Win64/Agent.BA Win64/sirefef.AE Win64/Patched.A.Gen Win 64/sirefef.EZ Windows 7

Solved
By ferom
Jun 19, 2012
  1. So yea, I have these 4 trojans bugging me constantly, Nod32 keeps detecting and deleting sirefef.ae and agent.ba, it cannot remove patched.a.gen. Sirefef.ez it detects once in a while and wants me to reboot each time I delete it.
  2. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  3. ferom

    ferom Newcomer, in training Topic Starter

    Ok, here it is:

    Scan result of Farbar Recovery Scan Tool Version: 17-06-2012 04
    Ran by SYSTEM at 20-06-2012 12:05:29
    Running from H:\
    Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-08-31] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-08-31] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-08-31] (Intel Corporation)
    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
    HKLM-x32\...\Run: [CTxfiHlp] CTXFIHLP.EXE [x]
    HKLM-x32\...\Run: [Spawn Gaming Mouse] "C:\Program Files (x86)\CM Storm\Spawn Gaming Mouse\Spawn_Icon.exe" [135168 2010-12-15] ()
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
    HKU\Daniel\...\Run: [zASRockInstantBoot] [x]
    HKU\Daniel\...\Run: [ASRockXTU] [x]
    HKU\Daniel\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
    HKU\Daniel\...\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe" [2456992 2011-10-02] (Binary Fortress Software)
    HKU\Daniel\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3481408 2012-02-13] (DT Soft Ltd)
    HKU\Daniel\...\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" [694032 2012-05-28] (SANDBOXIE L.T.D)
    HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
    HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
    HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 193.229.0.40 193.229.0.42
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll
    Startup: C:\Users\Daniel\Start Menu\Programs\Startup\AutorunsDisabled ()

    ==================== Services (Whitelisted) ======

    2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2011-04-20] ()
    4 cFosSpeedS; "C:\Program Files\ASRock Utility\Xfast LAN\spd.exe" -service [395136 2011-07-04] (cFos Software GmbH)
    2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [974944 2011-09-22] (ESET)
    4 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2329480 2011-08-15] (LogMeIn Inc.)
    2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2012-04-05] (Hi-Rez Studios)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
    2 NitroDriverReadSpool; "C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe" [341312 2011-03-21] (Nitro PDF Software)
    2 nlsX86cc; C:\Windows\SysWOW64\NLSSRV32.EXE [68928 2011-03-21] (Nalpeiron Ltd.)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-04-20] ()
    2 PSI_SVC_2; "C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [189728 2010-03-10] (Protexis Inc.)
    2 SbieSvc; "C:\Program Files\Sandboxie\SbieSvc.exe" [98576 2012-05-28] (SANDBOXIE L.T.D)
    2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-05-30] (Skype Technologies S.A.)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2011-02-22] (Intel Corporation)

    ========================== Drivers (Whitelisted) =============

    1 AsrAppCharger; C:\Windows\System32\Drivers\AsrAppCharger.sys [15368 2010-06-11] (Windows (R) Win 7 DDK provider)
    3 AsrVDrive; C:\Windows\System32\Drivers\AsrVDrive.sys [23048 2011-01-26] (ASRock Inc.)
    3 BMDDeckLinkAudio; C:\Windows\System32\DRIVERS\deckaud.sys [18432 2011-11-02] (Blackmagic Design)
    4 cFosSpeed; C:\Windows\System32\DRIVERS\cfosspeed6.sys [1632128 2011-07-04] (cFos Software GmbH)
    3 DeckLink; C:\Windows\System32\DRIVERS\Intensity.sys [328192 2011-11-02] (Blackmagic Design)
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-02-18] (DT Soft Ltd)
    2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-03] (ESET)
    2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2011-08-03] (ESET)
    3 FNETTBOH_305; C:\Windows\System32\Drivers\FNETTBOH_305.sys [32320 2011-11-13] (FNet Co., Ltd.)
    1 FNETURPX; C:\Windows\System32\Drivers\FNETURPX.sys [15936 2011-11-13] (FNet Co., Ltd.)
    3 ha20x22k; C:\Windows\System32\Drivers\ha20x22k.sys [1612888 2010-07-07] (Creative Technology Ltd)
    4 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-09-22] (LogMeIn, Inc.)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
    3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [19936 2010-08-16] ()
    3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [13280 2010-08-16] ()
    2 regi; C:\Windows\System32\Drivers\regi.sys [15672 2010-11-15] (InterVideo)
    3 Revoflt; C:\Windows\System32\Drivers\Revoflt.sys [31800 2009-12-30] (VS Revo Group)
    3 RTCore64; \??\C:\Users\Daniel\Desktop\Overclocking & Benching\MSI Afterburner\RTCore64.sys [14648 2010-05-26] ()
    3 SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [166576 2012-05-28] (SANDBOXIE L.T.D)
    3 se64a; C:\Windows\System32\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
    3 se64a; C:\Windows\SysWow64\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
    0 speedfan; C:\Windows\SysWow64\speedfan.sys [29592 2011-03-18] (Almico Software)
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-06-19 07:34 - 2012-06-20 12:05 - 00000000 ____D C:\FRST
    2012-06-19 06:48 - 2012-06-19 06:48 - 00000000 ____D C:\Program Files\Farbar Recovery Scan Tool
    2012-06-19 06:22 - 2012-06-19 06:30 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
    2012-06-19 06:21 - 2012-06-19 06:22 - 00000000 ____D C:\Program Files (x86)\Spy Bot
    2012-06-19 05:39 - 2012-06-20 00:55 - 01373744 ____A C:\Windows\System32\PerfStringBackup.TMP
    2012-06-19 05:18 - 2012-06-19 05:18 - 00000000 ____D C:\Users\Daniel\AppData\Local\ESET
    2012-06-18 16:19 - 2012-06-18 16:19 - 00000000 ____D C:\Users\Daniel\AppData\Local\Zachtronics Industries
    2012-06-09 10:28 - 2012-06-09 10:28 - 00000000 ____D C:\Program Files (x86)\LoL
    2012-06-08 22:06 - 2012-06-08 22:06 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\LolClient2
    2012-06-08 21:48 - 2008-07-11 21:18 - 03851784 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
    2012-06-08 21:48 - 2008-07-11 21:18 - 01493528 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
    2012-06-08 21:48 - 2008-07-11 21:18 - 00467984 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
    2012-06-08 21:25 - 2012-06-18 16:20 - 00000000 ____D C:\Users\Daniel\AppData\Local\PMB Files
    2012-06-08 21:25 - 2012-06-18 16:20 - 00000000 ____D C:\Users\All Users\PMB Files
    2012-06-08 21:25 - 2012-06-08 21:25 - 00000000 ____D C:\Program Files (x86)\Pando Networks
    2012-05-29 06:15 - 2012-05-29 06:15 - 00000000 ___RD C:\Sandbox
    2012-05-29 06:14 - 2012-05-29 06:19 - 00002310 ___AH C:\Windows\Sandboxie.ini
    2012-05-29 06:13 - 2012-05-29 06:14 - 00000000 ____D C:\Program Files\Sandboxie
    2012-05-29 05:42 - 2012-05-29 05:53 - 00000000 ____D C:\Program Files (x86)\AutoHotKey
    2012-05-29 05:36 - 2012-05-29 05:36 - 00000295 ____A C:\Users\Daniel\SciTE.session
    2012-05-29 05:35 - 2012-05-29 05:42 - 00000000 ___HD C:\Windows\ShellNew
    2012-05-29 05:34 - 2012-05-29 05:35 - 00000000 ____D C:\Program Files (x86)\AutoIt
    2012-05-25 17:50 - 2012-05-25 17:51 - 00000000 ____D C:\Program Files (x86)\D3DOverrider

    ============ 3 Months Modified Files and Folders =============

    2012-06-20 12:05 - 2012-06-19 07:34 - 00000000 ____D C:\FRST
    2012-06-20 01:03 - 2011-11-11 15:23 - 03652598 ___AH C:\Windows\ntbtlog.txt
    2012-06-20 01:03 - 2011-11-11 12:28 - 01714184 ___AH C:\Windows\WindowsUpdate.log
    2012-06-20 01:03 - 2009-07-13 20:45 - 00016832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-20 01:03 - 2009-07-13 20:45 - 00016832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-20 00:55 - 2012-06-19 05:39 - 01373744 ____A C:\Windows\System32\PerfStringBackup.TMP
    2012-06-20 00:51 - 2011-11-13 15:04 - 00000000 ____D C:\Users\Daniel\Tracing
    2012-06-20 00:49 - 2012-04-20 05:00 - 805306368 __ASH C:\pagefile.sys
    2012-06-20 00:49 - 2012-04-08 13:26 - 00000000 ____D C:\Users\All Users\NVIDIA
    2012-06-20 00:49 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-20 00:49 - 2009-07-13 20:51 - 00060202 ___AH C:\Windows\setupact.log
    2012-06-19 16:17 - 2012-01-22 05:08 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\DisplayFusion
    2012-06-19 14:41 - 2011-11-15 13:00 - 00168960 ____A C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-06-19 07:29 - 2011-11-13 12:41 - 00002172 ____A C:\Users\Daniel\Desktop\80002337442767.txt
    2012-06-19 06:49 - 2009-07-13 19:20 - 00000000 ___RD C:\Program Files (x86)
    2012-06-19 06:48 - 2012-06-19 06:48 - 00000000 ____D C:\Program Files\Farbar Recovery Scan Tool
    2012-06-19 06:48 - 2009-07-13 19:20 - 00000000 ___RD C:\Program Files
    2012-06-19 06:30 - 2012-06-19 06:22 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
    2012-06-19 06:22 - 2012-06-19 06:21 - 00000000 ____D C:\Program Files (x86)\Spy Bot
    2012-06-19 06:22 - 2009-07-13 19:20 - 00000000 ___HD C:\ProgramData
    2012-06-19 05:27 - 2011-11-14 23:31 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\uTorrent
    2012-06-19 05:24 - 2011-11-11 13:49 - 00479370 ___AH C:\Windows\System32\perfh00B.dat
    2012-06-19 05:24 - 2011-11-11 13:49 - 00100146 ___AH C:\Windows\System32\perfc00B.dat
    2012-06-19 05:24 - 2009-07-13 21:13 - 01348192 ___AH C:\Windows\System32\PerfStringBackup.INI
    2012-06-19 05:18 - 2012-06-19 05:18 - 00000000 ____D C:\Users\Daniel\AppData\Local\ESET
    2012-06-19 05:10 - 2011-11-20 13:50 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
    2012-06-19 01:44 - 2011-12-27 10:24 - 00000000 ____D C:\Users\Daniel\Desktop\Pelit
    2012-06-18 16:20 - 2012-06-08 21:25 - 00000000 ____D C:\Users\Daniel\AppData\Local\PMB Files
    2012-06-18 16:20 - 2012-06-08 21:25 - 00000000 ____D C:\Users\All Users\PMB Files
    2012-06-18 16:19 - 2012-06-18 16:19 - 00000000 ____D C:\Users\Daniel\AppData\Local\Zachtronics Industries
    2012-06-18 16:18 - 2011-11-16 02:25 - 00000000 ____D C:\Pelit
    2012-06-12 03:19 - 2011-11-20 13:50 - 00000000 ___RD C:\Program Files (x86)\Skype
    2012-06-12 03:19 - 2011-11-20 13:50 - 00000000 ____D C:\Users\All Users\Skype
    2012-06-09 10:28 - 2012-06-09 10:28 - 00000000 ____D C:\Program Files (x86)\LoL
    2012-06-08 23:25 - 2011-11-16 15:32 - 00000000 ____D C:\Users\Daniel\Desktop\Overclocking & Benching
    2012-06-08 23:25 - 2011-11-13 14:49 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Nitro PDF
    2012-06-08 22:06 - 2012-06-08 22:06 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\LolClient2
    2012-06-08 21:47 - 2011-11-11 12:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-06-08 21:25 - 2012-06-08 21:25 - 00000000 ____D C:\Program Files (x86)\Pando Networks
    2012-06-06 19:01 - 2011-11-13 13:01 - 00000000 ____D C:\Program Files\Waterfox
    2012-05-29 09:32 - 2011-11-15 02:40 - 00000000 ____D C:\Users\Daniel\AppData\Local\Last.fm
    2012-05-29 06:19 - 2012-05-29 06:14 - 00002310 ___AH C:\Windows\Sandboxie.ini
    2012-05-29 06:19 - 2009-07-13 19:20 - 00000000 __AHD C:\Windows
    2012-05-29 06:15 - 2012-05-29 06:15 - 00000000 ___RD C:\Sandbox
    2012-05-29 06:14 - 2012-05-29 06:13 - 00000000 ____D C:\Program Files\Sandboxie
    2012-05-29 05:53 - 2012-05-29 05:42 - 00000000 ____D C:\Program Files (x86)\AutoHotKey
    2012-05-29 05:42 - 2012-05-29 05:35 - 00000000 ___HD C:\Windows\ShellNew
    2012-05-29 05:36 - 2012-05-29 05:36 - 00000295 ____A C:\Users\Daniel\SciTE.session
    2012-05-29 05:36 - 2011-11-11 12:27 - 00000000 ____D C:\users\Daniel
    2012-05-29 05:35 - 2012-05-29 05:34 - 00000000 ____D C:\Program Files (x86)\AutoIt
    2012-05-28 20:43 - 2012-03-18 02:56 - 00000000 ____D C:\Users\Daniel\Documents\NVStereoscopic3D.LOG
    2012-05-26 14:00 - 2012-04-21 05:02 - 00000000 ____D C:\Users\Daniel\AppData\Local\ElevatedDiagnostics
    2012-05-25 17:51 - 2012-05-25 17:50 - 00000000 ____D C:\Program Files (x86)\D3DOverrider
    2012-05-20 18:13 - 2012-04-08 13:07 - 00000000 ___HD C:\Windows\Minidump
    2012-05-20 18:12 - 2012-05-20 18:09 - 537704890 ___AH C:\Windows\MEMORY.DMP
    2012-05-20 18:09 - 2012-05-20 18:09 - 00262144 ___AH C:\Windows\Minidump\052112-12074-01.dmp
    2012-05-18 07:55 - 2012-05-18 07:55 - 00262144 ___AH C:\Windows\Minidump\051812-12698-01.dmp
    2012-05-18 07:55 - 2010-11-20 19:47 - 00042448 ___AH C:\Windows\PFRO.log
    2012-05-18 07:51 - 2012-05-18 07:51 - 00262144 ___AH C:\Windows\Minidump\051812-11544-01.dmp
    2012-05-18 07:50 - 2012-05-18 07:50 - 00262144 ___AH C:\Windows\Minidump\051812-11590-01.dmp
    2012-05-18 06:35 - 2012-04-08 13:08 - 00419488 ___AH (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-05-18 06:35 - 2011-11-13 18:32 - 00070304 ___AH (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-05-18 06:33 - 2012-05-18 06:33 - 00262144 ___AH C:\Windows\Minidump\051812-11934-01.dmp
    2012-05-16 19:47 - 2012-05-16 19:47 - 00000000 ____D C:\Users\All Users\Battle.net
    2012-05-10 08:22 - 2012-05-10 08:22 - 00000000 ____D C:\Program Files (x86)\Xlive Begone
    2012-05-09 05:49 - 2012-05-09 05:44 - 00000000 ____D C:\Users\Daniel\AppData\Local\PokerStars.EU
    2012-05-09 05:49 - 2012-05-09 05:44 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU
    2012-05-09 00:34 - 2012-05-09 00:34 - 00000000 ____D C:\Program Files (x86)\VirtualDub
    2012-05-08 23:35 - 2011-11-22 08:25 - 00000000 ____D C:\Program Files (x86)\SpeedFan
    2012-05-08 12:41 - 2012-03-17 04:48 - 00000000 ____D C:\Users\Daniel\AppData\Local\Microsoft Game Studios
    2012-05-08 12:41 - 2011-11-28 13:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    2012-05-08 12:41 - 2011-11-13 18:00 - 00336967 ___AH C:\Windows\DirectX.log
    2012-05-08 12:41 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2012-05-08 12:39 - 2012-03-17 04:48 - 00000000 ____D C:\Users\All Users\Microsoft Games
    2012-05-08 12:38 - 2012-03-17 04:47 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft Game Studios
    2012-05-06 09:27 - 2012-05-06 09:25 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\calibre
    2012-05-06 09:25 - 2012-05-06 09:25 - 00000000 ____D C:\Program Files (x86)\Calibre2
    2012-05-06 09:16 - 2012-05-04 13:09 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Mobipocket
    2012-05-04 13:09 - 2012-05-04 13:09 - 00000000 ____D C:\Program Files (x86)\Mobipocket.com
    2012-05-04 12:23 - 2012-05-04 12:23 - 00000000 ____D C:\Users\Daniel\AppData\Local\Unity
    2012-05-03 10:56 - 2012-05-03 10:56 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\cYo
    2012-05-03 10:56 - 2012-05-03 10:56 - 00000000 ____D C:\Users\Daniel\AppData\Local\cYo
    2012-05-03 10:56 - 2012-05-03 10:56 - 00000000 ____D C:\Program Files\ComicRack
    2012-05-03 10:54 - 2012-05-03 10:50 - 00000000 ____D C:\Program Files (x86)\ComicRack
    2012-05-03 10:27 - 2012-05-01 07:41 - 00001377 ____A C:\Users\Daniel\Desktop\CWM.lnk
    2012-05-01 06:09 - 2012-04-28 11:50 - 00000000 ____D C:\Program Files (x86)\Complex Working Memory
    2012-04-30 13:40 - 2012-01-23 09:21 - 00001042 ____A C:\Users\Daniel\AppData\Roaming\coreavc.ini
    2012-04-30 08:07 - 2012-04-30 08:07 - 00000000 ___HD C:\Windows\RazorDOX
    2012-04-30 07:53 - 2012-04-09 15:25 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\NVIDIA
    2012-04-30 04:03 - 2012-04-28 11:51 - 00000000 ____D C:\Users\Daniel\.idlerc
    2012-04-28 12:32 - 2012-04-28 12:32 - 00000000 ___AH C:\Windows\System32\.CWMlog
    2012-04-28 12:08 - 2012-04-28 11:47 - 00000000 ____D C:\Program Files\Python
    2012-04-28 10:19 - 2012-04-20 05:11 - 00283304 ___AH C:\Windows\SysWOW64\PnkBstrB.exe
    2012-04-28 10:19 - 2012-04-07 18:55 - 00283304 ___AH C:\Windows\SysWOW64\PnkBstrB.xtr
    2012-04-25 15:19 - 2012-04-07 09:23 - 00283304 ___AH C:\Windows\SysWOW64\PnkBstrB.ex0
    2012-04-25 13:46 - 2012-04-25 13:46 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
    2012-04-25 13:46 - 2012-04-10 04:42 - 00000000 ____D C:\Users\All Users\Hi-Rez Studios
    2012-04-21 00:43 - 2012-04-21 00:43 - 00000000 ____D C:\Users\All Users\ESET
    2012-04-21 00:43 - 2011-11-11 14:28 - 00000000 ____D C:\Program Files\ESET
    2012-04-21 00:37 - 2012-04-21 00:37 - 00002324 ___AH C:\Windows\epplauncher.mif
    2012-04-20 13:10 - 2012-04-20 05:23 - 00000000 ____D C:\Users\Daniel\AppData\Local\ESN Sonar
    2012-04-20 07:54 - 2012-04-20 07:54 - 00000000 ____D C:\Users\Daniel\AppData\Local\Realmware
    2012-04-20 07:54 - 2012-04-20 07:53 - 00000000 ____D C:\Program Files (x86)\BF3 Settings Editor
    2012-04-20 05:26 - 2012-04-20 05:11 - 00076888 ___AH C:\Windows\SysWOW64\PnkBstrA.exe
    2012-04-20 05:13 - 2012-04-20 05:12 - 00000000 ____D C:\Program Files (x86)\Punkbuster
    2012-04-20 05:13 - 2012-04-07 18:55 - 00000000 ____D C:\Users\Daniel\AppData\Local\PunkBuster
    2012-04-20 04:54 - 2012-04-20 04:52 - 00000000 ____D C:\Program Files (x86)\BF3 Browser Utility
    2012-04-20 04:53 - 2012-04-20 04:53 - 00000000 ____D C:\Users\Daniel\AppData\Local\BF3Browser
    2012-04-20 03:19 - 2012-04-20 03:03 - 00000000 ____D C:\Users\All Users\EA Logs
    2012-04-20 03:10 - 2012-04-20 03:10 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
    2012-04-20 03:03 - 2012-04-20 03:03 - 00000000 ____D C:\Users\All Users\EA Core
    2012-04-20 03:03 - 2012-04-20 01:32 - 00000000 ____D C:\Users\All Users\Origin
    2012-04-20 03:03 - 2012-04-20 01:32 - 00000000 ____D C:\Users\All Users\Electronic Arts
    2012-04-20 01:34 - 2012-04-20 01:33 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Origin
    2012-04-20 01:34 - 2012-04-20 01:32 - 00000000 ____D C:\Program Files (x86)\Origin
    2012-04-20 01:33 - 2012-04-20 01:33 - 00000000 ____D C:\Users\Daniel\AppData\Local\Origin
    2012-04-20 01:33 - 2012-04-20 01:32 - 00001048 ___AH C:\Windows\KB893803v2.log
    2012-04-20 01:32 - 2012-04-20 01:32 - 00000000 ____D C:\Program Files (x86)\Origin Games
    2012-04-19 03:59 - 2012-04-19 03:59 - 00000000 ____D C:\Users\All Users\ProcessLasso
    2012-04-19 03:45 - 2012-04-19 03:45 - 00000000 ____D C:\Users\Daniel\AppData\Local\BF3_Config_Utility
    2012-04-19 03:45 - 2012-04-19 03:45 - 00000000 ____D C:\Program Files (x86)\BF3 Config Utility
    2012-04-16 07:05 - 2012-04-16 07:05 - 00000000 ____D C:\Users\All Users\AVS4YOU
    2012-04-16 07:05 - 2012-04-16 07:05 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
    2012-04-16 07:05 - 2012-04-16 07:03 - 00000000 ____D C:\Program Files (x86)\ePub to txt
    2012-04-15 14:12 - 2012-04-15 14:12 - 00000000 ____D C:\Users\Daniel\AppData\Local\Apple Computer
    2012-04-10 20:12 - 2012-04-10 20:12 - 02884096 ___AH (Python Software Foundation) C:\Windows\System32\python32.dll
    2012-04-10 10:24 - 2012-04-10 10:24 - 00000000 ____D C:\Users\Daniel\AppData\Local\Chromium
    2012-04-09 23:57 - 2012-04-09 23:57 - 00254287 ___AH C:\Windows\QLPrism Uninstaller.exe
    2012-04-09 14:15 - 2012-04-09 14:15 - 00191264 ___AH (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
    2012-04-09 14:15 - 2012-04-09 14:15 - 00172320 ___AH (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
    2012-04-09 14:15 - 2012-04-09 14:15 - 00172320 ___AH (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
    2012-04-09 14:15 - 2012-04-09 14:15 - 00000000 ____D C:\Program Files\Java
    2012-04-09 14:15 - 2011-11-13 18:36 - 00525544 ___AH (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
    2012-04-09 10:25 - 2012-04-08 13:28 - 00000000 ___HD C:\Windows\SysWOW64\NV
    2012-04-09 10:25 - 2012-04-08 13:28 - 00000000 ___HD C:\Windows\System32\NV
    2012-04-09 05:42 - 2011-11-13 12:51 - 00000000 ____D C:\Program Files\Windows Loader
    2012-04-08 13:27 - 2012-04-08 13:27 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
    2012-04-08 13:27 - 2012-04-08 13:27 - 00000000 ____D C:\users\UpdatusUser
    2012-04-08 13:27 - 2012-04-08 13:26 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2012-04-08 13:27 - 2012-04-08 13:20 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2012-04-08 13:27 - 2009-07-13 19:20 - 00000000 ___RD C:\Users
    2012-04-08 13:26 - 2012-04-08 13:26 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
    2012-04-08 13:26 - 2012-04-08 13:20 - 00000000 ____D C:\NVIDIA
    2012-04-08 13:26 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\Help
    2012-04-07 09:24 - 2012-04-07 09:24 - 00000000 ___HD C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
    2012-04-05 11:44 - 2012-04-05 11:44 - 00502687 ____N C:\Windows\Minidump\040912-10545-01.dmp
    2012-04-02 05:16 - 2012-04-02 05:16 - 00060931 ____A C:\Users\Daniel\Desktop\pdf.jsf.pdf
    2012-03-27 02:49 - 2011-12-03 05:22 - 00000000 ____D C:\Program Files\Dolphin Emulator

    ZeroAccess:
    C:\Windows\Installer\{009c1d14-e59a-6cdd-09ca-79a75a80de5a}
    C:\Windows\Installer\{009c1d14-e59a-6cdd-09ca-79a75a80de5a}\@
    C:\Windows\Installer\{009c1d14-e59a-6cdd-09ca-79a75a80de5a}\L
    C:\Windows\Installer\{009c1d14-e59a-6cdd-09ca-79a75a80de5a}\U
    C:\Windows\Installer\{009c1d14-e59a-6cdd-09ca-79a75a80de5a}\U\00000004.@
    C:\Windows\Installer\{009c1d14-e59a-6cdd-09ca-79a75a80de5a}\U\000000cb.@
    C:\Windows\Installer\{009c1d14-e59a-6cdd-09ca-79a75a80de5a}\U\80000032.@

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 9%
    Total physical RAM: 8103.52 MB
    Available physical RAM: 7357.22 MB
    Total Pagefile: 8101.72 MB
    Available Pagefile: 7363.72 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: (SYSTEM) (Fixed) (Total:119.02 GB) (Free:23.06 GB) NTFS
    2 Drive d: (Setit 2) (Fixed) (Total:2794.39 GB) (Free:1295.08 GB) NTFS
    3 Drive e: (Setit) (Fixed) (Total:1397.26 GB) (Free:286.29 GB) NTFS
    4 Drive f: (Anime) (Fixed) (Total:465.76 GB) (Free:208.75 GB) NTFS
    6 Drive h: (ZEN Stone) (Removable) (Total:0.92 GB) (Free:0.82 GB) FAT32
    7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 119 GB 3072 KB *
    Disk 1 Online 2794 GB 2048 KB *
    Disk 2 Online 465 GB 1024 KB
    Disk 3 Online 1397 GB 0 B
    Disk 4 Online 944 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 System (partition with boot components) 100 MB 1024 KB
    Partition 2 Reserved 128 MB 101 MB
    Partition 3 Primary 119 GB 232 MB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
    Hidden : Yes
    Required: No
    Attrib : 0X8000000000000000

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 ESP FAT32 Partition 100 MB Healthy Hidden

    ======================================================================================================

    Disk: 0
    Partition 2
    Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
    Hidden : Yes
    Required: No
    Attrib : 0X8000000000000000

    There is no volume associated with this partition.

    ======================================================================================================

    Disk: 0
    Partition 3
    Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Hidden : No
    Required: No
    Attrib : 0000000000000000

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C SYSTEM NTFS Partition 119 GB Healthy

    ======================================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Reserved 128 MB 17 KB
    Partition 2 Primary 2794 GB 128 MB

    ======================================================================================================

    Disk: 1
    Partition 1
    Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
    Hidden : Yes
    Required: No
    Attrib : 0000000000000000

    There is no volume associated with this partition.

    ======================================================================================================

    Disk: 1
    Partition 2
    Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Hidden : No
    Required: No
    Attrib : 0000000000000000

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D Setit 2 NTFS Partition 2794 GB Healthy

    ======================================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 0 Extended 465 GB 31 KB
    Partition 1 Logical 465 GB 63 KB

    ======================================================================================================

    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F Anime NTFS Partition 465 GB Healthy

    ======================================================================================================

    Partitions of Disk 3:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1397 GB 1024 KB

    ======================================================================================================

    Disk: 3
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 E Setit NTFS Partition 1397 GB Healthy

    ======================================================================================================

    Partitions of Disk 4:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 944 MB 24 KB

    ======================================================================================================

    Disk: 4
    Partition 1
    Type : 0B
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 H ZEN Stone FAT32 Removable 944 MB Healthy

    ======================================================================================================

    ==========================================================

    Last Boot: 2012-06-17 16:15

    ======================= End Of Log ==========================
  4. ferom

    ferom Newcomer, in training Topic Starter

    So I took the liberty of performing a search with frst on services.exe, seeing as that's where the problem is according to frst log. I hope that's what I was supposed to do.

    Farbar Recovery Scan Tool Version: 17-06-2012 04
    Ran by SYSTEM at 2012-06-21 00:10:37
    Running from H:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ___AH (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ___AH (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    ====== End Of Search ======
  5. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    See if you can boot normally.

    If so....

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

    Attached Files:

  6. ferom

    ferom Newcomer, in training Topic Starter

    Nod32 doesn't detect anything anymore and windows seems to be working properly. Here is the fixlog:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 17-06-2012 04
    Ran by SYSTEM at 2012-06-21 03:23:39 Run:1
    Running from H:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\Installer\{009c1d14-e59a-6cdd-09ca-79a75a80de5a} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====

    And here's the combolog, sorry, it's in finnish:

    ComboFix 12-06-20.02 - Daniel 21.06.2012 3:40.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.358.1033.18.8104.6657 [GMT 3:00]
    Sijainti: c:\users\Daniel\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Uusi palautuspiste luotu
    .
    .
    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\lol
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.25\Archive_87881648.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.25\Archive_87881648.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.26\Archive_87881632.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.26\Archive_87881632.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.28\Archive_87881600.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.28\Archive_87881600.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.30\Archive_87880704.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.30\Archive_87880704.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.31\Archive_87880816.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.31\Archive_87880816.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.32\Archive_87880800.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.32\Archive_87880800.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.33\Archive_87880784.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.33\Archive_87880784.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.34\Archive_87880768.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.34\Archive_87880768.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.35\Archive_87880880.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.35\Archive_87880880.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.36\Archive_87880864.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.36\Archive_87880864.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.37\Archive_87880848.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.37\Archive_87880848.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.38\Archive_87880832.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.38\Archive_87880832.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.40\Archive_87880960.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.40\Archive_87880960.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.41\Archive_87881072.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.41\Archive_87881072.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.43\Archive_87881040.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.43\Archive_87881040.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.44\Archive_87881024.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.44\Archive_87881024.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.45\Archive_87881136.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.45\Archive_87881136.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.47\Archive_87881104.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.47\Archive_87881104.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.48\Archive_87881088.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.48\Archive_87881088.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.50\Archive_87882240.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.50\Archive_87882240.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.52\Archive_87882336.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.52\Archive_87882336.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.53\Archive_87882320.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.53\Archive_87882320.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.54\Archive_87882304.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.54\Archive_87882304.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.55\Archive_87882416.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.55\Archive_87882416.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.56\Archive_87882400.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.56\Archive_87882400.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.57\Archive_87882384.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.57\Archive_87882384.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.59\Archive_87882480.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.59\Archive_87882480.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.60\Archive_87882496.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.60\Archive_87882496.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.62\Archive_87882592.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.62\Archive_87882592.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.63\Archive_87882576.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.63\Archive_87882576.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.64\Archive_87882560.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.64\Archive_87882560.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.65\Archive_87882672.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.65\Archive_87882672.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.65\DATA\Characters\Gangplank\ToySoldierGangplank.manifest
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.66\Archive_87882656.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.66\Archive_87882656.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.67\Archive_87882640.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.67\Archive_87882640.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.68\Archive_87882624.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.68\Archive_87882624.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.70\Archive_87881728.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.70\Archive_87881728.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.71\Archive_87881840.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.71\Archive_87881840.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.72\Archive_87881824.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.72\Archive_87881824.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.73\Archive_87881808.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.73\Archive_87881808.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.75\Archive_87881904.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.75\Archive_87881904.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.77\Archive_87881872.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.77\Archive_87881872.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.78\Archive_87881856.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.78\Archive_87881856.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.79\Archive_87881968.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.79\Archive_87881968.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.80\Archive_87881984.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.80\Archive_87881984.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.82\Archive_87882080.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.82\Archive_87882080.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.84\Archive_87882048.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.84\Archive_87882048.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.87\Archive_87882128.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.87\Archive_87882128.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.88\Archive_87882112.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.88\Archive_87882112.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.89\Archive_87882224.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.89\Archive_87882224.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.90\Archive_87883264.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.90\Archive_87883264.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.91\Archive_87883376.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.91\Archive_87883376.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.93\Archive_87883344.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.93\Archive_87883344.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.95\Archive_87883440.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.95\Archive_87883440.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.96\Archive_87883424.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.96\Archive_87883424.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.97\Archive_87883408.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.97\Archive_87883408.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.98\Archive_105172112.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.98\Archive_105172112.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.99\Archive_105172192.raf
    c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.99\Archive_105172192.raf.dat
    c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\championIndicators_IC.dds
    c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\ChannelBar_I3.dds
    c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\ChannelBar_I6.dds
    c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\CharacterInfo_I10.dds
    c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\CharacterInfo_I44.dds
    c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\CharacterInfo_I46.dds
    c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\CharacterInfo_I53.dds
    c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\DeathRecap_I15.dds
    c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\DeathRecap_I23.dds
    c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\DeathRecap_I2E.dds
    c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\DeathRecap_I30.dds
    c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\DeathRecap_I31.dds
    c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\healthbarsColorblind.tga
    c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\healthbarsDefault.tga
    c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\healthbarsHighlight.tga
    c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\HUDAtlas.tga
    c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\Scoreboard_I3C.dds
    c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\Scoreboard_IE.dds
    c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Elements\ChampionLeft.ini
    c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Elements\ElementsMainListing.ini
    c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Elements\MinimapRight.ini
    c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Elements\OptionsClusterRight.ini
    c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Elements\TitanBar.ini
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\.laststate.rmproj
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.25_DATA_Menu_championIndicators_IC.dds
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.25_DATA_Menu_CharacterInfo_I10.dds
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.25_DATA_Menu_CharacterInfo_I44.dds
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.25_DATA_Menu_CharacterInfo_I46.dds
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.25_DATA_Menu_CharacterInfo_I53.dds
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.25_DATA_Menu_DeathRecap_I15.dds
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.25_DATA_Menu_DeathRecap_I23.dds
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.25_DATA_Menu_DeathRecap_I2E.dds
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.25_DATA_Menu_DeathRecap_I30.dds
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.25_DATA_Menu_DeathRecap_I31.dds
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.43_DATA_Menu_ChannelBar_I3.dds
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.43_DATA_Menu_ChannelBar_I6.dds
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.43_DATA_Menu_Scoreboard_IE.dds
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.45_DATA_Menu_Scoreboard_I3C.dds
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.62_DATA_Images_healthbarsColorblind.tga
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.62_DATA_Images_healthbarsDefault.tga
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.87_DATA_Images_healthbarsHighlight.tga
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.95_DATA_Menu_HUD_Elements_ChampionLeft.ini
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.95_DATA_Menu_HUD_Elements_ElementsMainListing.ini
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.95_DATA_Menu_HUD_Elements_MinimapRight.ini
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.95_DATA_Menu_HUD_Elements_OptionsClusterRight.ini
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.95_DATA_Menu_Textures_HUDAtlas.tga
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.98_DATA_Menu_HUD_Elements_TitanBar.ini
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\Be.Windows.Forms.HexBox.dll
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\DDSViewer.exe
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\DokanNet.dll
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\RAFLib.dll
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\RAFManager.exe
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\RAFManagerScriptEditor.exe
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\RAFMount.exe
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\README.txt
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\rmconfig.ini
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\temp-1338176634779.38.dds
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\update.exe
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\wGUI.dll
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\wLib.dll
    c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\zlib.net.dll
    c:\program files (x86)\lol\Foxe UI_V1\READ ME.txt
    c:\program files (x86)\lol\Foxe_UI_V1.zip
    c:\users\Daniel\AppData\Local\Temp\1043217012.tmp
    c:\users\Daniel\AppData\Local\Temp\1408510893.tmp
    c:\users\Daniel\AppData\Local\Temp\238043580.tmp
    c:\users\Daniel\AppData\Local\Temp\239808685.tmp
    c:\users\Daniel\AppData\Local\Temp\2638419767.tmp
    c:\users\Daniel\AppData\Local\Temp\2660727969.tmp
    c:\users\Daniel\AppData\Local\Temp\37011097.tmp
    c:\users\Daniel\AppData\Local\Temp\547627042.tmp
    c:\users\Daniel\AppData\Local\Temp\908612944.tmp
    c:\windows\assembly\GAC_32\Desktop.ini
    c:\windows\assembly\GAC_64\Desktop.ini
    c:\windows\RazorDOX
    c:\windows\RazorDOX\RazorDOX.dll
    c:\windows\RazorDOX\RazorDOX.ini
    c:\windows\system32\wbem\Performance\WmiApRpl_new.ini
    .
    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-05-21 to 2012-06-21 )))))))))))))))))
    .
    .
    2012-06-21 00:42 . 2012-06-21 00:44 -------- d-----w- c:\users\Daniel\AppData\Local\temp
    2012-06-21 00:42 . 2012-06-21 00:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-06-21 00:42 . 2012-06-21 00:42 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-19 15:34 . 2012-06-20 20:05 -------- d-----w- C:\FRST
    2012-06-19 14:48 . 2012-06-19 14:48 -------- d-----w- c:\program files\Farbar Recovery Scan Tool
    2012-06-19 14:22 . 2012-06-19 14:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-06-19 14:21 . 2012-06-19 14:22 -------- d-----w- c:\program files (x86)\Spy Bot
    2012-06-19 13:39 . 2012-06-21 00:42 1373744 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2012-06-19 13:18 . 2012-06-19 13:18 -------- d-----w- c:\users\Daniel\AppData\Local\ESET
    2012-06-19 00:19 . 2012-06-19 00:19 -------- d-----w- c:\users\Daniel\AppData\Local\Zachtronics Industries
    2012-06-09 06:06 . 2012-06-09 06:06 -------- d-----w- c:\users\Daniel\AppData\Roaming\LolClient2
    2012-06-09 05:48 . 2008-07-12 05:18 467984 ---ha-w- c:\windows\SysWow64\d3dx10_39.dll
    2012-06-09 05:48 . 2008-07-12 05:18 3851784 ---ha-w- c:\windows\SysWow64\D3DX9_39.dll
    2012-06-09 05:48 . 2008-07-12 05:18 1493528 ---ha-w- c:\windows\SysWow64\D3DCompiler_39.dll
    2012-06-09 05:25 . 2012-06-19 00:20 -------- d-----w- c:\users\Daniel\AppData\Local\PMB Files
    2012-06-09 05:25 . 2012-06-19 00:20 -------- d-----w- c:\programdata\PMB Files
    2012-06-09 05:25 . 2012-06-09 05:25 -------- d-----w- c:\program files (x86)\Pando Networks
    2012-05-29 14:15 . 2012-05-29 14:15 -------- d-----r- C:\Sandbox
    2012-05-29 14:13 . 2012-05-29 14:14 -------- d-----w- c:\program files\Sandboxie
    2012-05-29 13:42 . 2012-05-29 13:53 -------- d-----w- c:\program files (x86)\AutoHotKey
    2012-05-29 13:35 . 2012-05-29 13:42 -------- d--h--w- c:\windows\ShellNew
    2012-05-29 13:34 . 2012-05-29 13:35 -------- d-----w- c:\program files (x86)\AutoIt
    2012-05-26 01:50 . 2012-05-26 01:51 -------- d-----w- c:\program files (x86)\D3DOverrider
    .
    .
    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-18 14:35 . 2012-04-08 21:08 419488 ---ha-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-18 14:35 . 2011-11-14 02:32 70304 ---ha-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-08 20:45 . 2009-08-18 09:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
    2012-05-08 20:45 . 2009-08-18 08:24 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-04-28 18:19 . 2012-04-20 13:11 283304 ---ha-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-04-28 18:19 . 2012-04-08 02:55 283304 ---ha-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-04-25 23:19 . 2012-04-07 17:23 283304 ---ha-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-04-20 13:26 . 2012-04-20 13:11 76888 ---ha-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-04-11 04:12 . 2012-04-11 04:12 2884096 ---ha-w- c:\windows\system32\python32.dll
    2012-04-10 07:57 . 2012-04-10 07:57 254287 ---ha-w- c:\windows\QLPrism Uninstaller.exe
    2012-04-09 22:15 . 2011-11-14 02:36 525544 ---ha-w- c:\windows\system32\deployJava1.dll
    .
    .
    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2011-10-02 2456992]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
    "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-05-28 694032]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
    "CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]
    "Spawn Gaming Mouse"="c:\program files (x86)\CM Storm\Spawn Gaming Mouse\Spawn_Icon.exe" [2010-12-15 135168]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-11-14 576000]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
    R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
    R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
    R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
    R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [x]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
    R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    R3 se64a;EnTech softEngine;c:\windows\system32\drivers\se64a.sys [2007-05-03 14032]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-11-13 79360]
    R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-13 79360]
    R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
    R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
    R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
    S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
    S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [x]
    S2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe [2011-04-20 55296]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
    S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
    S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-04-05 8704]
    S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-03-21 341312]
    S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-03-21 68928]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-05-30 3048136]
    S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
    S3 AsrVDrive;AsrVDrive;c:\windows\system32\DRIVERS\AsrVDrive.sys [x]
    S3 BMDDeckLinkAudio;BMDDeckLinkAudio;c:\windows\system32\DRIVERS\deckaud.sys [x]
    S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
    S3 DeckLink;DeckLink;c:\windows\system32\DRIVERS\Intensity.sys [x]
    S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys [x]
    S3 RTCore64;RTCore64;c:\users\Daniel\Desktop\Overclocking & Benching\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
    .
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a606066-5402-11e1-9427-002522e8d644}]
    \shell\AutoRun\command - E:\Startup.exe
    .
    'Ajoitetut tehtävät'-kansion sisältö
    .
    2011-11-15 c:\windows\Tasks\DriverScanner.job
    - c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2011-11-14 12:43]
    .
    2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4053938816-3849789182-2080245720-1000Core.job
    - c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 23:10]
    .
    2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4053938816-3849789182-2080245720-1000UA.job
    - c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 23:10]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Täydentävä tarkistus -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    TCP: DhcpNameServer = 193.229.0.40 193.229.0.42
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\eadrinfr.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.reddit.com/
    .
    .
    ------- Tiedostokytkennät -------
    .
    .txt=GetDiz.TextFile
    .
    - - - - POISTETUT JÄMÄRIVIT - - - -
    .
    Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
    Wow6432Node-HKCU-Run-ASRockXTU - (no file)
    AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp Ogg Vorbis aoTuV Encoder - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
    .
    .
    .
    --------------------- LUKITUT REKISTERIAVAIMET ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Muut prosessit ------------------------
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\users\Daniel\Desktop\Overclocking & Benching\MSI Afterburner\MSIAfterburner.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    .
    **************************************************************************
    .
    Valmistumisajankohta: 2012-06-21 03:45:01 - kone käynnistettiin uudelleen
    ComboFix-quarantined-files.txt 2012-06-21 00:45
    .
    Ennen ajoa: 16 676 188 160 bytes free
    Ajon jälkeen: 16 789 413 888 bytes free
    .
    - - End Of File - - 7B148D8A5F604D249FE418F9904F9DD9
  7. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    Looks good :)

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  8. ferom

    ferom Newcomer, in training Topic Starter

    No issues as far as I can detect.

    Extras:
    OTL Extras logfile created on: 21.6.2012 4:07:32 - Run 1
    OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Daniel\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 0000040b | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

    7,91 Gb Total Physical Memory | 6,49 Gb Available Physical Memory | 82,05% Memory free
    8,66 Gb Paging File | 7,24 Gb Available in Paging File | 83,63% Paging File free
    Paging file location(s): c:\pagefile.sys 768 768 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 119,02 Gb Total Space | 15,71 Gb Free Space | 13,20% Space Free | Partition Type: NTFS
    Drive E: | 3,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
    Drive G: | 943,73 Mb Total Space | 840,02 Mb Free Space | 89,01% Space Free | Partition Type: FAT32
    Drive X: | 1397,26 Gb Total Space | 286,29 Gb Free Space | 20,49% Space Free | Partition Type: NTFS
    Drive Y: | 2794,39 Gb Total Space | 1302,57 Gb Free Space | 46,61% Space Free | Partition Type: NTFS
    Drive Z: | 465,76 Gb Total Space | 208,75 Gb Free Space | 44,82% Space Free | Partition Type: NTFS

    Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    .ini[@ = GetDiz.IniFile] -- C:\Program Files (x86)\GetDiz\GetDiz.exe (Outertech - http://outertech.com)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    .txt[@ = GetDiz.TextFile] -- C:\Program Files (x86)\GetDiz\GetDiz.exe (Outertech - http://outertech.com)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    .ini [@ = GetDiz.IniFile] -- C:\Program Files (x86)\GetDiz\GetDiz.exe (Outertech - http://outertech.com)
    .txt [@ = GetDiz.TextFile] -- C:\Program Files (x86)\GetDiz\GetDiz.exe (Outertech - http://outertech.com)

    [HKEY_USERS\S-1-5-21-4053938816-3849789182-2080245720-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Waterfox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
    http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_curses-py3.2" = Python 3.2 _curses-2.2
    "{0122EDA0-52FC-4EC2-9A31-A2A757A7D40E}" = BF3 Settings Editor
    "{10E5F3FF-AD93-40C5-A0F5-13B9185DBB12}" = ESET NOD32 Antivirus
    "{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{5FDC360A-DCA7-488D-B744-69CA5DF5C883}" = Nitro PDF Professional
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.5
    "{789C9644-9F82-44d3-B4CA-AC31F46F5883}" = Python 3.2.3 (64-bit)
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{BAF9E4D0-F3D1-4355-B973-1384CDF1941C}" = Hex Workshop v6.6
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "ASRock 3TB+ Unlocker_is1" = ASRock 3TB+ Unlocker v1.0
    "ASRock App Charger_is1" = ASRock App Charger v1.0.4
    "ComicRack" = ComicRack v0.9.154
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
    "Explorer Suite_is1" = Explorer Suite III
    "iuVCS x64_is1" = iuVCS x64
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Sandboxie" = Sandboxie 3.70 (64-bit)
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "UDK-0a1b0637-062a-4988-95d9-cbd8b129aaf7" = My Game Long Name
    "Waterfox 13.0 (x64 en-US)" = Waterfox 13.0 (x64 en-US)
    "WinRAR archiver" = WinRAR 4.01 (64-bit)
    "XFast LAN" = XFast LAN v6.61

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{991D8429-CFD9-48D9-BD85-6EDD3007B5A9}" = Corel WinDVD Pro 11
    "{05366B44-A2DD-436C-AD1B-532156CCC619}_is1" = MiniTool Partition Wizard Professional Edition 5.2
    "{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}" = Adobe Flash Media Live Encoder 3.2
    "{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista
    "{0EBEAC4B-8222-4FBB-958D-88E9C68B18F0}" = Spawn Gaming Mouse
    "{1743DB16-33CD-4642-BCAC-22DC89992272}" = Wirecast
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2E5C5BC1-9285-45DA-8885-29AFEA541C52}" = Setup
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
    "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend
    "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
    "{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
    "{5157A26D-28AF-4E96-99EE-25D510437653}_is1" = SpaceChem
    "{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
    "{5849AFE4-802B-4C4D-A79F-F988C2BB7A7F}" = Corel WinDVD
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7FF9A1CA-4BAA-4511-8DAE-16832C914034}" = Blackmagic Design Desktop Video
    "{82A34D1B-A36C-4B53-BFC8-2F3FDB32CFD9}" = IPM
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
    "{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
    "{915C56D7-1EFD-4BF3-9FBE-2B0D39F36525}" = calibre
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{991D8429-CFD9-48D9-BD85-6EDD3007B5A9}" = ICA
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B42A6552-1A83-4D79-9137-AB0C9036249A}" = Quake Live Mozilla Plugin
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
    "{C585E652-0CBC-4276-9FE7-047078677904}" = Blacklight Retribution
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins
    "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "AC3Filter_is1" = AC3Filter 1.63b
    "Afterburner" = MSI Afterburner 2.1.0
    "ALchemy" = Creative ALchemy
    "ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.110
    "ASRock InstantBoot_is1" = ASRock InstantBoot v1.29
    "AudioCS" = Creative Audio Control Panel
    "AutoHotkey" = AutoHotkey 1.0.48.05
    "AutoItv3" = AutoIt v3.3.8.1
    "AVS Document Converter_is1" = AVS Document Converter 2.1.2
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
    "B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.4.0
    "Battlelog Web Plugins" = Battlelog Web Plugins
    "Brain Workshop_is1" = Brain Workshop 4.8.1
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
    "Console Launcher" = Creative Console Launcher
    "CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
    "Creative Software AutoUpdate" = Creative Software AutoUpdate
    "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "dBpoweramp DSP Effects" = dBpoweramp DSP Effects
    "dBpoweramp Music Converter" = dBpoweramp Music Converter
    "dBpoweramp Ogg Vorbis aoTuV Encoder" = dBpoweramp Ogg Vorbis aoTuV Encoder
    "dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
    "Diablo.III.Collectors.Edition_is1" = Diablo.III.Collectors.Edition
    "Dolby Digital Live Pack" = Dolby Digital Live Pack
    "DTS Connect Pack" = DTS Connect Pack
    "Dxtory2.0_is1" = Dxtory 2.0.108
    "emWave PC2.2.3.4372" = emWave PC
    "ESN Sonar-0.70.4" = ESN Sonar
    "Fraps" = Fraps (remove only)
    "GetDiz" = GetDiz
    "Halo 2" = Halo 2 for Windows Vista
    "ImgBurn" = ImgBurn
    "InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
    "Kingdoms of Amalur Reckoning_is1" = Kingdoms of Amalur Reckoning
    "LastFM_is1" = Last.fm 1.5.4.27091
    "LogMeIn Hamachi" = LogMeIn Hamachi
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Monitor Asset Manager" = Monitor Asset Manager
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OpenAL" = OpenAL
    "Origin" = Origin
    "PokerStars.eu" = PokerStars.eu
    "PunkBusterSvc" = PunkBuster Services
    "pzizz" = pzizz
    "QLPrism" = QLPrism
    "ReClock" = ReClock
    "SpeedFan" = SpeedFan (remove only)
    "StarCraft II" = StarCraft II
    "TeamViewer 6" = TeamViewer 6
    "Trine 2_is1" = Trine 2
    "Unigine Heaven DX11 Benchmark 2.5_is1" = Unigine Heaven DX11 Benchmark 2.5 version 2.5
    "uTorrent" = µTorrent
    "Veetle Broadcaster" = Veetle Broadcaster 0.9.18
    "Winamp" = Winamp
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "XFast USB" = XFast USB

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4053938816-3849789182-2080245720-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Flux" = F.lux
    "Google Chrome" = Google Chrome
    "LastPass" = LastPass (uninstall only)
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 20.6.2012 20:28:52 | Computer Name = Daniel-PC | Source = Microsoft-Windows-LoadPerf | ID = 3013
    Description = Unable to update the performance counter strings defined for the 009
    language ID. The first DWORD in the Data section contains the error code.

    Error - 20.6.2012 20:28:52 | Computer Name = Daniel-PC | Source = Microsoft-Windows-LoadPerf | ID = 3009
    Description = Installing the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The first DWORD in the Data section contains the error code.

    Error - 20.6.2012 20:36:41 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 20.6.2012 20:39:25 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 20.6.2012 20:42:30 | Computer Name = Daniel-PC | Source = Microsoft-Windows-LoadPerf | ID = 3013
    Description = Unable to update the performance counter strings defined for the 009
    language ID. The first DWORD in the Data section contains the error code.

    Error - 20.6.2012 20:42:30 | Computer Name = Daniel-PC | Source = Microsoft-Windows-LoadPerf | ID = 3009
    Description = Installing the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The first DWORD in the Data section contains the error code.

    Error - 20.6.2012 20:45:43 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 20.6.2012 20:48:12 | Computer Name = Daniel-PC | Source = Microsoft-Windows-LoadPerf | ID = 3013
    Description = Unable to update the performance counter strings defined for the 009
    language ID. The first DWORD in the Data section contains the error code.

    Error - 20.6.2012 20:48:12 | Computer Name = Daniel-PC | Source = Microsoft-Windows-LoadPerf | ID = 3009
    Description = Installing the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The first DWORD in the Data section contains the error code.

    Error - 20.6.2012 20:49:38 | Computer Name = Daniel-PC | Source = Microsoft-Windows-LoadPerf | ID = 3013
    Description = Unable to update the performance counter strings defined for the 009
    language ID. The first DWORD in the Data section contains the error code.

    Error - 20.6.2012 20:49:38 | Computer Name = Daniel-PC | Source = Microsoft-Windows-LoadPerf | ID = 3009
    Description = Installing the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The first DWORD in the Data section contains the error code.

    [ System Events ]
    Error - 20.6.2012 20:38:22 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7031
    Description = The ESET Service service terminated unexpectedly. It has done this
    1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
    the service.

    Error - 20.6.2012 20:38:28 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7031
    Description = The ESET Service service terminated unexpectedly. It has done this
    2 time(s). The following corrective action will be taken in 0 milliseconds: Restart
    the service.

    Error - 20.6.2012 20:38:48 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7034
    Description = The Skype C2C Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 20.6.2012 20:39:21 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7031
    Description = The ESET Service service terminated unexpectedly. It has done this
    3 time(s). The following corrective action will be taken in 0 milliseconds: Restart
    the service.

    Error - 20.6.2012 20:40:43 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7034
    Description = The ASGT service terminated unexpectedly. It has done this 1 time(s).

    Error - 20.6.2012 20:41:46 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 20.6.2012 20:42:31 | Computer Name = Daniel-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 20.6.2012 20:43:02 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 20.6.2012 20:43:57 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 20.6.2012 20:49:07 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Provider
    Host service which failed to start because of the following error: %%1058


    < End of report >
  9. ferom

    ferom Newcomer, in training Topic Starter

    OTL:
    OTL logfile created on: 21.6.2012 4:07:32 - Run 1
    OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Daniel\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 0000040b | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

    7,91 Gb Total Physical Memory | 6,49 Gb Available Physical Memory | 82,05% Memory free
    8,66 Gb Paging File | 7,24 Gb Available in Paging File | 83,63% Paging File free
    Paging file location(s): c:\pagefile.sys 768 768 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 119,02 Gb Total Space | 15,71 Gb Free Space | 13,20% Space Free | Partition Type: NTFS
    Drive E: | 3,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
    Drive G: | 943,73 Mb Total Space | 840,02 Mb Free Space | 89,01% Space Free | Partition Type: FAT32
    Drive X: | 1397,26 Gb Total Space | 286,29 Gb Free Space | 20,49% Space Free | Partition Type: NTFS
    Drive Y: | 2794,39 Gb Total Space | 1302,57 Gb Free Space | 46,61% Space Free | Partition Type: NTFS
    Drive Z: | 465,76 Gb Total Space | 208,75 Gb Free Space | 44,82% Space Free | Partition Type: NTFS

    Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012.06.21 04:05:11 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
    PRC - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012.04.20 16:26:54 | 000,076,888 | -H-- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012.01.13 15:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011.09.22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    PRC - [2011.05.20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2011.05.20 11:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2011.04.20 19:08:06 | 000,055,296 | -H-- | M] () -- C:\Windows\SysWOW64\ASGT.exe
    PRC - [2011.03.21 12:17:56 | 000,068,928 | -H-- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
    PRC - [2011.02.22 13:14:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2011.02.22 13:14:34 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2011.02.15 14:20:22 | 000,364,544 | ---- | M] () -- C:\Users\Daniel\Desktop\Overclocking & Benching\MSI Afterburner\MSIAfterburner.exe
    PRC - [2010.12.15 19:07:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\CM Storm\Spawn Gaming Mouse\Spawn_Icon.exe
    PRC - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2010.02.12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    PRC - [2009.08.29 09:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Daniel\Local Settings\Apps\F.lux\flux.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012.03.12 13:19:11 | 000,491,520 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b57bd70800db9e03c97550eafc2306f0\IAStorUtil.ni.dll
    MOD - [2012.03.12 12:47:13 | 000,771,584 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
    MOD - [2012.03.12 12:46:57 | 012,433,408 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
    MOD - [2012.03.12 12:46:53 | 001,587,200 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
    MOD - [2012.03.12 12:46:46 | 003,347,968 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
    MOD - [2012.03.12 12:46:43 | 005,453,312 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
    MOD - [2012.03.12 12:46:41 | 000,971,264 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
    MOD - [2012.03.12 12:46:40 | 007,967,232 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
    MOD - [2011.11.14 02:51:16 | 000,014,336 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\91fa5cc7230b88e3e42b3bccd198f681\IAStorCommon.ni.dll
    MOD - [2011.11.14 02:51:02 | 011,490,304 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
    MOD - [2011.02.15 14:20:22 | 000,364,544 | ---- | M] () -- C:\Users\Daniel\Desktop\Overclocking & Benching\MSI Afterburner\MSIAfterburner.exe
    MOD - [2011.02.15 14:20:08 | 000,061,440 | ---- | M] () -- C:\Users\Daniel\Desktop\Overclocking & Benching\MSI Afterburner\RTMUI.dll
    MOD - [2011.02.15 14:20:02 | 000,278,528 | ---- | M] () -- C:\Users\Daniel\Desktop\Overclocking & Benching\MSI Afterburner\RTHAL.dll
    MOD - [2011.02.15 14:19:44 | 000,229,376 | ---- | M] () -- C:\Users\Daniel\Desktop\Overclocking & Benching\MSI Afterburner\RTCore.dll
    MOD - [2011.02.15 14:19:30 | 000,147,456 | ---- | M] () -- C:\Users\Daniel\Desktop\Overclocking & Benching\MSI Afterburner\RTUI.dll
    MOD - [2011.02.15 14:19:20 | 000,061,440 | ---- | M] () -- C:\Users\Daniel\Desktop\Overclocking & Benching\MSI Afterburner\RTFC.dll
    MOD - [2010.12.15 19:07:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\CM Storm\Spawn Gaming Mouse\Spawn_Icon.exe
    MOD - [2010.07.27 07:37:16 | 000,013,312 | ---- | M] () -- C:\Users\Daniel\Desktop\Overclocking & Benching\MSI Afterburner\RTTSH.dll
    MOD - [2009.08.29 09:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Daniel\Local Settings\Apps\F.lux\flux.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012.05.28 20:03:50 | 000,098,576 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
    SRV:64bit: - [2011.09.22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
    SRV:64bit: - [2011.07.04 16:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Disabled | Stopped] -- C:\Program Files\ASRock Utility\Xfast LAN\spd.exe -- (cFosSpeedS)
    SRV:64bit: - [2011.03.21 12:17:46 | 000,341,312 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe -- (NitroDriverReadSpool)
    SRV:64bit: - [2009.07.14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009.07.14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012.06.05 15:59:52 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012.04.20 16:26:54 | 000,076,888 | -H-- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012.04.05 15:50:08 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
    SRV - [2012.03.01 03:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011.11.14 01:38:18 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
    SRV - [2011.11.14 01:23:50 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2011.11.03 21:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
    SRV - [2011.08.15 17:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2011.05.20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2011.04.20 19:08:06 | 000,055,296 | -H-- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASGT.exe -- (ASGT)
    SRV - [2011.03.21 12:17:56 | 000,068,928 | -H-- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
    SRV - [2011.02.22 13:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2011.02.22 13:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2010.03.18 14:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2010.02.12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [2009.06.11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012.05.28 20:03:48 | 000,166,576 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
    DRV:64bit: - [2012.03.01 02:57:00 | 000,398,144 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
    DRV:64bit: - [2012.02.19 02:38:53 | 000,283,200 | -H-- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2012.01.17 15:45:56 | 000,188,224 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2011.12.10 16:24:08 | 000,023,152 | -H-- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011.11.13 23:46:00 | 000,032,320 | -H-- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
    DRV:64bit: - [2011.11.13 23:45:56 | 000,015,936 | -H-- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
    DRV:64bit: - [2011.11.03 09:41:36 | 000,328,192 | -H-- | M] (Blackmagic Design) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Intensity.sys -- (DeckLink)
    DRV:64bit: - [2011.11.03 09:34:12 | 000,018,432 | -H-- | M] (Blackmagic Design) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\deckaud.sys -- (BMDDeckLinkAudio)
    DRV:64bit: - [2011.08.31 20:53:22 | 012,306,848 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011.08.09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
    DRV:64bit: - [2011.08.04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
    DRV:64bit: - [2011.08.04 09:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
    DRV:64bit: - [2011.07.04 16:19:34 | 001,632,128 | -H-- | M] (cFos Software GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed) cFosSpeed for faster Internet connections (NDIS 6)
    DRV:64bit: - [2011.05.20 10:53:44 | 000,557,848 | -H-- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011.04.21 21:17:04 | 000,471,144 | -H-- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011.03.11 09:41:12 | 000,107,904 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011.03.11 09:41:12 | 000,027,008 | -H-- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011.03.04 17:00:14 | 000,390,632 | -H-- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
    DRV:64bit: - [2011.03.04 17:00:14 | 000,126,952 | -H-- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
    DRV:64bit: - [2011.01.26 18:11:04 | 000,023,048 | -H-- | M] (ASRock Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsrVDrive.sys -- (AsrVDrive)
    DRV:64bit: - [2010.11.21 06:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010.11.21 06:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010.11.21 06:23:48 | 000,117,248 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
    DRV:64bit: - [2010.11.21 06:23:48 | 000,088,960 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
    DRV:64bit: - [2010.11.21 06:23:48 | 000,071,168 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010.11.21 06:23:48 | 000,034,816 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2010.11.21 06:23:47 | 000,078,720 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010.11.21 06:23:47 | 000,031,232 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010.11.16 01:24:16 | 000,015,672 | -H-- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
    DRV:64bit: - [2010.11.09 16:35:24 | 000,021,992 | -H-- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
    DRV:64bit: - [2010.10.19 17:34:26 | 000,056,344 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010.10.15 02:28:16 | 000,317,440 | -H-- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2010.08.16 16:31:36 | 000,019,936 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
    DRV:64bit: - [2010.08.16 16:31:32 | 000,013,280 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
    DRV:64bit: - [2010.07.07 23:21:18 | 001,612,888 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
    DRV:64bit: - [2010.07.07 23:21:06 | 001,567,832 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
    DRV:64bit: - [2010.07.07 23:20:56 | 000,118,360 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
    DRV:64bit: - [2010.07.07 23:20:48 | 000,213,080 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV:64bit: - [2010.07.07 23:20:40 | 000,015,960 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV:64bit: - [2010.07.07 23:16:32 | 000,179,288 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
    DRV:64bit: - [2010.07.07 23:16:24 | 000,697,816 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
    DRV:64bit: - [2010.07.07 23:16:14 | 000,580,696 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
    DRV:64bit: - [2010.07.07 23:16:06 | 001,445,976 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
    DRV:64bit: - [2010.07.07 23:16:06 | 001,445,976 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
    DRV:64bit: - [2010.07.07 23:15:56 | 000,095,320 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
    DRV:64bit: - [2010.07.07 23:15:56 | 000,095,320 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
    DRV:64bit: - [2010.07.07 23:15:50 | 000,230,488 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
    DRV:64bit: - [2010.07.07 23:15:50 | 000,230,488 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
    DRV:64bit: - [2010.06.11 15:37:14 | 000,015,368 | -H-- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
    DRV:64bit: - [2009.12.30 12:21:26 | 000,031,800 | -H-- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
    DRV:64bit: - [2009.09.23 10:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009.07.14 04:52:20 | 000,194,128 | -H-- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009.07.14 04:48:04 | 000,065,600 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009.07.14 04:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2009.07.14 04:45:55 | 000,024,656 | -H-- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009.07.14 03:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
    DRV:64bit: - [2009.06.10 23:34:33 | 003,286,016 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009.06.10 23:34:28 | 000,468,480 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009.06.10 23:34:23 | 000,270,848 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009.06.10 23:31:59 | 000,031,232 | -H-- | M] (Hauppauge Computer Works, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009.02.24 19:35:44 | 000,255,552 | -H-- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
    DRV:64bit: - [2007.05.03 18:19:38 | 000,014,032 | -H-- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\se64a.sys -- (se64a)
    DRV - [2010.05.27 03:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Users\Daniel\Desktop\Overclocking & Benching\MSI Afterburner\RTCore64.sys -- (RTCore64)
    DRV - [2009.07.14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009.02.24 19:35:44 | 000,255,552 | -H-- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2007.05.03 18:19:38 | 000,014,032 | -H-- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\se64a.sys -- (se64a)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-4053938816-3849789182-2080245720-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.reddit.com/"
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.60818.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.60818.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.18: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012.04.21 11:43:04 | 000,000,000 | ---D | M]
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 13.0\extensions\\Components: C:\PROGRAM FILES\WATERFOX\COMPONENTS [2012.06.07 06:01:19 | 000,000,000 | ---D | M]
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 13.0\extensions\\Plugins: C:\PROGRAM FILES\WATERFOX\PLUGINS
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.04.21 11:43:04 | 000,000,000 | ---D | M]

    [2012.04.10 10:58:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions
    [2012.04.10 10:58:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions\prism@developer.mozilla.org
    [2012.06.19 12:11:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\eadrinfr.default\extensions
    [2012.06.02 04:50:34 | 000,000,000 | ---D | M] (8 Ultimo) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\eadrinfr.default\extensions\{2b6788a0-0ccd-11e1-be50-0800200c9a66}
    [2012.05.09 06:14:15 | 000,000,000 | ---D | M] (FT GraphiteGlow) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\eadrinfr.default\extensions\{99e34760-2754-11e0-91fa-0800200c9a66}
    [2012.05.18 05:58:11 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\eadrinfr.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2012.04.02 14:26:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\eadrinfr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2012.05.20 00:22:02 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\eadrinfr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2012.04.30 10:00:48 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\eadrinfr.default\extensions\FasterFox_Lite@BigRedBrent
    [2012.05.23 14:41:54 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\eadrinfr.default\extensions\foxyproxy@eric.h.jung
    [2012.06.19 12:11:15 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\eadrinfr.default\extensions\support@lastpass.com
    [2011.11.14 07:57:01 | 000,043,131 | ---- | M] () (No name found) -- C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EADRINFR.DEFAULT\EXTENSIONS\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.XPI
    [2012.06.13 07:00:05 | 000,525,301 | ---- | M] () (No name found) -- C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EADRINFR.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
    [2012.01.23 20:32:24 | 000,061,700 | ---- | M] () (No name found) -- C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EADRINFR.DEFAULT\EXTENSIONS\{CD617375-6743-4EE8-BAC4-FBF10F35729E}.XPI
    [2012.01.06 13:04:09 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EADRINFR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    [2012.02.12 05:56:06 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EADRINFR.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
    [2012.02.23 05:53:38 | 000,072,222 | ---- | M] () (No name found) -- C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EADRINFR.DEFAULT\EXTENSIONS\SKIPSCREEN@SKIPSCREEN.XPI
    [2012.03.24 06:03:36 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EADRINFR.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
    [2012.02.23 21:51:27 | 000,211,071 | ---- | M] () (No name found) -- C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EADRINFR.DEFAULT\EXTENSIONS\THEPIRATEBAY@MAFIAAFIRE.COM.XPI
  10. ferom

    ferom Newcomer, in training Topic Starter

    OTL continued:
    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
    CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.60818.0\npctrl.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Skype Click to Call = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10201_0\

    O1 HOSTS File: ([2012.06.21 03:44:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Spawn Gaming Mouse] C:\Program Files (x86)\CM Storm\Spawn Gaming Mouse\Spawn_Icon.exe ()
    O4 - HKU\S-1-5-21-4053938816-3849789182-2080245720-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-4053938816-3849789182-2080245720-1000..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
    O4 - HKU\S-1-5-21-4053938816-3849789182-2080245720-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
    O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011.11.15 00:12:39 | 000,000,000 | -H-D | M]
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4053938816-3849789182-2080245720-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4053938816-3849789182-2080245720-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
    O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.229.0.40 193.229.0.42
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D78B592-4AC6-4774-B24C-DE2361815B37}: DhcpNameServer = 193.229.0.40 193.229.0.42
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007.04.30 15:53:02 | 000,000,029 | R--- | M] () - E:\autorun.inf -- [ UDF ]
    O33 - MountPoints2\{9a606066-5402-11e1-9427-002522e8d644}\Shell - "" = AutoRun
    O33 - MountPoints2\{9a606066-5402-11e1-9427-002522e8d644}\Shell\AutoRun\command - "" = E:\Startup.exe -- [2007.05.07 12:45:11 | 001,705,336 | R--- | M] (Microsoft Corporation)
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
    Drivers32:64bit: vidc.hdyc - C:\PROGRA~2\BLACKM~2\BLACKM~1\BMDCOD~2.DLL (Blackmagic Design)
    Drivers32:64bit: VIDC.LAGS - lagarith.dll ( )
    Drivers32:64bit: vidc.mjpg - C:\PROGRA~2\BLACKM~2\BLACKM~1\BMDCOD~4.DLL (Blackmagic Design)
    Drivers32:64bit: vidc.r210 - C:\PROGRA~2\BLACKM~2\BLACKM~1\BMDCOD~2.DLL (Blackmagic Design)
    Drivers32:64bit: vidc.uyvy - C:\PROGRA~2\BLACKM~2\BLACKM~1\BMDCOD~2.DLL (Blackmagic Design)
    Drivers32:64bit: vidc.v210 - C:\PROGRA~2\BLACKM~2\BLACKM~1\BMDCOD~2.DLL (Blackmagic Design)
    Drivers32:64bit: vidc.xtor - DxtoryCodec64.dll (Dxtory Software)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
    Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
    Drivers32: vidc.hdyc - C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\BMDCodecLib.dll (Blackmagic Design)
    Drivers32: VIDC.LAGS - C:\Windows\SysWow64\lagarith.dll ( )
    Drivers32: vidc.mjpg - C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\BMDCodecMJPG.dll (Blackmagic Design)
    Drivers32: vidc.r210 - C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\BMDCodecLib.dll (Blackmagic Design)
    Drivers32: VIDC.RTV1 - rtvcvfw32.dll File not found
    Drivers32: vidc.uyvy - C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\BMDCodecLib.dll (Blackmagic Design)
    Drivers32: vidc.v210 - C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\BMDCodecLib.dll (Blackmagic Design)
    Drivers32: vidc.xtor - C:\Windows\SysWow64\DxtoryCodec.dll (Dxtory Software)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012.06.21 04:05:09 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
    [2012.06.21 03:45:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012.06.21 03:45:02 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\temp
    [2012.06.21 03:44:12 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012.06.21 03:40:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012.06.21 03:40:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012.06.21 03:40:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012.06.21 03:31:33 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012.06.21 03:31:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012.06.21 03:26:35 | 004,563,905 | R--- | C] (Swearware) -- C:\Users\Daniel\Desktop\ComboFix.exe
    [2012.06.19 18:34:18 | 000,000,000 | ---D | C] -- C:\FRST
    [2012.06.19 17:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\Farbar Recovery Scan Tool
    [2012.06.19 17:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2012.06.19 17:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012.06.19 17:21:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spy Bot
    [2012.06.19 16:18:46 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\ESET
    [2012.06.19 03:19:05 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Zachtronics Industries
    [2012.06.19 03:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zachtronics Industries
    [2012.06.09 09:06:06 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\LolClient2
    [2012.06.09 08:47:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewFeature1
    [2012.06.09 08:25:57 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\PMB Files
    [2012.06.09 08:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
    [2012.06.09 08:25:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
    [2012.05.29 17:15:47 | 000,000,000 | R--D | C] -- C:\Sandbox
    [2012.05.29 17:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
    [2012.05.29 17:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
    [2012.05.29 16:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
    [2012.05.29 16:42:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoHotKey
    [2012.05.29 16:35:51 | 000,000,000 | -H-D | C] -- C:\Windows\ShellNew
    [2012.05.29 16:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3
    [2012.05.29 16:34:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoIt
    [2012.05.26 04:50:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\D3DOverrider
    [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012.06.21 04:05:11 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
    [2012.06.21 03:44:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012.06.21 03:44:09 | 000,016,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012.06.21 03:44:09 | 000,016,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012.06.21 03:43:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012.06.21 03:26:43 | 004,563,905 | R--- | M] (Swearware) -- C:\Users\Daniel\Desktop\ComboFix.exe
    [2012.06.21 03:14:40 | 000,002,310 | -H-- | M] () -- C:\Windows\Sandboxie.ini
    [2012.06.20 17:50:33 | 000,169,472 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012.06.19 16:32:53 | 000,063,336 | -H-- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000000-00001102-0000000B-00421102}.rfx
    [2012.06.19 16:32:53 | 000,063,336 | -H-- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000000-00001102-0000000B-00421102}.rfx
    [2012.06.19 16:32:53 | 000,000,820 | -H-- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000000-00001102-0000000B-00421102}.rfx
    [2012.06.19 16:24:09 | 001,348,192 | -H-- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012.06.19 16:24:09 | 000,652,150 | -H-- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012.06.19 16:24:09 | 000,479,370 | -H-- | M] () -- C:\Windows\SysNative\perfh00B.dat
    [2012.06.19 16:24:09 | 000,121,082 | -H-- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012.06.19 16:24:09 | 000,100,146 | -H-- | M] () -- C:\Windows\SysNative\perfc00B.dat
    [2012.05.29 17:14:23 | 000,000,902 | ---- | M] () -- C:\Users\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
    [2012.05.29 16:36:29 | 000,000,295 | ---- | M] () -- C:\Users\Daniel\SciTE.session
    [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012.06.21 03:40:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012.06.21 03:40:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012.06.21 03:40:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012.06.21 03:40:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012.06.21 03:40:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012.05.29 17:14:33 | 000,000,902 | ---- | C] () -- C:\Users\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
    [2012.05.29 17:14:31 | 000,002,310 | -H-- | C] () -- C:\Windows\Sandboxie.ini
    [2012.05.29 16:36:29 | 000,000,295 | ---- | C] () -- C:\Users\Daniel\SciTE.session
    [2012.04.20 16:11:31 | 000,283,304 | -H-- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012.04.20 16:11:31 | 000,076,888 | -H-- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2012.04.20 15:43:53 | 002,580,552 | -H-- | C] () -- C:\Windows\SysWow64\pbsvc.exe
    [2012.04.10 10:57:12 | 000,254,287 | -H-- | C] () -- C:\Windows\QLPrism Uninstaller.exe
    [2012.04.07 20:23:39 | 003,130,440 | -H-- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
    [2012.02.29 13:26:56 | 000,416,064 | -H-- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2012.02.19 03:55:47 | 000,015,360 | -H-- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
    [2012.01.23 20:21:01 | 000,001,042 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\coreavc.ini
    [2011.12.24 00:52:35 | 000,026,544 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\net.telestream.wirecast.xml
    [2011.12.24 00:44:52 | 000,715,038 | -H-- | C] () -- C:\Windows\unins000.exe
    [2011.12.24 00:44:52 | 000,216,064 | -H-- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
    [2011.12.24 00:44:52 | 000,001,992 | -H-- | C] () -- C:\Windows\unins000.dat
    [2011.12.14 06:55:24 | 000,081,920 | -H-- | C] () -- C:\Windows\qlprism-uninstall.exe
    [2011.11.16 00:00:37 | 000,169,472 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011.11.14 05:47:35 | 000,003,921 | -H-- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis aoTuV Encoder.dat
    [2011.11.14 05:46:58 | 000,003,071 | -H-- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
    [2011.11.14 05:44:43 | 000,013,082 | -H-- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
    [2011.11.14 05:44:41 | 003,031,784 | -H-- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
    [2011.11.14 05:44:41 | 000,017,950 | -H-- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
    [2011.11.14 01:23:39 | 000,164,864 | -H-- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2011.11.14 01:23:39 | 000,073,728 | -H-- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2011.11.14 00:09:03 | 001,325,126 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011.11.13 23:50:54 | 000,000,003 | ---- | C] () -- C:\Users\Daniel\AppData\Local\user_data.ini
    [2011.11.11 17:25:35 | 000,963,116 | -H-- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011.11.11 17:22:49 | 000,145,804 | -H-- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011.09.28 17:44:14 | 000,179,271 | -H-- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011.08.31 20:51:16 | 000,216,000 | -H-- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011.08.31 20:46:00 | 000,056,832 | -H-- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2011.08.31 20:26:20 | 013,903,872 | -H-- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2011.04.20 19:08:06 | 000,055,296 | -H-- | C] () -- C:\Windows\SysWow64\ASGT.exe
    [2010.07.07 22:23:10 | 000,017,868 | -H-- | C] () -- C:\Windows\SysWow64\instwdm.ini
    [2010.07.07 22:23:06 | 000,000,054 | -H-- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
    [2010.07.07 21:36:44 | 000,014,336 | -H-- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
    [2010.07.07 21:33:04 | 000,002,560 | -H-- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
    [2010.07.07 21:21:00 | 000,384,647 | -H-- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
    [2010.07.07 21:21:00 | 000,051,787 | -H-- | C] () -- C:\Windows\SysWow64\ctdlang.dat
    [2010.07.07 21:10:30 | 000,007,680 | -H-- | C] () -- C:\Windows\SysWow64\enlocstr.exe
    [2010.07.07 21:10:22 | 000,012,800 | -H-- | C] ( ) -- C:\Windows\SysWow64\killapps.exe

    ========== LOP Check ==========

    [2011.12.15 05:12:21 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\.minecraft
    [2012.05.06 20:27:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\calibre
    [2012.05.03 21:56:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\cYo
    [2012.02.19 02:39:52 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DAEMON Tools Lite
    [2012.06.21 03:14:03 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DisplayFusion
    [2011.11.14 01:48:28 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Downloaded Installations
    [2011.12.11 19:24:43 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ImgBurn
    [2011.12.21 16:25:45 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\iulab
    [2012.06.09 09:06:06 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LolClient2
    [2012.05.06 20:16:46 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mobipocket
    [2012.06.21 03:15:06 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Nitro PDF
    [2012.04.20 12:34:13 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Origin
    [2011.11.14 04:42:22 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Outertech
    [2011.12.23 05:21:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\SplitMediaLabs
    [2012.02.16 08:13:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Stereoscopic Player
    [2012.01.19 23:37:32 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TeamViewer
    [2011.12.15 02:50:41 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Trine2
    [2012.01.31 14:37:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Ubisoft
    [2011.11.14 05:20:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Uniblue
    [2012.06.19 16:27:30 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\uTorrent
    [2011.12.24 00:52:35 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Vara Software
    [2011.12.24 01:46:05 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Wirecast
    [2011.11.15 05:03:40 | 000,000,274 | -H-- | M] () -- C:\Windows\Tasks\DriverScanner.job
    [2011.12.07 07:13:03 | 000,032,548 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2012.06.21 03:45:01 | 000,029,695 | ---- | M] () -- C:\ComboFix.txt
    [2012.06.21 03:43:54 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2009.07.14 08:32:31 | 000,026,040 | -H-- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009.07.14 08:32:31 | 000,026,489 | -H-- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009.07.14 08:32:31 | 000,029,779 | -H-- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009.07.14 08:32:31 | 000,043,318 | -H-- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009.06.10 23:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009.07.14 07:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009.07.14 07:49:38 | 000,000,146 | -HS- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012.06.21 03:26:43 | 004,563,905 | R--- | M] (Swearware) -- C:\Users\Daniel\Desktop\ComboFix.exe
    [2012.06.21 04:05:11 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2011.11.15 05:03:40 | 000,000,274 | -H-- | M] () -- C:\Windows\tasks\DriverScanner.job
    [2012.03.02 16:38:41 | 000,000,970 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4053938816-3849789182-2080245720-1000Core.job
    [2012.03.02 16:38:41 | 000,001,022 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4053938816-3849789182-2080245720-1000UA.job
    [2012.06.21 03:43:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2011.12.07 07:13:03 | 000,032,548 | -H-- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011.11.12 00:49:36 | 000,000,402 | -HS- | M] () -- C:\Users\Daniel\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >
    [2012.05.29 17:13:51 | 001,288,656 | -H-- | M] (SANDBOXIE L.T.D) -- C:\Windows\Installer\SandboxieInstall64.exe

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 1056 bytes -> C:\ProgramData\Temp:966F7784

    < End of report >
  11. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    Good news :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      @Alternate Data Stream - 1056 bytes -> C:\ProgramData\Temp:966F7784
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please, run F-Secure Online Scanner

    • Disable your Antivirus program.
    • Checkmark I have read and accepted the license terms.
    • Click on Run Check button.
    • Quick scan (recommended) option will come pre-checked. Don't change it.
    • Click on Start button.
    • When scan is done, in Step 3: Clean the files, leave all settings as they're.
    • Click Next button.
    • Click Full report... button.
    • Copy report's content and paste it into your next reply.
  12. ferom

    ferom Newcomer, in training Topic Starter

    Ok, all done. One problem though. I accidentally opened the FRST quarantine folder where the service.exe was and nod32 immediately detected the patched.a.gen trojan again. But only when I opened the folder, not again after that. Is this something I should worry about? Here are the logs:

    OTL:
    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    ADS C:\ProgramData\Temp:966F7784 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Daniel
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 66340 bytes
    ->Java cache emptied: 1059885 bytes
    ->FireFox cache emptied: 115936313 bytes
    ->Google Chrome cache emptied: 94624210 bytes
    ->Flash cache emptied: 71702 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 602112 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 1373744 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4340 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 668 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 204,00 mb


    [EMPTYJAVA]

    User: All Users

    User: Daniel
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Daniel
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.50.0 log created on 06212012_141231

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
    -------------------------------------------------
    Security Check:
    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is disabled!)
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Spybot - Search & Destroy
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    ``````````End of Log````````````

    FSS:
    Farbar Service Scanner Version: 19-06-2012 01
    Ran by Daniel (administrator) on 21-06-2012 at 14:22:11
    Running from "C:\Program Files (x86)\Farbar Service Scanner"
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    Online Scanner:
    Scanning Report

    Thursday, June 21, 2012 14:32:13 - 14:32:35

    Computer name: DANIEL-PC
    Scanning type: Quick scan
    Target: System
    No malware found

    Statistics

    Scanned:
    • Files: 5945
    • System: 5945
    • Not scanned: 0
    Actions:
    • Disinfected: 0
    • Renamed: 0
    • Deleted: 0
    • Not cleaned: 0
    • Submitted: 0
    Options

    Scanning engines:
  13. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    No.

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  14. ferom

    ferom Newcomer, in training Topic Starter

    Thank you so much for your help! Computer is working just as well as before, probably better. Here is the final log:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Daniel
    ->Temp folder emptied: 478951977 bytes
    ->Temporary Internet Files folder emptied: 808150 bytes
    ->Java cache emptied: 29624 bytes
    ->FireFox cache emptied: 51296058 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 1551 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 1373744 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 6156 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 508,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Daniel
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0,00 mb


    [EMPTYJAVA]

    User: All Users

    User: Daniel
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0,00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.50.0 log created on 06222012_152958

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
  15. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    Way to go!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.