Solved Win64/Agent.BA Win64/sirefef.AE Win64/Patched.A.Gen Win 64/sirefef.EZ Windows 7

ferom · Jun 19, 2012

So yea, I have these 4 trojans bugging me constantly, Nod32 keeps detecting and deleting sirefef.ae and agent.ba, it cannot remove patched.a.gen. Sirefef.ez it detects once in a while and wants me to reboot each time I delete it.

Broni · Jun 19, 2012

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

ferom · Jun 20, 2012

Ok, here it is:

Scan result of Farbar Recovery Scan Tool Version: 17-06-2012 04
Ran by SYSTEM at 20-06-2012 12:05:29
Running from H:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-08-31] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-08-31] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-08-31] (Intel Corporation)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [CTxfiHlp] CTXFIHLP.EXE [x]
HKLM-x32\...\Run: [Spawn Gaming Mouse] "C:\Program Files (x86)\CM Storm\Spawn Gaming Mouse\Spawn_Icon.exe" [135168 2010-12-15] ()
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKU\Daniel\...\Run: [zASRockInstantBoot] [x]
HKU\Daniel\...\Run: [ASRockXTU] [x]
HKU\Daniel\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
HKU\Daniel\...\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe" [2456992 2011-10-02] (Binary Fortress Software)
HKU\Daniel\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3481408 2012-02-13] (DT Soft Ltd)
HKU\Daniel\...\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" [694032 2012-05-28] (SANDBOXIE L.T.D)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 193.229.0.40 193.229.0.42
AppInit_DLLs: C:\Windows\system32\nvinitx.dll
Startup: C:\Users\Daniel\Start Menu\Programs\Startup\AutorunsDisabled ()

==================== Services (Whitelisted) ======

2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2011-04-20] ()
4 cFosSpeedS; "C:\Program Files\ASRock Utility\Xfast LAN\spd.exe" -service [395136 2011-07-04] (cFos Software GmbH)
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [974944 2011-09-22] (ESET)
4 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2329480 2011-08-15] (LogMeIn Inc.)
2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2012-04-05] (Hi-Rez Studios)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
2 NitroDriverReadSpool; "C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe" [341312 2011-03-21] (Nitro PDF Software)
2 nlsX86cc; C:\Windows\SysWOW64\NLSSRV32.EXE [68928 2011-03-21] (Nalpeiron Ltd.)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-04-20] ()
2 PSI_SVC_2; "C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [189728 2010-03-10] (Protexis Inc.)
2 SbieSvc; "C:\Program Files\Sandboxie\SbieSvc.exe" [98576 2012-05-28] (SANDBOXIE L.T.D)
2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-05-30] (Skype Technologies S.A.)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2011-02-22] (Intel Corporation)

========================== Drivers (Whitelisted) =============

1 AsrAppCharger; C:\Windows\System32\Drivers\AsrAppCharger.sys [15368 2010-06-11] (Windows (R) Win 7 DDK provider)
3 AsrVDrive; C:\Windows\System32\Drivers\AsrVDrive.sys [23048 2011-01-26] (ASRock Inc.)
3 BMDDeckLinkAudio; C:\Windows\System32\DRIVERS\deckaud.sys [18432 2011-11-02] (Blackmagic Design)
4 cFosSpeed; C:\Windows\System32\DRIVERS\cfosspeed6.sys [1632128 2011-07-04] (cFos Software GmbH)
3 DeckLink; C:\Windows\System32\DRIVERS\Intensity.sys [328192 2011-11-02] (Blackmagic Design)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-02-18] (DT Soft Ltd)
2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-03] (ESET)
2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2011-08-03] (ESET)
3 FNETTBOH_305; C:\Windows\System32\Drivers\FNETTBOH_305.sys [32320 2011-11-13] (FNet Co., Ltd.)
1 FNETURPX; C:\Windows\System32\Drivers\FNETURPX.sys [15936 2011-11-13] (FNet Co., Ltd.)
3 ha20x22k; C:\Windows\System32\Drivers\ha20x22k.sys [1612888 2010-07-07] (Creative Technology Ltd)
4 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-09-22] (LogMeIn, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [19936 2010-08-16] ()
3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [13280 2010-08-16] ()
2 regi; C:\Windows\System32\Drivers\regi.sys [15672 2010-11-15] (InterVideo)
3 Revoflt; C:\Windows\System32\Drivers\Revoflt.sys [31800 2009-12-30] (VS Revo Group)
3 RTCore64; \??\C:\Users\Daniel\Desktop\Overclocking & Benching\MSI Afterburner\RTCore64.sys [14648 2010-05-26] ()
3 SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [166576 2012-05-28] (SANDBOXIE L.T.D)
3 se64a; C:\Windows\System32\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
3 se64a; C:\Windows\SysWow64\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
0 speedfan; C:\Windows\SysWow64\speedfan.sys [29592 2011-03-18] (Almico Software)
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-06-19 07:34 - 2012-06-20 12:05 - 00000000 ____D C:\FRST
2012-06-19 06:48 - 2012-06-19 06:48 - 00000000 ____D C:\Program Files\Farbar Recovery Scan Tool
2012-06-19 06:22 - 2012-06-19 06:30 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-19 06:21 - 2012-06-19 06:22 - 00000000 ____D C:\Program Files (x86)\Spy Bot
2012-06-19 05:39 - 2012-06-20 00:55 - 01373744 ____A C:\Windows\System32\PerfStringBackup.TMP
2012-06-19 05:18 - 2012-06-19 05:18 - 00000000 ____D C:\Users\Daniel\AppData\Local\ESET
2012-06-18 16:19 - 2012-06-18 16:19 - 00000000 ____D C:\Users\Daniel\AppData\Local\Zachtronics Industries
2012-06-09 10:28 - 2012-06-09 10:28 - 00000000 ____D C:\Program Files (x86)\LoL
2012-06-08 22:06 - 2012-06-08 22:06 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\LolClient2
2012-06-08 21:48 - 2008-07-11 21:18 - 03851784 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2012-06-08 21:48 - 2008-07-11 21:18 - 01493528 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2012-06-08 21:48 - 2008-07-11 21:18 - 00467984 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2012-06-08 21:25 - 2012-06-18 16:20 - 00000000 ____D C:\Users\Daniel\AppData\Local\PMB Files
2012-06-08 21:25 - 2012-06-18 16:20 - 00000000 ____D C:\Users\All Users\PMB Files
2012-06-08 21:25 - 2012-06-08 21:25 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2012-05-29 06:15 - 2012-05-29 06:15 - 00000000 ___RD C:\Sandbox
2012-05-29 06:14 - 2012-05-29 06:19 - 00002310 ___AH C:\Windows\Sandboxie.ini
2012-05-29 06:13 - 2012-05-29 06:14 - 00000000 ____D C:\Program Files\Sandboxie
2012-05-29 05:42 - 2012-05-29 05:53 - 00000000 ____D C:\Program Files (x86)\AutoHotKey
2012-05-29 05:36 - 2012-05-29 05:36 - 00000295 ____A C:\Users\Daniel\SciTE.session
2012-05-29 05:35 - 2012-05-29 05:42 - 00000000 ___HD C:\Windows\ShellNew
2012-05-29 05:34 - 2012-05-29 05:35 - 00000000 ____D C:\Program Files (x86)\AutoIt
2012-05-25 17:50 - 2012-05-25 17:51 - 00000000 ____D C:\Program Files (x86)\D3DOverrider

============ 3 Months Modified Files and Folders =============

2012-06-20 12:05 - 2012-06-19 07:34 - 00000000 ____D C:\FRST
2012-06-20 01:03 - 2011-11-11 15:23 - 03652598 ___AH C:\Windows\ntbtlog.txt
2012-06-20 01:03 - 2011-11-11 12:28 - 01714184 ___AH C:\Windows\WindowsUpdate.log
2012-06-20 01:03 - 2009-07-13 20:45 - 00016832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-20 01:03 - 2009-07-13 20:45 - 00016832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-20 00:55 - 2012-06-19 05:39 - 01373744 ____A C:\Windows\System32\PerfStringBackup.TMP
2012-06-20 00:51 - 2011-11-13 15:04 - 00000000 ____D C:\Users\Daniel\Tracing
2012-06-20 00:49 - 2012-04-20 05:00 - 805306368 __ASH C:\pagefile.sys
2012-06-20 00:49 - 2012-04-08 13:26 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-06-20 00:49 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-20 00:49 - 2009-07-13 20:51 - 00060202 ___AH C:\Windows\setupact.log
2012-06-19 16:17 - 2012-01-22 05:08 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\DisplayFusion
2012-06-19 14:41 - 2011-11-15 13:00 - 00168960 ____A C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-19 07:29 - 2011-11-13 12:41 - 00002172 ____A C:\Users\Daniel\Desktop\80002337442767.txt
2012-06-19 06:49 - 2009-07-13 19:20 - 00000000 ___RD C:\Program Files (x86)
2012-06-19 06:48 - 2012-06-19 06:48 - 00000000 ____D C:\Program Files\Farbar Recovery Scan Tool
2012-06-19 06:48 - 2009-07-13 19:20 - 00000000 ___RD C:\Program Files
2012-06-19 06:30 - 2012-06-19 06:22 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-19 06:22 - 2012-06-19 06:21 - 00000000 ____D C:\Program Files (x86)\Spy Bot
2012-06-19 06:22 - 2009-07-13 19:20 - 00000000 ___HD C:\ProgramData
2012-06-19 05:27 - 2011-11-14 23:31 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\uTorrent
2012-06-19 05:24 - 2011-11-11 13:49 - 00479370 ___AH C:\Windows\System32\perfh00B.dat
2012-06-19 05:24 - 2011-11-11 13:49 - 00100146 ___AH C:\Windows\System32\perfc00B.dat
2012-06-19 05:24 - 2009-07-13 21:13 - 01348192 ___AH C:\Windows\System32\PerfStringBackup.INI
2012-06-19 05:18 - 2012-06-19 05:18 - 00000000 ____D C:\Users\Daniel\AppData\Local\ESET
2012-06-19 05:10 - 2011-11-20 13:50 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2012-06-19 01:44 - 2011-12-27 10:24 - 00000000 ____D C:\Users\Daniel\Desktop\Pelit
2012-06-18 16:20 - 2012-06-08 21:25 - 00000000 ____D C:\Users\Daniel\AppData\Local\PMB Files
2012-06-18 16:20 - 2012-06-08 21:25 - 00000000 ____D C:\Users\All Users\PMB Files
2012-06-18 16:19 - 2012-06-18 16:19 - 00000000 ____D C:\Users\Daniel\AppData\Local\Zachtronics Industries
2012-06-18 16:18 - 2011-11-16 02:25 - 00000000 ____D C:\Pelit
2012-06-12 03:19 - 2011-11-20 13:50 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-06-12 03:19 - 2011-11-20 13:50 - 00000000 ____D C:\Users\All Users\Skype
2012-06-09 10:28 - 2012-06-09 10:28 - 00000000 ____D C:\Program Files (x86)\LoL
2012-06-08 23:25 - 2011-11-16 15:32 - 00000000 ____D C:\Users\Daniel\Desktop\Overclocking & Benching
2012-06-08 23:25 - 2011-11-13 14:49 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Nitro PDF
2012-06-08 22:06 - 2012-06-08 22:06 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\LolClient2
2012-06-08 21:47 - 2011-11-11 12:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-08 21:25 - 2012-06-08 21:25 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2012-06-06 19:01 - 2011-11-13 13:01 - 00000000 ____D C:\Program Files\Waterfox
2012-05-29 09:32 - 2011-11-15 02:40 - 00000000 ____D C:\Users\Daniel\AppData\Local\Last.fm
2012-05-29 06:19 - 2012-05-29 06:14 - 00002310 ___AH C:\Windows\Sandboxie.ini
2012-05-29 06:19 - 2009-07-13 19:20 - 00000000 __AHD C:\Windows
2012-05-29 06:15 - 2012-05-29 06:15 - 00000000 ___RD C:\Sandbox
2012-05-29 06:14 - 2012-05-29 06:13 - 00000000 ____D C:\Program Files\Sandboxie
2012-05-29 05:53 - 2012-05-29 05:42 - 00000000 ____D C:\Program Files (x86)\AutoHotKey
2012-05-29 05:42 - 2012-05-29 05:35 - 00000000 ___HD C:\Windows\ShellNew
2012-05-29 05:36 - 2012-05-29 05:36 - 00000295 ____A C:\Users\Daniel\SciTE.session
2012-05-29 05:36 - 2011-11-11 12:27 - 00000000 ____D C:\users\Daniel
2012-05-29 05:35 - 2012-05-29 05:34 - 00000000 ____D C:\Program Files (x86)\AutoIt
2012-05-28 20:43 - 2012-03-18 02:56 - 00000000 ____D C:\Users\Daniel\Documents\NVStereoscopic3D.LOG
2012-05-26 14:00 - 2012-04-21 05:02 - 00000000 ____D C:\Users\Daniel\AppData\Local\ElevatedDiagnostics
2012-05-25 17:51 - 2012-05-25 17:50 - 00000000 ____D C:\Program Files (x86)\D3DOverrider
2012-05-20 18:13 - 2012-04-08 13:07 - 00000000 ___HD C:\Windows\Minidump
2012-05-20 18:12 - 2012-05-20 18:09 - 537704890 ___AH C:\Windows\MEMORY.DMP
2012-05-20 18:09 - 2012-05-20 18:09 - 00262144 ___AH C:\Windows\Minidump\052112-12074-01.dmp
2012-05-18 07:55 - 2012-05-18 07:55 - 00262144 ___AH C:\Windows\Minidump\051812-12698-01.dmp
2012-05-18 07:55 - 2010-11-20 19:47 - 00042448 ___AH C:\Windows\PFRO.log
2012-05-18 07:51 - 2012-05-18 07:51 - 00262144 ___AH C:\Windows\Minidump\051812-11544-01.dmp
2012-05-18 07:50 - 2012-05-18 07:50 - 00262144 ___AH C:\Windows\Minidump\051812-11590-01.dmp
2012-05-18 06:35 - 2012-04-08 13:08 - 00419488 ___AH (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-18 06:35 - 2011-11-13 18:32 - 00070304 ___AH (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-18 06:33 - 2012-05-18 06:33 - 00262144 ___AH C:\Windows\Minidump\051812-11934-01.dmp
2012-05-16 19:47 - 2012-05-16 19:47 - 00000000 ____D C:\Users\All Users\Battle.net
2012-05-10 08:22 - 2012-05-10 08:22 - 00000000 ____D C:\Program Files (x86)\Xlive Begone
2012-05-09 05:49 - 2012-05-09 05:44 - 00000000 ____D C:\Users\Daniel\AppData\Local\PokerStars.EU
2012-05-09 05:49 - 2012-05-09 05:44 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU
2012-05-09 00:34 - 2012-05-09 00:34 - 00000000 ____D C:\Program Files (x86)\VirtualDub
2012-05-08 23:35 - 2011-11-22 08:25 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2012-05-08 12:41 - 2012-03-17 04:48 - 00000000 ____D C:\Users\Daniel\AppData\Local\Microsoft Game Studios
2012-05-08 12:41 - 2011-11-28 13:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-05-08 12:41 - 2011-11-13 18:00 - 00336967 ___AH C:\Windows\DirectX.log
2012-05-08 12:41 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-05-08 12:39 - 2012-03-17 04:48 - 00000000 ____D C:\Users\All Users\Microsoft Games
2012-05-08 12:38 - 2012-03-17 04:47 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft Game Studios
2012-05-06 09:27 - 2012-05-06 09:25 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\calibre
2012-05-06 09:25 - 2012-05-06 09:25 - 00000000 ____D C:\Program Files (x86)\Calibre2
2012-05-06 09:16 - 2012-05-04 13:09 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Mobipocket
2012-05-04 13:09 - 2012-05-04 13:09 - 00000000 ____D C:\Program Files (x86)\Mobipocket.com
2012-05-04 12:23 - 2012-05-04 12:23 - 00000000 ____D C:\Users\Daniel\AppData\Local\Unity
2012-05-03 10:56 - 2012-05-03 10:56 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\cYo
2012-05-03 10:56 - 2012-05-03 10:56 - 00000000 ____D C:\Users\Daniel\AppData\Local\cYo
2012-05-03 10:56 - 2012-05-03 10:56 - 00000000 ____D C:\Program Files\ComicRack
2012-05-03 10:54 - 2012-05-03 10:50 - 00000000 ____D C:\Program Files (x86)\ComicRack
2012-05-03 10:27 - 2012-05-01 07:41 - 00001377 ____A C:\Users\Daniel\Desktop\CWM.lnk
2012-05-01 06:09 - 2012-04-28 11:50 - 00000000 ____D C:\Program Files (x86)\Complex Working Memory
2012-04-30 13:40 - 2012-01-23 09:21 - 00001042 ____A C:\Users\Daniel\AppData\Roaming\coreavc.ini
2012-04-30 08:07 - 2012-04-30 08:07 - 00000000 ___HD C:\Windows\RazorDOX
2012-04-30 07:53 - 2012-04-09 15:25 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\NVIDIA
2012-04-30 04:03 - 2012-04-28 11:51 - 00000000 ____D C:\Users\Daniel\.idlerc
2012-04-28 12:32 - 2012-04-28 12:32 - 00000000 ___AH C:\Windows\System32\.CWMlog
2012-04-28 12:08 - 2012-04-28 11:47 - 00000000 ____D C:\Program Files\Python
2012-04-28 10:19 - 2012-04-20 05:11 - 00283304 ___AH C:\Windows\SysWOW64\PnkBstrB.exe
2012-04-28 10:19 - 2012-04-07 18:55 - 00283304 ___AH C:\Windows\SysWOW64\PnkBstrB.xtr
2012-04-25 15:19 - 2012-04-07 09:23 - 00283304 ___AH C:\Windows\SysWOW64\PnkBstrB.ex0
2012-04-25 13:46 - 2012-04-25 13:46 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2012-04-25 13:46 - 2012-04-10 04:42 - 00000000 ____D C:\Users\All Users\Hi-Rez Studios
2012-04-21 00:43 - 2012-04-21 00:43 - 00000000 ____D C:\Users\All Users\ESET
2012-04-21 00:43 - 2011-11-11 14:28 - 00000000 ____D C:\Program Files\ESET
2012-04-21 00:37 - 2012-04-21 00:37 - 00002324 ___AH C:\Windows\epplauncher.mif
2012-04-20 13:10 - 2012-04-20 05:23 - 00000000 ____D C:\Users\Daniel\AppData\Local\ESN Sonar
2012-04-20 07:54 - 2012-04-20 07:54 - 00000000 ____D C:\Users\Daniel\AppData\Local\Realmware
2012-04-20 07:54 - 2012-04-20 07:53 - 00000000 ____D C:\Program Files (x86)\BF3 Settings Editor
2012-04-20 05:26 - 2012-04-20 05:11 - 00076888 ___AH C:\Windows\SysWOW64\PnkBstrA.exe
2012-04-20 05:13 - 2012-04-20 05:12 - 00000000 ____D C:\Program Files (x86)\Punkbuster
2012-04-20 05:13 - 2012-04-07 18:55 - 00000000 ____D C:\Users\Daniel\AppData\Local\PunkBuster
2012-04-20 04:54 - 2012-04-20 04:52 - 00000000 ____D C:\Program Files (x86)\BF3 Browser Utility
2012-04-20 04:53 - 2012-04-20 04:53 - 00000000 ____D C:\Users\Daniel\AppData\Local\BF3Browser
2012-04-20 03:19 - 2012-04-20 03:03 - 00000000 ____D C:\Users\All Users\EA Logs
2012-04-20 03:10 - 2012-04-20 03:10 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2012-04-20 03:03 - 2012-04-20 03:03 - 00000000 ____D C:\Users\All Users\EA Core
2012-04-20 03:03 - 2012-04-20 01:32 - 00000000 ____D C:\Users\All Users\Origin
2012-04-20 03:03 - 2012-04-20 01:32 - 00000000 ____D C:\Users\All Users\Electronic Arts
2012-04-20 01:34 - 2012-04-20 01:33 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Origin
2012-04-20 01:34 - 2012-04-20 01:32 - 00000000 ____D C:\Program Files (x86)\Origin
2012-04-20 01:33 - 2012-04-20 01:33 - 00000000 ____D C:\Users\Daniel\AppData\Local\Origin
2012-04-20 01:33 - 2012-04-20 01:32 - 00001048 ___AH C:\Windows\KB893803v2.log
2012-04-20 01:32 - 2012-04-20 01:32 - 00000000 ____D C:\Program Files (x86)\Origin Games
2012-04-19 03:59 - 2012-04-19 03:59 - 00000000 ____D C:\Users\All Users\ProcessLasso
2012-04-19 03:45 - 2012-04-19 03:45 - 00000000 ____D C:\Users\Daniel\AppData\Local\BF3_Config_Utility
2012-04-19 03:45 - 2012-04-19 03:45 - 00000000 ____D C:\Program Files (x86)\BF3 Config Utility
2012-04-16 07:05 - 2012-04-16 07:05 - 00000000 ____D C:\Users\All Users\AVS4YOU
2012-04-16 07:05 - 2012-04-16 07:05 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2012-04-16 07:05 - 2012-04-16 07:03 - 00000000 ____D C:\Program Files (x86)\ePub to txt
2012-04-15 14:12 - 2012-04-15 14:12 - 00000000 ____D C:\Users\Daniel\AppData\Local\Apple Computer
2012-04-10 20:12 - 2012-04-10 20:12 - 02884096 ___AH (Python Software Foundation) C:\Windows\System32\python32.dll
2012-04-10 10:24 - 2012-04-10 10:24 - 00000000 ____D C:\Users\Daniel\AppData\Local\Chromium
2012-04-09 23:57 - 2012-04-09 23:57 - 00254287 ___AH C:\Windows\QLPrism Uninstaller.exe
2012-04-09 14:15 - 2012-04-09 14:15 - 00191264 ___AH (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-04-09 14:15 - 2012-04-09 14:15 - 00172320 ___AH (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-04-09 14:15 - 2012-04-09 14:15 - 00172320 ___AH (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-04-09 14:15 - 2012-04-09 14:15 - 00000000 ____D C:\Program Files\Java
2012-04-09 14:15 - 2011-11-13 18:36 - 00525544 ___AH (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-04-09 10:25 - 2012-04-08 13:28 - 00000000 ___HD C:\Windows\SysWOW64\NV
2012-04-09 10:25 - 2012-04-08 13:28 - 00000000 ___HD C:\Windows\System32\NV
2012-04-09 05:42 - 2011-11-13 12:51 - 00000000 ____D C:\Program Files\Windows Loader
2012-04-08 13:27 - 2012-04-08 13:27 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-04-08 13:27 - 2012-04-08 13:27 - 00000000 ____D C:\users\UpdatusUser
2012-04-08 13:27 - 2012-04-08 13:26 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-04-08 13:27 - 2012-04-08 13:20 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-04-08 13:27 - 2009-07-13 19:20 - 00000000 ___RD C:\Users
2012-04-08 13:26 - 2012-04-08 13:26 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-04-08 13:26 - 2012-04-08 13:20 - 00000000 ____D C:\NVIDIA
2012-04-08 13:26 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\Help
2012-04-07 09:24 - 2012-04-07 09:24 - 00000000 ___HD C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-04-05 11:44 - 2012-04-05 11:44 - 00502687 ____N C:\Windows\Minidump\040912-10545-01.dmp
2012-04-02 05:16 - 2012-04-02 05:16 - 00060931 ____A C:\Users\Daniel\Desktop\pdf.jsf.pdf
2012-03-27 02:49 - 2011-12-03 05:22 - 00000000 ____D C:\Program Files\Dolphin Emulator

ZeroAccess:
C:\Windows\Installer\{009c1d14-e59a-6cdd-09ca-79a75a80de5a}
C:\Windows\Installer\{009c1d14-e59a-6cdd-09ca-79a75a80de5a}\@
C:\Windows\Installer\{009c1d14-e59a-6cdd-09ca-79a75a80de5a}\L
C:\Windows\Installer\{009c1d14-e59a-6cdd-09ca-79a75a80de5a}\U
C:\Windows\Installer\{009c1d14-e59a-6cdd-09ca-79a75a80de5a}\U\00000004.@
C:\Windows\Installer\{009c1d14-e59a-6cdd-09ca-79a75a80de5a}\U\000000cb.@
C:\Windows\Installer\{009c1d14-e59a-6cdd-09ca-79a75a80de5a}\U\80000032.@

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8103.52 MB
Available physical RAM: 7357.22 MB
Total Pagefile: 8101.72 MB
Available Pagefile: 7363.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (SYSTEM) (Fixed) (Total:119.02 GB) (Free:23.06 GB) NTFS
2 Drive d: (Setit 2) (Fixed) (Total:2794.39 GB) (Free:1295.08 GB) NTFS
3 Drive e: (Setit) (Fixed) (Total:1397.26 GB) (Free:286.29 GB) NTFS
4 Drive f: (Anime) (Fixed) (Total:465.76 GB) (Free:208.75 GB) NTFS
6 Drive h: (ZEN Stone) (Removable) (Total:0.92 GB) (Free:0.82 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 119 GB 3072 KB *
Disk 1 Online 2794 GB 2048 KB *
Disk 2 Online 465 GB 1024 KB
Disk 3 Online 1397 GB 0 B
Disk 4 Online 944 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 System (partition with boot components) 100 MB 1024 KB
Partition 2 Reserved 128 MB 101 MB
Partition 3 Primary 119 GB 232 MB

======================================================================================================

Disk: 0
Partition 1
Type : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 ESP FAT32 Partition 100 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 3
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C SYSTEM NTFS Partition 119 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Reserved 128 MB 17 KB
Partition 2 Primary 2794 GB 128 MB

======================================================================================================

Disk: 1
Partition 1
Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden : Yes
Required: No
Attrib : 0000000000000000

There is no volume associated with this partition.

======================================================================================================

Disk: 1
Partition 2
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D Setit 2 NTFS Partition 2794 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 0 Extended 465 GB 31 KB
Partition 1 Logical 465 GB 63 KB

======================================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F Anime NTFS Partition 465 GB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1397 GB 1024 KB

======================================================================================================

Disk: 3
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 E Setit NTFS Partition 1397 GB Healthy

======================================================================================================

Partitions of Disk 4:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 944 MB 24 KB

======================================================================================================

Disk: 4
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 H ZEN Stone FAT32 Removable 944 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-17 16:15

======================= End Of Log ==========================

ferom · Jun 20, 2012

So I took the liberty of performing a search with frst on services.exe, seeing as that's where the problem is according to frst log. I hope that's what I was supposed to do.

Farbar Recovery Scan Tool Version: 17-06-2012 04
Ran by SYSTEM at 2012-06-21 00:10:37
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ___AH (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ___AH (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

Broni · Jun 20, 2012

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next....

See if you can boot normally.

If so....

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

ferom · Jun 20, 2012

Nod32 doesn't detect anything anymore and windows seems to be working properly. Here is the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 17-06-2012 04
Ran by SYSTEM at 2012-06-21 03:23:39 Run:1
Running from H:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Windows\System32\consrv.dll not found.
C:\Windows\Installer\{009c1d14-e59a-6cdd-09ca-79a75a80de5a} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

And here's the combolog, sorry, it's in finnish:

ComboFix 12-06-20.02 - Daniel 21.06.2012 3:40.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.358.1033.18.8104.6657 [GMT 3:00]
Sijainti: c:\users\Daniel\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Uusi palautuspiste luotu
.
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\lol
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.25\Archive_87881648.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.25\Archive_87881648.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.26\Archive_87881632.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.26\Archive_87881632.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.28\Archive_87881600.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.28\Archive_87881600.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.30\Archive_87880704.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.30\Archive_87880704.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.31\Archive_87880816.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.31\Archive_87880816.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.32\Archive_87880800.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.32\Archive_87880800.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.33\Archive_87880784.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.33\Archive_87880784.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.34\Archive_87880768.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.34\Archive_87880768.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.35\Archive_87880880.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.35\Archive_87880880.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.36\Archive_87880864.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.36\Archive_87880864.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.37\Archive_87880848.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.37\Archive_87880848.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.38\Archive_87880832.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.38\Archive_87880832.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.40\Archive_87880960.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.40\Archive_87880960.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.41\Archive_87881072.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.41\Archive_87881072.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.43\Archive_87881040.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.43\Archive_87881040.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.44\Archive_87881024.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.44\Archive_87881024.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.45\Archive_87881136.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.45\Archive_87881136.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.47\Archive_87881104.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.47\Archive_87881104.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.48\Archive_87881088.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.48\Archive_87881088.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.50\Archive_87882240.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.50\Archive_87882240.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.52\Archive_87882336.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.52\Archive_87882336.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.53\Archive_87882320.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.53\Archive_87882320.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.54\Archive_87882304.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.54\Archive_87882304.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.55\Archive_87882416.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.55\Archive_87882416.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.56\Archive_87882400.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.56\Archive_87882400.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.57\Archive_87882384.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.57\Archive_87882384.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.59\Archive_87882480.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.59\Archive_87882480.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.60\Archive_87882496.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.60\Archive_87882496.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.62\Archive_87882592.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.62\Archive_87882592.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.63\Archive_87882576.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.63\Archive_87882576.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.64\Archive_87882560.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.64\Archive_87882560.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.65\Archive_87882672.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.65\Archive_87882672.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.65\DATA\Characters\Gangplank\ToySoldierGangplank.manifest
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.66\Archive_87882656.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.66\Archive_87882656.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.67\Archive_87882640.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.67\Archive_87882640.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.68\Archive_87882624.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.68\Archive_87882624.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.70\Archive_87881728.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.70\Archive_87881728.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.71\Archive_87881840.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.71\Archive_87881840.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.72\Archive_87881824.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.72\Archive_87881824.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.73\Archive_87881808.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.73\Archive_87881808.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.75\Archive_87881904.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.75\Archive_87881904.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.77\Archive_87881872.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.77\Archive_87881872.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.78\Archive_87881856.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.78\Archive_87881856.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.79\Archive_87881968.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.79\Archive_87881968.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.80\Archive_87881984.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.80\Archive_87881984.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.82\Archive_87882080.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.82\Archive_87882080.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.84\Archive_87882048.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.84\Archive_87882048.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.87\Archive_87882128.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.87\Archive_87882128.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.88\Archive_87882112.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.88\Archive_87882112.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.89\Archive_87882224.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.89\Archive_87882224.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.90\Archive_87883264.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.90\Archive_87883264.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.91\Archive_87883376.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.91\Archive_87883376.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.93\Archive_87883344.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.93\Archive_87883344.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.95\Archive_87883440.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.95\Archive_87883440.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.96\Archive_87883424.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.96\Archive_87883424.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.97\Archive_87883408.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.97\Archive_87883408.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.98\Archive_105172112.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.98\Archive_105172112.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.99\Archive_105172192.raf
c:\program files (x86)\lol\Foxe UI_V1\filearchives\0.0.0.99\Archive_105172192.raf.dat
c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\championIndicators_IC.dds
c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\ChannelBar_I3.dds
c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\ChannelBar_I6.dds
c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\CharacterInfo_I10.dds
c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\CharacterInfo_I44.dds
c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\CharacterInfo_I46.dds
c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\CharacterInfo_I53.dds
c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\DeathRecap_I15.dds
c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\DeathRecap_I23.dds
c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\DeathRecap_I2E.dds
c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\DeathRecap_I30.dds
c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\DeathRecap_I31.dds
c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\healthbarsColorblind.tga
c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\healthbarsDefault.tga
c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\healthbarsHighlight.tga
c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\HUDAtlas.tga
c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\Scoreboard_I3C.dds
c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Core\Scoreboard_IE.dds
c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Elements\ChampionLeft.ini
c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Elements\ElementsMainListing.ini
c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Elements\MinimapRight.ini
c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Elements\OptionsClusterRight.ini
c:\program files (x86)\lol\Foxe UI_V1\Foxe UI_V1_LoL\Elements\TitanBar.ini
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\.laststate.rmproj
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.25_DATA_Menu_championIndicators_IC.dds
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.25_DATA_Menu_CharacterInfo_I10.dds
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.25_DATA_Menu_CharacterInfo_I44.dds
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.25_DATA_Menu_CharacterInfo_I46.dds
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.25_DATA_Menu_CharacterInfo_I53.dds
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.25_DATA_Menu_DeathRecap_I15.dds
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.25_DATA_Menu_DeathRecap_I23.dds
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.25_DATA_Menu_DeathRecap_I2E.dds
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.25_DATA_Menu_DeathRecap_I30.dds
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.25_DATA_Menu_DeathRecap_I31.dds
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.43_DATA_Menu_ChannelBar_I3.dds
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.43_DATA_Menu_ChannelBar_I6.dds
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.43_DATA_Menu_Scoreboard_IE.dds
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.45_DATA_Menu_Scoreboard_I3C.dds
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.62_DATA_Images_healthbarsColorblind.tga
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.62_DATA_Images_healthbarsDefault.tga
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.87_DATA_Images_healthbarsHighlight.tga
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.95_DATA_Menu_HUD_Elements_ChampionLeft.ini
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.95_DATA_Menu_HUD_Elements_ElementsMainListing.ini
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.95_DATA_Menu_HUD_Elements_MinimapRight.ini
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.95_DATA_Menu_HUD_Elements_OptionsClusterRight.ini
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.95_DATA_Menu_Textures_HUDAtlas.tga
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\backup\0.0.0.98_DATA_Menu_HUD_Elements_TitanBar.ini
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\Be.Windows.Forms.HexBox.dll
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\DDSViewer.exe
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\DokanNet.dll
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\RAFLib.dll
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\RAFManager.exe
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\RAFManagerScriptEditor.exe
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\RAFMount.exe
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\README.txt
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\rmconfig.ini
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\temp-1338176634779.38.dds
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\update.exe
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\wGUI.dll
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\wLib.dll
c:\program files (x86)\lol\Foxe UI_V1\Raf Manager\zlib.net.dll
c:\program files (x86)\lol\Foxe UI_V1\READ ME.txt
c:\program files (x86)\lol\Foxe_UI_V1.zip
c:\users\Daniel\AppData\Local\Temp\1043217012.tmp
c:\users\Daniel\AppData\Local\Temp\1408510893.tmp
c:\users\Daniel\AppData\Local\Temp\238043580.tmp
c:\users\Daniel\AppData\Local\Temp\239808685.tmp
c:\users\Daniel\AppData\Local\Temp\2638419767.tmp
c:\users\Daniel\AppData\Local\Temp\2660727969.tmp
c:\users\Daniel\AppData\Local\Temp\37011097.tmp
c:\users\Daniel\AppData\Local\Temp\547627042.tmp
c:\users\Daniel\AppData\Local\Temp\908612944.tmp
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\RazorDOX
c:\windows\RazorDOX\RazorDOX.dll
c:\windows\RazorDOX\RazorDOX.ini
c:\windows\system32\wbem\Performance\WmiApRpl_new.ini
.
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-05-21 to 2012-06-21 )))))))))))))))))
.
.
2012-06-21 00:42 . 2012-06-21 00:44 -------- d-----w- c:\users\Daniel\AppData\Local\temp
2012-06-21 00:42 . 2012-06-21 00:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-21 00:42 . 2012-06-21 00:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-19 15:34 . 2012-06-20 20:05 -------- d-----w- C:\FRST
2012-06-19 14:48 . 2012-06-19 14:48 -------- d-----w- c:\program files\Farbar Recovery Scan Tool
2012-06-19 14:22 . 2012-06-19 14:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-19 14:21 . 2012-06-19 14:22 -------- d-----w- c:\program files (x86)\Spy Bot
2012-06-19 13:39 . 2012-06-21 00:42 1373744 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-06-19 13:18 . 2012-06-19 13:18 -------- d-----w- c:\users\Daniel\AppData\Local\ESET
2012-06-19 00:19 . 2012-06-19 00:19 -------- d-----w- c:\users\Daniel\AppData\Local\Zachtronics Industries
2012-06-09 06:06 . 2012-06-09 06:06 -------- d-----w- c:\users\Daniel\AppData\Roaming\LolClient2
2012-06-09 05:48 . 2008-07-12 05:18 467984 ---ha-w- c:\windows\SysWow64\d3dx10_39.dll
2012-06-09 05:48 . 2008-07-12 05:18 3851784 ---ha-w- c:\windows\SysWow64\D3DX9_39.dll
2012-06-09 05:48 . 2008-07-12 05:18 1493528 ---ha-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-06-09 05:25 . 2012-06-19 00:20 -------- d-----w- c:\users\Daniel\AppData\Local\PMB Files
2012-06-09 05:25 . 2012-06-19 00:20 -------- d-----w- c:\programdata\PMB Files
2012-06-09 05:25 . 2012-06-09 05:25 -------- d-----w- c:\program files (x86)\Pando Networks
2012-05-29 14:15 . 2012-05-29 14:15 -------- d-----r- C:\Sandbox
2012-05-29 14:13 . 2012-05-29 14:14 -------- d-----w- c:\program files\Sandboxie
2012-05-29 13:42 . 2012-05-29 13:53 -------- d-----w- c:\program files (x86)\AutoHotKey
2012-05-29 13:35 . 2012-05-29 13:42 -------- d--h--w- c:\windows\ShellNew
2012-05-29 13:34 . 2012-05-29 13:35 -------- d-----w- c:\program files (x86)\AutoIt
2012-05-26 01:50 . 2012-05-26 01:51 -------- d-----w- c:\program files (x86)\D3DOverrider
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-18 14:35 . 2012-04-08 21:08 419488 ---ha-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-18 14:35 . 2011-11-14 02:32 70304 ---ha-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 20:45 . 2009-08-18 09:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-05-08 20:45 . 2009-08-18 08:24 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-28 18:19 . 2012-04-20 13:11 283304 ---ha-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-28 18:19 . 2012-04-08 02:55 283304 ---ha-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-25 23:19 . 2012-04-07 17:23 283304 ---ha-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-20 13:26 . 2012-04-20 13:11 76888 ---ha-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-11 04:12 . 2012-04-11 04:12 2884096 ---ha-w- c:\windows\system32\python32.dll
2012-04-10 07:57 . 2012-04-10 07:57 254287 ---ha-w- c:\windows\QLPrism Uninstaller.exe
2012-04-09 22:15 . 2011-11-14 02:36 525544 ---ha-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2011-10-02 2456992]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-05-28 694032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]
"Spawn Gaming Mouse"="c:\program files (x86)\CM Storm\Spawn Gaming Mouse\Spawn_Icon.exe" [2010-12-15 135168]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-11-14 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 se64a;EnTech softEngine;c:\windows\system32\drivers\se64a.sys [2007-05-03 14032]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-11-13 79360]
R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-13 79360]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [x]
S2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe [2011-04-20 55296]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-04-05 8704]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-03-21 341312]
S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-03-21 68928]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-05-30 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 AsrVDrive;AsrVDrive;c:\windows\system32\DRIVERS\AsrVDrive.sys [x]
S3 BMDDeckLinkAudio;BMDDeckLinkAudio;c:\windows\system32\DRIVERS\deckaud.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 DeckLink;DeckLink;c:\windows\system32\DRIVERS\Intensity.sys [x]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys [x]
S3 RTCore64;RTCore64;c:\users\Daniel\Desktop\Overclocking & Benching\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
.
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a606066-5402-11e1-9427-002522e8d644}]
\shell\AutoRun\command - E:\Startup.exe
.
'Ajoitetut tehtävät'-kansion sisältö
.
2011-11-15 c:\windows\Tasks\DriverScanner.job
- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2011-11-14 12:43]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4053938816-3849789182-2080245720-1000Core.job
- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 23:10]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4053938816-3849789182-2080245720-1000UA.job
- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 23:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Täydentävä tarkistus -------
.
uLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 193.229.0.40 193.229.0.42
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\eadrinfr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.reddit.com/
.
.
------- Tiedostokytkennät -------
.
.txt=GetDiz.TextFile
.
- - - - POISTETUT JÄMÄRIVIT - - - -
.
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Ogg Vorbis aoTuV Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Muut prosessit ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\users\Daniel\Desktop\Overclocking & Benching\MSI Afterburner\MSIAfterburner.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
.
**************************************************************************
.
Valmistumisajankohta: 2012-06-21 03:45:01 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2012-06-21 00:45
.
Ennen ajoa: 16 676 188 160 bytes free
Ajon jälkeen: 16 789 413 888 bytes free
.
- - End Of File - - 7B148D8A5F604D249FE418F9904F9DD9

Broni · Jun 20, 2012

Looks good

Any current issues?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

ferom · Jun 20, 2012

No issues as far as I can detect.

Extras:
OTL Extras logfile created on: 21.6.2012 4:07:32 - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Daniel\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000040b | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

7,91 Gb Total Physical Memory | 6,49 Gb Available Physical Memory | 82,05% Memory free
8,66 Gb Paging File | 7,24 Gb Available in Paging File | 83,63% Paging File free
Paging file location(s): c:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,02 Gb Total Space | 15,71 Gb Free Space | 13,20% Space Free | Partition Type: NTFS
Drive E: | 3,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 943,73 Mb Total Space | 840,02 Mb Free Space | 89,01% Space Free | Partition Type: FAT32
Drive X: | 1397,26 Gb Total Space | 286,29 Gb Free Space | 20,49% Space Free | Partition Type: NTFS
Drive Y: | 2794,39 Gb Total Space | 1302,57 Gb Free Space | 46,61% Space Free | Partition Type: NTFS
Drive Z: | 465,76 Gb Total Space | 208,75 Gb Free Space | 44,82% Space Free | Partition Type: NTFS

Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
.ini[@ = GetDiz.IniFile] -- C:\Program Files (x86)\GetDiz\GetDiz.exe (Outertech - http://outertech.com)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.txt[@ = GetDiz.TextFile] -- C:\Program Files (x86)\GetDiz\GetDiz.exe (Outertech - http://outertech.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
.ini [@ = GetDiz.IniFile] -- C:\Program Files (x86)\GetDiz\GetDiz.exe (Outertech - http://outertech.com)
.txt [@ = GetDiz.TextFile] -- C:\Program Files (x86)\GetDiz\GetDiz.exe (Outertech - http://outertech.com)

[HKEY_USERS\S-1-5-21-4053938816-3849789182-2080245720-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Waterfox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_curses-py3.2" = Python 3.2 _curses-2.2
"{0122EDA0-52FC-4EC2-9A31-A2A757A7D40E}" = BF3 Settings Editor
"{10E5F3FF-AD93-40C5-A0F5-13B9185DBB12}" = ESET NOD32 Antivirus
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC360A-DCA7-488D-B744-69CA5DF5C883}" = Nitro PDF Professional
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.5
"{789C9644-9F82-44d3-B4CA-AC31F46F5883}" = Python 3.2.3 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BAF9E4D0-F3D1-4355-B973-1384CDF1941C}" = Hex Workshop v6.6
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"ASRock 3TB+ Unlocker_is1" = ASRock 3TB+ Unlocker v1.0
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"ComicRack" = ComicRack v0.9.154
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"Explorer Suite_is1" = Explorer Suite III
"iuVCS x64_is1" = iuVCS x64
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Sandboxie" = Sandboxie 3.70 (64-bit)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UDK-0a1b0637-062a-4988-95d9-cbd8b129aaf7" = My Game Long Name
"Waterfox 13.0 (x64 en-US)" = Waterfox 13.0 (x64 en-US)
"WinRAR archiver" = WinRAR 4.01 (64-bit)
"XFast LAN" = XFast LAN v6.61

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{991D8429-CFD9-48D9-BD85-6EDD3007B5A9}" = Corel WinDVD Pro 11
"{05366B44-A2DD-436C-AD1B-532156CCC619}_is1" = MiniTool Partition Wizard Professional Edition 5.2
"{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}" = Adobe Flash Media Live Encoder 3.2
"{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista
"{0EBEAC4B-8222-4FBB-958D-88E9C68B18F0}" = Spawn Gaming Mouse
"{1743DB16-33CD-4642-BCAC-22DC89992272}" = Wirecast
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2E5C5BC1-9285-45DA-8885-29AFEA541C52}" = Setup
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{5157A26D-28AF-4E96-99EE-25D510437653}_is1" = SpaceChem
"{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
"{5849AFE4-802B-4C4D-A79F-F988C2BB7A7F}" = Corel WinDVD
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7FF9A1CA-4BAA-4511-8DAE-16832C914034}" = Blackmagic Design Desktop Video
"{82A34D1B-A36C-4B53-BFC8-2F3FDB32CFD9}" = IPM
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{915C56D7-1EFD-4BF3-9FBE-2B0D39F36525}" = calibre
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{991D8429-CFD9-48D9-BD85-6EDD3007B5A9}" = ICA
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B42A6552-1A83-4D79-9137-AB0C9036249A}" = Quake Live Mozilla Plugin
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C585E652-0CBC-4276-9FE7-047078677904}" = Blacklight Retribution
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Afterburner" = MSI Afterburner 2.1.0
"ALchemy" = Creative ALchemy
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.110
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.29
"AudioCS" = Creative Audio Control Panel
"AutoHotkey" = AutoHotkey 1.0.48.05
"AutoItv3" = AutoIt v3.3.8.1
"AVS Document Converter_is1" = AVS Document Converter 2.1.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.4.0
"Battlelog Web Plugins" = Battlelog Web Plugins
"Brain Workshop_is1" = Brain Workshop 4.8.1
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"Console Launcher" = Creative Console Launcher
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DAEMON Tools Lite" = DAEMON Tools Lite
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis aoTuV Encoder" = dBpoweramp Ogg Vorbis aoTuV Encoder
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"Diablo.III.Collectors.Edition_is1" = Diablo.III.Collectors.Edition
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DTS Connect Pack" = DTS Connect Pack
"Dxtory2.0_is1" = Dxtory 2.0.108
"emWave PC2.2.3.4372" = emWave PC
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"GetDiz" = GetDiz
"Halo 2" = Halo 2 for Windows Vista
"ImgBurn" = ImgBurn
"InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
"Kingdoms of Amalur Reckoning_is1" = Kingdoms of Amalur Reckoning
"LastFM_is1" = Last.fm 1.5.4.27091
"LogMeIn Hamachi" = LogMeIn Hamachi
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Monitor Asset Manager" = Monitor Asset Manager
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PokerStars.eu" = PokerStars.eu
"PunkBusterSvc" = PunkBuster Services
"pzizz" = pzizz
"QLPrism" = QLPrism
"ReClock" = ReClock
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"TeamViewer 6" = TeamViewer 6
"Trine 2_is1" = Trine 2
"Unigine Heaven DX11 Benchmark 2.5_is1" = Unigine Heaven DX11 Benchmark 2.5 version 2.5
"uTorrent" = µTorrent
"Veetle Broadcaster" = Veetle Broadcaster 0.9.18
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"XFast USB" = XFast USB

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4053938816-3849789182-2080245720-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flux" = F.lux
"Google Chrome" = Google Chrome
"LastPass" = LastPass (uninstall only)
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20.6.2012 20:28:52 | Computer Name = Daniel-PC | Source = Microsoft-Windows-LoadPerf | ID = 3013
Description = Unable to update the performance counter strings defined for the 009
language ID. The first DWORD in the Data section contains the error code.

Error - 20.6.2012 20:28:52 | Computer Name = Daniel-PC | Source = Microsoft-Windows-LoadPerf | ID = 3009
Description = Installing the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 20.6.2012 20:36:41 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =

Error - 20.6.2012 20:39:25 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =

Error - 20.6.2012 20:42:30 | Computer Name = Daniel-PC | Source = Microsoft-Windows-LoadPerf | ID = 3013
Description = Unable to update the performance counter strings defined for the 009
language ID. The first DWORD in the Data section contains the error code.

Error - 20.6.2012 20:42:30 | Computer Name = Daniel-PC | Source = Microsoft-Windows-LoadPerf | ID = 3009
Description = Installing the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 20.6.2012 20:45:43 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =

Error - 20.6.2012 20:48:12 | Computer Name = Daniel-PC | Source = Microsoft-Windows-LoadPerf | ID = 3013
Description = Unable to update the performance counter strings defined for the 009
language ID. The first DWORD in the Data section contains the error code.

Error - 20.6.2012 20:48:12 | Computer Name = Daniel-PC | Source = Microsoft-Windows-LoadPerf | ID = 3009
Description = Installing the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 20.6.2012 20:49:38 | Computer Name = Daniel-PC | Source = Microsoft-Windows-LoadPerf | ID = 3013
Description = Unable to update the performance counter strings defined for the 009
language ID. The first DWORD in the Data section contains the error code.

Error - 20.6.2012 20:49:38 | Computer Name = Daniel-PC | Source = Microsoft-Windows-LoadPerf | ID = 3009
Description = Installing the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

[ System Events ]
Error - 20.6.2012 20:38:22 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7031
Description = The ESET Service service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 20.6.2012 20:38:28 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7031
Description = The ESET Service service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 20.6.2012 20:38:48 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7034
Description = The Skype C2C Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 20.6.2012 20:39:21 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7031
Description = The ESET Service service terminated unexpectedly. It has done this
3 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 20.6.2012 20:40:43 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7034
Description = The ASGT service terminated unexpectedly. It has done this 1 time(s).

Error - 20.6.2012 20:41:46 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 20.6.2012 20:42:31 | Computer Name = Daniel-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 20.6.2012 20:43:02 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 20.6.2012 20:43:57 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 20.6.2012 20:49:07 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058

< End of report >

ferom · Jun 20, 2012

OTL:
OTL logfile created on: 21.6.2012 4:07:32 - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Daniel\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000040b | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

7,91 Gb Total Physical Memory | 6,49 Gb Available Physical Memory | 82,05% Memory free
8,66 Gb Paging File | 7,24 Gb Available in Paging File | 83,63% Paging File free
Paging file location(s): c:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,02 Gb Total Space | 15,71 Gb Free Space | 13,20% Space Free | Partition Type: NTFS
Drive E: | 3,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 943,73 Mb Total Space | 840,02 Mb Free Space | 89,01% Space Free | Partition Type: FAT32
Drive X: | 1397,26 Gb Total Space | 286,29 Gb Free Space | 20,49% Space Free | Partition Type: NTFS
Drive Y: | 2794,39 Gb Total Space | 1302,57 Gb Free Space | 46,61% Space Free | Partition Type: NTFS
Drive Z: | 465,76 Gb Total Space | 208,75 Gb Free Space | 44,82% Space Free | Partition Type: NTFS

Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.21 04:05:11 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
PRC - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.04.20 16:26:54 | 000,076,888 | -H-- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 15:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.09.22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2011.05.20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.05.20 11:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.04.20 19:08:06 | 000,055,296 | -H-- | M] () -- C:\Windows\SysWOW64\ASGT.exe
PRC - [2011.03.21 12:17:56 | 000,068,928 | -H-- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2011.02.22 13:14:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.22 13:14:34 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.02.15 14:20:22 | 000,364,544 | ---- | M] () -- C:\Users\Daniel\Desktop\Overclocking & Benching\MSI Afterburner\MSIAfterburner.exe
PRC - [2010.12.15 19:07:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\CM Storm\Spawn Gaming Mouse\Spawn_Icon.exe
PRC - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010.02.12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009.08.29 09:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Daniel\Local Settings\Apps\F.lux\flux.exe

========== Modules (No Company Name) ==========

MOD - [2012.03.12 13:19:11 | 000,491,520 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b57bd70800db9e03c97550eafc2306f0\IAStorUtil.ni.dll
MOD - [2012.03.12 12:47:13 | 000,771,584 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012.03.12 12:46:57 | 012,433,408 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012.03.12 12:46:53 | 001,587,200 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012.03.12 12:46:46 | 003,347,968 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012.03.12 12:46:43 | 005,453,312 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.03.12 12:46:41 | 000,971,264 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.03.12 12:46:40 | 007,967,232 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011.11.14 02:51:16 | 000,014,336 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\91fa5cc7230b88e3e42b3bccd198f681\IAStorCommon.ni.dll
MOD - [2011.11.14 02:51:02 | 011,490,304 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.02.15 14:20:22 | 000,364,544 | ---- | M] () -- C:\Users\Daniel\Desktop\Overclocking & Benching\MSI Afterburner\MSIAfterburner.exe
MOD - [2011.02.15 14:20:08 | 000,061,440 | ---- | M] () -- C:\Users\Daniel\Desktop\Overclocking & Benching\MSI Afterburner\RTMUI.dll
MOD - [2011.02.15 14:20:02 | 000,278,528 | ---- | M] () -- C:\Users\Daniel\Desktop\Overclocking & Benching\MSI Afterburner\RTHAL.dll
MOD - [2011.02.15 14:19:44 | 000,229,376 | ---- | M] () -- C:\Users\Daniel\Desktop\Overclocking & Benching\MSI Afterburner\RTCore.dll
MOD - [2011.02.15 14:19:30 | 000,147,456 | ---- | M] () -- C:\Users\Daniel\Desktop\Overclocking & Benching\MSI Afterburner\RTUI.dll
MOD - [2011.02.15 14:19:20 | 000,061,440 | ---- | M] () -- C:\Users\Daniel\Desktop\Overclocking & Benching\MSI Afterburner\RTFC.dll
MOD - [2010.12.15 19:07:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\CM Storm\Spawn Gaming Mouse\Spawn_Icon.exe
MOD - [2010.07.27 07:37:16 | 000,013,312 | ---- | M] () -- C:\Users\Daniel\Desktop\Overclocking & Benching\MSI Afterburner\RTTSH.dll
MOD - [2009.08.29 09:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Daniel\Local Settings\Apps\F.lux\flux.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012.05.28 20:03:50 | 000,098,576 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2011.09.22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011.07.04 16:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Disabled | Stopped] -- C:\Program Files\ASRock Utility\Xfast LAN\spd.exe -- (cFosSpeedS)
SRV:64bit: - [2011.03.21 12:17:46 | 000,341,312 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe -- (NitroDriverReadSpool)
SRV:64bit: - [2009.07.14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.05 15:59:52 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.04.20 16:26:54 | 000,076,888 | -H-- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.04.05 15:50:08 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012.03.01 03:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.11.14 01:38:18 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011.11.14 01:23:50 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011.11.03 21:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.08.15 17:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.05.20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011.04.20 19:08:06 | 000,055,296 | -H-- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASGT.exe -- (ASGT)
SRV - [2011.03.21 12:17:56 | 000,068,928 | -H-- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011.02.22 13:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.02.22 13:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.03.18 14:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.02.12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009.06.11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.05.28 20:03:48 | 000,166,576 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012.03.01 02:57:00 | 000,398,144 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2012.02.19 02:38:53 | 000,283,200 | -H-- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.01.17 15:45:56 | 000,188,224 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.12.10 16:24:08 | 000,023,152 | -H-- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.11.13 23:46:00 | 000,032,320 | -H-- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2011.11.13 23:45:56 | 000,015,936 | -H-- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2011.11.03 09:41:36 | 000,328,192 | -H-- | M] (Blackmagic Design) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Intensity.sys -- (DeckLink)
DRV:64bit: - [2011.11.03 09:34:12 | 000,018,432 | -H-- | M] (Blackmagic Design) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\deckaud.sys -- (BMDDeckLinkAudio)
DRV:64bit: - [2011.08.31 20:53:22 | 012,306,848 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.08.09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011.08.04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011.08.04 09:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2011.07.04 16:19:34 | 001,632,128 | -H-- | M] (cFos Software GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed) cFosSpeed for faster Internet connections (NDIS 6)
DRV:64bit: - [2011.05.20 10:53:44 | 000,557,848 | -H-- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.04.21 21:17:04 | 000,471,144 | -H-- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 09:41:12 | 000,107,904 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 09:41:12 | 000,027,008 | -H-- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 17:00:14 | 000,390,632 | -H-- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.03.04 17:00:14 | 000,126,952 | -H-- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.01.26 18:11:04 | 000,023,048 | -H-- | M] (ASRock Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsrVDrive.sys -- (AsrVDrive)
DRV:64bit: - [2010.11.21 06:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 06:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 06:23:48 | 000,117,248 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 06:23:48 | 000,088,960 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 06:23:48 | 000,071,168 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 06:23:48 | 000,034,816 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 06:23:47 | 000,078,720 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 06:23:47 | 000,031,232 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.16 01:24:16 | 000,015,672 | -H-- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2010.11.09 16:35:24 | 000,021,992 | -H-- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010.10.19 17:34:26 | 000,056,344 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.15 02:28:16 | 000,317,440 | -H-- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.08.16 16:31:36 | 000,019,936 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2010.08.16 16:31:32 | 000,013,280 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2010.07.07 23:21:18 | 001,612,888 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010.07.07 23:21:06 | 001,567,832 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010.07.07 23:20:56 | 000,118,360 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010.07.07 23:20:48 | 000,213,080 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010.07.07 23:20:40 | 000,015,960 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010.07.07 23:16:32 | 000,179,288 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010.07.07 23:16:24 | 000,697,816 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010.07.07 23:16:14 | 000,580,696 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010.07.07 23:16:06 | 001,445,976 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010.07.07 23:16:06 | 001,445,976 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010.07.07 23:15:56 | 000,095,320 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010.07.07 23:15:56 | 000,095,320 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010.07.07 23:15:50 | 000,230,488 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010.07.07 23:15:50 | 000,230,488 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010.06.11 15:37:14 | 000,015,368 | -H-- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2009.12.30 12:21:26 | 000,031,800 | -H-- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009.09.23 10:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 04:52:20 | 000,194,128 | -H-- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 04:48:04 | 000,065,600 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 04:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 04:45:55 | 000,024,656 | -H-- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 03:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009.06.10 23:34:33 | 003,286,016 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 23:34:28 | 000,468,480 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 23:34:23 | 000,270,848 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 23:31:59 | 000,031,232 | -H-- | M] (Hauppauge Computer Works, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.24 19:35:44 | 000,255,552 | -H-- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007.05.03 18:19:38 | 000,014,032 | -H-- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\se64a.sys -- (se64a)
DRV - [2010.05.27 03:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Users\Daniel\Desktop\Overclocking & Benching\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009.07.14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.02.24 19:35:44 | 000,255,552 | -H-- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007.05.03 18:19:38 | 000,014,032 | -H-- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\se64a.sys -- (se64a)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4053938816-3849789182-2080245720-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.reddit.com/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.60818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.60818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.18: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012.04.21 11:43:04 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 13.0\extensions\\Components: C:\PROGRAM FILES\WATERFOX\COMPONENTS [2012.06.07 06:01:19 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 13.0\extensions\\Plugins: C:\PROGRAM FILES\WATERFOX\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.04.21 11:43:04 | 000,000,000 | ---D | M]

[2012.04.10 10:58:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions
[2012.04.10 10:58:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions\prism@developer.mozilla.org
[2012.06.19 12:11:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\eadrinfr.default\extensions
[2012.06.02 04:50:34 | 000,000,000 | ---D | M] (8 Ultimo) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\eadrinfr.default\extensions\{2b6788a0-0ccd-11e1-be50-0800200c9a66}
[2012.05.09 06:14:15 | 000,000,000 | ---D | M] (FT GraphiteGlow) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\eadrinfr.default\extensions\{99e34760-2754-11e0-91fa-0800200c9a66}
[2012.05.18 05:58:11 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\eadrinfr.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.04.02 14:26:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\eadrinfr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.20 00:22:02 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\eadrinfr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.04.30 10:00:48 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\eadrinfr.default\extensions\FasterFox_Lite@BigRedBrent
[2012.05.23 14:41:54 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\eadrinfr.default\extensions\foxyproxy@eric.h.jung
[2012.06.19 12:11:15 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\eadrinfr.default\extensions\support@lastpass.com
[2011.11.14 07:57:01 | 000,043,131 | ---- | M] () (No name found) -- C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EADRINFR.DEFAULT\EXTENSIONS\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.XPI
[2012.06.13 07:00:05 | 000,525,301 | ---- | M] () (No name found) -- C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EADRINFR.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.01.23 20:32:24 | 000,061,700 | ---- | M] () (No name found) -- C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EADRINFR.DEFAULT\EXTENSIONS\{CD617375-6743-4EE8-BAC4-FBF10F35729E}.XPI
[2012.01.06 13:04:09 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EADRINFR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.12 05:56:06 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EADRINFR.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.02.23 05:53:38 | 000,072,222 | ---- | M] () (No name found) -- C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EADRINFR.DEFAULT\EXTENSIONS\SKIPSCREEN@SKIPSCREEN.XPI
[2012.03.24 06:03:36 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EADRINFR.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012.02.23 21:51:27 | 000,211,071 | ---- | M] () (No name found) -- C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EADRINFR.DEFAULT\EXTENSIONS\THEPIRATEBAY@MAFIAAFIRE.COM.XPI

ferom · Jun 20, 2012

OTL continued:
========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.60818.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10201_0\

O1 HOSTS File: ([2012.06.21 03:44:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Spawn Gaming Mouse] C:\Program Files (x86)\CM Storm\Spawn Gaming Mouse\Spawn_Icon.exe ()
O4 - HKU\S-1-5-21-4053938816-3849789182-2080245720-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4053938816-3849789182-2080245720-1000..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKU\S-1-5-21-4053938816-3849789182-2080245720-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011.11.15 00:12:39 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4053938816-3849789182-2080245720-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4053938816-3849789182-2080245720-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.229.0.40 193.229.0.42
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D78B592-4AC6-4774-B24C-DE2361815B37}: DhcpNameServer = 193.229.0.40 193.229.0.42
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.04.30 15:53:02 | 000,000,029 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{9a606066-5402-11e1-9427-002522e8d644}\Shell - "" = AutoRun
O33 - MountPoints2\{9a606066-5402-11e1-9427-002522e8d644}\Shell\AutoRun\command - "" = E:\Startup.exe -- [2007.05.07 12:45:11 | 001,705,336 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.hdyc - C:\PROGRA~2\BLACKM~2\BLACKM~1\BMDCOD~2.DLL (Blackmagic Design)
Drivers32:64bit: VIDC.LAGS - lagarith.dll ( )
Drivers32:64bit: vidc.mjpg - C:\PROGRA~2\BLACKM~2\BLACKM~1\BMDCOD~4.DLL (Blackmagic Design)
Drivers32:64bit: vidc.r210 - C:\PROGRA~2\BLACKM~2\BLACKM~1\BMDCOD~2.DLL (Blackmagic Design)
Drivers32:64bit: vidc.uyvy - C:\PROGRA~2\BLACKM~2\BLACKM~1\BMDCOD~2.DLL (Blackmagic Design)
Drivers32:64bit: vidc.v210 - C:\PROGRA~2\BLACKM~2\BLACKM~1\BMDCOD~2.DLL (Blackmagic Design)
Drivers32:64bit: vidc.xtor - DxtoryCodec64.dll (Dxtory Software)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.hdyc - C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\BMDCodecLib.dll (Blackmagic Design)
Drivers32: VIDC.LAGS - C:\Windows\SysWow64\lagarith.dll ( )
Drivers32: vidc.mjpg - C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\BMDCodecMJPG.dll (Blackmagic Design)
Drivers32: vidc.r210 - C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\BMDCodecLib.dll (Blackmagic Design)
Drivers32: VIDC.RTV1 - rtvcvfw32.dll File not found
Drivers32: vidc.uyvy - C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\BMDCodecLib.dll (Blackmagic Design)
Drivers32: vidc.v210 - C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\BMDCodecLib.dll (Blackmagic Design)
Drivers32: vidc.xtor - C:\Windows\SysWow64\DxtoryCodec.dll (Dxtory Software)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012.06.21 04:05:09 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2012.06.21 03:45:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.06.21 03:45:02 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\temp
[2012.06.21 03:44:12 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.06.21 03:40:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.06.21 03:40:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.06.21 03:40:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.06.21 03:31:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.06.21 03:31:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.06.21 03:26:35 | 004,563,905 | R--- | C] (Swearware) -- C:\Users\Daniel\Desktop\ComboFix.exe
[2012.06.19 18:34:18 | 000,000,000 | ---D | C] -- C:\FRST
[2012.06.19 17:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\Farbar Recovery Scan Tool
[2012.06.19 17:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.06.19 17:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.06.19 17:21:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spy Bot
[2012.06.19 16:18:46 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\ESET
[2012.06.19 03:19:05 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Zachtronics Industries
[2012.06.19 03:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zachtronics Industries
[2012.06.09 09:06:06 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\LolClient2
[2012.06.09 08:47:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewFeature1
[2012.06.09 08:25:57 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\PMB Files
[2012.06.09 08:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012.06.09 08:25:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012.05.29 17:15:47 | 000,000,000 | R--D | C] -- C:\Sandbox
[2012.05.29 17:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2012.05.29 17:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012.05.29 16:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
[2012.05.29 16:42:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoHotKey
[2012.05.29 16:35:51 | 000,000,000 | -H-D | C] -- C:\Windows\ShellNew
[2012.05.29 16:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3
[2012.05.29 16:34:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoIt
[2012.05.26 04:50:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\D3DOverrider
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.06.21 04:05:11 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2012.06.21 03:44:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.06.21 03:44:09 | 000,016,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.21 03:44:09 | 000,016,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.21 03:43:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.21 03:26:43 | 004,563,905 | R--- | M] (Swearware) -- C:\Users\Daniel\Desktop\ComboFix.exe
[2012.06.21 03:14:40 | 000,002,310 | -H-- | M] () -- C:\Windows\Sandboxie.ini
[2012.06.20 17:50:33 | 000,169,472 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.19 16:32:53 | 000,063,336 | -H-- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000000-00001102-0000000B-00421102}.rfx
[2012.06.19 16:32:53 | 000,063,336 | -H-- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000000-00001102-0000000B-00421102}.rfx
[2012.06.19 16:32:53 | 000,000,820 | -H-- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000000-00001102-0000000B-00421102}.rfx
[2012.06.19 16:24:09 | 001,348,192 | -H-- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.19 16:24:09 | 000,652,150 | -H-- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.19 16:24:09 | 000,479,370 | -H-- | M] () -- C:\Windows\SysNative\perfh00B.dat
[2012.06.19 16:24:09 | 000,121,082 | -H-- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.19 16:24:09 | 000,100,146 | -H-- | M] () -- C:\Windows\SysNative\perfc00B.dat
[2012.05.29 17:14:23 | 000,000,902 | ---- | M] () -- C:\Users\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012.05.29 16:36:29 | 000,000,295 | ---- | M] () -- C:\Users\Daniel\SciTE.session
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.06.21 03:40:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.06.21 03:40:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.06.21 03:40:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.06.21 03:40:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.06.21 03:40:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.05.29 17:14:33 | 000,000,902 | ---- | C] () -- C:\Users\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012.05.29 17:14:31 | 000,002,310 | -H-- | C] () -- C:\Windows\Sandboxie.ini
[2012.05.29 16:36:29 | 000,000,295 | ---- | C] () -- C:\Users\Daniel\SciTE.session
[2012.04.20 16:11:31 | 000,283,304 | -H-- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.20 16:11:31 | 000,076,888 | -H-- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.20 15:43:53 | 002,580,552 | -H-- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.04.10 10:57:12 | 000,254,287 | -H-- | C] () -- C:\Windows\QLPrism Uninstaller.exe
[2012.04.07 20:23:39 | 003,130,440 | -H-- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.02.29 13:26:56 | 000,416,064 | -H-- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.02.19 03:55:47 | 000,015,360 | -H-- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2012.01.23 20:21:01 | 000,001,042 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\coreavc.ini
[2011.12.24 00:52:35 | 000,026,544 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\net.telestream.wirecast.xml
[2011.12.24 00:44:52 | 000,715,038 | -H-- | C] () -- C:\Windows\unins000.exe
[2011.12.24 00:44:52 | 000,216,064 | -H-- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011.12.24 00:44:52 | 000,001,992 | -H-- | C] () -- C:\Windows\unins000.dat
[2011.12.14 06:55:24 | 000,081,920 | -H-- | C] () -- C:\Windows\qlprism-uninstall.exe
[2011.11.16 00:00:37 | 000,169,472 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.14 05:47:35 | 000,003,921 | -H-- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis aoTuV Encoder.dat
[2011.11.14 05:46:58 | 000,003,071 | -H-- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2011.11.14 05:44:43 | 000,013,082 | -H-- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011.11.14 05:44:41 | 003,031,784 | -H-- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011.11.14 05:44:41 | 000,017,950 | -H-- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011.11.14 01:23:39 | 000,164,864 | -H-- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.11.14 01:23:39 | 000,073,728 | -H-- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.11.14 00:09:03 | 001,325,126 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.13 23:50:54 | 000,000,003 | ---- | C] () -- C:\Users\Daniel\AppData\Local\user_data.ini
[2011.11.11 17:25:35 | 000,963,116 | -H-- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.11.11 17:22:49 | 000,145,804 | -H-- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.09.28 17:44:14 | 000,179,271 | -H-- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.08.31 20:51:16 | 000,216,000 | -H-- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.08.31 20:46:00 | 000,056,832 | -H-- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.08.31 20:26:20 | 013,903,872 | -H-- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.04.20 19:08:06 | 000,055,296 | -H-- | C] () -- C:\Windows\SysWow64\ASGT.exe
[2010.07.07 22:23:10 | 000,017,868 | -H-- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010.07.07 22:23:06 | 000,000,054 | -H-- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010.07.07 21:36:44 | 000,014,336 | -H-- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010.07.07 21:33:04 | 000,002,560 | -H-- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
[2010.07.07 21:21:00 | 000,384,647 | -H-- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010.07.07 21:21:00 | 000,051,787 | -H-- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010.07.07 21:10:30 | 000,007,680 | -H-- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2010.07.07 21:10:22 | 000,012,800 | -H-- | C] ( ) -- C:\Windows\SysWow64\killapps.exe

========== LOP Check ==========

[2011.12.15 05:12:21 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\.minecraft
[2012.05.06 20:27:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\calibre
[2012.05.03 21:56:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\cYo
[2012.02.19 02:39:52 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DAEMON Tools Lite
[2012.06.21 03:14:03 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DisplayFusion
[2011.11.14 01:48:28 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Downloaded Installations
[2011.12.11 19:24:43 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ImgBurn
[2011.12.21 16:25:45 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\iulab
[2012.06.09 09:06:06 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LolClient2
[2012.05.06 20:16:46 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mobipocket
[2012.06.21 03:15:06 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Nitro PDF
[2012.04.20 12:34:13 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Origin
[2011.11.14 04:42:22 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Outertech
[2011.12.23 05:21:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\SplitMediaLabs
[2012.02.16 08:13:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Stereoscopic Player
[2012.01.19 23:37:32 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TeamViewer
[2011.12.15 02:50:41 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Trine2
[2012.01.31 14:37:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Ubisoft
[2011.11.14 05:20:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Uniblue
[2012.06.19 16:27:30 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\uTorrent
[2011.12.24 00:52:35 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Vara Software
[2011.12.24 01:46:05 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Wirecast
[2011.11.15 05:03:40 | 000,000,274 | -H-- | M] () -- C:\Windows\Tasks\DriverScanner.job
[2011.12.07 07:13:03 | 000,032,548 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012.06.21 03:45:01 | 000,029,695 | ---- | M] () -- C:\ComboFix.txt
[2012.06.21 03:43:54 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009.07.14 08:32:31 | 000,026,040 | -H-- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 08:32:31 | 000,026,489 | -H-- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 08:32:31 | 000,029,779 | -H-- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 08:32:31 | 000,043,318 | -H-- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009.06.10 23:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009.07.14 07:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009.07.14 07:49:38 | 000,000,146 | -HS- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012.06.21 03:26:43 | 004,563,905 | R--- | M] (Swearware) -- C:\Users\Daniel\Desktop\ComboFix.exe
[2012.06.21 04:05:11 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2011.11.15 05:03:40 | 000,000,274 | -H-- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012.03.02 16:38:41 | 000,000,970 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4053938816-3849789182-2080245720-1000Core.job
[2012.03.02 16:38:41 | 000,001,022 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4053938816-3849789182-2080245720-1000UA.job
[2012.06.21 03:43:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011.12.07 07:13:03 | 000,032,548 | -H-- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011.11.12 00:49:36 | 000,000,402 | -HS- | M] () -- C:\Users\Daniel\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >
[2012.05.29 17:13:51 | 001,288,656 | -H-- | M] (SANDBOXIE L.T.D) -- C:\Windows\Installer\SandboxieInstall64.exe

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 1056 bytes -> C:\ProgramData\Temp:966F7784

< End of report >

Broni · Jun 20, 2012

Good news

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
@Alternate Data Stream - 1056 bytes -> C:\ProgramData\Temp:966F7784

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

=======================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please, run F-Secure Online Scanner

Disable your Antivirus program.
Checkmark I have read and accepted the license terms.
Click on Run Check button.
Quick scan (recommended) option will come pre-checked. Don't change it.
Click on Start button.
When scan is done, in Step 3: Clean the files, leave all settings as they're.
Click Next button.
Click Full report... button.
Copy report's content and paste it into your next reply.

ferom · Jun 21, 2012

Ok, all done. One problem though. I accidentally opened the FRST quarantine folder where the service.exe was and nod32 immediately detected the patched.a.gen trojan again. But only when I opened the folder, not again after that. Is this something I should worry about? Here are the logs:

OTL:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
ADS C:\ProgramData\Temp:966F7784 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Daniel
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 66340 bytes
->Java cache emptied: 1059885 bytes
->FireFox cache emptied: 115936313 bytes
->Google Chrome cache emptied: 94624210 bytes
->Flash cache emptied: 71702 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 602112 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1373744 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4340 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 668 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 204,00 mb

[EMPTYJAVA]

User: All Users

User: Daniel
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0,00 mb

[EMPTYFLASH]

User: All Users

User: Daniel
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.50.0 log created on 06212012_141231

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
-------------------------------------------------
Security Check:
Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````

FSS:
Farbar Service Scanner Version: 19-06-2012 01
Ran by Daniel (administrator) on 21-06-2012 at 14:22:11
Running from "C:\Program Files (x86)\Farbar Service Scanner"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Online Scanner:
[FONT=Arial]Scanning Report[/FONT]

[FONT=Arial]Thursday, June 21, 2012 14:32:13 - 14:32:35[/FONT]

Computer name: DANIEL-PC
Scanning type: Quick scan
Target: System
[FONT=Arial]No malware found[/FONT]

[FONT=Arial]Statistics[/FONT]

Scanned:

Files: 5945
System: 5945
Not scanned: 0

Actions:

Disinfected: 0
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0

[FONT=Arial]Options[/FONT]

Scanning engines:

Broni · Jun 21, 2012

Is this something I should worry about?

No.

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

ferom · Jun 22, 2012

Thank you so much for your help! Computer is working just as well as before, probably better. Here is the final log:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Daniel
->Temp folder emptied: 478951977 bytes
->Temporary Internet Files folder emptied: 808150 bytes
->Java cache emptied: 29624 bytes
->FireFox cache emptied: 51296058 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1551 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1373744 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6156 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 508,00 mb

[EMPTYFLASH]

User: All Users

User: Daniel
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: All Users

User: Daniel
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.50.0 log created on 06222012_152958

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Broni · Jun 22, 2012

Way to go!!

Good luck and stay safe

Solved Win64/Agent.BA Win64/sirefef.AE Win64/Patched.A.Gen Win 64/sirefef.EZ Windows 7

ferom

Posts: 9 +0

Broni

Posts: 56,041 +516

ferom

Posts: 9 +0

ferom

Posts: 9 +0

Broni

Posts: 56,041 +516

Attachments

ferom

Posts: 9 +0

Broni

Posts: 56,041 +516

ferom

Posts: 9 +0

ferom

Posts: 9 +0

ferom

Posts: 9 +0

Broni

Posts: 56,041 +516

ferom

Posts: 9 +0

Broni

Posts: 56,041 +516

ferom

Posts: 9 +0

Broni

Posts: 56,041 +516

Similar threads

Latest posts