TechSpot

Win64/Patched.a.Gen problem

Solved
By Belles
Jul 25, 2012
  1. Hi! Since last night I've been getting this message from my Nod32 saying that the services.exe file is infected with Win64/Patched.a.Gen. It pops up every 5 to 10 minutes and I just don't know what to do with it! Here's the Farbar log. Do I need to post anything else? Thanks in advance!!

    Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by Bellsmorte at 25-07-2012 19:54:02
    Running from C:\Users\Bellsmorte\Downloads
    Service Pack 1 (X64) OS Language: English(US)
    Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

    ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


    ============ One Month Created Files and Folders ==============

    2012-07-25 19:38 - 2012-07-25 19:38 - 00000000 ____D C:\Users\Bellsmorte\AppData\Local\ESET
    2012-07-25 19:35 - 2012-07-25 19:54 - 00000000 ____D C:\FRST
    2012-07-25 19:23 - 2012-07-25 19:23 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Bellsmorte\Downloads\mbam-setup-1.62.0.1300.exe
    2012-07-25 19:11 - 2012-07-25 19:12 - 00607260 ____A (Swearware) C:\Users\Bellsmorte\Downloads\dds.scr
    2012-07-25 19:11 - 2012-07-25 19:11 - 00302592 ____A C:\Users\Bellsmorte\Downloads\zsrqg8tr.exe
    2012-07-25 18:57 - 2012-07-25 18:58 - 01438391 ____A (Farbar) C:\Users\Bellsmorte\Downloads\FRST64.exe
    2012-07-25 17:51 - 2012-07-25 18:00 - 00292864 __ASH C:\Users\Bellsmorte\Downloads\Thumbs.db
    2012-07-25 17:31 - 2012-07-25 17:31 - 00002002 ____A C:\Windows\PFRO.log
    2012-07-25 17:21 - 2012-07-25 17:21 - 00000000 ____D C:\Users\All Users\ESET
    2012-07-25 17:21 - 2012-07-25 17:21 - 00000000 ____D C:\Program Files\ESET
    2012-07-25 17:16 - 2012-07-25 17:16 - 00143212 ____A C:\Users\Bellsmorte\Downloads\pure.rar
    2012-07-25 17:03 - 2012-07-25 17:03 - 01378744 ____A (ESET) C:\Users\Bellsmorte\Downloads\eset_nod32_antivirus_live_installer.exe
    2012-07-25 15:49 - 2012-07-25 16:55 - 00000000 ____D C:\Program Files (x86)\RegCleaner
    2012-07-25 15:40 - 2012-07-25 15:40 - 00000000 ____D C:\Users\Bellsmorte\AppData\Roaming\BlueSprig
    2012-07-25 15:40 - 2012-07-25 15:40 - 00000000 ____D C:\Program Files (x86)\BlueSprig
    2012-07-25 01:19 - 2012-07-25 01:19 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
    2012-07-25 00:30 - 2012-07-25 16:55 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
    2012-07-25 00:30 - 2012-07-25 16:55 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
    2012-07-24 19:43 - 2012-07-24 19:43 - 00000000 ____D C:\Users\Bellsmorte\AppData\Roaming\Daedalic Entertainment
    2012-07-21 01:08 - 2012-07-21 01:08 - 00000000 ____D C:\Users\Bellsmorte\AppData\Roaming\Elephant Games
    2012-07-21 01:08 - 2012-07-21 01:08 - 00000000 ____D C:\Users\All Users\Elephant Games
    2012-07-20 15:40 - 2012-07-20 15:40 - 00002214 ____A C:\Users\Public\Desktop\Google Earth.lnk
    2012-07-19 12:41 - 2012-07-19 12:41 - 00404640 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-16 23:24 - 2012-07-16 23:24 - 00000000 ____D C:\Users\Bellsmorte\AppData\Roaming\PlayPond
    2012-07-14 15:51 - 2012-07-14 15:51 - 00000000 ____D C:\Users\Bellsmorte\AppData\Roaming\Anarchy
    2012-07-13 18:05 - 2012-07-13 18:05 - 00000219 ____A C:\Users\Bellsmorte\Desktop\Left 4 Dead 2.url
    2012-07-11 23:42 - 2012-07-11 23:42 - 00000748 ____A C:\Users\Bellsmorte\Desktop\GoldWave.lnk
    2012-07-11 23:42 - 2012-07-11 23:42 - 00000000 ____D C:\Program Files (x86)\GoldWave
    2012-07-11 23:37 - 2012-07-11 23:37 - 00000000 ____D C:\tmp
    2012-07-11 23:18 - 2012-07-25 16:55 - 00000000 ____D C:\MP3Toolkit
    2012-07-11 23:18 - 2012-07-11 23:18 - 00000604 ____A C:\Users\Public\Desktop\MP3 Toolkit.lnk
    2012-07-11 23:17 - 2012-07-11 23:17 - 11011319 ____A (MP3Toolkit.com ) C:\Users\Bellsmorte\Desktop\mp3toolkit.exe
    2012-07-07 20:46 - 2012-07-07 20:46 - 00000000 ____D C:\Users\Bellsmorte\AppData\Roaming\DVDFab
    2012-07-07 20:43 - 2012-07-07 20:43 - 00000000 ____D C:\Users\All Users\dvdfab
    2012-07-07 20:41 - 2012-07-07 20:49 - 00000000 ____D C:\Users\Bellsmorte\Documents\DVDFab
    2012-07-07 20:41 - 2012-07-07 20:42 - 00000000 ____D C:\Program Files (x86)\DVDFab 8 Qt
    2012-07-07 20:41 - 2012-07-07 20:41 - 00001059 ____A C:\Users\Bellsmorte\Desktop\DVDFab Profile Editor.lnk
    2012-07-07 20:41 - 2012-07-07 20:41 - 00001022 ____A C:\Users\Bellsmorte\Desktop\DVDFab 8 Qt.lnk
    2012-07-07 20:41 - 2012-07-07 20:41 - 00000000 ____D C:\Users\Bellsmorte\AppData\Roaming\NVIDIA
    2012-07-07 20:40 - 2011-03-14 09:25 - 00000232 ____A C:\Users\Bellsmorte\Desktop\Información.txt
    2012-07-07 20:23 - 2012-07-25 16:55 - 00000000 ____D C:\Program Files (x86)\AnvSoft
    2012-07-07 20:23 - 2012-07-07 20:28 - 00000000 ____D C:\Users\Bellsmorte\Documents\Any Video Converter
    2012-07-07 20:23 - 2012-07-07 20:23 - 00001242 ____A C:\Users\Bellsmorte\Desktop\Any Video Converter.lnk
    2012-07-07 20:23 - 2012-07-07 20:23 - 00000000 ____D C:\Users\Bellsmorte\AppData\Roaming\AnvSoft
    2012-07-06 16:59 - 2012-07-06 16:59 - 00000006 ____A C:\Users\Bellsmorte\Documents\jnljin.txt
    2012-06-29 23:41 - 2012-06-29 23:41 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ssadadb_01005.Wdf

    ============ 3 Months Modified Files ========================

    2012-07-25 19:37 - 2012-03-26 15:27 - 00001044 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-25 19:29 - 2012-02-12 00:14 - 00001066 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3934109233-4140102264-3726521436-1001UA.job
    2012-07-25 19:23 - 2012-07-25 19:23 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Bellsmorte\Downloads\mbam-setup-1.62.0.1300.exe
    2012-07-25 19:12 - 2012-07-25 19:11 - 00607260 ____A (Swearware) C:\Users\Bellsmorte\Downloads\dds.scr
    2012-07-25 19:11 - 2012-07-25 19:11 - 00302592 ____A C:\Users\Bellsmorte\Downloads\zsrqg8tr.exe
    2012-07-25 18:58 - 2012-07-25 18:57 - 01438391 ____A (Farbar) C:\Users\Bellsmorte\Downloads\FRST64.exe
    2012-07-25 18:34 - 2011-12-04 10:51 - 01819194 ____A C:\Windows\WindowsUpdate.log
    2012-07-25 18:34 - 2009-07-14 01:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-25 18:34 - 2009-07-14 01:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-25 18:00 - 2012-07-25 17:51 - 00292864 __ASH C:\Users\Bellsmorte\Downloads\Thumbs.db
    2012-07-25 17:49 - 2012-06-04 19:03 - 00003406 ____A C:\Windows\setupact.log
    2012-07-25 17:49 - 2012-03-26 15:27 - 00001040 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-25 17:49 - 2009-07-14 02:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-25 17:32 - 2011-12-04 11:27 - 00045056 ____A C:\Windows\System32\acovcnt.exe
    2012-07-25 17:32 - 2011-12-04 11:14 - 00002326 ____A C:\Windows\System32\AutoRunFilter.ini
    2012-07-25 17:32 - 2011-12-04 11:14 - 00001375 ____A C:\Windows\System32\ServiceFilter.ini
    2012-07-25 17:31 - 2012-07-25 17:31 - 00002002 ____A C:\Windows\PFRO.log
    2012-07-25 17:16 - 2012-07-25 17:16 - 00143212 ____A C:\Users\Bellsmorte\Downloads\pure.rar
    2012-07-25 17:03 - 2012-07-25 17:03 - 01378744 ____A (ESET) C:\Users\Bellsmorte\Downloads\eset_nod32_antivirus_live_installer.exe
    2012-07-25 16:58 - 2012-02-12 12:34 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-07-21 21:29 - 2012-02-12 00:14 - 00001014 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3934109233-4140102264-3726521436-1001Core.job
    2012-07-20 15:40 - 2012-07-20 15:40 - 00002214 ____A C:\Users\Public\Desktop\Google Earth.lnk
    2012-07-19 12:41 - 2012-07-19 12:41 - 00404640 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-18 19:52 - 2012-02-12 19:29 - 00000949 ____A C:\Users\Public\Desktop\µTorrent.lnk
    2012-07-13 18:05 - 2012-07-13 18:05 - 00000219 ____A C:\Users\Bellsmorte\Desktop\Left 4 Dead 2.url
    2012-07-11 23:42 - 2012-07-11 23:42 - 00000748 ____A C:\Users\Bellsmorte\Desktop\GoldWave.lnk
    2012-07-11 23:18 - 2012-07-11 23:18 - 00000604 ____A C:\Users\Public\Desktop\MP3 Toolkit.lnk
    2012-07-11 23:17 - 2012-07-11 23:17 - 11011319 ____A (MP3Toolkit.com ) C:\Users\Bellsmorte\Desktop\mp3toolkit.exe
    2012-07-07 20:41 - 2012-07-07 20:41 - 00001059 ____A C:\Users\Bellsmorte\Desktop\DVDFab Profile Editor.lnk
    2012-07-07 20:41 - 2012-07-07 20:41 - 00001022 ____A C:\Users\Bellsmorte\Desktop\DVDFab 8 Qt.lnk
    2012-07-07 20:25 - 2009-07-14 02:13 - 00798302 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-07 20:23 - 2012-07-07 20:23 - 00001242 ____A C:\Users\Bellsmorte\Desktop\Any Video Converter.lnk
    2012-07-06 16:59 - 2012-07-06 16:59 - 00000006 ____A C:\Users\Bellsmorte\Documents\jnljin.txt
    2012-06-29 23:41 - 2012-06-29 23:41 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ssadadb_01005.Wdf
    2012-06-25 17:07 - 2012-02-24 00:35 - 00001041 ____A C:\Users\Bellsmorte\Desktop\Dropbox.lnk
    2012-06-10 04:06 - 2012-06-09 02:20 - 00017888 ____A C:\Users\Bellsmorte\Documents\cufa2.txt
    2012-06-04 19:03 - 2012-06-04 19:03 - 00000000 ____A C:\Windows\setuperr.log
    2012-06-01 15:04 - 2012-06-01 15:04 - 00000919 ____A C:\Users\Public\Desktop\Steam.lnk
    2012-05-30 18:20 - 2012-05-30 18:20 - 00000115 ____A C:\Users\Bellsmorte\Documents\caldera.txt
    2012-05-26 19:25 - 2012-05-26 19:25 - 00001871 ____A C:\Users\Public\Desktop\ImgBurn.lnk
    2012-05-24 16:39 - 2012-05-27 15:16 - 892016782 ____A C:\Users\Bellsmorte\Documents\laced.haywire.dvd9.Title1.avi
    2012-05-23 21:13 - 2012-05-23 21:13 - 00002014 ____A C:\Users\Bellsmorte\Desktop\DOSBox 0.72.lnk
    2012-05-15 15:23 - 2009-07-14 02:08 - 00032616 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-05-15 15:23 - 2009-07-14 02:08 - 00032616 ____A C:\Windows\Tasks\SCHEDLGU(35).TXT
    2012-05-14 00:22 - 2012-05-14 00:22 - 00010115 ____A C:\Users\Bellsmorte\Documents\NOIRE.xlsx
    2012-05-10 01:24 - 2012-05-10 01:24 - 00249856 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
    2012-05-10 01:24 - 2012-05-10 01:24 - 00073216 ____A (Microsoft Corporation) C:\Windows\ST6UNST.EXE
    2012-05-10 00:26 - 2012-05-10 00:26 - 00000156 ____A C:\Users\Bellsmorte\Documents\ballads2.txt
    2012-05-10 00:10 - 2012-05-09 23:48 - 00012292 ____A C:\Users\Bellsmorte\Documents\ballads.txt
    2012-05-09 00:27 - 2012-05-09 00:27 - 00006076 ____A C:\Users\Bellsmorte\Documents\cufa.txt
    2012-05-06 01:16 - 2012-04-24 01:10 - 00028476 ____A C:\Users\Bellsmorte\Documents\deusex.xlsx
    2012-05-04 21:03 - 2012-03-30 16:03 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe


    ZeroAccess:
    C:\Windows\Installer\{7fd9681f-20bf-56bc-3453-ea3cd472b4ef}
    C:\Windows\Installer\{7fd9681f-20bf-56bc-3453-ea3cd472b4ef}\L
    C:\Windows\Installer\{7fd9681f-20bf-56bc-3453-ea3cd472b4ef}\U
    C:\Windows\Installer\{7fd9681f-20bf-56bc-3453-ea3cd472b4ef}\L\00000008.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe
    [2009-07-13 20:19] - [2009-07-13 22:39] - 0329216 ____A () D41D8CD98F00B204E9800998ECF8427E

    C:\Windows\System32\services.exe IS INFECTED. <===== ATTENTION!

    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ========================= Memory info ======================

    Percentage of memory in use: 52%
    Total physical RAM: 4001.06 MB
    Available physical RAM: 1887.92 MB
    Total Pagefile: 8000.32 MB
    Available Pagefile: 5700.2 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.87 MB

    ======================= Partitions =========================

    1 Drive c: (OS) (Fixed) (Total:250.05 GB) (Free:166.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (Data) (Fixed) (Total:321.12 GB) (Free:133.74 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 596 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 25 GB 1024 KB
    Partition 2 Primary 250 GB 25 GB
    Partition 3 Primary 321 GB 275 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 1C
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 250 GB Healthy System (partition with boot components)

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D Data NTFS Partition 321 GB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-18 00:00

    ======================= End Of Log ==========================
     
  2. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================

    You didn't run the tool correct way:
    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  3. Belles

    Belles TS Rookie Topic Starter

    Oops! It looked too easy after all... :) Here's the two logs!

    Frst.exe

    Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 25-07-2012 22:48:54
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [168216 2011-06-01] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391960 2011-06-01] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [419096 2011-06-01] (Intel Corporation)
    HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [649608 2010-06-09] (ELAN Microelectronic Corp.)
    HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2207848 2011-03-20] (Realtek Semiconductor)
    HKLM\...\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe [909824 2010-01-20] (Sonix Technology Co., Ltd.)
    HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
    HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9569096 2012-03-11] (COMODO)
    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4081008 2012-07-25] (ESET)
    HKLM-x32\...\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [371 2012-07-25] ()
    HKLM-x32\...\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
    HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" [x]
    HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [DocCreatorClient] "C:\Program Files (x86)\Global Graphics\gDoc\DocCreatorClient.exe" [292248 2009-11-24] (Global Graphics Software Ltd.)
    HKLM-x32\...\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s [57344 2006-09-28] (SlySoft, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
    HKU\Bellsmorte\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3481408 2012-02-13] (DT Soft Ltd)
    HKU\Bellsmorte\...\Run: [Google Update] "C:\Users\Bellsmorte\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-02-11] (Google Inc.)
    HKU\Bellsmorte\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-06-01] (Valve Corporation)
    HKU\UpdatusUser\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 200.49.130.44 200.42.4.207 172.20.2.26
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll C:\Windows\system32\guard64.dll
    Startup: C:\Users\Bellsmorte\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)

    ==================== Services (Whitelisted) ======

    2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
    2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros)
    2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations)
    2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
    2 CLPSLS; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [1267000 2011-11-23] (COMODO)
    2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2815496 2012-03-11] (COMODO)
    3 DCMessages; "C:\Windows\SysWOW64\DCMessages.exe" [99720 2009-11-24] (Global Graphics Software Ltd)
    2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [913144 2012-03-07] (ESET)
    3 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-04-17] ()
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)
    2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-20] ()

    ========================== Drivers (Whitelisted) =============

    2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
    3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [36000 2011-03-13] (Atheros)
    1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-26] (ASUS)
    3 BTATH_A2DP; C:\Windows\System32\Drivers\BTATH_A2DP.sys [298656 2011-03-13] (Atheros)
    3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [28832 2011-03-13] (Atheros)
    3 BTATH_HCRP; C:\Windows\System32\Drivers\BTATH_HCRP.sys [201376 2011-03-13] (Atheros)
    3 BTATH_LWFLT; C:\Windows\System32\Drivers\BTATH_LWFLT.sys [55456 2011-03-13] (Atheros)
    3 BTATH_RCP; C:\Windows\System32\Drivers\BTATH_RCP.sys [154272 2011-03-13] (Atheros)
    3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [280224 2011-03-13] (Atheros)
    1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [577824 2012-03-11] (COMODO)
    1 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [43248 2012-03-11] (COMODO)
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-02-20] (DT Soft Ltd)
    1 eamonm; C:\Windows\System32\Drivers\eamonm.sys [209768 2012-03-14] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [148528 2012-03-14] (ESET)
    3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
    3 ElbyCDFL; C:\Windows\SysWow64\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
    2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2012-03-14] (ESET)
    3 FLxHCIh; C:\Windows\System32\Drivers\FLxHCIh.sys [81920 2011-02-24] (Fresco Logic)
    1 inspect; C:\Windows\System32\Drivers\inspect.sys [93200 2011-12-19] (COMODO)
    3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
    3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-25 17:41 - 2012-07-25 17:41 - 00032768 __ASH C:\Users\Bellsmorte\Documents\Thumbs.db
    2012-07-25 17:40 - 2012-07-25 17:06 - 00000599 ____A C:\Users\Bellsmorte\Documents\Search.txt
    2012-07-25 17:40 - 2012-07-25 17:00 - 00021896 ____A C:\Users\Bellsmorte\Documents\FRST.txt
    2012-07-25 16:39 - 2012-07-25 16:39 - 01438391 ____A (Farbar) C:\Users\Bellsmorte\Downloads\FRST64(1).exe
    2012-07-25 16:39 - 2012-07-25 16:39 - 00892822 ____A (Farbar) C:\Users\Bellsmorte\Downloads\FRST.exe
    2012-07-25 14:54 - 2012-07-25 14:54 - 00013936 ____A C:\Users\Bellsmorte\Downloads\FRST.txt
    2012-07-25 14:38 - 2012-07-25 14:38 - 00000000 ____D C:\Users\Bellsmorte\AppData\Local\ESET
    2012-07-25 14:35 - 2012-07-25 14:54 - 00000000 ____D C:\FRST
    2012-07-25 14:23 - 2012-07-25 14:23 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Bellsmorte\Downloads\mbam-setup-1.62.0.1300.exe
    2012-07-25 14:11 - 2012-07-25 14:12 - 00607260 ____A (Swearware) C:\Users\Bellsmorte\Downloads\dds.scr
    2012-07-25 14:11 - 2012-07-25 14:11 - 00302592 ____A C:\Users\Bellsmorte\Downloads\zsrqg8tr.exe
    2012-07-25 13:57 - 2012-07-25 13:58 - 01438391 ____A (Farbar) C:\Users\Bellsmorte\Downloads\FRST64.exe
    2012-07-25 12:51 - 2012-07-25 14:54 - 00294912 __ASH C:\Users\Bellsmorte\Downloads\Thumbs.db
    2012-07-25 12:31 - 2012-07-25 12:31 - 00002002 ____A C:\Windows\PFRO.log
    2012-07-25 12:21 - 2012-07-25 12:21 - 00000000 ____D C:\Users\All Users\ESET
    2012-07-25 12:21 - 2012-07-25 12:21 - 00000000 ____D C:\Program Files\ESET
    2012-07-25 12:16 - 2012-07-25 12:16 - 00143212 ____A C:\Users\Bellsmorte\Downloads\pure.rar
    2012-07-25 12:03 - 2012-07-25 12:03 - 01378744 ____A (ESET) C:\Users\Bellsmorte\Downloads\eset_nod32_antivirus_live_installer.exe
    2012-07-25 10:49 - 2012-07-25 11:55 - 00000000 ____D C:\Program Files (x86)\RegCleaner
    2012-07-25 10:40 - 2012-07-25 10:40 - 00000000 ____D C:\Users\Bellsmorte\AppData\Roaming\BlueSprig
    2012-07-25 10:40 - 2012-07-25 10:40 - 00000000 ____D C:\Program Files (x86)\BlueSprig
    2012-07-24 20:19 - 2012-07-24 20:19 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
    2012-07-24 19:30 - 2012-07-25 11:55 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
    2012-07-24 19:30 - 2012-07-25 11:55 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
    2012-07-24 14:43 - 2012-07-24 14:43 - 00000000 ____D C:\Users\Bellsmorte\AppData\Roaming\Daedalic Entertainment
    2012-07-20 20:08 - 2012-07-20 20:08 - 00000000 ____D C:\Users\Bellsmorte\AppData\Roaming\Elephant Games
    2012-07-20 20:08 - 2012-07-20 20:08 - 00000000 ____D C:\Users\All Users\Elephant Games
    2012-07-20 10:40 - 2012-07-20 10:40 - 00002214 ____A C:\Users\Public\Desktop\Google Earth.lnk
    2012-07-19 07:41 - 2012-07-19 07:41 - 00404640 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-16 18:24 - 2012-07-16 18:24 - 00000000 ____D C:\Users\Bellsmorte\AppData\Roaming\PlayPond
    2012-07-14 10:51 - 2012-07-14 10:51 - 00000000 ____D C:\Users\Bellsmorte\AppData\Roaming\Anarchy
    2012-07-13 13:05 - 2012-07-13 13:05 - 00000219 ____A C:\Users\Bellsmorte\Desktop\Left 4 Dead 2.url
    2012-07-11 18:42 - 2012-07-11 18:42 - 00000748 ____A C:\Users\Bellsmorte\Desktop\GoldWave.lnk
    2012-07-11 18:42 - 2012-07-11 18:42 - 00000000 ____D C:\Program Files (x86)\GoldWave
    2012-07-11 18:37 - 2012-07-11 18:37 - 00000000 ____D C:\tmp
    2012-07-11 18:18 - 2012-07-25 11:55 - 00000000 ____D C:\MP3Toolkit
    2012-07-11 18:18 - 2012-07-11 18:18 - 00000604 ____A C:\Users\Public\Desktop\MP3 Toolkit.lnk
    2012-07-11 18:17 - 2012-07-11 18:17 - 11011319 ____A (MP3Toolkit.com ) C:\Users\Bellsmorte\Desktop\mp3toolkit.exe
    2012-07-07 15:46 - 2012-07-07 15:46 - 00000000 ____D C:\Users\Bellsmorte\AppData\Roaming\DVDFab
    2012-07-07 15:43 - 2012-07-07 15:43 - 00000000 ____D C:\Users\All Users\dvdfab
    2012-07-07 15:41 - 2012-07-07 15:49 - 00000000 ____D C:\Users\Bellsmorte\Documents\DVDFab
    2012-07-07 15:41 - 2012-07-07 15:42 - 00000000 ____D C:\Program Files (x86)\DVDFab 8 Qt
    2012-07-07 15:41 - 2012-07-07 15:41 - 00001059 ____A C:\Users\Bellsmorte\Desktop\DVDFab Profile Editor.lnk
    2012-07-07 15:41 - 2012-07-07 15:41 - 00001022 ____A C:\Users\Bellsmorte\Desktop\DVDFab 8 Qt.lnk
    2012-07-07 15:41 - 2012-07-07 15:41 - 00000000 ____D C:\Users\Bellsmorte\AppData\Roaming\NVIDIA
    2012-07-07 15:40 - 2011-03-14 04:25 - 00000232 ____A C:\Users\Bellsmorte\Desktop\Información.txt
    2012-07-07 15:23 - 2012-07-25 11:55 - 00000000 ____D C:\Program Files (x86)\AnvSoft
    2012-07-07 15:23 - 2012-07-07 15:28 - 00000000 ____D C:\Users\Bellsmorte\Documents\Any Video Converter
    2012-07-07 15:23 - 2012-07-07 15:23 - 00001242 ____A C:\Users\Bellsmorte\Desktop\Any Video Converter.lnk
    2012-07-07 15:23 - 2012-07-07 15:23 - 00000000 ____D C:\Users\Bellsmorte\AppData\Roaming\AnvSoft
    2012-07-06 11:59 - 2012-07-06 11:59 - 00000006 ____A C:\Users\Bellsmorte\Documents\jnljin.txt
    2012-06-29 18:41 - 2012-06-29 18:41 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ssadadb_01005.Wdf

    ============ 3 Months Modified Files ========================

    2012-07-25 17:47 - 2012-06-04 14:03 - 00003574 ____A C:\Windows\setupact.log
    2012-07-25 17:47 - 2012-03-26 10:27 - 00001040 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-25 17:47 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-25 17:46 - 2011-12-04 05:51 - 01844809 ____A C:\Windows\WindowsUpdate.log
    2012-07-25 17:43 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-25 17:43 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-25 17:41 - 2012-07-25 17:41 - 00032768 __ASH C:\Users\Bellsmorte\Documents\Thumbs.db
    2012-07-25 17:37 - 2012-03-26 10:27 - 00001044 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-25 17:35 - 2011-12-04 06:27 - 00045056 ____A C:\Windows\System32\acovcnt.exe
    2012-07-25 17:06 - 2012-07-25 17:40 - 00000599 ____A C:\Users\Bellsmorte\Documents\Search.txt
    2012-07-25 17:00 - 2012-07-25 17:40 - 00021896 ____A C:\Users\Bellsmorte\Documents\FRST.txt
    2012-07-25 16:44 - 2009-07-13 21:13 - 00798302 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-25 16:39 - 2012-07-25 16:39 - 01438391 ____A (Farbar) C:\Users\Bellsmorte\Downloads\FRST64(1).exe
    2012-07-25 16:39 - 2012-07-25 16:39 - 00892822 ____A (Farbar) C:\Users\Bellsmorte\Downloads\FRST.exe
    2012-07-25 16:38 - 2012-02-11 19:14 - 00001014 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3934109233-4140102264-3726521436-1001Core.job
    2012-07-25 16:29 - 2012-02-11 19:14 - 00001066 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3934109233-4140102264-3726521436-1001UA.job
    2012-07-25 14:54 - 2012-07-25 14:54 - 00013936 ____A C:\Users\Bellsmorte\Downloads\FRST.txt
    2012-07-25 14:54 - 2012-07-25 12:51 - 00294912 __ASH C:\Users\Bellsmorte\Downloads\Thumbs.db
    2012-07-25 14:23 - 2012-07-25 14:23 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Bellsmorte\Downloads\mbam-setup-1.62.0.1300.exe
    2012-07-25 14:12 - 2012-07-25 14:11 - 00607260 ____A (Swearware) C:\Users\Bellsmorte\Downloads\dds.scr
    2012-07-25 14:11 - 2012-07-25 14:11 - 00302592 ____A C:\Users\Bellsmorte\Downloads\zsrqg8tr.exe
    2012-07-25 13:58 - 2012-07-25 13:57 - 01438391 ____A (Farbar) C:\Users\Bellsmorte\Downloads\FRST64.exe
    2012-07-25 12:32 - 2011-12-04 06:14 - 00002326 ____A C:\Windows\System32\AutoRunFilter.ini
    2012-07-25 12:32 - 2011-12-04 06:14 - 00001375 ____A C:\Windows\System32\ServiceFilter.ini
    2012-07-25 12:31 - 2012-07-25 12:31 - 00002002 ____A C:\Windows\PFRO.log
    2012-07-25 12:16 - 2012-07-25 12:16 - 00143212 ____A C:\Users\Bellsmorte\Downloads\pure.rar
    2012-07-25 12:03 - 2012-07-25 12:03 - 01378744 ____A (ESET) C:\Users\Bellsmorte\Downloads\eset_nod32_antivirus_live_installer.exe
    2012-07-25 11:58 - 2012-02-12 07:34 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-07-20 10:40 - 2012-07-20 10:40 - 00002214 ____A C:\Users\Public\Desktop\Google Earth.lnk
    2012-07-19 07:41 - 2012-07-19 07:41 - 00404640 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-18 14:52 - 2012-02-12 14:29 - 00000949 ____A C:\Users\Public\Desktop\µTorrent.lnk
    2012-07-13 13:05 - 2012-07-13 13:05 - 00000219 ____A C:\Users\Bellsmorte\Desktop\Left 4 Dead 2.url
    2012-07-11 18:42 - 2012-07-11 18:42 - 00000748 ____A C:\Users\Bellsmorte\Desktop\GoldWave.lnk
    2012-07-11 18:18 - 2012-07-11 18:18 - 00000604 ____A C:\Users\Public\Desktop\MP3 Toolkit.lnk
    2012-07-11 18:17 - 2012-07-11 18:17 - 11011319 ____A (MP3Toolkit.com ) C:\Users\Bellsmorte\Desktop\mp3toolkit.exe
    2012-07-07 15:41 - 2012-07-07 15:41 - 00001059 ____A C:\Users\Bellsmorte\Desktop\DVDFab Profile Editor.lnk
    2012-07-07 15:41 - 2012-07-07 15:41 - 00001022 ____A C:\Users\Bellsmorte\Desktop\DVDFab 8 Qt.lnk
    2012-07-07 15:23 - 2012-07-07 15:23 - 00001242 ____A C:\Users\Bellsmorte\Desktop\Any Video Converter.lnk
    2012-07-06 11:59 - 2012-07-06 11:59 - 00000006 ____A C:\Users\Bellsmorte\Documents\jnljin.txt
    2012-06-29 18:41 - 2012-06-29 18:41 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ssadadb_01005.Wdf
    2012-06-25 12:07 - 2012-02-23 19:35 - 00001041 ____A C:\Users\Bellsmorte\Desktop\Dropbox.lnk
    2012-06-09 23:06 - 2012-06-08 21:20 - 00017888 ____A C:\Users\Bellsmorte\Documents\cufa2.txt
    2012-06-04 14:03 - 2012-06-04 14:03 - 00000000 ____A C:\Windows\setuperr.log
    2012-06-01 10:04 - 2012-06-01 10:04 - 00000919 ____A C:\Users\Public\Desktop\Steam.lnk
    2012-05-30 13:20 - 2012-05-30 13:20 - 00000115 ____A C:\Users\Bellsmorte\Documents\caldera.txt
    2012-05-26 14:25 - 2012-05-26 14:25 - 00001871 ____A C:\Users\Public\Desktop\ImgBurn.lnk
    2012-05-23 16:13 - 2012-05-23 16:13 - 00002014 ____A C:\Users\Bellsmorte\Desktop\DOSBox 0.72.lnk
    2012-05-15 10:23 - 2009-07-13 21:08 - 00032616 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-05-15 10:23 - 2009-07-13 21:08 - 00032616 ____A C:\Windows\Tasks\SCHEDLGU(35).TXT
    2012-05-13 19:22 - 2012-05-13 19:22 - 00010115 ____A C:\Users\Bellsmorte\Documents\NOIRE.xlsx
    2012-05-09 20:24 - 2012-05-09 20:24 - 00249856 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
    2012-05-09 20:24 - 2012-05-09 20:24 - 00073216 ____A (Microsoft Corporation) C:\Windows\ST6UNST.EXE
    2012-05-09 19:26 - 2012-05-09 19:26 - 00000156 ____A C:\Users\Bellsmorte\Documents\ballads2.txt
    2012-05-09 19:10 - 2012-05-09 18:48 - 00012292 ____A C:\Users\Bellsmorte\Documents\ballads.txt
    2012-05-08 19:27 - 2012-05-08 19:27 - 00006076 ____A C:\Users\Bellsmorte\Documents\cufa.txt
    2012-05-05 20:16 - 2012-04-23 20:10 - 00028476 ____A C:\Users\Bellsmorte\Documents\deusex.xlsx
    2012-05-04 16:03 - 2012-03-30 11:03 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe


    ZeroAccess:
    C:\Windows\Installer\{7fd9681f-20bf-56bc-3453-ea3cd472b4ef}
    C:\Windows\Installer\{7fd9681f-20bf-56bc-3453-ea3cd472b4ef}\L
    C:\Windows\Installer\{7fd9681f-20bf-56bc-3453-ea3cd472b4ef}\U
    C:\Windows\Installer\{7fd9681f-20bf-56bc-3453-ea3cd472b4ef}\L\00000008.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 14%
    Total physical RAM: 4001.06 MB
    Available physical RAM: 3423.2 MB
    Total Pagefile: 3999.21 MB
    Available Pagefile: 3414.95 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: (OS) (Fixed) (Total:250.05 GB) (Free:167.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (Data) (Fixed) (Total:321.12 GB) (Free:133.74 GB) NTFS
    4 Drive f: (ADATA UFD) (Removable) (Total:7.32 GB) (Free:7.2 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 596 GB 0 B
    Disk 1 Online 7509 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 25 GB 1024 KB
    Partition 2 Primary 250 GB 25 GB
    Partition 3 Primary 321 GB 275 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 1C
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C OS NTFS Partition 250 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D Data NTFS Partition 321 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7508 MB 31 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F ADATA UFD FAT32 Removable 7508 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-17 19:00

    ======================= End Of Log ==========================

    Search.exe

    Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 2012-07-25 22:50:15
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    ====== End Of Search ======
     
  4. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  5. Belles

    Belles TS Rookie Topic Starter

    Here are the two logs:

    Fixlist.txt

    SubSystems: [Windows] ==> ZeroAccess
    C:\Windows\System32\consrv.dll
    HKLM-x32\...\Run: [] [x]
    C:\Windows\Installer\{7fd9681f-20bf-56bc-3453-ea3cd472b4ef}
    C:\Windows\assembly\GAC_32\Desktop.ini
    C:\Windows\assembly\GAC_64\Desktop.ini
    Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe

    Combofix.txt
    ComboFix 12-07-26.04 - Bellsmorte 25/07/2012 23:35:15.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.54.1033.18.4001.2582 [GMT -3:00]
    Running from: c:\users\Bellsmorte\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ADS - Windows: deleted 24 bytes in 1 streams.
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\FullRemove.exe
    c:\windows\AsPatch10430001.exe
    c:\windows\msvcr71.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-26 02:40 . 2012-07-26 02:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-07-26 02:40 . 2012-07-26 02:40 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-25 22:38 . 2012-07-25 22:38 -------- d-----w- c:\users\Bellsmorte\AppData\Local\ESET
    2012-07-25 22:35 . 2012-07-25 22:54 -------- d-----w- C:\FRST
    2012-07-25 20:21 . 2012-07-25 20:21 -------- d-----w- c:\program files\ESET
    2012-07-25 18:49 . 2012-07-25 19:55 -------- d-----w- c:\program files (x86)\RegCleaner
    2012-07-25 18:40 . 2012-07-25 18:40 -------- d-----w- c:\users\Bellsmorte\AppData\Roaming\BlueSprig
    2012-07-25 18:40 . 2012-07-25 18:40 -------- d-----w- c:\program files (x86)\BlueSprig
    2012-07-25 04:19 . 2012-07-25 04:19 -------- d-----w- c:\program files (x86)\VS Revo Group
    2012-07-25 03:30 . 2012-07-25 19:55 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2012-07-25 03:30 . 2012-07-25 19:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-07-24 22:43 . 2012-07-24 22:43 -------- d-----w- c:\users\Bellsmorte\AppData\Roaming\Daedalic Entertainment
    2012-07-22 16:17 . 2012-07-22 16:17 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{09EEE8A9-6993-46B8-80C2-830B2ABEA9C3}\offreg.dll
    2012-07-21 04:08 . 2012-07-21 04:08 -------- d-----w- c:\users\Bellsmorte\AppData\Roaming\Elephant Games
    2012-07-21 04:08 . 2012-07-21 04:08 -------- d-----w- c:\programdata\Elephant Games
    2012-07-19 15:41 . 2012-07-19 15:41 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-17 02:24 . 2012-07-17 02:24 -------- d-----w- c:\users\Bellsmorte\AppData\Roaming\PlayPond
    2012-07-14 18:51 . 2012-07-14 18:51 -------- d-----w- c:\users\Bellsmorte\AppData\Roaming\Anarchy
    2012-07-12 02:42 . 2012-07-12 02:42 -------- d-----w- c:\program files (x86)\GoldWave
    2012-07-12 02:37 . 2012-07-12 02:37 -------- d-----w- C:\tmp
    2012-07-12 02:18 . 2012-07-25 19:55 -------- d-----w- C:\MP3Toolkit
    2012-07-07 23:46 . 2012-07-07 23:46 -------- d-----w- c:\users\Bellsmorte\AppData\Roaming\DVDFab
    2012-07-07 23:43 . 2012-07-07 23:43 -------- d-----w- c:\programdata\dvdfab
    2012-07-07 23:41 . 2012-07-07 23:41 -------- d-----w- c:\users\Bellsmorte\AppData\Roaming\NVIDIA
    2012-07-07 23:41 . 2012-07-07 23:42 -------- d-----w- c:\program files (x86)\DVDFab 8 Qt
    2012-07-07 23:23 . 2012-07-07 23:23 -------- d-----w- c:\users\Bellsmorte\AppData\Roaming\AnvSoft
    2012-07-07 23:23 . 2012-07-25 19:55 -------- d-----w- c:\program files (x86)\AnvSoft
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-26 01:35 . 2011-12-04 14:27 45056 ----a-w- c:\windows\system32\acovcnt.exe
    2012-05-10 04:24 . 2012-05-10 04:24 249856 ------w- c:\windows\Setup1.exe
    2012-05-10 04:24 . 2012-05-10 04:24 73216 ----a-w- c:\windows\ST6UNST.EXE
    2012-05-05 00:03 . 2012-03-30 19:03 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Bellsmorte\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Bellsmorte\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Bellsmorte\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Bellsmorte\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-06-01 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
    "SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
    "DocCreatorClient"="c:\program files (x86)\Global Graphics\gDoc\DocCreatorClient.exe" [2009-11-24 292248]
    "CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
    .
    c:\users\Bellsmorte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Bellsmorte\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "midi2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Servicio (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 116648]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
    R2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-08-11 44032]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
    R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
    R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
    R3 gupdatem;Google Update Servicio (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 116648]
    R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-14 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-03-08 25960]
    S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-20 283200]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-01-25 379520]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
    S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
    S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-14 2009704]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
    S3 DCMessages;DCMessages;c:\windows\SysWOW64\DCMessages.exe [2009-11-24 99720]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-09-08 129024]
    S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-02-25 302592]
    S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-02-25 81920]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 18:27]
    .
    2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 18:27]
    .
    2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3934109233-4140102264-3726521436-1001Core.job
    - c:\users\Bellsmorte\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-12 03:14]
    .
    2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3934109233-4140102264-3726521436-1001UA.job
    - c:\users\Bellsmorte\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-12 03:14]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
    @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
    [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
    2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
    @="{64174815-8D98-4CE6-8646-4C039977D808}"
    [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
    2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Bellsmorte\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Bellsmorte\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Bellsmorte\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Bellsmorte\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 391960]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 419096]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-21 2207848]
    "snp2uvc"="c:\windows\vsnp2uvc.exe" [2010-01-21 909824]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-07-25 4081008]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\guard64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://friendly-google-search.blogspot.com
    mStart Page = hxxp://asus.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Download with Xilisoft iPhone Mágico Platinum - c:\program files (x86)\Xilisoft\iPhone Magic Platinum\upod_link.HTM
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 200.49.130.44 200.42.4.207 172.20.2.27
    FF - ProfilePath - c:\users\Bellsmorte\AppData\Roaming\Mozilla\Firefox\Profiles\lo95zhj8.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-UnlockerAssistant - c:\program files (x86)\Unlocker\UnlockerAssistant.exe
    Toolbar-Locked - (no file)
    HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
    AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-07-25 23:43:17
    ComboFix-quarantined-files.txt 2012-07-26 02:43
    .
    Pre-Run: 189.923.930.112 bytes free
    Post-Run: 190.337.482.752 bytes free
    .
    - - End Of File - - A459BB284B38F8663BC8E7277785FF64
     
  6. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    Fixlist log is incorrect.
    You just posted my script.

    Re-read my instructions, redo.
     
  7. Belles

    Belles TS Rookie Topic Starter

    My bad. Here's the correct one:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
    Ran by SYSTEM at 2012-07-25 23:22:17 Run:1
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\Installer\{7fd9681f-20bf-56bc-3453-ea3cd472b4ef} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  8. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    All looks good :)

    Any current issues?

    ===============================

    Uninstall RegCleaner.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ==============================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ==========================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. Belles

    Belles TS Rookie Topic Starter

    It's fixed!!! The little pop up message from Nod32 finally stopped!!
    Thank you sooooo very much!!!! :D :D
     
  10. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    :)

    Go on...
     
  11. Belles

    Belles TS Rookie Topic Starter

    OTL.txt

    OTL logfile created on: 26/07/2012 02:40:08 p.m. - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Bellsmorte\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00002C0A | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy

    3,91 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 60,24% Memory free
    7,81 Gb Paging File | 6,04 Gb Available in Paging File | 77,27% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 250,05 Gb Total Space | 177,14 Gb Free Space | 70,84% Space Free | Partition Type: NTFS
    Drive D: | 321,12 Gb Total Space | 133,75 Gb Free Space | 41,65% Space Free | Partition Type: NTFS
    Drive G: | 7,32 Gb Total Space | 7,20 Gb Free Space | 98,37% Space Free | Partition Type: FAT32

    Computer Name: BELLSMORTE-PC | User Name: Bellsmorte | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/26 00:59:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Bellsmorte\Downloads\OTL.exe
    PRC - [2012/06/01 15:05:24 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
    PRC - [2012/05/24 15:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bellsmorte\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    PRC - [2011/03/13 23:39:08 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/03/13 15:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    PRC - [2011/01/25 16:32:28 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    PRC - [2010/12/20 23:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/20 23:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/11/23 23:31:56 | 000,965,728 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    PRC - [2010/11/15 15:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    PRC - [2010/08/20 23:47:58 | 000,077,312 | ---- | M] () -- C:\ExpressGateUtil\VAWinService.exe
    PRC - [2010/08/17 19:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    PRC - [2010/07/10 03:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
    PRC - [2010/01/21 03:22:04 | 000,909,824 | ---- | M] (Sonix Technology Co., Ltd.) -- C:\Windows\vsnp2uvc.exe
    PRC - [2009/12/15 15:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    PRC - [2009/11/24 10:53:50 | 000,292,248 | ---- | M] (Global Graphics Software Ltd.) -- C:\Program Files (x86)\Global Graphics\gDoc\DocCreatorClient.exe
    PRC - [2009/11/24 10:53:44 | 000,099,720 | ---- | M] (Global Graphics Software Ltd) -- C:\Windows\SysWOW64\DCMessages.exe
    PRC - [2009/06/19 15:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    PRC - [2009/06/15 22:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    PRC - [2008/12/22 22:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    PRC - [2008/08/14 02:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    PRC - [2007/11/30 16:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    PRC - [2006/09/28 16:21:04 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/30 16:06:28 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
    MOD - [2012/06/30 16:06:26 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
    MOD - [2012/06/30 16:06:25 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
    MOD - [2012/06/30 16:06:25 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
    MOD - [2012/06/30 16:06:25 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
    MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2007/11/30 16:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/11 18:13:23 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV:64bit: - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
    SRV:64bit: - [2011/11/23 07:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
    SRV:64bit: - [2011/01/25 19:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
    SRV:64bit: - [2010/11/29 20:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R)
    SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 22:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/07/18 00:58:18 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011/03/13 23:39:08 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/03/13 15:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
    SRV - [2011/03/13 15:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
    SRV - [2010/12/20 23:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2010/12/20 23:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2010/08/20 23:47:58 | 000,077,312 | ---- | M] () [Auto | Running] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService)
    SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/12/15 15:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
    SRV - [2009/11/24 10:53:44 | 000,099,720 | ---- | M] (Global Graphics Software Ltd) [On_Demand | Running] -- C:\Windows\SysWOW64\DCMessages.exe -- (DCMessages)
    SRV - [2009/06/15 22:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
    SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/14 08:40:04 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
    DRV:64bit: - [2012/03/14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
    DRV:64bit: - [2012/03/14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
    DRV:64bit: - [2012/02/20 19:24:13 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/10/18 18:32:45 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/10/18 18:32:45 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/10/07 10:49:50 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2011/05/23 22:17:08 | 012,259,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/05/13 19:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
    DRV:64bit: - [2011/05/13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
    DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
    DRV:64bit: - [2011/05/13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
    DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
    DRV:64bit: - [2011/03/13 15:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
    DRV:64bit: - [2011/03/13 15:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
    DRV:64bit: - [2011/03/13 15:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
    DRV:64bit: - [2011/03/13 15:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
    DRV:64bit: - [2011/03/13 15:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
    DRV:64bit: - [2011/03/13 15:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
    DRV:64bit: - [2011/03/13 15:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
    DRV:64bit: - [2011/03/08 02:35:22 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
    DRV:64bit: - [2011/02/24 22:01:14 | 000,302,592 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3)
    DRV:64bit: - [2011/02/24 22:01:14 | 000,081,920 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) Fresco Logic xHCI (USB3)
    DRV:64bit: - [2011/02/16 06:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/11/29 20:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2010/11/20 10:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 08:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 08:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/05 12:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/10/19 21:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/10/15 05:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2010/09/08 08:39:32 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2010/09/07 06:19:38 | 001,800,832 | ---- | M] (Sonix Technology Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
    DRV:64bit: - [2010/08/11 03:11:26 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
    DRV:64bit: - [2009/07/20 06:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
    DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 22:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 21:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/07/13 20:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/06/10 17:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
    DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 17:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
    DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/05/23 22:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV:64bit: - [2007/08/07 16:48:37 | 000,032,712 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2007/02/15 21:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
    DRV - [2010/07/26 18:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
    DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/02 22:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
    DRV - [2007/02/15 21:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3934109233-4140102264-3726521436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
    IE - HKU\S-1-5-21-3934109233-4140102264-3726521436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com

    IE - HKU\S-1-5-21-3934109233-4140102264-3726521436-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://friendly-google-search.blogspot.com
    IE - HKU\S-1-5-21-3934109233-4140102264-3726521436-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-3934109233-4140102264-3726521436-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3934109233-4140102264-3726521436-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bellsmorte\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bellsmorte\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012/07/25 17:21:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 00:58:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/07/25 17:21:52 | 000,000,000 | ---D | M]

    [2012/03/01 16:13:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bellsmorte\AppData\Roaming\Mozilla\Extensions
    [2012/07/25 16:54:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bellsmorte\AppData\Roaming\Mozilla\Firefox\Profiles\lo95zhj8.default\extensions
    [2012/06/30 14:04:12 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Bellsmorte\AppData\Roaming\Mozilla\Firefox\Profiles\lo95zhj8.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    [2012/07/25 16:56:10 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Bellsmorte\AppData\Roaming\Mozilla\Firefox\Profiles\lo95zhj8.default\extensions\firefox@ghostery.com
    [2012/04/26 19:46:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/07/24 19:13:26 | 000,035,735 | ---- | M] () (No name found) -- C:\USERS\BELLSMORTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO95ZHJ8.DEFAULT\EXTENSIONS\FACEBOOK@DISCONNECT.ME.XPI
    [2012/07/19 12:17:51 | 000,039,012 | ---- | M] () (No name found) -- C:\USERS\BELLSMORTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO95ZHJ8.DEFAULT\EXTENSIONS\GOOGLE@DISCONNECT.ME.XPI
    [2012/03/02 00:50:39 | 000,035,226 | ---- | M] () (No name found) -- C:\USERS\BELLSMORTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO95ZHJ8.DEFAULT\EXTENSIONS\TWITTER@DISCONNECT.ME.XPI
    [2012/07/18 00:58:19 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/02/16 08:16:58 | 000,004,080 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
    [2012/02/16 08:16:58 | 000,002,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolibre-ar.xml
    [2012/02/16 08:16:58 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
    [2012/04/26 19:46:07 | 000,000,824 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-ar.xml

    O1 HOSTS File: ([2012/07/25 23:40:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
    O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix Technology Co., Ltd.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
    O4 - HKLM..\Run: [DocCreatorClient] C:\Program Files (x86)\Global Graphics\gDoc\DocCreatorClient.exe (Global Graphics Software Ltd.)
    O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus)
    O4 - HKU\S-1-5-21-3934109233-4140102264-3726521436-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
    O4 - HKU\S-1-5-21-3934109233-4140102264-3726521436-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3934109233-4140102264-3726521436-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-3934109233-4140102264-3726521436-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    O4 - HKU\S-1-5-21-3934109233-4140102264-3726521436-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Bellsmorte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bellsmorte\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3934109233-4140102264-3726521436-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3934109233-4140102264-3726521436-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3934109233-4140102264-3726521436-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3934109233-4140102264-3726521436-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3934109233-4140102264-3726521436-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Download with Xilisoft iPhone Mágico Platinum - C:\Program Files (x86)\Xilisoft\iPhone Magic Platinum\upod_link.HTM ()
    O8 - Extra context menu item: Download with Xilisoft iPhone Mágico Platinum - C:\Program Files (x86)\Xilisoft\iPhone Magic Platinum\upod_link.HTM ()
    O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.49.130.44 200.42.4.207 172.20.2.27
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F104077-208A-430E-9BE8-37F28552B42B}: DhcpNameServer = 200.49.130.44 200.42.4.207 172.20.2.27
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/26 00:56:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/26 00:55:31 | 000,000,000 | ---D | C] -- C:\Users\Bellsmorte\AppData\Roaming\Malwarebytes
    [2012/07/26 00:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/26 00:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/26 00:55:21 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/26 00:55:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/25 23:43:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/25 23:34:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/25 23:34:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/25 23:34:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/25 23:30:31 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/25 23:29:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/25 23:25:04 | 004,719,627 | R--- | C] (Swearware) -- C:\Users\Bellsmorte\Desktop\ComboFix.exe
    [2012/07/25 19:38:25 | 000,000,000 | ---D | C] -- C:\Users\Bellsmorte\AppData\Local\ESET
    [2012/07/25 19:35:07 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/25 17:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
    [2012/07/25 17:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
    [2012/07/25 17:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/07/25 15:49:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegCleaner
    [2012/07/25 15:40:51 | 000,000,000 | ---D | C] -- C:\Users\Bellsmorte\AppData\Roaming\BlueSprig
    [2012/07/25 15:40:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueSprig
    [2012/07/25 01:19:45 | 000,000,000 | ---D | C] -- C:\Users\Bellsmorte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    [2012/07/25 01:19:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
    [2012/07/25 00:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2012/07/25 00:30:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012/07/25 00:30:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2012/07/24 19:43:22 | 000,000,000 | ---D | C] -- C:\Users\Bellsmorte\AppData\Roaming\Daedalic Entertainment
    [2012/07/21 01:08:13 | 000,000,000 | ---D | C] -- C:\Users\Bellsmorte\AppData\Roaming\Elephant Games
    [2012/07/21 01:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Elephant Games
    [2012/07/21 01:03:47 | 000,000,000 | ---D | C] -- C:\Users\Bellsmorte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grim Tales - The Bride Collector's Edition UPDATE-2
    [2012/07/20 15:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2012/07/16 23:24:14 | 000,000,000 | ---D | C] -- C:\Users\Bellsmorte\AppData\Roaming\PlayPond
    [2012/07/14 15:51:02 | 000,000,000 | ---D | C] -- C:\Users\Bellsmorte\AppData\Roaming\Anarchy
    [2012/07/13 18:05:55 | 000,000,000 | ---D | C] -- C:\Users\Bellsmorte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    [2012/07/11 23:42:16 | 000,000,000 | ---D | C] -- C:\Users\Bellsmorte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoldWave
    [2012/07/11 23:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoldWave
    [2012/07/11 23:37:04 | 000,000,000 | ---D | C] -- C:\tmp
    [2012/07/11 23:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Toolkit
    [2012/07/11 23:18:22 | 000,000,000 | ---D | C] -- C:\MP3Toolkit
    [2012/07/11 23:17:36 | 011,011,319 | ---- | C] (MP3Toolkit.com ) -- C:\Users\Bellsmorte\Desktop\mp3toolkit.exe
    [2012/07/07 20:46:07 | 000,000,000 | ---D | C] -- C:\Users\Bellsmorte\AppData\Roaming\DVDFab
    [2012/07/07 20:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\dvdfab
    [2012/07/07 20:41:41 | 000,000,000 | ---D | C] -- C:\Users\Bellsmorte\AppData\Roaming\NVIDIA
    [2012/07/07 20:41:39 | 000,000,000 | ---D | C] -- C:\Users\Bellsmorte\Documents\DVDFab
    [2012/07/07 20:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8 Qt
    [2012/07/07 20:41:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab 8 Qt
    [2012/07/07 20:23:31 | 000,000,000 | ---D | C] -- C:\Users\Bellsmorte\Documents\Any Video Converter
    [2012/07/07 20:23:28 | 000,000,000 | ---D | C] -- C:\Users\Bellsmorte\AppData\Roaming\AnvSoft
    [2012/07/07 20:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
    [2012/07/07 20:23:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/26 14:37:23 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/26 14:29:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3934109233-4140102264-3726521436-1001UA.job
    [2012/07/26 14:27:23 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/26 14:27:23 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/26 14:20:04 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
    [2012/07/26 14:20:02 | 000,001,040 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/26 14:19:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/26 14:19:48 | 3146,563,584 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/26 00:55:23 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/25 23:40:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/25 23:25:48 | 004,719,627 | R--- | M] (Swearware) -- C:\Users\Bellsmorte\Desktop\ComboFix.exe
    [2012/07/25 21:44:03 | 000,798,302 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/25 21:44:03 | 000,666,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/25 21:44:03 | 000,125,714 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/25 21:38:53 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3934109233-4140102264-3726521436-1001Core.job
    [2012/07/25 17:32:14 | 000,002,326 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
    [2012/07/25 17:32:14 | 000,001,375 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
    [2012/07/25 16:58:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/07/20 15:40:27 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2012/07/18 19:52:33 | 000,000,973 | ---- | M] () -- C:\Users\Bellsmorte\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2012/07/18 19:52:33 | 000,000,949 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
    [2012/07/13 18:05:55 | 000,000,219 | ---- | M] () -- C:\Users\Bellsmorte\Desktop\Left 4 Dead 2.url
    [2012/07/11 23:42:16 | 000,000,748 | ---- | M] () -- C:\Users\Bellsmorte\Desktop\GoldWave.lnk
    [2012/07/11 23:18:31 | 000,000,628 | ---- | M] () -- C:\Users\Bellsmorte\Application Data\Microsoft\Internet Explorer\Quick Launch\MP3 Toolkit.lnk
    [2012/07/11 23:18:31 | 000,000,604 | ---- | M] () -- C:\Users\Public\Desktop\MP3 Toolkit.lnk
    [2012/07/11 23:17:52 | 011,011,319 | ---- | M] (MP3Toolkit.com ) -- C:\Users\Bellsmorte\Desktop\mp3toolkit.exe
    [2012/07/07 20:41:29 | 000,001,059 | ---- | M] () -- C:\Users\Bellsmorte\Desktop\DVDFab Profile Editor.lnk
    [2012/07/07 20:41:29 | 000,001,046 | ---- | M] () -- C:\Users\Bellsmorte\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8 Qt.lnk
    [2012/07/07 20:41:29 | 000,001,022 | ---- | M] () -- C:\Users\Bellsmorte\Desktop\DVDFab 8 Qt.lnk
    [2012/07/07 20:23:19 | 000,001,242 | ---- | M] () -- C:\Users\Bellsmorte\Desktop\Any Video Converter.lnk
    [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/06/29 23:41:55 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/26 00:55:23 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/25 23:34:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/25 23:34:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/25 23:34:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/25 23:34:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/25 23:34:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/20 15:40:27 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2012/07/13 18:05:55 | 000,000,219 | ---- | C] () -- C:\Users\Bellsmorte\Desktop\Left 4 Dead 2.url
    [2012/07/11 23:42:16 | 000,000,748 | ---- | C] () -- C:\Users\Bellsmorte\Desktop\GoldWave.lnk
    [2012/07/11 23:18:31 | 000,000,628 | ---- | C] () -- C:\Users\Bellsmorte\Application Data\Microsoft\Internet Explorer\Quick Launch\MP3 Toolkit.lnk
    [2012/07/11 23:18:31 | 000,000,604 | ---- | C] () -- C:\Users\Public\Desktop\MP3 Toolkit.lnk
    [2012/07/07 20:41:29 | 000,001,059 | ---- | C] () -- C:\Users\Bellsmorte\Desktop\DVDFab Profile Editor.lnk
    [2012/07/07 20:41:29 | 000,001,046 | ---- | C] () -- C:\Users\Bellsmorte\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8 Qt.lnk
    [2012/07/07 20:41:29 | 000,001,022 | ---- | C] () -- C:\Users\Bellsmorte\Desktop\DVDFab 8 Qt.lnk
    [2012/07/07 20:23:19 | 000,001,242 | ---- | C] () -- C:\Users\Bellsmorte\Desktop\Any Video Converter.lnk
    [2012/06/29 23:41:55 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
    [2012/03/25 20:17:34 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2012/03/11 18:07:29 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
    [2012/03/10 11:05:17 | 000,015,760 | ---- | C] () -- C:\Windows\SysWow64\DCMessagesPS.dll
    [2012/03/10 11:05:17 | 000,000,737 | ---- | C] () -- C:\Windows\SysWow64\oemsetup.ini
    [2012/03/08 19:25:29 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\AI_ContextMenu.dll
    [2012/02/20 14:55:30 | 000,000,132 | ---- | C] () -- C:\Users\Bellsmorte\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2012/02/12 13:06:56 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2012/02/12 13:06:55 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2012/02/12 13:06:38 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2012/02/12 13:06:35 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2011/10/18 19:19:31 | 000,803,496 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/07/12 00:29:47 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/07/12 00:29:40 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/07/12 00:29:36 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/07/12 00:28:36 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

    ========== LOP Check ==========

    [2012/07/14 15:51:02 | 000,000,000 | ---D | M] -- C:\Users\Bellsmorte\AppData\Roaming\Anarchy
    [2012/07/07 20:23:28 | 000,000,000 | ---D | M] -- C:\Users\Bellsmorte\AppData\Roaming\AnvSoft
    [2012/02/12 00:08:50 | 000,000,000 | ---D | M] -- C:\Users\Bellsmorte\AppData\Roaming\ASUS WebStorage
    [2012/06/24 22:54:23 | 000,000,000 | ---D | M] -- C:\Users\Bellsmorte\AppData\Roaming\Big Angry Dog
    [2012/07/25 15:40:51 | 000,000,000 | ---D | M] -- C:\Users\Bellsmorte\AppData\Roaming\BlueSprig
    [2012/03/15 23:09:41 | 000,000,000 | ---D | M] -- C:\Users\Bellsmorte\AppData\Roaming\calibre
    [2012/07/24 19:43:22 | 000,000,000 | ---D | M] -- C:\Users\Bellsmorte\AppData\Roaming\Daedalic Entertainment
    [2012/06/03 05:20:17 | 000,000,000 | ---D | M] -- C:\Users\Bellsmorte\AppData\Roaming\DAEMON Tools Lite
    [2012/07/26 14:20:32 | 000,000,000 | ---D | M] -- C:\Users\Bellsmorte\AppData\Roaming\Dropbox
    [2012/07/07 20:46:07 | 000,000,000 | ---D | M] -- C:\Users\Bellsmorte\AppData\Roaming\DVDFab
    [2012/07/21 01:08:13 | 000,000,000 | ---D | M] -- C:\Users\Bellsmorte\AppData\Roaming\Elephant Games
    [2012/03/11 18:07:39 | 000,000,000 | ---D | M] -- C:\Users\Bellsmorte\AppData\Roaming\FreeAudioPack
    [2012/03/11 21:26:53 | 000,000,000 | ---D | M] -- C:\Users\Bellsmorte\AppData\Roaming\FreeCDRipper
    [2012/05/26 20:05:02 | 000,000,000 | ---D | M] -- C:\Users\Bellsmorte\AppData\Roaming\ImgBurn
    [2012/02/27 21:10:42 | 000,000,000 | ---D | M] -- C:\Users\Bellsmorte\AppData\Roaming\LockHunter
    [2012/02/14 17:07:30 | 000,000,000 | ---D | M] -- C:\Users\Bellsmorte\AppData\Roaming\Nuance
    [2012/07/16 23:24:17 | 000,000,000 | ---D | M] -- C:\Users\Bellsmorte\AppData\Roaming\PlayPond
    [2012/05/23 16:59:18 | 000,000,000 | ---D | M] -- C:\Users\Bellsmorte\AppData\Roaming\ScummVM
    [2012/07/25 16:56:12 | 000,000,000 | ---D | M] -- C:\Users\Bellsmorte\AppData\Roaming\uTorrent
    [2012/04/21 15:01:31 | 000,000,000 | ---D | M] -- C:\Users\Bellsmorte\AppData\Roaming\Xilisoft
    [2012/02/14 17:07:25 | 000,000,000 | ---D | M] -- C:\Users\Bellsmorte\AppData\Roaming\Zeon
    [2012/05/15 15:23:42 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(35).TXT
    [2012/05/15 15:23:42 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 177 bytes -> C:\ProgramData\Temp:87A3A233
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:2CFBE2D1
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:5D458568

    < End of report >
     
     
  12. Belles

    Belles TS Rookie Topic Starter

    The Extras and Malwarebytes

    Extras.txt

    OTL Extras logfile created on: 26/07/2012 02:40:08 p.m. - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Bellsmorte\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00002C0A | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy

    3,91 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 60,24% Memory free
    7,81 Gb Paging File | 6,04 Gb Available in Paging File | 77,27% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 250,05 Gb Total Space | 177,14 Gb Free Space | 70,84% Space Free | Partition Type: NTFS
    Drive D: | 321,12 Gb Total Space | 133,75 Gb Free Space | 41,65% Space Free | Partition Type: NTFS
    Drive G: | 7,32 Gb Total Space | 7,20 Gb Free Space | 98,37% Space Free | Partition Type: FAT32

    Computer Name: BELLSMORTE-PC | User Name: Bellsmorte | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3934109233-4140102264-3726521436-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0249B38A-EC28-494D-92A9-E3D7E248F6F0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{1C80C00F-B29F-483D-A8B0-2E1D410524B3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{305C726B-6EF7-4EC7-808C-D30A12C17720}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{3316D8CF-EFBA-495A-800F-98CDF12D96E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{3FEC5AB1-98B9-435A-8489-CC63B95BACE4}" = lport=138 | protocol=17 | dir=in | app=system |
    "{407F90FD-807E-4855-A555-EED6C94E65D8}" = lport=137 | protocol=17 | dir=in | app=system |
    "{48715DA0-028B-4C1D-A268-524E57B2CC7D}" = rport=137 | protocol=17 | dir=out | app=system |
    "{4DC94F53-7078-46E6-AE7C-A589F1C5AA3E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{51C83A20-F890-4A88-AC21-B3CF5FEFA5F6}" = lport=445 | protocol=6 | dir=in | app=system |
    "{546F4B4C-C709-4AEF-B4E9-C56D4D14C3F6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{5E31E1B5-9A64-42CA-AE27-B246BC59DFAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{79D462D6-454E-4BDB-9CDB-1C5135544DD3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{7C42776B-22DF-4D0F-976C-DDFAD63D2549}" = rport=139 | protocol=6 | dir=out | app=system |
    "{894F512A-AE88-4472-AE37-D5C09B77E11D}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{8F935514-8EFF-4962-A46B-D05D0E9FCAB0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{90D2F4C9-B1D0-41EB-8706-5BF7F232FB7C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AA4FD387-1D4F-4CC4-A18E-009E9206CB81}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{B37A5DE3-4B17-4548-B930-F8BF7ED3F8FB}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{B42CB400-F047-4C9D-9247-A2F6305751A4}" = rport=138 | protocol=17 | dir=out | app=system |
    "{C2F26725-9013-40C7-986F-83C1BC181042}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C3A77BBE-2038-47FD-8DDA-1807EDBFB213}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CB77EC9F-4A34-4DF1-98AF-38A562C9133C}" = rport=445 | protocol=6 | dir=out | app=system |
    "{DD7347C2-0371-4577-B663-428A3E95523D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{E93E1D5E-C977-4B2A-B373-080F6A870E7A}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{EEE7959B-2C4D-4099-A678-A040D70C63A4}" = lport=139 | protocol=6 | dir=in | app=system |
    "{F3125BAB-9B26-4263-A8D2-87217EE850E0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F79FF4B3-EB1A-452F-9C90-36F9E26115CE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0079E199-2C36-457A-A3EF-18977EE0B35A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{06E1C7EB-0A2B-454D-B7C3-216B4EF9AE1F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{0DA3567C-7683-414E-914F-C92D2DAD2900}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{12C8C094-D8B9-4447-893B-EC5A9D8E94E3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{1B3A9B13-6FB4-4867-A9A3-923FB9E6E5EB}" = protocol=17 | dir=in | app=c:\users\bellsmorte\appdata\roaming\dropbox\bin\dropbox.exe |
    "{1CD78115-20DC-4A80-B135-EE410746562D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{1E568924-D059-446F-B817-EC4214A6E915}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{290A9FB5-D098-46F3-A564-3ACA5ABE3505}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{2C48D1ED-F4A2-42C7-AE2D-BEA21B173B37}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{2FCAA43D-EBA5-451C-8C91-A77B76D75A92}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{3158AEB8-FDBD-44C5-AE3B-E808B78FE7E3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
    "{32C20731-F728-434F-8F17-38DD1075856B}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
    "{37E62BC6-E627-4D00-BA43-543AB20A5586}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
    "{3CA627AA-94ED-490A-9155-CB58E97CB60A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{3F973F94-62C9-4B09-8029-1907034BA91E}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
    "{4508006F-1CCD-4597-9DE4-A0D1E9D3A527}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{45F4E9C6-A8EE-4031-B2BA-1EC3AE662174}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{4BC39A73-6171-4413-92EF-AF59A0D92BD1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{4C42D524-8D1E-4267-8C8D-669D85FFEA56}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
    "{5589805C-1EB5-41B4-9A31-5729358C6173}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{5A4760CA-2366-44B8-8130-A2964F3635EB}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
    "{623D3C36-5125-40F9-8E05-605E1A9BB265}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{65DC1E8C-C80A-488F-A75B-F2A43B432F80}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{6C3FDEEA-4D98-41CF-BE36-CFAF429FA0A0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{72A3A3A2-11A4-4582-89FC-BA03C453B538}" = protocol=6 | dir=in | app=c:\users\bellsmorte\appdata\roaming\dropbox\bin\dropbox.exe |
    "{753ECA01-9922-494E-AF16-740B222F3202}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7CD4C545-B871-4E8C-9FBB-C833AF92A831}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{7E88D797-8D57-41D2-99B5-2D009C2D8E23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7F603564-1116-4AFD-8D6A-113045AE8593}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{834E122D-A011-43EE-9A0E-FAC10268D879}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{8F467D63-F390-44F5-BFAC-567187BB4EE4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{98B526DC-E7B0-408A-9764-D1E3042F40B9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
    "{B4EE69F5-E851-4055-85A9-F03D35E21E22}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{B78AAA6F-54CF-44D0-A3C9-2D99F582475B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{BAF488DA-6A9A-4130-8B31-1CE93A7F9C94}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{C528B00F-DFAB-484F-A474-018CDC0C251A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{C5B91936-87A9-48F0-A482-F750F48BF333}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{CC6D4621-9EB3-4130-887E-01C036AC1808}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{D2EAE1E7-91CD-40BD-8B82-C6E6146A3A9E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D82DE543-B3D2-4B00-AEE3-599EB9212B3E}" = protocol=6 | dir=out | app=system |
    "{E104C68F-7382-41DC-8F62-9ABDD2A77179}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EB724F8F-D094-44C6-83E8-B8200C927837}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{EBA10E05-088C-4F4B-BD61-D418ECCF9745}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{ECFC6C31-07F7-49C1-98D5-F1E71D57E181}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{F06096AB-3BF2-4E55-94B2-C66F9B53E15F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F330A6A7-E7D1-4464-A1E5-42E97E851B11}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F49C8C24-FBAC-4DA8-97B4-64884CFC3E26}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{F76A65D3-3FED-4CCE-91A9-BB13C692EB52}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0E38EC8F-49B8-4C70-8DBF-E5837FCFB3C4}" = Windows Live Family Safety
    "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
    "{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
    "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
    "{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
    "{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
    "{3CE222BA-66A6-4D18-BEE9-5D21C5798C3E}" = Windows Live Family Safety
    "{3E776E7A-F4C3-4A89-8EAD-535E722C8397}" = Windows Live Family Safety
    "{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
    "{5972F3C3-5563-47D2-BEE3-1AFEBDD17DA2}" = ESET NOD32 Antivirus
    "{5B9F1BB4-4C06-41E8-877D-B458742B0D0A}" = Fresco Logic USB3.0 Host Controller
    "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
    "{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{68570626-1BF6-310B-AF69-6CD686C04AEA}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
    "{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6DDCFF78-6F91-438C-9567-C5CAA9D7F56C}" = Windows Live Family Safety
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{749BE6FF-815E-4F36-901B-7AC301B50330}" = Windows Live Family Safety
    "{7D220A57-969F-4D09-9297-D48195A8ABDD}" = HP Deskjet 3050 J610 series Basic Device Software
    "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
    "{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
    "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.54
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.54
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
    "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{C5DCCFC6-4E8E-4CFA-80D7-C55472EEE92F}" = Windows Live Family Safety
    "{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
    "{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
    "{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
    "{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E01819BD-709F-43A1-9600-6F5E4C584C37}" = Windows Live Family Safety
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
    "{F316C025-DAAF-43BB-8486-1E9953BFD82D}" = Windows Live Family Safety
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
    "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
    "CCleaner" = CCleaner
    "Elantech" = ETDWare PS/2-x64 7.0.5.16_WHQL
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
    "USB2.0 UVC 2M WebCam" = USB2.0 UVC 2M WebCam
    "WinRAR archiver" = WinRAR 4.10 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
    "{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
    "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
    "{06DC6C98-BBF6-4543-A052-95BB21CA5C54}" = gDoc Installer
    "{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = Los Sims™ 3 Suite de ensueño Accesorios
    "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
    "{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = SonicMaster
    "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
    "{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
    "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
    "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
    "{21C70AA2-7017-4794-BE7A-F619A82A467C}" = Hardwipe 1.5.0
    "{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
    "{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
    "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
    "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
    "{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger
    "{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
    "{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
    "{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
    "{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}" = Controle ActiveX do Windows Live Mesh para Conexões Remotas
    "{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
    "{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
    "{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Los Sims™ 3 Al caer la noche
    "{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
    "{499DED08-6FA8-4749-8E94-8526CC9D1CA8}" = ExpressGate Cloud
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
    "{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
    "{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
    "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
    "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
    "{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
    "{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
    "{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
    "{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
    "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
    "{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
    "{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
    "{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
    "{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
    "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
    "{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
    "{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
    "{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
    "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111249233}" = Dream Vacation Solitaire
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115065740}" = Bubbletown
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115290153}" = Go Go Gourmet Chef of the Year
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115320460}" = Turbo Fiesta
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}" = World of Goo
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117080787}" = Plants vs Zombies
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117948443}" = Mahjong Memoirs
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118716773}" = Deadtime Stories
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119205603}" = Farm Frenzy 3 - Madagascar
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
    "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
    "{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
    "{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
    "{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
    "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{978D05B9-5ECD-4806-941E-99E4CB44B53B}" = gDoc Installer
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
    "{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}" = ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย)
    "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
    "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
    "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
    "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
    "{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
    "{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
    "{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
    "{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
    "{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
    "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
    "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
    "{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Los Sims™ 3 ¡Menuda familia!
    "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
    "{E82A57BC-E9B8-42F9-BDC7-4950BD73EA32}_is1" = Pazera Free FLV to AVI Converter 1.4
    "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
    "{EABCE84D-314C-4D47-8B8D-2743B45A4686}" = gDoc
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
    "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
    "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
    "{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
    "{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{F992409C-9D10-4AE2-BAEB-B5409AD3785E}" = 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)
    "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Any Video Converter_is1" = Any Video Converter 3.4.0
    "Asus Vibe2.0" = AsusVibe2.0
    "ASUS WebStorage" = ASUS WebStorage
    "ASUS_Screensaver" = ASUS_Screensaver
    "CloneCD" = CloneCD
    "Comodo Dragon" = Comodo Dragon
    "COMODO GeekBuddy" = COMODO GeekBuddy
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "DVDFab 8 Qt_is1" = DVDFab 8.1.6.2 (10/02/2012) Qt
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Fallout2" = Fallout2
    "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
    "Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
    "Game Park Console" = Game Park Console
    "GoldWave v5.55" = GoldWave v5.55
    "GOM Player" = GOM Player
    "GreedyTorrent_is1" = GreedyTorrent v1.01 beta build 170
    "ImgBurn" = ImgBurn
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "InstallShield_{499DED08-6FA8-4749-8E94-8526CC9D1CA8}" = ExpressGate Cloud
    "InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
    "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.3.2
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Mozilla Firefox 14.0.1 (x86 es-AR)" = Mozilla Firefox 14.0.1 (x86 es-AR)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP3 Toolkit_is1" = MP3 Toolkit 1.0.1
    "ST6UNST #1" = ADRIFT Runner
    "Steam App 550" = Left 4 Dead 2
    "The Rosetta Stone" = The Rosetta Stone
    "uTorrent" = µTorrent
    "WinArchiver" = WinArchiver
    "WinLiveSuite" = Windows Live 程式集
    "WinX Free DVD to AVI Ripper_is1" = WinX Free DVD to AVI Ripper 4.0
    "Xilisoft iPhone Mágico Platinum" = Xilisoft iPhone Mágico Platinum

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3934109233-4140102264-3726521436-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 15/06/2012 02:23:51 p.m. | Computer Name = Bellsmorte-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 15/06/2012 02:23:51 p.m. | Computer Name = Bellsmorte-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1061

    Error - 15/06/2012 02:23:51 p.m. | Computer Name = Bellsmorte-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1061

    Error - 15/06/2012 10:17:11 p.m. | Computer Name = Bellsmorte-PC | Source = Application Hang | ID = 1002
    Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 6e0 Start
    Time: 01cd4b221e0d00d4 Termination Time: 78 Application Path: C:\Windows\Explorer.EXE

    Report
    Id: 5e4fb271-b759-11e1-aaca-5404a608c587

    Error - 17/06/2012 12:53:36 a.m. | Computer Name = Bellsmorte-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 17/06/2012 12:53:36 a.m. | Computer Name = Bellsmorte-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1014

    Error - 17/06/2012 12:53:36 a.m. | Computer Name = Bellsmorte-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1014

    Error - 17/06/2012 12:53:38 a.m. | Computer Name = Bellsmorte-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 17/06/2012 12:53:38 a.m. | Computer Name = Bellsmorte-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 2325

    Error - 17/06/2012 12:53:38 a.m. | Computer Name = Bellsmorte-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2325

    [ System Events ]
    Error - 02/07/2012 09:22:23 p.m. | Computer Name = Bellsmorte-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR3.

    Error - 02/07/2012 09:22:23 p.m. | Computer Name = Bellsmorte-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR3.

    Error - 02/07/2012 09:22:23 p.m. | Computer Name = Bellsmorte-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR3.

    Error - 02/07/2012 09:22:23 p.m. | Computer Name = Bellsmorte-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR3.

    Error - 02/07/2012 09:22:23 p.m. | Computer Name = Bellsmorte-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR3.

    Error - 02/07/2012 09:22:23 p.m. | Computer Name = Bellsmorte-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR3.

    Error - 02/07/2012 09:22:23 p.m. | Computer Name = Bellsmorte-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR3.

    Error - 02/07/2012 09:22:23 p.m. | Computer Name = Bellsmorte-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR3.

    Error - 02/07/2012 09:22:23 p.m. | Computer Name = Bellsmorte-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR3.

    Error - 06/07/2012 10:42:09 p.m. | Computer Name = Bellsmorte-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 06:36:39 p.m. on ?06/?07/?2012 was
    unexpected.


    < End of report >

    Malwarebytes

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.26.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Bellsmorte :: BELLSMORTE-PC [administrator]

    26/07/2012 02:29:48 p.m.
    mbam-log-2012-07-26 (14-29-48).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 213075
    Time elapsed: 2 minute(s), 41 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  13. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O4 - HKU\S-1-5-21-3934109233-4140102264-3726521436-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
      [2012/07/25 19:35:07 | 000,000,000 | ---D | C] -- C:\FRST
      @Alternate Data Stream - 177 bytes -> C:\ProgramData\Temp:87A3A233
      @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:2CFBE2D1
      @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:5D458568
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please, run F-Secure Online Scanner

    • Disable your Antivirus program.
    • Checkmark I have read and accepted the license terms.
    • Click on Run Check button.
    • Quick scan (recommended) option will come pre-checked. Don't change it.
    • Click on Start button.
    • When scan is done, in Step 3: Clean the files, leave all settings as they're.
    • Click Next button.
    • Click Full report... button.
    • Copy report's content and paste it into your next reply.
     
  14. Belles

    Belles TS Rookie Topic Starter

    The last scans! :D

    OTL
    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3934109233-4140102264-3726521436-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ not found.
    C:\FRST\Quarantine\{7fd9681f-20bf-56bc-3453-ea3cd472b4ef}\U folder moved successfully.
    C:\FRST\Quarantine\{7fd9681f-20bf-56bc-3453-ea3cd472b4ef}\L folder moved successfully.
    C:\FRST\Quarantine\{7fd9681f-20bf-56bc-3453-ea3cd472b4ef} folder moved successfully.
    Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    ADS C:\ProgramData\Temp:87A3A233 deleted successfully.
    ADS C:\ProgramData\Temp:2CFBE2D1 deleted successfully.
    ADS C:\ProgramData\Temp:5D458568 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Bellsmorte
    ->Temp folder emptied: 2249504 bytes
    ->Temporary Internet Files folder emptied: 1338609 bytes
    ->Java cache emptied: 3686900 bytes
    ->FireFox cache emptied: 65920182 bytes
    ->Flash cache emptied: 875 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 119053959 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 79336 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 183,00 mb


    [EMPTYJAVA]

    User: All Users

    User: Bellsmorte
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Bellsmorte
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.53.1 log created on 07262012_224535

    Files\Folders moved on Reboot...
    File\Folder C:\FRST\Quarantine not found!
    C:\Users\Bellsmorte\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\S8CD3B545.tmp scheduled to be moved on reboot.

    PendingFileRenameOperations files...
    File C:\FRST\Quarantine not found!
    File C:\Users\Bellsmorte\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    [2012/03/25 20:25:22 | 000,000,000 | -HS- | M] () C:\Windows\S8CD3B545.tmp : Unable to obtain MD5

    Registry entries deleted on Reboot...


    Security Check
    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 31
    Adobe Flash Player ( 10.3.183.20) Flash Player Out of Date!
    Mozilla Firefox (x86 es-AR..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Comodo Firewall cmdagent.exe
    Comodo Firewall cfp.exe
    ``````````End of Log````````````

    Farbar
    Farbar Service Scanner Version: 26-07-2012
    Ran by Bellsmorte (administrator) on 26-07-2012 at 22:55:54
    Running from "C:\Users\Bellsmorte\Downloads"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error: Google IP is offline
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============

    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is set to Auto
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    F-Secure
    Scanning Report

    Thursday, July 26, 2012 23:41:08 - 23:44:07

    Computer name: BELLSMORTE-PC
    Scanning type: Quick scan
    Target: System
    No malware found

    Statistics

    Scanned:
    • Files: 5971
    • System: 5971
    • Not scanned: 0
    Actions:
    • Disinfected: 0
    • Renamed: 0
    • Deleted: 0
    • Not cleaned: 0
    • Submitted: 0
    Options

    Scanning engines:
     
  15. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    ===============================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===============================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  16. Belles

    Belles TS Rookie Topic Starter

    Thank you sooo very much again!!:D You're awesome!! My computer went back to her old self and it's working perfectly! Thanks!! Here's the last log from OTL:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Bellsmorte
    ->Temp folder emptied: 483802011 bytes
    ->Temporary Internet Files folder emptied: 803574 bytes
    ->Java cache emptied: 29633 bytes
    ->FireFox cache emptied: 33423253 bytes
    ->Flash cache emptied: 456 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 7092 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 494,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Bellsmorte
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0,00 mb


    [EMPTYJAVA]

    User: All Users

    User: Bellsmorte
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0,00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.53.1 log created on 07272012_004849

    Files\Folders moved on Reboot...
    C:\Users\Bellsmorte\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\S8CD3B545.tmp scheduled to be moved on reboot.

    PendingFileRenameOperations files...
    File C:\Users\Bellsmorte\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    [2012/07/26 22:59:08 | 000,000,000 | -HS- | M] () C:\Windows\S8CD3B545.tmp : Unable to obtain MD5

    Registry entries deleted on Reboot...

    I'm going to update everything and keep my poor computer in better shape so it won't happen again! :) :)
     
  17. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    Way to go!! [​IMG]
    Good luck and stay safe :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.