012/11/18 15:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/11/18 07:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2012/11/18 07:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2012/11/17 08:09:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/17 07:14:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/17 07:14:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/17 07:14:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/17 07:10:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/17 07:09:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/16 14:12:16 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/11/16 14:12:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/11/16 14:03:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/16 14:03:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/16 14:03:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/16 14:03:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/16 14:03:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/11/16 14:03:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/16 14:03:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/16 14:03:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/16 14:03:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/11/16 14:03:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/16 14:03:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/11/16 14:03:02 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/16 14:02:58 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/11/16 14:02:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/16 14:02:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/11/16 14:02:06 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/11/16 14:02:04 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/11/16 14:02:03 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/11/16 14:02:02 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/11/16 10:20:21 | 064,010,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/11/16 06:51:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Windows.edb
[2012/11/16 06:51:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\GatherLogs
[2012/11/15 16:08:20 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/11/15 16:08:20 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/11/15 16:08:20 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/11/15 16:08:10 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/11/15 16:08:10 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/11/15 16:08:10 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/11/15 16:08:09 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/11/15 16:08:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/11/15 16:08:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/11/15 16:06:17 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/15 16:06:17 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/10 10:59:10 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\{34776BE7-FC1D-4ABB-B3B6-473668DB797E}
[2012/11/09 16:23:50 | 000,000,000 | ---D | C] -- C:\Users\Padredw\AppData\Local\{BA473950-0598-4D31-B9DF-56C2DE35F2C4}
[2012/11/02 15:38:36 | 000,862,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
[2012/11/02 15:38:36 | 000,828,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110.dll
[2012/11/02 15:38:36 | 000,661,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110.dll
[2012/11/02 15:38:36 | 000,534,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
[2012/11/02 15:38:36 | 000,354,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll
[2012/11/02 15:38:36 | 000,251,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
[2012/11/02 15:38:36 | 000,050,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\point64.sys
[2012/11/01 21:52:50 | 001,795,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
[2012/11/01 21:52:50 | 000,075,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dc3d.sys
[2012/10/29 15:47:49 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012/10/29 15:47:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012/10/29 15:47:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012/10/29 15:47:44 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012/10/29 15:47:44 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2012/10/29 15:47:44 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012/10/29 15:47:40 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012/10/29 15:47:40 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012/10/29 15:47:40 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012/10/29 15:47:39 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012/10/29 15:47:39 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012/10/29 15:47:39 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012/10/29 15:47:39 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012/10/29 15:47:39 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012/10/29 15:47:39 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012/10/29 15:47:39 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012/10/29 15:47:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012/10/29 15:47:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012/10/29 15:47:38 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/10/29 15:47:38 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/10/29 15:47:38 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012/10/29 15:47:38 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012/10/29 15:47:37 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/10/29 15:47:36 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/10/29 15:47:35 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/10/29 15:45:12 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/10/29 15:45:12 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/10/29 15:44:33 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/29 15:44:29 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/29 15:44:28 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/29 15:44:15 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/29 15:41:15 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/29 15:41:15 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/10/29 14:04:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LOCALAPPDATA%
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/26 12:38:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/26 12:38:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/26 12:31:02 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
[2012/11/26 12:30:56 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/26 12:30:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/26 12:30:48 | 3144,658,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/25 20:33:47 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/25 18:21:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1503925453-3831833974-1368267004-1001UA.job
[2012/11/24 19:20:16 | 000,040,663 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_06 Nov. 24 19.20.jpg
[2012/11/24 10:48:45 | 000,053,262 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_05 Nov. 24 10.48.jpg
[2012/11/23 13:56:30 | 000,020,121 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_04 Nov. 23 13.56.jpg
[2012/11/21 09:21:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1503925453-3831833974-1368267004-1001Core.job
[2012/11/21 09:08:07 | 000,041,225 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_03 Nov. 21 09.08.jpg
[2012/11/21 09:07:48 | 000,000,285 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter_02 Nov. 21 09.07.jpg
[2012/11/21 09:06:49 | 000,044,890 | ---- | M] () -- C:\Users\Padredw\Desktop\RR.jpg
[2012/11/21 09:03:27 | 000,002,020 | ---- | M] () -- C:\Users\Padredw\Desktop\ScreenHunter 6.0 Free.lnk
[2012/11/20 15:02:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/11/20 14:43:29 | 000,373,343 | ---- | M] () -- C:\Users\Padredw\Desktop\WinFlash_Win7_64_Z2411.zip
[2012/11/20 14:18:29 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini
[2012/11/20 13:17:57 | 332,335,858 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/19 15:51:54 | 000,165,376 | ---- | M] () -- C:\Users\Padredw\Desktop\SystemLook_x64(1).exe
[2012/11/18 07:10:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012/11/18 06:56:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012/11/17 07:27:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/17 06:58:30 | 000,277,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/16 11:15:56 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/09 16:20:04 | 000,002,380 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/02 15:38:36 | 000,862,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
[2012/11/02 15:38:36 | 000,828,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110.dll
[2012/11/02 15:38:36 | 000,661,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110.dll
[2012/11/02 15:38:36 | 000,534,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
[2012/11/02 15:38:36 | 000,354,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll
[2012/11/02 15:38:36 | 000,251,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
[2012/11/02 15:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\point64.sys
[2012/11/01 21:52:50 | 001,795,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
[2012/11/01 21:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dc3d.sys
[2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/10/30 17:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/30 17:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/10/30 17:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/10/29 21:32:32 | 064,010,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/10/29 14:40:35 | 000,000,794 | ---- | M] () -- C:\Users\Padredw\Desktop\ThumbsPlus 8 SP1.lnk
[2012/10/29 12:53:45 | 000,000,023 | ---- | M] () -- C:\Users\Padredw\AppData\Roaming\Thumbs8.ini
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/24 19:20:15 | 000,040,663 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_06 Nov. 24 19.20.jpg
[2012/11/24 10:48:45 | 000,053,262 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_05 Nov. 24 10.48.jpg
[2012/11/23 13:56:30 | 000,020,121 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_04 Nov. 23 13.56.jpg
[2012/11/21 09:08:07 | 000,041,225 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_03 Nov. 21 09.08.jpg
[2012/11/21 09:07:48 | 000,000,285 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter_02 Nov. 21 09.07.jpg
[2012/11/21 09:06:49 | 000,044,890 | ---- | C] () -- C:\Users\Padredw\Desktop\RR.jpg
[2012/11/21 09:03:27 | 000,002,020 | ---- | C] () -- C:\Users\Padredw\Desktop\ScreenHunter 6.0 Free.lnk
[2012/11/20 14:26:06 | 000,373,343 | ---- | C] () -- C:\Users\Padredw\Desktop\WinFlash_Win7_64_Z2411.zip
[2012/11/20 14:18:29 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2012/11/19 15:55:27 | 000,165,376 | ---- | C] () -- C:\Users\Padredw\Desktop\SystemLook_x64(1).exe
[2012/11/18 07:10:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012/11/18 06:56:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012/11/17 07:14:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/17 07:14:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/17 07:14:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/17 07:14:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/17 07:14:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/16 14:12:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/16 14:02:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/10/29 12:53:45 | 000,000,023 | ---- | C] () -- C:\Users\Padredw\AppData\Roaming\Thumbs8.ini
[2012/09/12 06:09:13 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/06/21 12:17:37 | 000,005,120 | ---- | C] () -- C:\Users\Padredw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/09 12:14:02 | 000,000,251 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/05/29 15:38:01 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2011/10/20 00:47:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/10/20 00:46:59 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/10/20 00:46:55 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/10/20 00:46:53 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/10/20 00:46:50 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/10/17 22:17:57 | 000,811,800 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
 
Yes. Posted before the two part long file. Here it is again:


Files\Folders moved on Reboot...
C:\Users\Padredw\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Similar to what we did above...do the fix first then run OTL again please.

OTL Fix

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :OTL
    CHR - homepage: http://isearch.babylon.com/?affID=1...HP_ss&mntrId=1ef4549b000000000000e0b9a5d37e3b
    CHR - default_search_provider: MyStart Search ()
    CHR - default_search_provider: search_url = http://mystart.incredimail.com//?loc=GC_Default_Search&search={searchTerms}&a=1pb9F3Lvbfa
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://isearch.babylon.com/?affID=1...HP_ss&mntrId=1ef4549b000000000000e0b9a5d37e3b
    [2012/11/19 17:10:14 | 000,002,351 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2012/11/19 17:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Window?\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http:?/go?mic?osoft.com/f?lin?/?LinkId=54896

    :commands
    [emptytemp]
    [reboot]
    Click to expand...
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)
 
Status
Not open for further replies.

Similar threads

B
Solved Bestprosoft
Replies
23
Views
3K
Broni
Broni
B
Solved Is this malware and how to remove it? "Received message from unexpected origin : chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj
Replies
6
Views
7K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni

Latest posts

Back