Win64/Patched.B.Gen trojan and Win64/Sirefef.W trojan removal

Solved
By debani
Jun 30, 2012
  1. Hello. I'm having problems with these trojans. I was wondering if anyone help me out.
  2. Broni

    Broni Malware Annihilator Posts: 46,388   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================================

    Please describe your problems.
    What Windows version?
  3. debani

    debani Newcomer, in training Topic Starter Posts: 18

    Windows 7 64 bit.
    I have ESET Smart Security 5. I keep getting dialogues that say windows/system32/services.exe is infected with Win64/Patched.B.Gen and I have some other quarantined files that are infected with Sirefef.W. ESET is unable to clean or delete these files.
  4. Broni

    Broni Malware Annihilator Posts: 46,388   +252

    Read all of my instructions very carefully.


    [​IMG]
  5. debani

    debani Newcomer, in training Topic Starter Posts: 18

    D'oh. Updated my post, sorry.
  6. Broni

    Broni Malware Annihilator Posts: 46,388   +252

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  7. debani

    debani Newcomer, in training Topic Starter Posts: 18

    I'm having some trouble here. My computer didn't have "repair your computer" under Advanced Boot Options and I no longer have my Windows installation disk. I burned a Windows 7 recovery disk and booted that to get into System Recovery Options but my hard drive isn't recognized. There is an option to load drivers for my hard drive (WD2002FAEX), but I can't find any. I'm unsure how to proceed.
  8. Broni

    Broni Malware Annihilator Posts: 46,388   +252

  9. debani

    debani Newcomer, in training Topic Starter Posts: 18

    My problem was that my hard drive was encrypted while I was trying to do that. Here's my log:
    Scan result of Farbar Recovery Scan Tool Version: 30-06-2012 04
    Ran by SYSTEM at 01-07-2012 13:12:54
    Running from F:\
    Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
    HKLM\...\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11545192 2012-02-02] (Realtek Semiconductor)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [103536 2012-01-18] (VMware, Inc.)
    HKU\Andrew\...\Run: [F.lux] "C:\Users\Andrew\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-28] ()
    HKU\Andrew\...\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon [1517520 2012-01-24] (TrueCrypt Foundation)
    HKU\Andrew\...\Run: [zASRockInstantBoot] [x]
    HKU\Andrew\...\Run: [Google Update] "C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-06-20] (Google Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    ==================== Services (Whitelisted) ======

    2 cFosSpeedS; "C:\Program Files\ASRock\XFast LAN\spd.exe" -service [395136 2011-10-19] (cFos Software GmbH)
    2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [974944 2011-09-22] (ESET)
    2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] ()
    3 Sony PC Companion; "C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe" [155320 2012-01-18] (Avanquest Software)
    2 VMwareHostd; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe" -u "C:\ProgramData\VMware\hostd\config.xml" [31995 2012-05-18] ()
    2 DirMngr; "C:\gpg\dirmngr.exe" --service [x]
    3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]

    ========================== Drivers (Whitelisted) =============

    3 atillk64; \??\C:\Users\Andrew\Downloads\winflash20113\atillk64.sys [14608 2006-07-19] (ATI Technologies Inc.)
    1 cFosSpeed; C:\Windows\System32\DRIVERS\cfosspeed6.sys [1632128 2011-07-04] (cFos Software GmbH)
    2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
    2 epfw; C:\Windows\System32\Drivers\epfw.sys [187632 2011-08-04] (ESET)
    1 EpfwLWF; C:\Windows\System32\Drivers\EpfwLWF.sys [38288 2011-08-04] (ESET)
    0 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [62496 2011-08-04] (ESET)
    3 FNETTBOH_305; C:\Windows\System32\Drivers\FNETTBOH_305.sys [32320 2012-02-02] (FNet Co., Ltd.)
    1 FNETURPX; C:\Windows\System32\Drivers\FNETURPX.sys [15936 2012-02-02] (FNet Co., Ltd.)
    0 mv91xx; C:\Windows\System32\Drivers\mv91xx.sys [302120 2010-09-30] (Marvell Semiconductor, Inc.)
    2 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2010-06-25] (CACE Technologies, Inc.)
    3 RTCore64; \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14648 2010-05-26] ()
    3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
    3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-01 13:12 - 2012-07-01 13:12 - 00000000 ____D C:\FRST
    2012-07-01 09:07 - 2012-07-01 09:07 - 00000000 ____D C:\Users\Andrew\AppData\Local\{918EB4CE-F693-4823-840C-973481571F78}
    2012-06-30 22:23 - 2012-06-30 22:23 - 00000000 ____D C:\Users\Andrew\AppData\Local\FalloutNV
    2012-06-30 21:05 - 2012-06-30 21:05 - 00002268 ____A C:\Users\Public\Desktop\Fallout New Vegas.lnk
    2012-06-30 20:46 - 2012-06-30 20:55 - 00000000 ____D C:\Users\Andrew\Downloads\Fallout.New.Vegas.Update.7-SKIDROW
    2012-06-30 20:06 - 2012-06-30 20:06 - 00000219 ____A C:\Users\Andrew\Desktop\Team Fortress 2.url
    2012-06-30 20:04 - 2012-06-30 20:49 - 00000000 ____D C:\Users\Andrew\Downloads\Fallout.New.Vegas-SKIDROW
    2012-06-30 14:04 - 2012-06-30 14:04 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-06-30 12:20 - 2012-06-30 12:20 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Andrew\Downloads\mbam-setup-1.61.0.1400.exe
    2012-06-30 08:47 - 2012-06-30 08:47 - 00000000 ____D C:\Users\Andrew\AppData\Local\{CC2870CD-0AA7-4255-907D-D96101DF0EEE}
    2012-06-30 08:47 - 2012-06-30 08:47 - 00000000 ____D C:\Users\Andrew\AppData\Local\{7ACE39BD-6347-4D46-A724-7276E110BE6D}
    2012-06-29 14:42 - 2012-06-29 14:42 - 00000000 ____D C:\Users\Andrew\AppData\Local\{3B6CB001-275D-454B-9A16-84C2D33BA3A7}
    2012-06-29 14:41 - 2012-06-29 14:42 - 00000000 ____D C:\Users\Andrew\AppData\Local\{9BD356DE-D33D-4A39-8B7B-8E716E2A9EEC}
    2012-06-29 10:39 - 2012-06-29 10:39 - 00000000 ____D C:\Users\Andrew\AppData\Local\{704D08BB-9C06-44AE-BE3E-59AE06EEB608}
    2012-06-28 09:30 - 2012-06-28 09:30 - 00000000 ____D C:\Users\Andrew\AppData\Local\{B39DD8D1-E1D9-4107-BBF4-65C2950E3CA4}
    2012-06-28 09:30 - 2012-06-28 09:30 - 00000000 ____D C:\Users\Andrew\AppData\Local\{413ECC6D-5E00-44E3-AFAF-57DE4B7B7ADD}
    2012-06-28 07:47 - 2012-06-28 07:47 - 00000000 ____D C:\Users\Andrew\AppData\Local\{86C90CC7-6309-4372-B322-5277F9B68199}
    2012-06-27 13:14 - 2012-06-27 13:20 - 00000000 ____D C:\Users\Andrew\Downloads\Clams_Casino-Instrumental_Tape_2-2012
    2012-06-27 10:44 - 2012-06-27 10:44 - 00000000 ____D C:\Users\Andrew\AppData\Local\{5FA89DDF-6CB2-497B-B736-9EF372AC1188}
    2012-06-27 10:44 - 2012-06-27 10:44 - 00000000 ____D C:\Users\Andrew\AppData\Local\{0CF13C35-D43E-4B17-9CF4-863AD3F22AFB}
    2012-06-26 21:42 - 2012-06-26 21:42 - 00339849 ____A C:\Users\Andrew\Downloads\WiFiKill-1.7(1).apk
    2012-06-26 20:49 - 2012-06-26 20:49 - 00057136 ____A C:\Users\Andrew\Downloads\21.jump.street.(2012).eng.1cd.(4573089).zip
    2012-06-26 20:48 - 2012-06-26 20:49 - 00000000 ____D C:\Users\Andrew\Downloads\21 Jump Street 2012.720p.BluRay.x264.YIFY
    2012-06-26 20:46 - 2012-06-26 20:46 - 00000000 ____D C:\Users\Andrew\AppData\Local\{A168FC6E-42C3-46F6-ACC3-EF4B37F53939}
    2012-06-26 20:46 - 2012-06-26 20:46 - 00000000 ____D C:\Users\Andrew\AppData\Local\{61ACD1A9-93B2-4C2A-9879-B27324E74C48}
    2012-06-26 20:03 - 2012-06-26 20:49 - 00000000 ____D C:\Users\Andrew\Downloads\21 Jump Street (2012)
    2012-06-26 18:16 - 2012-06-26 18:16 - 00000000 ____D C:\Users\Andrew\AppData\Local\{B62FB72B-7252-4360-AA94-3B438D7F5BAE}
    2012-06-26 18:15 - 2012-06-26 18:16 - 00000000 ____D C:\Users\Andrew\AppData\Local\{481D5F58-5E52-41A2-9E13-AE947C7AFD19}
    2012-06-26 09:06 - 2012-06-26 09:06 - 00000000 ____D C:\Users\Andrew\AppData\Local\{CF133B0F-C978-4B49-AD46-EA2F6472CD43}
    2012-06-25 18:53 - 2012-06-25 18:53 - 00000000 ____D C:\Users\Andrew\AppData\Local\{CB9C1E7C-FFD2-4AAA-9086-4CDAFAFE2002}
    2012-06-25 18:53 - 2012-06-25 18:53 - 00000000 ____D C:\Users\Andrew\AppData\Local\{65BA263F-DB57-4784-9533-0018CF813551}
    2012-06-25 16:54 - 2012-06-25 16:54 - 00001361 ____A C:\Users\Andrew\Desktop\Auslogics Duplicate File Finder.lnk
    2012-06-25 16:53 - 2012-06-25 16:53 - 05015384 ____A (Auslogics Software Pty Ltd ) C:\Users\Andrew\Downloads\duplicate-file-finder-setup.exe
    2012-06-25 04:32 - 2012-06-25 04:32 - 00000000 ____D C:\Users\Andrew\AppData\Local\{EDE0967C-8406-4340-9344-9676AC64BDE7}
    2012-06-25 04:32 - 2012-06-25 04:32 - 00000000 ____D C:\Users\Andrew\AppData\Local\{024F8484-26EA-414A-BFE2-C6B213A5A038}
    2012-06-24 15:34 - 2012-06-24 15:34 - 02951570 ____A C:\Users\Andrew\Downloads\franco.Kernel-modules-r11(2).zip
    2012-06-24 15:14 - 2012-06-24 15:15 - 00000000 ____D C:\Users\Andrew\AppData\Local\{7DB05BF6-88C2-4EC4-875E-E3DA4863C706}
    2012-06-24 15:14 - 2012-06-24 15:14 - 00000000 ____D C:\Users\Andrew\AppData\Local\{A8053887-7F1E-4E22-9A5F-3F7A3D2DA005}
    2012-06-24 14:21 - 2012-06-24 14:22 - 149145411 ____A C:\Users\Andrew\Downloads\cm_endeavoru-ota-eng.noeri_017.zip
    2012-06-24 13:14 - 2012-06-24 13:14 - 00000000 ____D C:\Users\Andrew\AppData\Local\{8B2B0A11-24BD-4038-9431-5912226E579F}
    2012-06-24 09:42 - 2012-06-24 09:42 - 11795328 ____A C:\Users\Andrew\Downloads\Endeavoru-Faux123-003b10(1).zip
    2012-06-24 08:27 - 2012-06-24 09:26 - 00000000 ____D C:\Program Files (x86)\QemuManager
    2012-06-24 08:27 - 2012-06-24 08:27 - 07706797 ____A (David T Reynolds ) C:\Users\Andrew\Downloads\setupqemuk70.exe
    2012-06-24 08:19 - 2012-06-24 08:29 - 00000000 ____D C:\Program Files (x86)\Bochs-2.5.1
    2012-06-24 08:19 - 2012-06-24 08:19 - 04001273 ____A C:\Users\Andrew\Downloads\Bochs-2.5.1.exe
    2012-06-24 08:12 - 2012-06-24 08:12 - 00682653 ____A C:\Users\Andrew\Downloads\QEMU.apk
    2012-06-24 08:12 - 2012-06-24 08:12 - 00057046 ____A C:\Users\Andrew\Downloads\SDL(QEMU).zip
    2012-06-24 08:12 - 2012-06-24 08:12 - 00049779 ____A C:\Users\Andrew\Downloads\SDL(BOCHS).zip
    2012-06-24 07:12 - 2012-06-24 14:10 - 00000000 ____D C:\Users\Andrew\Desktop\most recent android stuff
    2012-06-24 06:52 - 2012-06-24 06:53 - 10595137 ____A C:\Users\Andrew\Downloads\MIcons Project v1.5X.mtz
    2012-06-24 06:20 - 2012-06-24 06:20 - 09941911 ____A C:\Users\Andrew\Downloads\Blue ICSelcius v4 3.4b.mtz
    2012-06-24 04:31 - 2012-06-24 04:31 - 01611446 ____A C:\Users\Andrew\Downloads\sr3.0.5.Android.zip
    2012-06-24 00:50 - 2012-06-24 00:50 - 00000000 ____D C:\Users\Andrew\AppData\Local\{6D005FEF-EA25-4E67-91B2-D259A9C7BE5C}
    2012-06-24 00:50 - 2012-06-24 00:50 - 00000000 ____D C:\Users\Andrew\AppData\Local\{18B7F3E3-61BD-41B0-8C4D-75178462B86B}
    2012-06-24 00:38 - 2012-06-24 00:38 - 02951570 ____A C:\Users\Andrew\Downloads\franco.Kernel-modules-r11(1).zip
    2012-06-23 23:06 - 2012-06-23 23:06 - 11795328 ____A C:\Users\Andrew\Downloads\Endeavoru-Faux123-003b10.zip
    2012-06-23 22:44 - 2012-06-23 22:44 - 01641347 ____A C:\Users\Andrew\Downloads\System Tuner Pro 2.1.3.apk
    2012-06-23 22:42 - 2012-06-23 22:42 - 01641347 ____A C:\Users\Andrew\Downloads\System_Tuner_Pro_2.1.3.apk
    2012-06-23 12:43 - 2012-06-23 12:43 - 00000218 ____A C:\Users\Andrew\.recently-used.xbel
    2012-06-23 08:39 - 2012-06-23 08:39 - 00000000 ____D C:\Users\Andrew\AppData\Local\{6D3ABA27-1AC9-48D7-A374-8BBC4353D0DC}
    2012-06-23 08:39 - 2012-06-23 08:39 - 00000000 ____D C:\Users\Andrew\AppData\Local\{0845801E-3819-419A-95DF-F4B436F219FC}
    2012-06-23 08:23 - 2012-06-23 08:23 - 00000000 ____D C:\Users\Andrew\AppData\Local\{6135DBFD-B855-46B6-A8DE-2D76FC1FC350}
    2012-06-22 22:58 - 2012-06-22 22:58 - 02332544 ____A C:\Users\Andrew\Downloads\f128.zip
    2012-06-22 22:56 - 2012-06-22 22:57 - 04882873 ____A C:\Users\Andrew\Downloads\Documents_To_Go_v3.001.apk
    2012-06-22 22:52 - 2012-06-22 22:52 - 00401453 ____A C:\Users\Andrew\Downloads\com.speedsoftware.rootexplorer-61-2.20.apk
    2012-06-22 22:50 - 2012-06-22 22:50 - 00049707 ____A C:\Users\Andrew\Downloads\RM1.07--Ripper-.apk
    2012-06-22 22:46 - 2012-06-22 22:46 - 07678869 ____A C:\Users\Andrew\Downloads\t2584.apk
    2012-06-22 22:25 - 2012-06-22 22:25 - 00294548 ____A C:\Users\Andrew\Documents\Untitled-1.psd
    2012-06-22 22:20 - 2012-06-22 22:20 - 00077290 ____A C:\Users\Andrew\Documents\Untitled-1.png
    2012-06-22 22:02 - 2012-06-24 07:12 - 00000000 ____D C:\Users\Andrew\Desktop\android clutter
    2012-06-22 22:01 - 2012-06-22 22:01 - 00000000 ____D C:\Users\Andrew\Desktop\python
    2012-06-22 21:56 - 2012-06-22 22:00 - 00000000 ____D C:\Users\Andrew\Documents\android
    2012-06-22 18:43 - 2012-06-22 18:55 - 325579535 ____A C:\Users\Andrew\Downloads\RD-MIUI_OneX_2.6.22.zip
    2012-06-22 18:11 - 2012-06-22 18:11 - 00204274 ____A C:\Users\Andrew\Downloads\com.franco.kernel_1.apk
    2012-06-22 17:37 - 2012-06-22 17:37 - 00000000 ____D C:\Users\Andrew\AppData\Local\{D742E206-3F07-401C-8CFF-50A0E8438E95}
    2012-06-22 17:37 - 2012-06-22 17:37 - 00000000 ____D C:\Users\Andrew\AppData\Local\{38E58BDC-A624-4C8E-A01E-03EDEE21D8B1}
    2012-06-22 17:16 - 2012-06-22 17:16 - 00008541 ____A C:\Users\Andrew\Downloads\bootscript.sh
    2012-06-22 05:36 - 2012-06-22 05:37 - 00000000 ____D C:\Users\Andrew\AppData\Local\{5D4642DE-3AB2-4A53-8FBF-BCC50054DF4A}
    2012-06-22 05:36 - 2012-06-22 05:36 - 00000000 ____D C:\Users\Andrew\AppData\Local\{145D89C2-E7EA-48C9-B5D5-ACD3F802E8A3}
    2012-06-21 19:34 - 2012-06-21 19:34 - 03152499 ____A C:\Users\Andrew\Downloads\N.O.V.A.3.Near.Orbit.Vanguard.Alliance.1.0.0.Tegra.HTC.Android.apk
    2012-06-21 18:16 - 2012-06-21 18:16 - 00007467 ____A C:\Users\Andrew\Downloads\autobootscript.sh
    2012-06-21 17:36 - 2012-06-21 17:36 - 00000000 ____D C:\Users\Andrew\AppData\Local\{ADACC506-C152-449D-B5C7-844814DE0935}
    2012-06-21 17:36 - 2012-06-21 17:36 - 00000000 ____D C:\Users\Andrew\AppData\Local\{1F4C80C6-8D60-491D-B41C-3D4A18948E75}
    2012-06-21 13:23 - 2012-06-21 15:30 - 327886446 ____A C:\Users\Andrew\Downloads\RD-MIUI_OneX_2.6.16_v2.zip
    2012-06-21 12:54 - 2012-06-21 12:54 - 02926592 ____A C:\Users\Andrew\Downloads\boot-r11(1).img
    2012-06-21 11:33 - 2012-06-21 11:33 - 01641347 ____A C:\Users\Andrew\Downloads\android-softwares.com_System_Tuner_Pro_2.1.3.apk
    2012-06-21 07:19 - 2012-06-21 07:19 - 01039957 ____A C:\Users\Andrew\Downloads\Complete Linux Installer v311.apk
    2012-06-21 04:07 - 2012-06-21 04:07 - 00000000 ____D C:\Users\Andrew\AppData\Local\{F78F9CEA-EB3D-4806-81EB-E9854476E0BD}
    2012-06-21 04:07 - 2012-06-21 04:07 - 00000000 ____D C:\Users\Andrew\AppData\Local\{7C79ED7B-4942-46FE-81D9-B34AAD07DDF7}
    2012-06-20 21:16 - 2012-06-20 21:16 - 08503458 ____A C:\Users\Andrew\Downloads\MIcons Project v1.2.3X.mtz
    2012-06-20 20:17 - 2012-07-01 08:22 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201679691-783270451-1720172099-1000UA.job
    2012-06-20 20:17 - 2012-06-30 20:22 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201679691-783270451-1720172099-1000Core.job
    2012-06-20 20:17 - 2012-06-20 20:17 - 00000000 ____D C:\Users\Andrew\AppData\Local\Google
    2012-06-20 20:16 - 2012-06-20 20:17 - 00000000 ____D C:\Users\Andrew\AppData\Local\Deployment
    2012-06-20 20:16 - 2012-06-20 20:16 - 00000000 ____D C:\Users\Andrew\AppData\Local\Apps\2.0
    2012-06-20 19:02 - 2012-06-20 19:02 - 00059867 ____A C:\Users\Andrew\Downloads\pulp.fiction.(1994).eng.1cd.(3391372).zip
    2012-06-20 16:06 - 2012-06-20 16:06 - 02926592 ____A C:\Users\Andrew\Downloads\boot-r11.img
    2012-06-20 09:39 - 2012-06-20 09:39 - 00000000 ____D C:\Users\Andrew\AppData\Local\{60B3EF89-1EAB-4303-9229-4205741F81AC}
    2012-06-20 09:39 - 2012-06-20 09:39 - 00000000 ____D C:\Users\Andrew\AppData\Local\{23FE9280-7827-4142-81FC-B44C320E1CA6}
    2012-06-20 09:06 - 2012-06-20 09:06 - 02951570 ____A C:\Users\Andrew\Downloads\franco.Kernel-modules-r11.zip
    2012-06-20 08:53 - 2012-06-20 09:03 - 326142102 ____A C:\Users\Andrew\Downloads\RD-MIUI_OneX_2.6.16.zip
    2012-06-19 13:21 - 2012-06-19 13:21 - 00000000 ____D C:\Users\Andrew\AppData\Local\{8D23B067-A79B-47BE-BD68-C100034EAAEA}
    2012-06-19 13:21 - 2012-06-19 13:21 - 00000000 ____D C:\Users\Andrew\AppData\Local\{17E73727-3769-4974-AA8D-DFD268C88951}
    2012-06-19 13:02 - 2012-06-19 13:02 - 00000000 ____D C:\Users\Andrew\AppData\Local\{96B2755A-A20D-4658-B14B-ECC50FAC2677}
    2012-06-19 13:02 - 2012-06-19 13:02 - 00000000 ____D C:\Users\Andrew\AppData\Local\{55F0D861-CAB9-4B6C-BE52-38FDDA3A241A}
    2012-06-18 18:32 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-18 18:32 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-18 18:32 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-18 18:32 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-18 18:32 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-18 18:32 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-18 18:32 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-18 18:31 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-18 18:31 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-18 15:37 - 2012-06-18 15:37 - 00000000 ____D C:\Users\Andrew\AppData\Local\{C4EC59B1-672D-459B-9ECD-F38CB63D8CF8}
    2012-06-18 08:29 - 2012-06-18 08:31 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Garmin
    2012-06-18 08:29 - 2012-06-18 08:29 - 11612616 ____A (Igor Pavlov) C:\Users\Andrew\Downloads\WebUpdater_WindowsXPSP3andnewer__256.exe
    2012-06-18 08:29 - 2012-06-18 08:29 - 00000000 ____D C:\Users\Andrew\Documents\My Garmin
    2012-06-18 08:29 - 2012-06-18 08:29 - 00000000 ____D C:\Users\All Users\GARMIN
    2012-06-18 08:29 - 2012-06-18 08:29 - 00000000 ____D C:\Program Files\DIFX
    2012-06-18 08:29 - 2012-06-18 08:29 - 00000000 ____D C:\Program Files (x86)\Garmin
    2012-06-18 08:27 - 2012-06-18 08:27 - 00000000 ____D C:\Users\Andrew\Downloads\MapSource_6163
    2012-06-18 08:24 - 2012-06-18 08:25 - 57051280 ____A (Igor Pavlov) C:\Users\Andrew\Downloads\MapSource_6163.exe
    2012-06-18 07:34 - 2012-06-18 07:34 - 00000000 ____D C:\Users\Andrew\AppData\Local\{83FFFEC5-4BDE-44BC-8688-51508CC0A623}
    2012-06-17 18:18 - 2012-06-17 18:18 - 02979840 ____A C:\Users\Andrew\Downloads\Franco-r10_arhd_7.0.0.img
    2012-06-17 17:59 - 2012-06-17 17:59 - 02580445 ____A C:\Users\Andrew\Downloads\ROM_Cleaner_NO-Sense_v1.1.zip
    2012-06-17 17:59 - 2012-06-17 17:59 - 00145619 ____A C:\Users\Andrew\Downloads\Android_Revolution_HD_Super_Wipe_One_X.zip
    2012-06-17 17:58 - 2012-06-17 17:59 - 08758028 ____A C:\Users\Andrew\Downloads\Battery_StockHD_OneX_2.05.1_aroma_by_jotha.zip
    2012-06-17 16:56 - 2012-06-17 16:56 - 02951573 ____A C:\Users\Andrew\Downloads\franco.Kernel-modules-r10.zip
    2012-06-17 16:54 - 2012-06-17 16:58 - 554715164 ____A C:\Users\Andrew\Downloads\Android_Revolution_HD-One_X_7.0.0.zip
    2012-06-17 12:01 - 2012-06-17 12:02 - 04464951 ____A C:\Users\Andrew\Downloads\hTC_OneX(S720e)_Radio_1.1204.107.14.zip
    2012-06-17 11:57 - 2012-06-17 11:57 - 04378119 ____A C:\Users\Andrew\Downloads\Radio_2.1204.119.17.zip
    2012-06-17 11:52 - 2012-06-17 12:17 - 327768302 ____A C:\Users\Andrew\Downloads\RD-MIUI_OneX_2.6.15.zip
    2012-06-17 08:45 - 2012-06-17 08:45 - 00000000 ____D C:\Users\Andrew\AppData\Local\{7B607FA1-2AB2-422D-AF80-C9F06C04A2AA}
    2012-06-16 16:32 - 2012-06-16 16:32 - 00000000 ____D C:\Users\Andrew\AppData\Local\{781BB407-B4BE-4250-B5AF-F379053CFE8C}
    2012-06-15 23:16 - 2012-06-15 23:17 - 00000000 ____D C:\Users\Andrew\AppData\Local\{3DFAD7C0-4FFD-474D-8041-B4996E31FBE2}
    2012-06-15 03:59 - 2012-06-15 03:59 - 00000000 ____D C:\Users\Andrew\AppData\Local\{7FB0068B-03BE-4588-B001-F15BB7FD6B1F}
    2012-06-14 21:38 - 2012-06-14 21:38 - 00004403 ____A C:\Users\Andrew\Downloads\gas_pressure.gif
    2012-06-14 12:44 - 2012-06-14 12:45 - 04270080 ____A C:\Users\Andrew\Downloads\boot(5).img
    2012-06-14 11:22 - 2012-06-14 11:22 - 00000000 ____D C:\Users\Andrew\AppData\Local\{DD7A662B-E1E1-4584-8C07-8D678394AD7A}
    2012-06-14 11:21 - 2012-06-14 11:22 - 00000000 ____D C:\Users\Andrew\AppData\Local\{502878C5-F500-4E9F-91CD-0D346F018699}
    2012-06-14 05:12 - 2012-06-14 05:12 - 00000000 ____D C:\Users\Andrew\AppData\Local\{FC891B90-9F29-4E39-8C97-ECF7EB02CDA4}
    2012-06-13 18:10 - 2012-06-13 18:10 - 02938149 ____A C:\Users\Andrew\Downloads\Something To Dance For_TTYLXOX (Mash Up) from Shake It Up.mp3
    2012-06-13 17:58 - 2012-06-13 17:58 - 00480165 ____A C:\Users\Andrew\Downloads\RecBoot.zip
    2012-06-13 17:07 - 2012-06-13 17:34 - 00000000 ____D C:\Users\Andrew\Downloads\LIBUSB64Fix
    2012-06-13 17:07 - 2012-06-13 17:34 - 00000000 ____D C:\Users\Andrew\Downloads\1) ADD HARDWARE WIZARD
    2012-06-13 17:07 - 2012-06-13 17:07 - 00753332 ____A C:\Users\Andrew\Downloads\LIBUSB64Fix.zip
    2012-06-13 17:07 - 2012-06-13 17:07 - 00000000 ____D C:\Users\Andrew\Downloads\2) INSTALL LIBUSB
    2012-06-13 17:06 - 2012-06-13 17:34 - 00000000 ____D C:\Users\Andrew\Downloads\fixrecovery-win
    2012-06-13 17:06 - 2012-06-13 17:06 - 00463215 ____A C:\Users\Andrew\Downloads\fixrecovery-win.zip
    2012-06-13 17:05 - 2012-06-13 17:07 - 363553480 ____A C:\Users\Andrew\Downloads\iPod2,1_4.2.1_8C148_Restore.ipsw
    2012-06-13 17:00 - 2012-06-13 17:34 - 00000000 ____D C:\Program Files (x86)\LibUSB-Win32
    2012-06-13 16:59 - 2012-06-13 16:59 - 01387127 ____A C:\Users\Andrew\Downloads\irecovery.zip
    2012-06-13 16:59 - 2012-06-13 16:59 - 00000000 ____D C:\Users\Andrew\Downloads\irecovery
    2012-06-13 12:20 - 2012-06-13 12:20 - 02951561 ____A C:\Users\Andrew\Downloads\franco.Kernel-modules-r9(1).zip
    2012-06-13 11:58 - 2012-06-13 12:00 - 148909136 ____A C:\Users\Andrew\Downloads\cm_endeavoru-ota-eng.noeri_015.zip
    2012-06-13 11:58 - 2012-06-13 11:58 - 02922496 ____A C:\Users\Andrew\Downloads\TripCM9r15Francor9.img
    2012-06-13 11:46 - 2012-06-13 11:46 - 04276224 ____A C:\Users\Andrew\Downloads\boot(4).img
    2012-06-13 11:42 - 2012-06-13 11:42 - 00000000 ____D C:\Users\Andrew\AppData\Local\{62AE5468-C7FC-46F3-B1D8-277F1941CF15}
    2012-06-13 11:42 - 2012-06-13 11:42 - 00000000 ____D C:\Users\Andrew\AppData\Local\{0277C7B3-F021-4CA4-B3FC-DA0ECC13D575}
    2012-06-13 04:26 - 2012-06-13 04:26 - 00000000 ____D C:\Users\Andrew\AppData\Local\{11261E0D-98F9-42E3-8EDC-785EC1D3711D}
    2012-06-13 03:50 - 2012-06-13 03:50 - 00000000 ____D C:\Users\Andrew\AppData\Local\{7C253576-313E-4E57-B13C-394338FB1227}
    2012-06-12 16:30 - 2012-06-12 16:31 - 19003209 ____A C:\Users\Andrew\Downloads\Blot-v1.1.0-AppleGuider.org.ipa
    2012-06-12 15:43 - 2012-06-12 15:43 - 00000000 ____D C:\Users\Andrew\Downloads\redsn0w_win_0.9.12b2
    2012-06-12 15:42 - 2012-06-12 15:42 - 16465538 ____A C:\Users\Andrew\Downloads\redsn0w_win_0.9.12b2.zip
    2012-06-12 15:26 - 2012-06-12 15:26 - 00000000 ____D C:\Users\Andrew\Downloads\redsn0w_win_0.9.12b1
    2012-06-12 15:25 - 2012-06-12 15:26 - 16388409 ____A C:\Users\Andrew\Downloads\redsn0w_win_0.9.12b1.zip
    2012-06-12 12:19 - 2012-06-12 12:19 - 00000000 ____D C:\Users\Andrew\AppData\Local\{ADA1E10A-5482-4A42-8BC3-46E48F9171CD}
    2012-06-12 12:19 - 2012-06-12 12:19 - 00000000 ____D C:\Users\Andrew\AppData\Local\{7BE5B0B7-DD1C-4D83-9E1C-4446FCE8C3C0}
    2012-06-12 11:33 - 2012-06-12 11:33 - 54485532 ____A C:\Users\Andrew\Downloads\gapps-ics-20120317-signed(2).zip
    2012-06-12 11:32 - 2012-06-12 11:37 - 156194976 ____A C:\Users\Andrew\Downloads\cm-9-20120612-alpha-1-endeavoru.zip
    2012-06-12 03:54 - 2012-06-12 03:54 - 00000000 ____D C:\Users\Andrew\AppData\Local\{EC3954EB-6372-4624-85A0-65B411F6260D}
    2012-06-11 13:51 - 2012-06-11 13:52 - 00000000 ____D C:\Users\Andrew\AppData\Local\{6C61FE46-B1A5-4675-A083-6D89CEF85AF7}
    2012-06-11 13:51 - 2012-06-11 13:51 - 00000000 ____D C:\Users\Andrew\AppData\Local\{F1CC5D1A-0628-4E27-A2DF-5D44419CDD0B}
    2012-06-10 17:58 - 2012-06-10 17:58 - 00000000 ____D C:\Users\Andrew\AppData\Local\{AF86F540-9CDA-4EFE-9C5D-7BF284C4AB49}
    2012-06-10 10:06 - 2012-06-10 10:06 - 00000000 ____D C:\Users\Andrew\AppData\Local\{11E34B14-7373-4843-8B22-8AB4D904F53E}
    2012-06-09 13:25 - 2012-06-09 13:25 - 05879808 ____A C:\Users\Andrew\Downloads\recovery-clockwork-touch-5.8.4.0-endeavoru.img
    2012-06-09 05:35 - 2012-06-09 05:35 - 00000000 ____D C:\Users\Andrew\AppData\Local\{F14ACD36-BAFA-46E8-9729-12D2FADA35CF}
    2012-06-09 05:35 - 2012-06-09 05:35 - 00000000 ____D C:\Users\Andrew\AppData\Local\{68E8B54D-94EC-417B-B29E-A1204FD40C4E}
    2012-06-08 11:34 - 2012-06-08 11:34 - 00000000 ____D C:\Users\Andrew\AppData\Local\{EA01D002-2C49-4DAA-82E6-A0FF0D93F56C}
    2012-06-08 11:34 - 2012-06-08 11:34 - 00000000 ____D C:\Users\Andrew\AppData\Local\{AF4F6B4D-2EC6-4243-8804-5F5FB55F470A}
    2012-06-07 08:29 - 2012-06-07 08:29 - 00000000 ____D C:\Users\Andrew\Downloads\apks
    2012-06-07 08:03 - 2012-06-07 08:03 - 00009949 ____A C:\Users\Andrew\Downloads\su_ics_v3.1_wraithdu_installer_v2.1(1).zip
    2012-06-07 07:40 - 2012-06-07 07:42 - 00000000 ____D C:\Users\Andrew\Downloads\zImage_Injector_v0.1
    2012-06-07 07:40 - 2012-06-07 07:40 - 00213999 ____A C:\Users\Andrew\Downloads\zImage_Injector_v0.1.rar
    2012-06-07 05:22 - 2012-06-07 05:22 - 00000000 ____D C:\Users\Andrew\AppData\Local\{59149908-8744-4B93-B42E-F916661DE5A4}
    2012-06-07 05:22 - 2012-06-07 05:22 - 00000000 ____D C:\Users\Andrew\AppData\Local\{3B955A1D-0A72-4079-B128-5C8F14336F9F}
    2012-06-06 14:11 - 2012-06-06 14:11 - 00025103 ____A C:\Users\Andrew\Downloads\[freefullandroid.blogspot.com] PowerAMP Full Version Unlocker.apk
    2012-06-06 14:05 - 2012-06-06 14:05 - 01193386 ____A C:\Users\Andrew\Downloads\MarketMilitia.ORG..franco.kernel.v4.9.zip
    2012-06-06 13:54 - 2012-06-06 13:54 - 02951561 ____A C:\Users\Andrew\Downloads\franco.Kernel-modules-r9.zip
    2012-06-06 13:54 - 2012-06-06 13:54 - 02926592 ____A C:\Users\Andrew\Downloads\boot-r9.img
    2012-06-06 06:45 - 2012-06-06 06:45 - 00000000 ____D C:\Users\Andrew\AppData\Local\{CC93BFF1-1378-48A5-9253-1871D59E11B2}
    2012-06-06 06:45 - 2012-06-06 06:45 - 00000000 ____D C:\Users\Andrew\AppData\Local\{4E656FEC-EF1A-4F43-88BF-C24C42DCF4F3}
    2012-06-06 06:26 - 2012-06-06 06:26 - 00000000 ____D C:\Users\Andrew\AppData\Local\{52150645-0DEC-4D41-8498-9822D1A2F689}
    2012-06-06 03:44 - 2012-06-06 03:44 - 00000000 ____D C:\Users\Andrew\AppData\Local\{7C83678F-7614-468D-BB26-1A0228928140}
    2012-06-05 16:52 - 2012-06-05 16:52 - 01631006 ____A C:\Users\Andrew\Downloads\t1u1a0s.zip
    2012-06-05 13:39 - 2012-06-05 13:39 - 00000000 ____D C:\Users\Andrew\AppData\Local\{E325F10E-36CD-4F67-BF76-AABE5635E917}
    2012-06-05 09:30 - 2012-06-05 09:30 - 00000000 ____D C:\Users\Andrew\Desktop\chad.{ED7BA470-8E54-465E-825C-99712043E01C}
    2012-06-05 09:03 - 2012-06-05 09:03 - 00484944 ____A C:\Users\Andrew\Downloads\Sensor_Fix.zip
    2012-06-05 04:50 - 2012-06-05 04:50 - 00000000 ____D C:\Users\Andrew\AppData\Local\{B900EE15-3F84-407E-B375-63C11F993F64}
    2012-06-05 03:58 - 2012-06-05 03:58 - 00000000 ____D C:\Users\Andrew\AppData\Local\{C26FB529-DB15-4BE8-A672-4AF1CA8A63D6}
    2012-06-04 17:08 - 2012-06-04 18:20 - 00000000 ____D C:\Users\Andrew\Downloads\Aqua Teen Hunger Force - Season 1
    2012-06-04 13:29 - 2012-06-04 13:29 - 00000000 ____D C:\Users\Andrew\Downloads\HDWallpaper
    2012-06-04 13:18 - 2012-06-04 13:21 - 02437399 ____A C:\Users\Andrew\Downloads\GCD v2.25.apk
    2012-06-04 13:15 - 2012-06-04 13:15 - 01045321 ____A C:\Users\Andrew\Downloads\A%20Liquid%20Cloud%20Full%201.22.apk
    2012-06-04 12:48 - 2012-06-04 12:52 - 304978057 ____A C:\Users\Andrew\Downloads\HDWallpaper.zip
    2012-06-04 10:22 - 2012-06-04 10:22 - 00000000 ____D C:\Users\Andrew\AppData\Local\{F819F3D0-BB31-4743-829E-868DA0285420}
    2012-06-04 10:22 - 2012-06-04 10:22 - 00000000 ____D C:\Users\Andrew\AppData\Local\{7C492FC1-7F15-4387-8E06-BECE352EBA2F}
    2012-06-04 08:06 - 2012-06-04 08:30 - 694960128 ____A C:\Users\Andrew\Downloads\Zelig (Woody Allen 1983) XviD DVDRip.avi
    2012-06-04 06:22 - 2012-06-04 06:22 - 00000000 ____D C:\Users\Andrew\AppData\Local\{BC99C6FA-4015-417A-B236-70AA8B19A47F}
    2012-06-04 04:30 - 2012-06-04 04:30 - 00000000 ____D C:\Users\All Users\Fallout2
    2012-06-04 04:26 - 2012-06-04 04:26 - 00000000 ____D C:\Users\Andrew\Downloads\sfall 2.17
    2012-06-04 04:25 - 2012-06-04 04:25 - 00000000 ____D C:\Users\Andrew\Downloads\Fallout2_High_Resolution_Patch_3.06
    2012-06-04 04:23 - 2012-06-04 04:23 - 00000000 ____D C:\Users\Andrew\Downloads\f2patch
    2012-06-04 04:22 - 2012-06-04 04:22 - 02929870 ____A C:\Users\Andrew\Downloads\f2patch.exe
    2012-06-04 04:21 - 2012-06-04 04:21 - 00186151 ____A C:\Users\Andrew\Downloads\sfall 2.17(1).7z
    2012-06-04 04:20 - 2012-06-04 04:20 - 08140792 ____A (killap ) C:\Users\Andrew\Downloads\unofficialFO2patch.exe
    2012-06-04 04:19 - 2012-06-04 04:19 - 00771697 ____A C:\Users\Andrew\Downloads\Fallout2_High_Resolution_Patch_3.06.zip
    2012-06-04 04:12 - 2012-06-17 19:56 - 00001077 ____A C:\Users\Andrew\Desktop\Fallout 2.lnk
    2012-06-04 04:11 - 2012-06-04 04:11 - 00052736 ____A (Interplay Productions) C:\Windows\ipuninst.exe
    2012-06-04 04:11 - 2012-06-04 04:11 - 00000000 ____D C:\Program Files\BlackIsle
    2012-06-04 04:03 - 2012-06-04 04:09 - 00000000 ____D C:\Users\Andrew\Downloads\Fallout 2
    2012-06-03 16:52 - 2012-06-03 16:52 - 00000000 ____D C:\Users\Andrew\AppData\Local\{FFAF26E9-31DB-4E26-9BAF-A91FEB062971}
    2012-06-03 16:52 - 2012-06-03 16:52 - 00000000 ____D C:\Users\Andrew\AppData\Local\{23EC440C-CE08-4F42-835E-C1F9AFB0B367}
    2012-06-03 12:15 - 2012-06-03 12:15 - 04984165 ____A C:\Users\Andrew\Downloads\Reddit News-50.apk
    2012-06-03 12:06 - 2012-06-03 12:06 - 01372076 ____A C:\Users\Andrew\Downloads\Sense_4_clock.apk
    2012-06-03 11:09 - 2012-06-03 11:09 - 00401453 ____A C:\Users\Andrew\Downloads\Root_Explorer.apk
    2012-06-03 10:48 - 2012-06-03 10:48 - 00009949 ____A C:\Users\Andrew\Downloads\su_ics_v3.1_wraithdu_installer_v2.1.zip
    2012-06-03 10:15 - 2012-06-03 10:15 - 05898240 ____A C:\Users\Andrew\Downloads\recovery-clockwork-touch-5.8.3.1-endeavoru_fixedadbusb(1).img
    2012-06-03 10:13 - 2012-06-03 10:13 - 05898240 ____A C:\Users\Andrew\Downloads\recovery-clockwork-touch-5.8.3.1-endeavoru_fixedadbusb.img
    2012-06-03 10:01 - 2012-06-03 10:04 - 148649900 ____A C:\Users\Andrew\Downloads\cm_endeavoru-ota-eng.noeri_014.zip
    2012-06-03 10:01 - 2012-06-03 10:02 - 44272586 ____A C:\Users\Andrew\Downloads\tripndroid_gapps_29052012.zip
    2012-06-03 09:40 - 2012-06-03 09:40 - 01361437 ____A C:\Users\Andrew\Downloads\Supercharger_HardToKillLauncher_services.jar_1.29.401.11.zip
    2012-06-03 05:08 - 2012-06-03 05:08 - 09027043 ____A C:\Users\Andrew\Downloads\grand_theft_auto_iii_v1.3(1).apk
    2012-06-03 04:52 - 2012-06-03 04:52 - 00000000 ____D C:\Users\Andrew\AppData\Local\{9264C9BA-536B-482D-9E16-3AD7B9B4152F}
    2012-06-03 04:51 - 2012-06-03 04:52 - 00000000 ____D C:\Users\Andrew\AppData\Local\{4E85C139-584D-4117-A85A-461D4B9410DA}
    2012-06-03 03:59 - 2012-06-03 03:59 - 00000000 ____D C:\Users\Andrew\AppData\Local\{7F1A4E77-FD3B-44E2-AC9E-4DC33C145FBF}
    2012-06-02 05:46 - 2012-06-02 05:47 - 01361437 ____A C:\Users\Andrew\Downloads\services.jar
    2012-06-02 05:45 - 2012-06-02 05:45 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-06-02 05:45 - 2012-06-02 05:45 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-06-02 05:45 - 2012-04-04 14:33 - 00268680 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-06-02 05:42 - 2012-06-02 05:42 - 96813000 ____A (Oracle Corporation) C:\Users\Andrew\Downloads\jdk-7u4-windows-x64.exe
    2012-06-02 04:20 - 2012-06-02 04:20 - 06276900 ____A C:\Users\Andrew\Downloads\Super Mario 64.zip
    2012-06-02 04:11 - 2012-06-02 04:11 - 00000000 ____D C:\Users\Andrew\AppData\Local\{E7C483FB-A216-446B-927A-C4C360B64B14}
    2012-06-02 04:11 - 2012-06-02 04:11 - 00000000 ____D C:\Users\Andrew\AppData\Local\{77CD6D51-5C64-4968-B02B-4914ADBBBC51}
    2012-06-01 15:01 - 2012-06-01 15:01 - 00002024 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
    2012-06-01 15:00 - 2012-06-01 15:00 - 00000000 ____D C:\Users\Andrew\AppData\Local\Sony
    2012-06-01 15:00 - 2012-06-01 15:00 - 00000000 ____D C:\Users\All Users\Sony
    2012-06-01 15:00 - 2012-06-01 15:00 - 00000000 ____D C:\Program Files (x86)\Sony
    2012-06-01 12:58 - 2012-06-02 06:40 - 00000000 ____D C:\flerp
    2012-06-01 12:58 - 2012-06-01 12:58 - 06054138 ____A C:\Users\Andrew\Downloads\jar file decompile and compiler with tutor.zip
    2012-06-01 07:12 - 2012-06-01 07:12 - 00569873 ____A C:\Users\Andrew\Downloads\CWM-SuperSU-v0.89.zip
    2012-06-01 07:08 - 2012-06-01 07:08 - 05869568 ____A C:\Users\Andrew\Downloads\recovery-clockwork-touch-5.8.3.1-endeavoru.img
    2012-06-01 07:01 - 2012-06-01 07:01 - 00000256 ____A C:\Users\Andrew\Downloads\Unlock_code.bin
    2012-06-01 05:26 - 2012-06-01 05:26 - 13783568 ____A (HTC Corporation ) C:\Users\Andrew\Downloads\HTCDriver3.0.0.007.exe
    2012-06-01 05:21 - 2012-06-01 05:21 - 02024037 ____A C:\Users\Andrew\Downloads\onxr.zip
    2012-06-01 05:21 - 2012-06-01 05:21 - 00000000 ____D C:\Users\Andrew\Downloads\onxr
    2012-06-01 04:35 - 2012-06-01 04:35 - 00000000 ____D C:\Program Files (x86)\Spirent Communications
    2012-06-01 04:34 - 2012-06-01 04:35 - 00000000 ____D C:\Program Files (x86)\HTC
    2012-06-01 04:34 - 2012-06-01 04:34 - 00000000 ____D C:\Users\Andrew\Downloads\One_X_All-In-One_Kit_v1.0
    2012-06-01 04:33 - 2012-06-01 04:33 - 46956406 ____A C:\Users\Andrew\Downloads\One_X_All-In-One_Kit_v1.0.rar
    2012-06-01 03:45 - 2012-06-01 03:45 - 00000000 ____D C:\Users\Andrew\AppData\Local\{54B7AD09-A02F-43C8-8A0E-62292E1C1B1B}
    2012-06-01 03:44 - 2012-06-01 03:45 - 00000000 ____D C:\Users\Andrew\AppData\Local\{0DAF5AAC-9B5E-434B-893E-9AB587DB6875}
  10. debani

    debani Newcomer, in training Topic Starter Posts: 18

    ============ 3 Months Modified Files ========================

    2012-07-01 09:08 - 2012-01-22 20:33 - 01221233 ____A C:\Windows\WindowsUpdate.log
    2012-07-01 09:08 - 2009-07-13 20:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-01 09:08 - 2009-07-13 20:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-01 09:05 - 2012-02-03 11:11 - 00041616 ____A C:\Windows\setupact.log
    2012-07-01 09:05 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-01 08:22 - 2012-06-20 20:17 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201679691-783270451-1720172099-1000UA.job
    2012-06-30 21:05 - 2012-06-30 21:05 - 00002268 ____A C:\Users\Public\Desktop\Fallout New Vegas.lnk
    2012-06-30 20:22 - 2012-06-20 20:17 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201679691-783270451-1720172099-1000Core.job
    2012-06-30 20:06 - 2012-06-30 20:06 - 00000219 ____A C:\Users\Andrew\Desktop\Team Fortress 2.url
    2012-06-30 13:58 - 2012-05-15 12:54 - 00747096 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-30 12:21 - 2012-01-22 18:30 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-30 12:20 - 2012-06-30 12:20 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Andrew\Downloads\mbam-setup-1.61.0.1400.exe
    2012-06-26 21:42 - 2012-06-26 21:42 - 00339849 ____A C:\Users\Andrew\Downloads\WiFiKill-1.7(1).apk
    2012-06-26 20:49 - 2012-06-26 20:49 - 00057136 ____A C:\Users\Andrew\Downloads\21.jump.street.(2012).eng.1cd.(4573089).zip
    2012-06-25 16:54 - 2012-06-25 16:54 - 00001361 ____A C:\Users\Andrew\Desktop\Auslogics Duplicate File Finder.lnk
    2012-06-25 16:53 - 2012-06-25 16:53 - 05015384 ____A (Auslogics Software Pty Ltd ) C:\Users\Andrew\Downloads\duplicate-file-finder-setup.exe
    2012-06-24 15:34 - 2012-06-24 15:34 - 02951570 ____A C:\Users\Andrew\Downloads\franco.Kernel-modules-r11(2).zip
    2012-06-24 14:22 - 2012-06-24 14:21 - 149145411 ____A C:\Users\Andrew\Downloads\cm_endeavoru-ota-eng.noeri_017.zip
    2012-06-24 09:42 - 2012-06-24 09:42 - 11795328 ____A C:\Users\Andrew\Downloads\Endeavoru-Faux123-003b10(1).zip
    2012-06-24 08:27 - 2012-06-24 08:27 - 07706797 ____A (David T Reynolds ) C:\Users\Andrew\Downloads\setupqemuk70.exe
    2012-06-24 08:19 - 2012-06-24 08:19 - 04001273 ____A C:\Users\Andrew\Downloads\Bochs-2.5.1.exe
    2012-06-24 08:12 - 2012-06-24 08:12 - 00682653 ____A C:\Users\Andrew\Downloads\QEMU.apk
    2012-06-24 08:12 - 2012-06-24 08:12 - 00057046 ____A C:\Users\Andrew\Downloads\SDL(QEMU).zip
    2012-06-24 08:12 - 2012-06-24 08:12 - 00049779 ____A C:\Users\Andrew\Downloads\SDL(BOCHS).zip
    2012-06-24 06:53 - 2012-06-24 06:52 - 10595137 ____A C:\Users\Andrew\Downloads\MIcons Project v1.5X.mtz
    2012-06-24 06:20 - 2012-06-24 06:20 - 09941911 ____A C:\Users\Andrew\Downloads\Blue ICSelcius v4 3.4b.mtz
    2012-06-24 04:31 - 2012-06-24 04:31 - 01611446 ____A C:\Users\Andrew\Downloads\sr3.0.5.Android.zip
    2012-06-24 00:38 - 2012-06-24 00:38 - 02951570 ____A C:\Users\Andrew\Downloads\franco.Kernel-modules-r11(1).zip
    2012-06-23 23:06 - 2012-06-23 23:06 - 11795328 ____A C:\Users\Andrew\Downloads\Endeavoru-Faux123-003b10.zip
    2012-06-23 22:44 - 2012-06-23 22:44 - 01641347 ____A C:\Users\Andrew\Downloads\System Tuner Pro 2.1.3.apk
    2012-06-23 22:42 - 2012-06-23 22:42 - 01641347 ____A C:\Users\Andrew\Downloads\System_Tuner_Pro_2.1.3.apk
    2012-06-23 12:43 - 2012-06-23 12:43 - 00000218 ____A C:\Users\Andrew\.recently-used.xbel
    2012-06-22 22:58 - 2012-06-22 22:58 - 02332544 ____A C:\Users\Andrew\Downloads\f128.zip
    2012-06-22 22:57 - 2012-06-22 22:56 - 04882873 ____A C:\Users\Andrew\Downloads\Documents_To_Go_v3.001.apk
    2012-06-22 22:52 - 2012-06-22 22:52 - 00401453 ____A C:\Users\Andrew\Downloads\com.speedsoftware.rootexplorer-61-2.20.apk
    2012-06-22 22:50 - 2012-06-22 22:50 - 00049707 ____A C:\Users\Andrew\Downloads\RM1.07--Ripper-.apk
    2012-06-22 22:46 - 2012-06-22 22:46 - 07678869 ____A C:\Users\Andrew\Downloads\t2584.apk
    2012-06-22 22:25 - 2012-06-22 22:25 - 00294548 ____A C:\Users\Andrew\Documents\Untitled-1.psd
    2012-06-22 22:20 - 2012-06-22 22:20 - 00077290 ____A C:\Users\Andrew\Documents\Untitled-1.png
    2012-06-22 22:20 - 2012-03-04 18:40 - 00000132 ____A C:\Users\Andrew\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2012-06-22 18:55 - 2012-06-22 18:43 - 325579535 ____A C:\Users\Andrew\Downloads\RD-MIUI_OneX_2.6.22.zip
    2012-06-22 18:11 - 2012-06-22 18:11 - 00204274 ____A C:\Users\Andrew\Downloads\com.franco.kernel_1.apk
    2012-06-22 17:16 - 2012-06-22 17:16 - 00008541 ____A C:\Users\Andrew\Downloads\bootscript.sh
    2012-06-21 19:34 - 2012-06-21 19:34 - 03152499 ____A C:\Users\Andrew\Downloads\N.O.V.A.3.Near.Orbit.Vanguard.Alliance.1.0.0.Tegra.HTC.Android.apk
    2012-06-21 18:16 - 2012-06-21 18:16 - 00007467 ____A C:\Users\Andrew\Downloads\autobootscript.sh
    2012-06-21 15:30 - 2012-06-21 13:23 - 327886446 ____A C:\Users\Andrew\Downloads\RD-MIUI_OneX_2.6.16_v2.zip
    2012-06-21 12:54 - 2012-06-21 12:54 - 02926592 ____A C:\Users\Andrew\Downloads\boot-r11(1).img
    2012-06-21 11:33 - 2012-06-21 11:33 - 01641347 ____A C:\Users\Andrew\Downloads\android-softwares.com_System_Tuner_Pro_2.1.3.apk
    2012-06-21 07:19 - 2012-06-21 07:19 - 01039957 ____A C:\Users\Andrew\Downloads\Complete Linux Installer v311.apk
    2012-06-20 21:16 - 2012-06-20 21:16 - 08503458 ____A C:\Users\Andrew\Downloads\MIcons Project v1.2.3X.mtz
    2012-06-20 19:02 - 2012-06-20 19:02 - 00059867 ____A C:\Users\Andrew\Downloads\pulp.fiction.(1994).eng.1cd.(3391372).zip
    2012-06-20 16:06 - 2012-06-20 16:06 - 02926592 ____A C:\Users\Andrew\Downloads\boot-r11.img
    2012-06-20 15:57 - 2012-03-04 14:50 - 00372312 ____A C:\Windows\DirectX.log
    2012-06-20 09:06 - 2012-06-20 09:06 - 02951570 ____A C:\Users\Andrew\Downloads\franco.Kernel-modules-r11.zip
    2012-06-20 09:03 - 2012-06-20 08:53 - 326142102 ____A C:\Users\Andrew\Downloads\RD-MIUI_OneX_2.6.16.zip
    2012-06-18 08:29 - 2012-06-18 08:29 - 11612616 ____A (Igor Pavlov) C:\Users\Andrew\Downloads\WebUpdater_WindowsXPSP3andnewer__256.exe
    2012-06-18 08:25 - 2012-06-18 08:24 - 57051280 ____A (Igor Pavlov) C:\Users\Andrew\Downloads\MapSource_6163.exe
    2012-06-17 19:56 - 2012-06-04 04:12 - 00001077 ____A C:\Users\Andrew\Desktop\Fallout 2.lnk
    2012-06-17 18:18 - 2012-06-17 18:18 - 02979840 ____A C:\Users\Andrew\Downloads\Franco-r10_arhd_7.0.0.img
    2012-06-17 17:59 - 2012-06-17 17:59 - 02580445 ____A C:\Users\Andrew\Downloads\ROM_Cleaner_NO-Sense_v1.1.zip
    2012-06-17 17:59 - 2012-06-17 17:59 - 00145619 ____A C:\Users\Andrew\Downloads\Android_Revolution_HD_Super_Wipe_One_X.zip
    2012-06-17 17:59 - 2012-06-17 17:58 - 08758028 ____A C:\Users\Andrew\Downloads\Battery_StockHD_OneX_2.05.1_aroma_by_jotha.zip
    2012-06-17 16:58 - 2012-06-17 16:54 - 554715164 ____A C:\Users\Andrew\Downloads\Android_Revolution_HD-One_X_7.0.0.zip
    2012-06-17 16:56 - 2012-06-17 16:56 - 02951573 ____A C:\Users\Andrew\Downloads\franco.Kernel-modules-r10.zip
    2012-06-17 12:17 - 2012-06-17 11:52 - 327768302 ____A C:\Users\Andrew\Downloads\RD-MIUI_OneX_2.6.15.zip
    2012-06-17 12:02 - 2012-06-17 12:01 - 04464951 ____A C:\Users\Andrew\Downloads\hTC_OneX(S720e)_Radio_1.1204.107.14.zip
    2012-06-17 11:57 - 2012-06-17 11:57 - 04378119 ____A C:\Users\Andrew\Downloads\Radio_2.1204.119.17.zip
    2012-06-14 21:38 - 2012-06-14 21:38 - 00004403 ____A C:\Users\Andrew\Downloads\gas_pressure.gif
    2012-06-14 12:45 - 2012-06-14 12:44 - 04270080 ____A C:\Users\Andrew\Downloads\boot(5).img
    2012-06-13 18:10 - 2012-06-13 18:10 - 02938149 ____A C:\Users\Andrew\Downloads\Something To Dance For_TTYLXOX (Mash Up) from Shake It Up.mp3
    2012-06-13 17:58 - 2012-06-13 17:58 - 00480165 ____A C:\Users\Andrew\Downloads\RecBoot.zip
    2012-06-13 17:07 - 2012-06-13 17:07 - 00753332 ____A C:\Users\Andrew\Downloads\LIBUSB64Fix.zip
    2012-06-13 17:07 - 2012-06-13 17:05 - 363553480 ____A C:\Users\Andrew\Downloads\iPod2,1_4.2.1_8C148_Restore.ipsw
    2012-06-13 17:06 - 2012-06-13 17:06 - 00463215 ____A C:\Users\Andrew\Downloads\fixrecovery-win.zip
    2012-06-13 16:59 - 2012-06-13 16:59 - 01387127 ____A C:\Users\Andrew\Downloads\irecovery.zip
    2012-06-13 12:20 - 2012-06-13 12:20 - 02951561 ____A C:\Users\Andrew\Downloads\franco.Kernel-modules-r9(1).zip
    2012-06-13 12:00 - 2012-06-13 11:58 - 148909136 ____A C:\Users\Andrew\Downloads\cm_endeavoru-ota-eng.noeri_015.zip
    2012-06-13 11:58 - 2012-06-13 11:58 - 02922496 ____A C:\Users\Andrew\Downloads\TripCM9r15Francor9.img
    2012-06-13 11:46 - 2012-06-13 11:46 - 04276224 ____A C:\Users\Andrew\Downloads\boot(4).img
    2012-06-12 16:31 - 2012-06-12 16:30 - 19003209 ____A C:\Users\Andrew\Downloads\Blot-v1.1.0-AppleGuider.org.ipa
    2012-06-12 15:42 - 2012-06-12 15:42 - 16465538 ____A C:\Users\Andrew\Downloads\redsn0w_win_0.9.12b2.zip
    2012-06-12 15:26 - 2012-06-12 15:25 - 16388409 ____A C:\Users\Andrew\Downloads\redsn0w_win_0.9.12b1.zip
    2012-06-12 11:37 - 2012-06-12 11:32 - 156194976 ____A C:\Users\Andrew\Downloads\cm-9-20120612-alpha-1-endeavoru.zip
    2012-06-12 11:33 - 2012-06-12 11:33 - 54485532 ____A C:\Users\Andrew\Downloads\gapps-ics-20120317-signed(2).zip
    2012-06-09 13:25 - 2012-06-09 13:25 - 05879808 ____A C:\Users\Andrew\Downloads\recovery-clockwork-touch-5.8.4.0-endeavoru.img
    2012-06-07 08:03 - 2012-06-07 08:03 - 00009949 ____A C:\Users\Andrew\Downloads\su_ics_v3.1_wraithdu_installer_v2.1(1).zip
    2012-06-07 07:40 - 2012-06-07 07:40 - 00213999 ____A C:\Users\Andrew\Downloads\zImage_Injector_v0.1.rar
    2012-06-06 14:11 - 2012-06-06 14:11 - 00025103 ____A C:\Users\Andrew\Downloads\[freefullandroid.blogspot.com] PowerAMP Full Version Unlocker.apk
    2012-06-06 14:05 - 2012-06-06 14:05 - 01193386 ____A C:\Users\Andrew\Downloads\MarketMilitia.ORG..franco.kernel.v4.9.zip
    2012-06-06 13:54 - 2012-06-06 13:54 - 02951561 ____A C:\Users\Andrew\Downloads\franco.Kernel-modules-r9.zip
    2012-06-06 13:54 - 2012-06-06 13:54 - 02926592 ____A C:\Users\Andrew\Downloads\boot-r9.img
    2012-06-05 16:52 - 2012-06-05 16:52 - 01631006 ____A C:\Users\Andrew\Downloads\t1u1a0s.zip
    2012-06-05 09:03 - 2012-06-05 09:03 - 00484944 ____A C:\Users\Andrew\Downloads\Sensor_Fix.zip
    2012-06-04 13:21 - 2012-06-04 13:18 - 02437399 ____A C:\Users\Andrew\Downloads\GCD v2.25.apk
    2012-06-04 13:15 - 2012-06-04 13:15 - 01045321 ____A C:\Users\Andrew\Downloads\A%20Liquid%20Cloud%20Full%201.22.apk
    2012-06-04 12:52 - 2012-06-04 12:48 - 304978057 ____A C:\Users\Andrew\Downloads\HDWallpaper.zip
    2012-06-04 08:30 - 2012-06-04 08:06 - 694960128 ____A C:\Users\Andrew\Downloads\Zelig (Woody Allen 1983) XviD DVDRip.avi
    2012-06-04 04:22 - 2012-06-04 04:22 - 02929870 ____A C:\Users\Andrew\Downloads\f2patch.exe
    2012-06-04 04:21 - 2012-06-04 04:21 - 00186151 ____A C:\Users\Andrew\Downloads\sfall 2.17(1).7z
    2012-06-04 04:20 - 2012-06-04 04:20 - 08140792 ____A (killap ) C:\Users\Andrew\Downloads\unofficialFO2patch.exe
    2012-06-04 04:19 - 2012-06-04 04:19 - 00771697 ____A C:\Users\Andrew\Downloads\Fallout2_High_Resolution_Patch_3.06.zip
    2012-06-04 04:11 - 2012-06-04 04:11 - 00052736 ____A (Interplay Productions) C:\Windows\ipuninst.exe
    2012-06-03 12:15 - 2012-06-03 12:15 - 04984165 ____A C:\Users\Andrew\Downloads\Reddit News-50.apk
    2012-06-03 12:06 - 2012-06-03 12:06 - 01372076 ____A C:\Users\Andrew\Downloads\Sense_4_clock.apk
    2012-06-03 11:09 - 2012-06-03 11:09 - 00401453 ____A C:\Users\Andrew\Downloads\Root_Explorer.apk
    2012-06-03 10:48 - 2012-06-03 10:48 - 00009949 ____A C:\Users\Andrew\Downloads\su_ics_v3.1_wraithdu_installer_v2.1.zip
    2012-06-03 10:15 - 2012-06-03 10:15 - 05898240 ____A C:\Users\Andrew\Downloads\recovery-clockwork-touch-5.8.3.1-endeavoru_fixedadbusb(1).img
    2012-06-03 10:13 - 2012-06-03 10:13 - 05898240 ____A C:\Users\Andrew\Downloads\recovery-clockwork-touch-5.8.3.1-endeavoru_fixedadbusb.img
    2012-06-03 10:04 - 2012-06-03 10:01 - 148649900 ____A C:\Users\Andrew\Downloads\cm_endeavoru-ota-eng.noeri_014.zip
    2012-06-03 10:02 - 2012-06-03 10:01 - 44272586 ____A C:\Users\Andrew\Downloads\tripndroid_gapps_29052012.zip
    2012-06-03 09:40 - 2012-06-03 09:40 - 01361437 ____A C:\Users\Andrew\Downloads\Supercharger_HardToKillLauncher_services.jar_1.29.401.11.zip
    2012-06-03 05:08 - 2012-06-03 05:08 - 09027043 ____A C:\Users\Andrew\Downloads\grand_theft_auto_iii_v1.3(1).apk
    2012-06-02 14:19 - 2012-06-18 18:32 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-18 18:32 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-18 18:32 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-18 18:32 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-18 18:32 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-18 18:32 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-18 18:32 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 11:19 - 2012-06-18 18:31 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 11:15 - 2012-06-18 18:31 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 05:47 - 2012-06-02 05:46 - 01361437 ____A C:\Users\Andrew\Downloads\services.jar
    2012-06-02 05:45 - 2012-06-02 05:45 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-06-02 05:45 - 2012-06-02 05:45 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-06-02 05:42 - 2012-06-02 05:42 - 96813000 ____A (Oracle Corporation) C:\Users\Andrew\Downloads\jdk-7u4-windows-x64.exe
    2012-06-02 04:20 - 2012-06-02 04:20 - 06276900 ____A C:\Users\Andrew\Downloads\Super Mario 64.zip
    2012-06-01 15:02 - 2012-02-23 17:23 - 00195174 ____A C:\Windows\DPINST.LOG
    2012-06-01 15:01 - 2012-06-01 15:01 - 00002024 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
    2012-06-01 12:58 - 2012-06-01 12:58 - 06054138 ____A C:\Users\Andrew\Downloads\jar file decompile and compiler with tutor.zip
    2012-06-01 07:12 - 2012-06-01 07:12 - 00569873 ____A C:\Users\Andrew\Downloads\CWM-SuperSU-v0.89.zip
    2012-06-01 07:08 - 2012-06-01 07:08 - 05869568 ____A C:\Users\Andrew\Downloads\recovery-clockwork-touch-5.8.3.1-endeavoru.img
    2012-06-01 07:01 - 2012-06-01 07:01 - 00000256 ____A C:\Users\Andrew\Downloads\Unlock_code.bin
    2012-06-01 05:26 - 2012-06-01 05:26 - 13783568 ____A (HTC Corporation ) C:\Users\Andrew\Downloads\HTCDriver3.0.0.007.exe
    2012-06-01 05:21 - 2012-06-01 05:21 - 02024037 ____A C:\Users\Andrew\Downloads\onxr.zip
    2012-06-01 04:33 - 2012-06-01 04:33 - 46956406 ____A C:\Users\Andrew\Downloads\One_X_All-In-One_Kit_v1.0.rar
    2012-05-28 05:16 - 2012-05-28 05:16 - 00341811 ____A () C:\Users\Andrew\Downloads\Everything-1.2.1.371.exe
    2012-05-22 18:36 - 2012-05-22 18:36 - 00012244 ____A C:\Users\Andrew\Documents\Untitled-2.png
    2012-05-21 19:21 - 2012-05-21 19:21 - 00387930 ____A C:\Users\Andrew\Downloads\fallup13.rar
    2012-05-21 19:19 - 2012-05-21 19:19 - 00596602 ____A C:\Users\Andrew\Downloads\Fallout_1_TeamX_Patch_ENG_1.2w.zip
    2012-05-21 19:16 - 2012-05-21 19:16 - 00186151 ____A C:\Users\Andrew\Downloads\sfall 2.17.7z
    2012-05-21 19:16 - 2012-05-21 19:16 - 00032292 ____A C:\Users\Andrew\Downloads\f1npcmod.rar
    2012-05-21 19:14 - 2012-05-21 19:14 - 01539344 ____A C:\Users\Andrew\Downloads\F1ChildPatch.rar
    2012-05-21 18:58 - 2012-05-21 18:58 - 00942635 ____A C:\Users\Andrew\Downloads\Fallout1_High_Resolution_Patch_3.06.zip
    2012-05-21 12:06 - 2012-05-21 12:06 - 00001064 ____A C:\Users\Public\Desktop\Electric Sheep.lnk
    2012-05-21 12:05 - 2012-05-21 12:05 - 19832128 ____A C:\Users\Andrew\Downloads\electricsheep-2.7b34.exe
    2012-05-19 00:17 - 2012-04-08 14:52 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-05-19 00:17 - 2012-01-25 23:55 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-05-19 00:04 - 2012-05-18 23:44 - 732213248 ____A C:\Users\Andrew\Downloads\ubuntu-12.04-desktop-amd64.iso
    2012-05-18 23:41 - 2012-05-18 23:41 - 00759634 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-05-18 23:41 - 2012-05-18 23:41 - 00002135 ____A C:\Users\Public\Desktop\VMware Workstation.lnk
    2012-05-18 23:41 - 2012-05-18 23:41 - 00001024 ____A C:\.rnd
    2012-05-18 00:03 - 2012-05-18 00:03 - 00494939 ____A C:\Users\Andrew\Downloads\TowerOfLondon.zip
    2012-05-15 22:16 - 2012-05-15 22:16 - 146107809 ____A C:\Users\Andrew\Downloads\Young_Sinatra-(DatPiff.com).zip
    2012-05-14 14:55 - 2012-05-14 14:55 - 00001246 ____A C:\Users\Public\Desktop\Auslogics Disk Defrag.lnk
    2012-05-14 14:54 - 2012-05-14 14:54 - 00254152 ____A (Secure By Design Inc.) C:\Users\Andrew\Downloads\Ninite Auslogics Installer.com
    2012-05-13 23:57 - 2012-05-13 21:56 - 00564444 ____A C:\Users\Andrew\Documents\Racial profiling by the police.pptx
    2012-05-13 15:31 - 2012-05-13 15:31 - 00000006 ____A C:\Users\Andrew\Documents\linux.txt
    2012-05-13 14:51 - 2012-05-13 14:51 - 00001889 ____A C:\Users\Andrew\Downloads\ubuntu-script-v7-ubuntupaid(1).zip
    2012-05-13 14:47 - 2012-05-13 14:47 - 00850890 ____A C:\Users\Andrew\Downloads\Complete_Linux_Installer_v301-paypal.apk
    2012-05-13 14:47 - 2012-05-13 14:39 - 1420248603 ____A C:\Users\Andrew\Downloads\ubuntu1204-v2-full.zip
    2012-05-13 14:40 - 2012-05-13 14:40 - 00001893 ____A C:\Users\Andrew\Downloads\ubuntu-script-v7-complete.zip
    2012-05-12 20:31 - 2012-05-12 20:30 - 96635758 ____A C:\Users\Andrew\Downloads\sc st 1.rar
    2012-05-12 18:08 - 2012-05-12 18:08 - 00035538 ____A C:\Users\Andrew\Downloads\GScript (1.1.2) (YourSite.Com).apk
    2012-05-12 17:52 - 2012-05-12 17:52 - 00001139 ____A C:\Users\Andrew\Downloads\ubuntuV6-1-script.zip
    2012-05-12 17:20 - 2012-05-12 17:20 - 00001889 ____A C:\Users\Andrew\Downloads\ubuntu-script-v7-ubuntupaid.zip
    2012-05-12 17:20 - 2012-05-12 17:20 - 00000489 ____A C:\Users\Andrew\Downloads\file _F _Movies_
    2012-05-12 15:10 - 2012-05-12 14:57 - 122735438 ____A C:\Users\Andrew\Downloads\FXP119_update-cm-9.0.0-RC0-anzu-UNOFFICIAL-signed.zip
    2012-05-12 14:58 - 2012-05-12 14:57 - 54485532 ____A C:\Users\Andrew\Downloads\gapps-ics-20120317-signed(1).zip
    2012-05-12 14:29 - 2012-05-12 14:28 - 151801119 ____A C:\Users\Andrew\Downloads\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe
    2012-05-11 21:00 - 2012-05-11 21:00 - 00036896 ____A C:\Users\Andrew\Downloads\layer.cake.(2004).eng.1cd.(3127356)(1).zip
    2012-05-11 20:30 - 2012-05-11 20:30 - 00036970 ____A C:\Users\Andrew\Downloads\layer.cake.(2004).eng.1cd.(3127356).zip
    2012-05-11 18:32 - 2012-05-11 18:31 - 01400260 ____A C:\Users\Andrew\Downloads\ScriptDragon_1.5.26.0.zip
    2012-05-11 18:29 - 2012-05-11 18:29 - 00316222 ____A C:\Users\Andrew\Downloads\SkyBoost_r5_test_3.zip
    2012-05-11 18:15 - 2012-05-11 18:14 - 09406710 ____A C:\Users\Andrew\Downloads\Skyrim_Enhanced_Shaders_FX-822.zip
    2012-05-11 17:47 - 2012-05-11 17:47 - 00292184 ____A (Microsoft Corporation) C:\Users\Andrew\Downloads\dxwebsetup(1).exe
    2012-05-11 17:44 - 2012-05-11 17:44 - 00001655 ____A C:\Users\Andrew\Desktop\skse_loader.exe - Shortcut.lnk
    2012-05-11 17:41 - 2012-05-11 17:41 - 00306868 ____A C:\Users\Andrew\Downloads\skse_1_05_06.7z
    2012-05-11 17:33 - 2012-05-11 17:33 - 05699154 ____A C:\Users\Andrew\Downloads\NEW_v21HDR_Realistic_Colors_and_Real_Nights_MANUAL_INSTALLER_for_STEAM_and_NEXUS-1875-2-1.rar
    2012-05-11 17:19 - 2012-05-11 17:19 - 00225336 ____A C:\Users\Andrew\Downloads\skse_1_04_15.7z
    2012-05-11 17:17 - 2012-05-11 17:17 - 00000890 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
    2012-05-11 17:17 - 2012-05-11 17:16 - 03802494 ____A (Black Tree Gaming ) C:\Users\Andrew\Downloads\Nexus Mod Manager-0.17.1.exe
    2012-05-11 13:45 - 2012-05-11 13:34 - 133603512 ____A C:\Users\Andrew\Downloads\Ariel-Teen-SexMovs.avi
    2012-05-11 12:02 - 2012-05-11 12:02 - 00039409 ____A C:\Users\Andrew\Downloads\ski32.zip
    2012-05-11 01:23 - 2012-05-10 21:23 - 00924451 ____A C:\Users\Andrew\Documents\Marijuana decriminalization.pptx
    2012-05-10 18:55 - 2012-05-10 18:46 - 181260963 ____A C:\Users\Andrew\Downloads\South.Park.S16E06.REPACK.HDTV.x264-ASAP.mp4
    2012-05-08 23:05 - 2012-05-08 23:05 - 00001588 ____A C:\Users\Andrew\Desktop\ChessBase 11.lnk
    2012-05-08 12:39 - 2012-01-24 00:29 - 00000943 ____A C:\Users\Public\Desktop\µTorrent.lnk
    2012-05-06 21:07 - 2012-05-06 21:07 - 00002049 ____A C:\Users\Public\Desktop\Baldur's Gate.lnk
    2012-05-06 19:54 - 2012-05-06 19:53 - 183358675 ____A C:\Users\Andrew\Downloads\Young_Sinatra_Undeniable-(DatPiff.com).zip
    2012-05-06 18:11 - 2012-05-06 18:11 - 00069371 ____A C:\Users\Andrew\Downloads\102728.rar
    2012-05-06 15:55 - 2012-05-06 15:55 - 00797186 ____A C:\Users\Andrew\Downloads\widescreen-v3.05.exe
    2012-05-06 13:38 - 2012-05-06 13:38 - 00002076 ____A C:\Users\Public\Desktop\Baldur's Gate II.lnk
    2012-05-05 15:09 - 2012-03-12 11:55 - 00001780 ____A C:\Users\Andrew\Desktop\PeerBlock.lnk
    2012-05-02 09:07 - 2012-02-23 19:34 - 00004488 ____A C:\Windows\PFRO.log
    2012-05-02 08:54 - 2012-05-02 08:54 - 00050892 ____A C:\Users\Andrew\Documents\133597698906c0e496-efa6-4273-8628-a7f9343cf6d2__2012050212541823375.rtf
    2012-05-01 15:11 - 2012-05-01 15:11 - 04687908 ____A C:\Users\Andrew\Downloads\Mass.Effect.ViTALiTY.Crack.only.rar
    2012-05-01 15:11 - 2012-05-01 15:10 - 74354694 ____A (BioWare) C:\Users\Andrew\Downloads\MassEffect_EFIGS_1.02.exe
    2012-05-01 15:03 - 2012-05-01 15:03 - 00013026 ____A C:\Users\Andrew\Desktop\MassEffect.exe - Shortcut.lnk
    2012-05-01 14:58 - 2012-05-01 14:58 - 00001078 ____A C:\Users\Public\Desktop\Mass Effect.lnk
    2012-05-01 14:24 - 2012-02-03 11:09 - 04986864 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-04-30 21:57 - 2012-04-30 17:34 - 3466315776 ____A C:\Users\Andrew\Downloads\Mass.Effect.PROPER-reloaded [BTarena.org].iso
    2012-04-30 14:25 - 2012-04-30 14:25 - 02387988 ____A C:\Users\Andrew\Downloads\Sharpshooters_Extreme_Graphics_Vision-15105.rar
    2012-04-28 14:36 - 2012-04-28 14:36 - 06826953 ____A C:\Users\Andrew\Downloads\win2k_xp1410.zip
    2012-04-27 19:46 - 2012-04-27 19:46 - 00000991 ____A C:\Users\Andrew\Desktop\gbrainy.lnk
    2012-04-27 19:46 - 2012-04-27 19:45 - 18256260 ____A C:\Users\Andrew\Downloads\gbrainy-206.exe
    2012-04-26 21:35 - 2012-04-26 21:35 - 17702520 ____A C:\Users\Andrew\Downloads\jin-2.14.1-windows.exe
    2012-04-24 17:57 - 2012-04-24 17:57 - 00223258 ____A C:\Users\Andrew\Downloads\wowlab_figure_1.0.zip
    2012-04-24 17:56 - 2012-04-24 17:56 - 00999247 ____A C:\Users\Andrew\Downloads\Cubism.zip
    2012-04-22 19:18 - 2012-04-22 19:18 - 00399224 ____A (BitTorrent, Inc.) C:\Users\Andrew\Downloads\utorrent_2.2.1.exe
    2012-04-22 16:30 - 2012-04-22 16:29 - 47796216 ____A (Electronic Arts, Inc.) C:\Users\Andrew\Downloads\eadm-installer.exe
    2012-04-22 16:18 - 2012-04-22 16:18 - 06181783 ____A (Intel Corporation) C:\Users\Andrew\Downloads\win2k_xp14103.exe
    2012-04-22 15:57 - 2012-04-22 15:57 - 22865470 ____A C:\Users\Andrew\Downloads\sb0220_live1_xp.rar
    2012-04-22 15:42 - 2012-04-22 15:42 - 07080000 ____A C:\Users\Andrew\Downloads\sdg3845_2kxp.zip
    2012-04-22 15:42 - 2012-04-22 15:42 - 06999487 ____A C:\Users\Andrew\Downloads\usb2-wxp.zip
    2012-04-22 15:42 - 2012-04-22 15:42 - 05646746 ____A C:\Users\Andrew\Downloads\iaa22.zip
    2012-04-22 15:42 - 2012-04-22 15:42 - 04549378 ____A C:\Users\Andrew\Downloads\lan_i61.zip
    2012-04-22 15:42 - 2012-04-22 15:42 - 02361481 ____A C:\Users\Andrew\Downloads\alc650_wdm337.zip
    2012-04-22 15:42 - 2012-04-22 15:42 - 00216597 ____A C:\Users\Andrew\Downloads\09p4gvm4(1).zip
    2012-04-22 15:41 - 2012-04-22 15:41 - 00216597 ____A C:\Users\Andrew\Downloads\09p4gvm4.zip
    2012-04-22 15:39 - 2012-04-22 15:39 - 19631799 ____A C:\Users\Andrew\Downloads\p4b533-vm.zip
    2012-04-22 15:38 - 2012-04-22 15:37 - 06800480 ____A (SmartTweak Software ) C:\Users\Andrew\Downloads\UpdateMyDrivers.exe
    2012-04-22 15:11 - 2012-04-22 15:11 - 04179293 ____A (Lavalys, Inc. ) C:\Users\Andrew\Downloads\everesthome220(1).exe
    2012-04-22 12:44 - 2012-04-22 12:48 - 00000824 ____A C:\Users\Andrew\Documents\COMPZZ.txt
    2012-04-22 12:44 - 2012-04-22 12:44 - 01174617 ____A (Magical Jelly Bean ) C:\Users\Andrew\Downloads\KeyFinderInstaller.exe
    2012-04-22 12:14 - 2012-04-22 12:09 - 1005455431 ____A C:\Users\Andrew\Downloads\sims3_13230150xx_update.zip
    2012-04-22 12:12 - 2012-04-22 12:11 - 06888593 ____A C:\Users\Andrew\Downloads\TS3-1.32.3-Crack-by-beibei007.rar
    2012-04-21 19:08 - 2012-02-02 20:23 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-04-20 22:51 - 2012-04-20 22:51 - 01065447 ____A C:\Users\Andrew\Downloads\ClipCube-0.3-Beta1.zip
    2012-04-20 10:25 - 2012-04-20 10:25 - 00159559 ____A C:\Users\Andrew\Downloads\TESVAL-1.3.10.0-2011-12-22-skseplugin(1).7z
    2012-04-17 17:11 - 2012-04-17 15:47 - 03474044 ____A C:\Users\Andrew\Documents\The 2011 Vancouver Stanley Cup riot.pptx
    2012-04-14 21:26 - 2012-04-14 21:26 - 08741536 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-04-13 15:51 - 2012-04-13 15:50 - 38475313 ____A C:\Users\Andrew\Downloads\hodgybeats-untitledep.zip
    2012-04-13 12:39 - 2012-04-13 12:38 - 142866479 ____A C:\Users\Andrew\Downloads\BBNG2-MP3-V0.zip
    2012-04-12 17:18 - 2012-04-11 20:36 - 02973348 ____A C:\Users\Andrew\Documents\Household cleaners.pptx
    2012-04-11 23:58 - 2012-04-11 23:58 - 00326214 ____A C:\Users\Andrew\Downloads\css3phototwo-481253527.zip
    2012-04-11 23:56 - 2012-04-11 23:55 - 12064152 ____A C:\Users\Andrew\Downloads\genericwebsitetemplate.zip
    2012-04-11 23:55 - 2012-04-11 23:39 - 00112777 ____A C:\Users\Andrew\Documents\Household cleaner quiz.pptx
    2012-04-11 19:36 - 2012-02-03 01:04 - 00115824 ____A C:\Users\Andrew\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-04-09 21:49 - 2012-04-09 21:48 - 108145088 ____A (Wolfram Research, Inc. ) C:\Users\Andrew\Downloads\CDFPlayer_8.0.4_WIN.exe
    2012-04-08 16:00 - 2012-04-08 16:00 - 00001792 ____A C:\Users\Andrew\Desktop\dxhr.exe - Shortcut.lnk
    2012-04-08 10:32 - 2012-04-08 10:29 - 09027043 ____A C:\Users\Andrew\Downloads\grand_theft_auto_iii_v1.3.apk
    2012-04-08 10:27 - 2012-04-08 10:27 - 01077332 ____A C:\Users\Andrew\Downloads\20lc(1).zip
    2012-04-08 10:24 - 2012-04-08 10:24 - 00145907 ____A C:\Users\Andrew\Downloads\live-dmesg-(2.2).apk
    2012-04-07 22:02 - 2012-04-07 22:02 - 06403088 ____A C:\Users\Andrew\Downloads\Xperia_PLAY_neo_arc_acroIS11s_acroSO-02C_USB_drivers.zip
    2012-04-07 19:59 - 2012-04-07 19:59 - 00047889 ____A C:\Users\Andrew\Downloads\the.big.lebowski.(1998).eng.1cd.(3557133).zip
    2012-04-07 14:23 - 2012-04-07 14:23 - 00039611 ____A C:\Users\Andrew\Downloads\trainspotting.(1996).eng.1cd.(3943530).zip
    2012-04-07 12:40 - 2012-04-07 12:05 - 120560359 ____A C:\Users\Andrew\Downloads\FXP115_update-cm-9.0.0-RC0-anzu-UNOFFICIAL-signed.zip
    2012-04-07 12:04 - 2012-04-07 12:04 - 54485532 ____A C:\Users\Andrew\Downloads\gapps-ics-20120317-signed.zip
    2012-04-07 12:04 - 2012-04-07 12:04 - 18072123 ____A C:\Users\Andrew\Downloads\gapps-ics-facelock-20120131-signed.zip
    2012-04-05 21:46 - 2012-04-05 21:46 - 13912326 ____A C:\Users\Andrew\Downloads\lunaticdemo_install.exe
    2012-04-05 21:46 - 2012-04-05 21:46 - 00001989 ____A C:\Users\Andrew\Desktop\Dr. Lunatic Demo.lnk
    2012-04-05 12:33 - 2012-04-05 12:33 - 00002014 ____A C:\Users\Public\Desktop\Fallout.lnk
    2012-04-05 12:31 - 2012-04-05 12:28 - 507361719 ____A (GOG.com ) C:\Users\Andrew\Downloads\setup_fallout.exe
    2012-04-05 04:03 - 2012-04-05 02:57 - 00434562 ____A C:\Users\Andrew\Documents\Factors affecting drug action.pptx
    2012-04-04 14:33 - 2012-06-02 05:45 - 00268680 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-04-04 14:33 - 2012-02-23 17:13 - 00955800 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
    2012-04-04 14:33 - 2012-02-23 17:13 - 00839056 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2012-04-04 11:56 - 2012-01-22 18:30 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

    ZeroAccess:
    C:\Windows\Installer\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}
    C:\Windows\Installer\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}\@
    C:\Windows\Installer\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}\L
    C:\Windows\Installer\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}\U
    C:\Windows\Installer\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}\L\00000004.@
    C:\Windows\Installer\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}\L\55490ac4
    C:\Windows\Installer\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}\U\00000004.@
    C:\Windows\Installer\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}\U\00000008.@
    C:\Windows\Installer\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}\U\000000cb.@
    C:\Windows\Installer\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}\U\80000032.@
    C:\Windows\Installer\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}\U\80000064.@

    ZeroAccess:
    C:\Users\Andrew\AppData\Local\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}
    C:\Users\Andrew\AppData\Local\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}\@
    C:\Users\Andrew\AppData\Local\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}\L
    C:\Users\Andrew\AppData\Local\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 12%
    Total physical RAM: 8174.81 MB
    Available physical RAM: 7159.28 MB
    Total Pagefile: 8173.01 MB
    Available Pagefile: 7156.1 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:1862.92 GB) (Free:612.94 GB) NTFS
    2 Drive e: (Repair disc ReadyDriver Plus 64-) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
    3 Drive f: () (Removable) (Total:7.63 GB) (Free:2.45 GB) FAT32
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 1863 GB 0 B
    Disk 1 Online 7830 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 1862 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 1862 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 7830 MB 0 B

    ==================================================================================

    Disk: 1
    There is no partition selected.

    There is no partition selected.
    Please select a partition and try again.

    ==================================================================================

    ==========================================================

    Last Boot: 2012-06-27 21:18

    ======================= End Of Log ==========================
  11. Broni

    Broni Malware Annihilator Posts: 46,388   +252

    Please do NOT wrap your logs in code brackets.

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
     
  12. debani

    debani Newcomer, in training Topic Starter Posts: 18

    Farbar Recovery Scan Tool Version: 30-06-2012 04
    Ran by SYSTEM at 2012-07-01 13:44:06
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
  13. Broni

    Broni Malware Annihilator Posts: 46,388   +252

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

    Attached Files:

  14. debani

    debani Newcomer, in training Topic Starter Posts: 18

    My internet connection won't reconnect now. In adapter settings it shows my internet card sending and receiving packets but in my notification area it says there's no internet access. I've tried restarting multiple times.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 30-06-2012 04
    Ran by SYSTEM at 2012-07-01 14:06:02 Run:1
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\Installer\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff} moved successfully.
    C:\Users\Andrew\AppData\Local\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====


    ComboFix 12-07-01.03 - Andrew 07/01/2012 14:18:07.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.6322 [GMT -4:00]
    Running from: c:\users\Andrew\Desktop\ComboFix.exe
    AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\CCleaner\cc_update.exe
    c:\program files\CCleaner\TrayApp.exe
    c:\programdata\ntuser.dat
    c:\windows\assembly\GAC_32\Desktop.ini
    c:\windows\assembly\GAC_64\Desktop.ini
    c:\windows\es.exe
    c:\windows\pthreadGC2.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-01 21:12 . 2012-07-01 21:12 -------- d-----w- C:\FRST
    2012-07-01 18:27 . 2012-07-01 18:27 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-01 06:23 . 2012-07-01 06:23 -------- d-----w- c:\users\Andrew\AppData\Local\FalloutNV
    2012-06-30 22:04 . 2012-06-30 22:04 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-06-24 16:27 . 2012-06-24 17:26 -------- d-----w- c:\program files (x86)\QemuManager
    2012-06-24 16:19 . 2012-06-24 16:29 -------- d-----w- c:\program files (x86)\Bochs-2.5.1
    2012-06-21 04:17 . 2012-06-21 04:17 -------- d-----w- c:\users\Andrew\AppData\Local\Google
    2012-06-21 04:16 . 2012-06-21 04:17 -------- d-----w- c:\users\Andrew\AppData\Local\Deployment
    2012-06-19 02:32 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-19 02:32 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-19 02:32 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-19 02:32 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-19 02:32 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-19 02:32 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-19 02:32 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-19 02:31 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-19 02:31 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-18 16:29 . 2012-06-18 16:29 -------- d-----w- c:\programdata\GARMIN
    2012-06-18 16:29 . 2012-06-18 16:29 -------- d-----w- c:\program files\DIFX
    2012-06-18 16:29 . 2012-06-18 16:31 -------- d-----w- c:\users\Andrew\AppData\Roaming\Garmin
    2012-06-18 16:29 . 2012-06-18 16:29 -------- d-----w- c:\program files (x86)\Garmin
    2012-06-14 01:11 . 2012-06-14 01:27 -------- d-----w- C:\BOOT
    2012-06-14 01:00 . 2012-06-14 01:34 -------- d-----w- c:\program files (x86)\LibUSB-Win32
    2012-06-07 14:41 . 2012-06-07 14:41 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-07 14:41 . 2012-06-07 14:41 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-04 12:30 . 2012-06-04 12:30 -------- d-----w- c:\programdata\Fallout2
    2012-06-04 12:11 . 2012-06-04 12:11 52736 ----a-w- c:\windows\ipuninst.exe
    2012-06-04 12:11 . 2012-06-04 12:11 -------- d-----w- c:\program files\BlackIsle
    2012-06-01 23:00 . 2012-06-01 23:00 -------- d-----w- c:\users\Andrew\AppData\Local\Sony
    2012-06-01 23:00 . 2012-06-01 23:00 -------- d-----w- c:\programdata\Sony
    2012-06-01 23:00 . 2012-06-01 23:00 -------- d-----w- c:\program files (x86)\Sony
    2012-06-01 20:58 . 2012-06-02 14:40 -------- d-----w- C:\flerp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-19 08:17 . 2012-04-08 22:52 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-19 08:17 . 2012-01-26 07:55 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-04-15 05:26 . 2012-04-15 05:26 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-13 08:46 . 2012-05-01 22:30 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4CC93A81-CC1F-41C1-8124-22CD391A1F94}\mpengine.dll
    2012-04-04 22:33 . 2012-02-24 01:13 955800 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-04-04 22:33 . 2012-02-24 01:13 839056 ----a-w- c:\windows\system32\deployJava1.dll
    2012-04-04 19:56 . 2012-01-23 02:30 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "F.lux"="c:\users\Andrew\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
    "TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2012-01-25 1517520]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-01-18 103536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux3"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 DirMngr;DirMngr;f:\gpg\dirmngr.exe [x]
    R3 atillk64;atillk64;c:\users\Andrew\Downloads\winflash20113\atillk64.sys [2006-07-19 14608]
    R3 AxtuDrv;AxtuDrv;c:\windows\SysWOW64\Drivers\AxtuDrv.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-04-06 13352]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 51445112]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
    R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-31 1255736]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
    S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-10-01 302120]
    S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
    S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
    S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-02-03 15936]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-06 235520]
    S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
    S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]
    S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-01-18 11839488]
    S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-12-06 10720256]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-12-06 327168]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
    S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
    S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
    S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2012-02-03 32320]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
    S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-03 471144]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201679691-783270451-1720172099-1000Core.job
    - c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-21 04:17]
    .
    2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201679691-783270451-1720172099-1000UA.job
    - c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-21 04:17]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
    "XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-10-19 1441152]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-03 11545192]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
    LSP: %SystemRoot%\system32\vsocklib.dll
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\a2o8s4yn.default\
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 8118
    FF - prefs.js: network.proxy.ssl - 127.0.0.1
    FF - prefs.js: network.proxy.ssl_port - 8118
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-GPG4Win - f:\gpg\gpg4win-uninstall.exe
    AddRemove-Privoxy - f:\privoxy\privoxy_uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\vmnat.exe
    c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
    c:\windows\SysWOW64\vmnetdhcp.exe
    c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-01 14:34:17 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-01 18:34
    .
    Pre-Run: 671,775,571,968 bytes free
    Post-Run: 673,832,357,888 bytes free
    .
    - - End Of File - - FF728294731EBCD8FF4ED7CE24E6720E
  15. Broni

    Broni Malware Annihilator Posts: 46,388   +252

    Let's see about your connection...

    Please download Farbar Service Scanner Download Link and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center/Action Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
  16. debani

    debani Newcomer, in training Topic Starter Posts: 18

    Farbar Service Scanner Version: 01-07-2012
    Ran by Andrew (administrator) on 01-07-2012 at 17:14:30
    Running from "F:\"
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Attempt to access Google.com returned error: Other errors
    Yahoo IP is accessible.
    Attempt to access Yahoo.com returned error: Other errors


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  17. Broni

    Broni Malware Annihilator Posts: 46,388   +252

    These settings look fine.

    Make sure, your settings are correct.
    1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
    2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
    3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
    4. For a wired network connection, right-click Local Area Connection, and then select Properties.
    For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
    5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol version 4 (TCP/IPv4), make sure it is checked, and then click Properties
    6. Make sure Obtain an IP Address Automatically and Obtain DNS server address Automatically are checked.
    7. Click on "Advanced" button and make sure "IP Settings" tab looks like this:
    [​IMG]
    Make sure "DNS" tab looks like this:
    [​IMG]
    Make sure "WINS" tab looks like this:
    [​IMG]
    8. Still in Control Panel double click on "Internet options" then "Connections" tab then "LAN Settings" button. Make sure "Automatically detect settings" is checked.
    If you made any changes OK your way out.
    Restart computer.


    If that doesn't work...
    Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
    Reconnect everything.
    Restart computer.

    If that doesn't work, bypass router, and connect computer straight to the modem.

    If that doesn't work...
    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Restart computer.

    If that doesn't work...
    Go Start>Run (Start search in Vista and 7), type in:
    cmd
    Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

    At Command Prompt, type in:
    netsh int ip reset reset.log
    Hit Enter.
    Type in:
    netsh winsock reset catalog
    Hit Enter.

    Restart computer.
  18. debani

    debani Newcomer, in training Topic Starter Posts: 18

    I got my internet working again by removing my internet adapter from my internet bridge and re-bridging my connections.
  19. Broni

    Broni Malware Annihilator Posts: 46,388   +252

    Cool beans :)

    Any other current issues?

    ========================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =========================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  20. debani

    debani Newcomer, in training Topic Starter Posts: 18

    Not as far as I can tell.

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.01.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Andrew :: ANDREW-PC [administrator]

    7/1/2012 5:31:55 PM
    mbam-log-2012-07-01 (17-31-55).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 211927
    Time elapsed: 3 minute(s), 22 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    OTL logfile created on: 7/1/2012 5:37:26 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Andrew\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.98 Gb Total Physical Memory | 6.10 Gb Available Physical Memory | 76.37% Memory free
    15.96 Gb Paging File | 14.01 Gb Available in Paging File | 87.73% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 1862.92 Gb Total Space | 627.62 Gb Free Space | 33.69% Space Free | Partition Type: NTFS
    Drive D: | 165.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive F: | 7.63 Gb Total Space | 2.45 Gb Free Space | 32.10% Space Free | Partition Type: FAT32

    Computer Name: ANDREW-PC | User Name: Andrew | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/01 17:33:13 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
    PRC - [2012/02/23 06:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2012/01/18 15:47:28 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
    PRC - [2012/01/18 15:47:20 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
    PRC - [2012/01/18 15:47:10 | 000,103,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
    PRC - [2012/01/18 15:04:52 | 011,839,488 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
    PRC - [2012/01/18 13:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
    PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/09/22 16:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    PRC - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2011/03/31 16:08:14 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    PRC - [2011/02/15 07:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
    PRC - [2010/11/20 23:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    PRC - [2010/05/04 15:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
    PRC - [2009/08/29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Andrew\Local Settings\Apps\F.lux\flux.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/02/15 07:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
    MOD - [2011/02/15 07:20:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
    MOD - [2011/02/15 07:20:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
    MOD - [2011/02/15 07:19:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
    MOD - [2011/02/15 07:19:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
    MOD - [2011/02/15 07:19:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
    MOD - [2010/07/27 00:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
    MOD - [2009/08/29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Andrew\Local Settings\Apps\F.lux\flux.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/12/05 23:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/10/19 17:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
    SRV:64bit: - [2011/09/22 16:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012/07/01 00:03:37 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/06/16 10:35:05 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/02/23 06:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2012/02/02 21:22:29 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2012/01/18 15:47:28 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
    SRV - [2012/01/18 15:47:20 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
    SRV - [2012/01/18 15:04:52 | 011,839,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
    SRV - [2012/01/18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
    SRV - [2012/01/18 13:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
    SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/08/29 22:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
    SRV - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2011/03/31 16:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
    SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
    SRV - [2010/05/04 15:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/02 21:29:19 | 000,032,320 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
    DRV:64bit: - [2012/02/02 21:28:30 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
    DRV:64bit: - [2012/02/02 21:16:20 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2012/01/24 20:46:35 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
    DRV:64bit: - [2012/01/18 15:47:44 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
    DRV:64bit: - [2012/01/18 15:46:18 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
    DRV:64bit: - [2012/01/18 13:06:00 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
    DRV:64bit: - [2012/01/18 13:06:00 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
    DRV:64bit: - [2011/12/05 23:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/12/05 22:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/10/17 13:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2011/08/29 22:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
    DRV:64bit: - [2011/08/09 18:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
    DRV:64bit: - [2011/08/08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
    DRV:64bit: - [2011/08/04 13:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
    DRV:64bit: - [2011/08/04 13:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
    DRV:64bit: - [2011/08/04 13:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
    DRV:64bit: - [2011/08/04 13:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
    DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/07/04 16:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed) cFosSpeed for faster Internet connections (NDIS 6)
    DRV:64bit: - [2011/05/20 10:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/05/10 11:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/08 01:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
    DRV:64bit: - [2011/02/08 01:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
    DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
    DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2010/11/20 23:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
    DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
    DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/20 23:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/09/30 23:35:06 | 000,302,120 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
    DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
    DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
    DRV:64bit: - [2010/06/11 15:37:14 | 000,015,368 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
    DRV:64bit: - [2009/11/01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
    DRV:64bit: - [2009/06/10 16:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 17:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/04/06 03:13:46 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
    DRV:64bit: - [2009/04/06 03:13:46 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
    DRV - [2010/05/26 20:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2006/07/19 15:04:00 | 000,014,608 | R--- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Users\Andrew\Downloads\winflash20113\atillk64.sys -- (atillk64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-201679691-783270451-1720172099-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-201679691-783270451-1720172099-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 79 F6 40 9E 64 4F CD 01 [binary data]
    IE - HKU\S-1-5-21-201679691-783270451-1720172099-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-201679691-783270451-1720172099-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-201679691-783270451-1720172099-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-201679691-783270451-1720172099-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 8118
    FF - prefs.js..network.proxy.no_proxies_on: ""
    FF - prefs.js..network.proxy.ssl: "127.0.0.1"
    FF - prefs.js..network.proxy.ssl_port: 8118
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Andrew\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Andrew\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/01/22 22:34:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 10:35:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Users\Andrew\AppData\Local\Mozilla Thunderbird\components [2012/03/28 21:52:16 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Users\Andrew\AppData\Local\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/01/22 22:34:38 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 10:35:06 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2011/09/10 07:50:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Extensions
    [2012/06/29 15:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\a2o8s4yn.default\extensions
    [2012/06/19 22:57:40 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\a2o8s4yn.default\extensions\https-everywhere@eff.org
    [2012/06/25 07:53:58 | 000,004,873 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\a2o8s4yn.default\searchplugins\isohunt--bt-search.xml
    [2011/09/10 02:32:40 | 000,002,276 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\a2o8s4yn.default\searchplugins\minecraft-wiki-en.xml
    [2011/09/11 15:31:23 | 000,001,597 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\a2o8s4yn.default\searchplugins\the-pirate-bay.xml
    [2011/09/28 19:33:10 | 000,000,911 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\a2o8s4yn.default\searchplugins\thesauruscom.xml
    [2011/10/29 23:42:01 | 000,002,006 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\a2o8s4yn.default\searchplugins\urban-dictionary.xml
    [2012/03/01 20:06:43 | 000,001,997 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\a2o8s4yn.default\searchplugins\wolframalpha.xml
    [2011/09/10 17:25:58 | 000,004,140 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\a2o8s4yn.default\searchplugins\youtube.xml
    [2012/03/26 03:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/12/08 01:39:10 | 000,061,705 | ---- | M] () (No name found) -- C:\USERS\ANDREW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A2O8S4YN.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
    [2012/06/29 15:05:59 | 000,743,305 | ---- | M] () (No name found) -- C:\USERS\ANDREW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A2O8S4YN.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    [2011/11/08 22:58:41 | 000,034,228 | ---- | M] () (No name found) -- C:\USERS\ANDREW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A2O8S4YN.DEFAULT\EXTENSIONS\PRIV3@ICSI.BERKELEY.EDU.XPI
    [2012/05/08 20:47:30 | 000,195,036 | ---- | M] () (No name found) -- C:\USERS\ANDREW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A2O8S4YN.DEFAULT\EXTENSIONS\SAVEDPASSWORDEDITOR@DANIEL.DAWSON.XPI
    [2012/06/23 02:52:35 | 000,072,222 | ---- | M] () (No name found) -- C:\USERS\ANDREW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A2O8S4YN.DEFAULT\EXTENSIONS\SKIPSCREEN@SKIPSCREEN.XPI
    [2012/06/10 22:25:52 | 000,009,107 | ---- | M] () (No name found) -- C:\USERS\ANDREW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A2O8S4YN.DEFAULT\EXTENSIONS\YTLIKE@DAVIDEBULDRINI.COM.XPI
    [2012/06/16 10:35:06 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/06/07 10:41:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/06/07 10:41:47 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/07/01 14:29:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
    O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
    O4 - HKU\S-1-5-21-201679691-783270451-1720172099-1000..\Run: [F.lux] C:\Users\Andrew\Local Settings\Apps\F.lux\flux.exe ()
    O4 - HKU\S-1-5-21-201679691-783270451-1720172099-1000..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-201679691-783270451-1720172099-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-201679691-783270451-1720172099-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
    O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADB804D6-AD11-4AFD-8016-0972DFA28C9A}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD06867E-1F0A-4A8E-A842-2A6AF3726073}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.RTV1 - rtvcvfw32.dll File not found
    Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/01 17:32:50 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
    [2012/07/01 17:12:46 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/01 14:48:51 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Diagnostics
    [2012/07/01 14:39:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/01 14:14:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/01 14:14:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/01 14:14:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/01 14:13:08 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/01 14:12:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/01 14:07:56 | 004,568,829 | R--- | C] (Swearware) -- C:\Users\Andrew\Desktop\ComboFix.exe
    [2012/07/01 13:39:26 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{BF9F2E76-1401-49AC-BF17-9622D46DD869}
    [2012/07/01 13:39:17 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{99A92D12-0786-4CD6-A2DE-0358816BED5E}
    [2012/07/01 13:07:14 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{918EB4CE-F693-4823-840C-973481571F78}
    [2012/07/01 02:23:41 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\FalloutNV
    [2012/07/01 00:06:56 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    [2012/06/30 18:04:32 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012/06/30 12:47:12 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{CC2870CD-0AA7-4255-907D-D96101DF0EEE}
    [2012/06/30 12:47:03 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{7ACE39BD-6347-4D46-A724-7276E110BE6D}
    [2012/06/29 18:42:01 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{3B6CB001-275D-454B-9A16-84C2D33BA3A7}
    [2012/06/29 18:41:51 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{9BD356DE-D33D-4A39-8B7B-8E716E2A9EEC}
    [2012/06/29 14:39:47 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{704D08BB-9C06-44AE-BE3E-59AE06EEB608}
    [2012/06/28 13:30:37 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{B39DD8D1-E1D9-4107-BBF4-65C2950E3CA4}
    [2012/06/28 13:30:27 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{413ECC6D-5E00-44E3-AFAF-57DE4B7B7ADD}
    [2012/06/28 11:47:46 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{86C90CC7-6309-4372-B322-5277F9B68199}
    [2012/06/27 14:44:17 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{0CF13C35-D43E-4B17-9CF4-863AD3F22AFB}
    [2012/06/27 14:44:08 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{5FA89DDF-6CB2-497B-B736-9EF372AC1188}
    [2012/06/27 00:46:31 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{A168FC6E-42C3-46F6-ACC3-EF4B37F53939}
    [2012/06/27 00:46:21 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{61ACD1A9-93B2-4C2A-9879-B27324E74C48}
    [2012/06/26 22:16:07 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{B62FB72B-7252-4360-AA94-3B438D7F5BAE}
    [2012/06/26 22:15:58 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{481D5F58-5E52-41A2-9E13-AE947C7AFD19}
    [2012/06/26 13:06:42 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{CF133B0F-C978-4B49-AD46-EA2F6472CD43}
    [2012/06/25 22:53:44 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{CB9C1E7C-FFD2-4AAA-9086-4CDAFAFE2002}
    [2012/06/25 22:53:35 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{65BA263F-DB57-4784-9533-0018CF813551}
    [2012/06/25 08:32:14 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{EDE0967C-8406-4340-9344-9676AC64BDE7}
    [2012/06/25 08:32:05 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{024F8484-26EA-414A-BFE2-C6B213A5A038}
    [2012/06/24 19:14:55 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{7DB05BF6-88C2-4EC4-875E-E3DA4863C706}
    [2012/06/24 19:14:46 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{A8053887-7F1E-4E22-9A5F-3F7A3D2DA005}
    [2012/06/24 17:14:24 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{8B2B0A11-24BD-4038-9431-5912226E579F}
    [2012/06/24 12:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qemu Manager 7.0
    [2012/06/24 12:27:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QemuManager
    [2012/06/24 12:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bochs 2.5.1
    [2012/06/24 12:19:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bochs-2.5.1
    [2012/06/24 11:12:47 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\most recent android stuff
    [2012/06/24 04:50:21 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{18B7F3E3-61BD-41B0-8C4D-75178462B86B}
    [2012/06/24 04:50:12 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{6D005FEF-EA25-4E67-91B2-D259A9C7BE5C}
    [2012/06/23 12:39:44 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{6D3ABA27-1AC9-48D7-A374-8BBC4353D0DC}
    [2012/06/23 12:39:34 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{0845801E-3819-419A-95DF-F4B436F219FC}
    [2012/06/23 12:23:38 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{6135DBFD-B855-46B6-A8DE-2D76FC1FC350}
    [2012/06/23 02:02:19 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\android clutter
    [2012/06/23 02:01:02 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\python
    [2012/06/23 01:56:57 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\android
    [2012/06/22 21:37:27 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{38E58BDC-A624-4C8E-A01E-03EDEE21D8B1}
    [2012/06/22 21:37:17 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{D742E206-3F07-401C-8CFF-50A0E8438E95}
    [2012/06/22 09:36:54 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{5D4642DE-3AB2-4A53-8FBF-BCC50054DF4A}
    [2012/06/22 09:36:44 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{145D89C2-E7EA-48C9-B5D5-ACD3F802E8A3}
    [2012/06/21 21:36:21 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{ADACC506-C152-449D-B5C7-844814DE0935}
    [2012/06/21 21:36:11 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{1F4C80C6-8D60-491D-B41C-3D4A18948E75}
    [2012/06/21 08:07:44 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{7C79ED7B-4942-46FE-81D9-B34AAD07DDF7}
    [2012/06/21 08:07:34 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{F78F9CEA-EB3D-4806-81EB-E9854476E0BD}
    [2012/06/21 00:17:32 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Google
  21. debani

    debani Newcomer, in training Topic Starter Posts: 18

    [2012/06/21 00:16:33 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Deployment
    [2012/06/20 13:39:11 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{23FE9280-7827-4142-81FC-B44C320E1CA6}
    [2012/06/20 13:39:02 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{60B3EF89-1EAB-4303-9229-4205741F81AC}
    [2012/06/19 17:21:34 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{17E73727-3769-4974-AA8D-DFD268C88951}
    [2012/06/19 17:21:24 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{8D23B067-A79B-47BE-BD68-C100034EAAEA}
    [2012/06/19 17:02:26 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{96B2755A-A20D-4658-B14B-ECC50FAC2677}
    [2012/06/19 17:02:16 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{55F0D861-CAB9-4B6C-BE52-38FDDA3A241A}
    [2012/06/18 19:37:20 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{C4EC59B1-672D-459B-9ECD-F38CB63D8CF8}
    [2012/06/18 12:29:57 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\My Garmin
    [2012/06/18 12:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\GARMIN
    [2012/06/18 12:29:55 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Garmin
    [2012/06/18 12:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
    [2012/06/18 12:29:21 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
    [2012/06/18 12:29:14 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Garmin
    [2012/06/18 12:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin
    [2012/06/18 11:34:03 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{83FFFEC5-4BDE-44BC-8688-51508CC0A623}
    [2012/06/17 12:45:22 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{7B607FA1-2AB2-422D-AF80-C9F06C04A2AA}
    [2012/06/16 20:32:29 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{781BB407-B4BE-4250-B5AF-F379053CFE8C}
    [2012/06/16 03:16:51 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{3DFAD7C0-4FFD-474D-8041-B4996E31FBE2}
    [2012/06/15 07:59:49 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{7FB0068B-03BE-4588-B001-F15BB7FD6B1F}
    [2012/06/14 15:22:06 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{DD7A662B-E1E1-4584-8C07-8D678394AD7A}
    [2012/06/14 15:21:56 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{502878C5-F500-4E9F-91CD-0D346F018699}
    [2012/06/14 09:12:06 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{FC891B90-9F29-4E39-8C97-ECF7EB02CDA4}
    [2012/06/13 21:11:22 | 000,000,000 | ---D | C] -- C:\BOOT
    [2012/06/13 21:00:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibUSB-Win32
    [2012/06/13 15:42:15 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{62AE5468-C7FC-46F3-B1D8-277F1941CF15}
    [2012/06/13 15:42:05 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{0277C7B3-F021-4CA4-B3FC-DA0ECC13D575}
    [2012/06/13 08:26:08 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{11261E0D-98F9-42E3-8EDC-785EC1D3711D}
    [2012/06/13 07:50:29 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{7C253576-313E-4E57-B13C-394338FB1227}
    [2012/06/12 16:19:50 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{ADA1E10A-5482-4A42-8BC3-46E48F9171CD}
    [2012/06/12 16:19:41 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{7BE5B0B7-DD1C-4D83-9E1C-4446FCE8C3C0}
    [2012/06/12 07:54:50 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{EC3954EB-6372-4624-85A0-65B411F6260D}
    [2012/06/11 17:51:53 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{6C61FE46-B1A5-4675-A083-6D89CEF85AF7}
    [2012/06/11 17:51:44 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{F1CC5D1A-0628-4E27-A2DF-5D44419CDD0B}
    [2012/06/10 21:58:13 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{AF86F540-9CDA-4EFE-9C5D-7BF284C4AB49}
    [2012/06/10 14:06:08 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{11E34B14-7373-4843-8B22-8AB4D904F53E}
    [2012/06/09 09:35:24 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{F14ACD36-BAFA-46E8-9729-12D2FADA35CF}
    [2012/06/09 09:35:14 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{68E8B54D-94EC-417B-B29E-A1204FD40C4E}
    [2012/06/08 15:34:12 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{AF4F6B4D-2EC6-4243-8804-5F5FB55F470A}
    [2012/06/08 15:34:03 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{EA01D002-2C49-4DAA-82E6-A0FF0D93F56C}
    [2012/06/07 09:22:49 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{3B955A1D-0A72-4079-B128-5C8F14336F9F}
    [2012/06/07 09:22:40 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{59149908-8744-4B93-B42E-F916661DE5A4}
    [2012/06/06 10:45:20 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{4E656FEC-EF1A-4F43-88BF-C24C42DCF4F3}
    [2012/06/06 10:45:10 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{CC93BFF1-1378-48A5-9253-1871D59E11B2}
    [2012/06/06 10:26:44 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{52150645-0DEC-4D41-8498-9822D1A2F689}
    [2012/06/06 07:44:27 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{7C83678F-7614-468D-BB26-1A0228928140}
    [2012/06/05 17:39:37 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{E325F10E-36CD-4F67-BF76-AABE5635E917}
    [2012/06/05 13:30:08 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\chad.{ED7BA470-8E54-465E-825C-99712043E01C}
    [2012/06/05 08:50:20 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{B900EE15-3F84-407E-B375-63C11F993F64}
    [2012/06/05 07:58:59 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{C26FB529-DB15-4BE8-A672-4AF1CA8A63D6}
    [2012/06/04 14:22:43 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{F819F3D0-BB31-4743-829E-868DA0285420}
    [2012/06/04 14:22:34 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{7C492FC1-7F15-4387-8E06-BECE352EBA2F}
    [2012/06/04 10:22:35 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{BC99C6FA-4015-417A-B236-70AA8B19A47F}
    [2012/06/04 08:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Fallout2
    [2012/06/04 08:11:56 | 000,052,736 | ---- | C] (Interplay Productions) -- C:\Windows\ipuninst.exe
    [2012/06/04 08:11:56 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Black Isle
    [2012/06/04 08:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Isle
    [2012/06/04 08:11:32 | 000,000,000 | ---D | C] -- C:\Program Files\BlackIsle
    [2012/06/03 20:52:36 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{FFAF26E9-31DB-4E26-9BAF-A91FEB062971}
    [2012/06/03 20:52:27 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{23EC440C-CE08-4F42-835E-C1F9AFB0B367}
    [2012/06/03 08:52:04 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{9264C9BA-536B-482D-9E16-3AD7B9B4152F}
    [2012/06/03 08:51:54 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{4E85C139-584D-4117-A85A-461D4B9410DA}
    [2012/06/03 07:59:04 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{7F1A4E77-FD3B-44E2-AC9E-4DC33C145FBF}
    [2012/06/02 08:11:18 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{77CD6D51-5C64-4968-B02B-4914ADBBBC51}
    [2012/06/02 08:11:09 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{E7C483FB-A216-446B-927A-C4C360B64B14}
    [2012/06/01 19:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
    [2012/06/01 19:00:54 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Sony
    [2012/06/01 19:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
    [2012/06/01 19:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/01 17:39:16 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/01 17:39:15 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/01 17:33:13 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
    [2012/07/01 17:30:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/01 17:30:11 | 2133,962,751 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/01 17:28:52 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/01 17:22:08 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-201679691-783270451-1720172099-1000UA.job
    [2012/07/01 14:47:00 | 000,747,096 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/01 14:47:00 | 000,638,838 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/01 14:47:00 | 000,111,544 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/01 14:29:14 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/01 14:08:01 | 004,568,829 | R--- | M] (Swearware) -- C:\Users\Andrew\Desktop\ComboFix.exe
    [2012/07/01 01:05:53 | 000,002,268 | ---- | M] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
    [2012/07/01 00:22:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-201679691-783270451-1720172099-1000Core.job
    [2012/07/01 00:06:56 | 000,000,219 | ---- | M] () -- C:\Users\Andrew\Desktop\Team Fortress 2.url
    [2012/06/25 20:54:16 | 000,001,361 | ---- | M] () -- C:\Users\Andrew\Desktop\Auslogics Duplicate File Finder.lnk
    [2012/06/23 16:43:08 | 000,000,218 | ---- | M] () -- C:\Users\Andrew\.recently-used.xbel
    [2012/06/23 02:25:37 | 000,294,548 | ---- | M] () -- C:\Users\Andrew\Documents\Untitled-1.psd
    [2012/06/23 02:20:58 | 000,077,290 | ---- | M] () -- C:\Users\Andrew\Documents\Untitled-1.png
    [2012/06/23 02:20:57 | 000,000,132 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2012/06/17 23:56:46 | 000,001,077 | ---- | M] () -- C:\Users\Andrew\Desktop\Fallout 2.lnk
    [2012/06/04 08:11:56 | 000,052,736 | ---- | M] (Interplay Productions) -- C:\Windows\ipuninst.exe
    [2012/06/01 19:01:16 | 000,002,024 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/01 14:14:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/01 14:14:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/01 14:14:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/01 14:14:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/01 14:14:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/01 01:05:53 | 000,002,268 | ---- | C] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
    [2012/07/01 00:06:56 | 000,000,219 | ---- | C] () -- C:\Users\Andrew\Desktop\Team Fortress 2.url
    [2012/06/25 20:54:16 | 000,001,361 | ---- | C] () -- C:\Users\Andrew\Desktop\Auslogics Duplicate File Finder.lnk
    [2012/06/23 16:43:08 | 000,000,218 | ---- | C] () -- C:\Users\Andrew\.recently-used.xbel
    [2012/06/23 02:25:35 | 000,294,548 | ---- | C] () -- C:\Users\Andrew\Documents\Untitled-1.psd
    [2012/06/23 02:20:56 | 000,077,290 | ---- | C] () -- C:\Users\Andrew\Documents\Untitled-1.png
    [2012/06/21 00:17:32 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-201679691-783270451-1720172099-1000UA.job
    [2012/06/21 00:17:32 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-201679691-783270451-1720172099-1000Core.job
    [2012/06/04 08:12:13 | 000,001,077 | ---- | C] () -- C:\Users\Andrew\Desktop\Fallout 2.lnk
    [2012/06/01 19:01:16 | 000,002,024 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
    [2012/05/19 03:41:03 | 000,759,634 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/03/04 22:40:08 | 000,000,132 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2012/02/02 21:27:50 | 000,000,003 | ---- | C] () -- C:\Users\Andrew\AppData\Local\user_data.ini
    [2012/02/02 21:23:38 | 000,001,112 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
    [2012/02/02 21:23:38 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
    [2012/02/02 21:23:38 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
    [2012/02/02 21:23:37 | 000,181,760 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2012/02/02 21:23:37 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2012/02/02 20:22:44 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2012/01/24 19:48:42 | 000,041,984 | ---- | C] () -- C:\Windows\LockCMD.exe
    [2012/01/24 19:48:42 | 000,041,472 | ---- | C] () -- C:\Windows\Lock.exe
    [2012/01/22 22:38:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/12/08 19:00:57 | 000,000,600 | ---- | C] () -- C:\Users\Andrew\AppData\Local\PUTTY.RND
    [2011/12/07 00:15:15 | 000,000,600 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\winscp.rnd
    [2011/12/05 23:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
    [2011/12/05 23:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2011/11/09 22:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2011/11/09 22:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2011/09/12 19:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

    ========== LOP Check ==========

    [2012/02/21 20:37:09 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\.minecraft
    [2012/05/14 18:55:53 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Auslogics
    [2012/03/02 17:54:53 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Bitcoin
    [2011/10/22 23:10:33 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\ChessBase
    [2011/09/09 21:43:04 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\DeviceVm
    [2011/12/10 03:43:33 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\EditPlus 3
    [2011/09/10 07:53:32 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\ESET
    [2011/10/29 15:44:49 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\foobar2000
    [2012/06/18 12:31:07 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Garmin
    [2012/04/28 14:57:30 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\gbrainy
    [2012/06/24 02:33:02 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\gnupg
    [2012/06/23 16:33:03 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\gtk-2.0
    [2012/04/06 01:46:27 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Hamumu
    [2011/11/27 23:25:03 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Jaran Nilsen
    [2012/01/16 14:14:29 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Namecoin
    [2012/01/16 12:40:50 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\poclbm
    [2012/01/08 01:28:18 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Rainmeter
    [2012/06/12 19:26:14 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\redsn0w
    [2012/01/19 15:41:21 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\SecondLife
    [2012/01/23 03:05:59 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\TeamViewer
    [2012/01/19 19:46:31 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Thunderbird
    [2012/07/01 09:23:06 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\TrueCrypt
    [2012/07/01 01:26:50 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\uTorrent
    [2012/03/12 20:22:29 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Wireshark
    [2009/07/14 01:08:49 | 000,023,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2012/05/19 03:41:08 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2012/07/01 14:34:17 | 000,017,699 | ---- | M] () -- C:\ComboFix.txt
    [2012/07/01 17:30:11 | 2133,962,751 | -HS- | M] () -- C:\hiberfil.sys
    [2006/12/02 02:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2012/07/01 17:30:16 | 4276,940,799 | -HS- | M] () -- C:\pagefile.sys
    [2011/09/18 00:28:34 | 000,148,208 | ---- | M] () -- C:\wubildr
    [2011/09/18 00:28:34 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr

    < %systemroot%\Fonts\*.com >
    [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/12/13 11:28:24 | 004,136,960 | ---- | M] () -- C:\Windows\es.scr
    [2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/01/22 21:54:47 | 000,000,221 | -HS- | M] () -- C:\Users\Andrew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/07/01 14:08:01 | 004,568,829 | R--- | M] (Swearware) -- C:\Users\Andrew\Desktop\ComboFix.exe
    [2012/07/01 17:33:13 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
    [2012/03/11 13:59:15 | 005,853,460 | ---- | M] () -- C:\Users\Andrew\Desktop\pidgin-2.10.1.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/07/01 00:22:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-201679691-783270451-1720172099-1000Core.job
    [2012/07/01 17:22:08 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-201679691-783270451-1720172099-1000UA.job
    [2012/07/01 17:30:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2009/07/14 01:08:49 | 000,023,646 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2012/02/02 21:15:00 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2012/02/02 21:15:00 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2012/02/02 21:15:00 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2012/02/02 21:15:00 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2012/02/02 21:15:00 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
    [2012/02/02 21:15:00 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/24 11:59:04 | 000,000,402 | -HS- | M] () -- C:\Users\Andrew\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

    < End of report >
  22. debani

    debani Newcomer, in training Topic Starter Posts: 18

    OTL Extras logfile created on: 7/1/2012 5:37:26 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Andrew\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.98 Gb Total Physical Memory | 6.10 Gb Available Physical Memory | 76.37% Memory free
    15.96 Gb Paging File | 14.01 Gb Available in Paging File | 87.73% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 1862.92 Gb Total Space | 627.62 Gb Free Space | 33.69% Space Free | Partition Type: NTFS
    Drive D: | 165.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive F: | 7.63 Gb Total Space | 2.45 Gb Free Space | 32.10% Space Free | Partition Type: FAT32

    Computer Name: ANDREW-PC | User Name: Andrew | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-201679691-783270451-1720172099-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{110EB5C4-E995-4CFB-AB80-A5F315BEA9E9}" = Python 2.6 (64-bit)
    "{1111706F-666A-4037-7777-210648764D10}" = JavaFX 2.1.0 (64-bit)
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{2222706F-666A-4037-7777-210648764D10}" = JavaFX 2.1.0 SDK (64-bit)
    "{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
    "{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
    "{4FF5C7C9-86CC-41ED-B93B-0B51AB4FED24}" = VmciSockets
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5586CBEA-C071-4616-B809-6E11815D2190}" = ESET Smart Security
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
    "{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 (64-bit)
    "{64A3A4F4-B792-11D6-A78A-00B0D0170040}" = Java SE Development Kit 7 Update 4 (64-bit)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
    "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9E3B2120-0BD8-9865-0387-E9BAC2A53AD3}" = ccc-utility64
    "{BE882A12-5A45-3DFF-9FD0-306DE65EB8A5}" = AMD Catalyst Install Manager
    "{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{EF393943-0CCE-9CD9-6181-96DF4E4428EF}" = AMD Media Foundation Decoders
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "ASRock App Charger_is1" = ASRock App Charger v1.0.4
    "A-WIN-Extras 8.0.4 2609412_is1" = Mathematica Extras 8.0 (2609412)
    "CCleaner" = CCleaner
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "WinRAR archiver" = WinRAR 4.20 beta 1 (64-bit)
    "XFast LAN" = XFast LAN v6.61

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
    "{0D97F8D1-2102-53D2-5633-C992D6086801}" = CCC Help Chinese Traditional
    "{0EA00EA7-42C0-ED9C-9110-2C04B8EDBA66}" = CCC Help Italian
    "{0EB86B70-91FF-39BF-633C-785DF2218CC6}" = CCC Help French
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{12FAF8C2-0061-429D-B7B4-FF1C9C58A99C}" = THX TruStudio Pro
    "{1686C07D-C2BB-A8B2-C5ED-32C4EE1A3E62}" = CCC Help Spanish
    "{18B6A9F8-25BC-5978-6B42-A50FA2CABC18}" = CCC Help English
    "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
    "{298C6691-46B2-2065-0DD7-1E7B3B669A47}" = CCC Help Finnish
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
    "{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{347151C4-7F16-B275-8865-CC6B64056D3F}" = Catalyst Control Center Graphics Previews Common
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{400C5445-1AE8-1A41-CAC6-AB114341F65D}" = CCC Help Swedish
    "{448B1C6D-02C2-7681-66B2-624E58B25375}" = CCC Help Turkish
    "{46EB9D45-FC1A-2635-1693-176E6FA1C672}" = CCC Help Portuguese
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{62AEBBB6-8314-7902-B3DA-1690F97DFA74}" = CCC Help English
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{651F43AA-3F06-9277-6F1B-8E8155017463}" = CCC Help Polish
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder
    "{68DE32E1-292B-6A02-6A53-935BFAE70C99}" = CCC Help Chinese Standard
    "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
    "{818212BA-7F8C-DDF9-64BE-F6D0B6F46D29}" = CCC Help German
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{84F4542C-ED64-28AC-49B3-1A9BAB395AB4}" = CCC Help Hungarian
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
    "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
    "{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C41195F-11B3-8EEC-6634-7183BE6CB1B1}" = CCC Help Japanese
    "{A33A89D0-2F48-FD1C-A243-9073EE0592E0}" = Catalyst Control Center InstallProxy
    "{A66FB6C7-B689-AFD5-21BA-7CAF8E44E6E6}" = Catalyst Control Center Graphics Previews Common
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
    "{AE136F7F-7DC6-600F-9DF9-BFA0DF516135}" = Catalyst Control Center Localization All
    "{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
    "{B4CF00AE-2622-7BC6-24EC-4E5A0A8C9135}" = CCC Help Czech
    "{BAE1C0A8-634D-CFF1-0E0C-893092427D34}" = CCC Help Danish
    "{C2DEC505-79A9-E952-32B0-31B67B83E231}" = CCC Help Korean
    "{C2FB14FB-DF6B-287D-BDC3-C7BEC86F539E}" = Catalyst Control Center
    "{CCEFAE22-4D01-0084-D1CA-AC14AA743A97}" = CCC Help Greek
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DE460826-5E72-2357-154F-E376F9926008}" = CCC Help Norwegian
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
    "{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E21FFD29-D231-3BD3-6941-15710E44BED4}" = CCC Help Dutch
    "{E3E313C7-0AE2-7F44-52E8-528D4EDC74B2}" = CCC Help Thai
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
    "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.065
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F4DA4C73-026F-4D38-8C6B-85F0193E4B56}" = Garmin WebUpdater
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{F9929777-7B6E-F53D-3105-1C06E5120CA1}" = CCC Help Russian
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
    "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
    "Adobe AIR" = Adobe AIR
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Afterburner" = MSI Afterburner 2.1.0
    "Android SDK Tools" = Android SDK Tools
    "ASRock InstantBoot_is1" = ASRock InstantBoot v1.26
    "Baldur's Gate II_is1" = Baldur's Gate II
    "Baldur's Gate_is1" = Baldur's Gate
    "Bochs 2.5.1" = Bochs 2.5.1 (remove only)
    "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
    "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
    "Dr. Lunatic Demo" = Dr. Lunatic Demo (remove only)
    "Electric Sheep" = Electric Sheep 2.7b34
    "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
    "Everything" = Everything 1.2.1.371
    "Fallout 2 Unofficial Patch_is1" = Fallout 2 Unofficial Patch 1.02.27.3
    "Fallout New Vegas_is1" = Fallout New Vegas
    "Fallout_is1" = Fallout
    "Fallout2" = Fallout2
    "File Shredder_is1" = File Shredder 2.0
    "Flashtool" = Flashtool
    "gbrainy" = gbrainy 2.06
    "Gordon's Gate Flash Driver" = Gordon's Gate Flash Driver 2.2.0.11
    "GPG4Win" = Gpg4win (2.1.0)
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
    "MagniDriver" = marvell 91xx driver
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
    "Mozilla Thunderbird 11.0.1 (x86 en-US)" = Mozilla Thunderbird 11.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "M-WIN-D 8.0.4 2609533_is1" = Wolfram CDF Player (M-WIN-D 8.0.4 2609533)
    "Privoxy" = Privoxy (remove only)
    "Qemu Manager 7.0 - Qemu 0.11.1_is1" = Qemu Manager 7.0
    "QueTek File Scavenger 3.2 (en)" = File Scavenger 3.2 (en)
    "Saints Row The Third_is1" = Saints Row The Third
    "Steam App 440" = Team Fortress 2
    "TeamViewer 7" = TeamViewer 7
    "TrueCrypt" = TrueCrypt
    "uTorrent" = µTorrent
    "VirtualCloneDrive" = VirtualCloneDrive
    "VLC media player" = VLC media player 2.0.0
    "VMware_Workstation" = VMware Workstation
    "WinLiveSuite" = Windows Live Essentials
    "WinPcapInst" = WinPcap 4.1.2
    "Wireshark" = Wireshark 1.6.5
    "Wubi" = Ubuntu
    "XFastUSB" = XFastUSB

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-201679691-783270451-1720172099-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Flux" = F.lux
    "Inquisit 3 Web Edition" = Inquisit 3 Web Edition

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/1/2012 6:51:07 AM | Computer Name = Andrew-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
    Dependent
    Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 7/1/2012 1:07:13 PM | Computer Name = Andrew-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 7/1/2012 1:17:28 PM | Computer Name = Andrew-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 7/1/2012 1:53:47 PM | Computer Name = Andrew-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 7/1/2012 2:08:56 PM | Computer Name = Andrew-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 7/1/2012 2:11:28 PM | Computer Name = Andrew-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 7/1/2012 2:30:04 PM | Computer Name = Andrew-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 7/1/2012 2:38:53 PM | Computer Name = Andrew-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 7/1/2012 2:44:16 PM | Computer Name = Andrew-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 7/1/2012 5:32:04 PM | Computer Name = Andrew-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 7/1/2012 5:23:02 PM | Computer Name = Andrew-PC | Source = BridgeMP | ID = 14702
    Description = Bridge [Adapter Realtek PCIe GBE Family Controller]: The bridge could
    not modify the network adapter's packet filter. The network adapter will not function
    correctly.

    Error - 7/1/2012 5:23:02 PM | Computer Name = Andrew-PC | Source = BridgeMP | ID = 14702
    Description = Bridge [Adapter Realtek PCIe GBE Family Controller]: The bridge could
    not modify the network adapter's packet filter. The network adapter will not function
    correctly.

    Error - 7/1/2012 5:23:02 PM | Computer Name = Andrew-PC | Source = BridgeMP | ID = 14702
    Description = Bridge [Adapter Realtek PCIe GBE Family Controller]: The bridge could
    not modify the network adapter's packet filter. The network adapter will not function
    correctly.

    Error - 7/1/2012 5:23:03 PM | Computer Name = Andrew-PC | Source = BridgeMP | ID = 14702
    Description = Bridge [Adapter Realtek RTL8139/810x Family Fast Ethernet NIC]: The
    bridge could not modify the network adapter's packet filter. The network adapter
    will not function correctly.

    Error - 7/1/2012 5:23:03 PM | Computer Name = Andrew-PC | Source = BridgeMP | ID = 14701
    Description = Bridge [Adapter Realtek RTL8139/810x Family Fast Ethernet NIC]: The
    bridge could not determine the network adapter's MAC address. The network adapter
    will not be used.

    Error - 7/1/2012 5:23:03 PM | Computer Name = Andrew-PC | Source = BridgeMP | ID = 14702
    Description = Bridge [Adapter Realtek RTL8139/810x Family Fast Ethernet NIC]: The
    bridge could not modify the network adapter's packet filter. The network adapter
    will not function correctly.

    Error - 7/1/2012 5:23:03 PM | Computer Name = Andrew-PC | Source = BridgeMP | ID = 14702
    Description = Bridge [Adapter Realtek RTL8139/810x Family Fast Ethernet NIC]: The
    bridge could not modify the network adapter's packet filter. The network adapter
    will not function correctly.

    Error - 7/1/2012 5:23:03 PM | Computer Name = Andrew-PC | Source = BridgeMP | ID = 14702
    Description = Bridge [Adapter Realtek RTL8139/810x Family Fast Ethernet NIC]: The
    bridge could not modify the network adapter's packet filter. The network adapter
    will not function correctly.

    Error - 7/1/2012 5:23:03 PM | Computer Name = Andrew-PC | Source = BridgeMP | ID = 14702
    Description = Bridge [Adapter Realtek RTL8139/810x Family Fast Ethernet NIC]: The
    bridge could not modify the network adapter's packet filter. The network adapter
    will not function correctly.

    Error - 7/1/2012 5:30:31 PM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7000
    Description = The DirMngr service failed to start due to the following error: %%2


    < End of report >
  23. debani

    debani Newcomer, in training Topic Starter Posts: 18

    accidental double post
  24. Broni

    Broni Malware Annihilator Posts: 46,388   +252

    OTL logs are clean :)

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please, run F-Secure Online Scanner

    • Disable your Antivirus program.
    • Checkmark I have read and accepted the license terms.
    • Click on Run Check button.
    • Quick scan (recommended) option will come pre-checked. Don't change it.
    • Click on Start button.
    • When scan is done, in Step 3: Clean the files, leave all settings as they're.
    • Click Next button.
    • Click Full report... button.
    • Copy report's content and paste it into your next reply.
  25. debani

    debani Newcomer, in training Topic Starter Posts: 18

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Disabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Java(TM) 6 Update 30
    Adobe Reader X (10.1.3)
    Mozilla Firefox (x86 en-US..)
    Mozilla Thunderbird (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    ``````````End of Log````````````


    Farbar Service Scanner Version: 01-07-2012
    Ran by Andrew (administrator) on 01-07-2012 at 18:32:21
    Running from "C:\Users\Andrew\Desktop"
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****


    Online Scanner - Scanning Report - Sunday, July 1, 2012 18:47:43Scanning Report
    Sunday, July 1, 2012 18:43:21 - 18:47:43
    Computer name: ANDREW-PC
    Scanning type: Quick scan
    Target: System
    No malware found
    StatisticsScanned:
    Files: 6497
    System: 6497
    Not scanned: 0
    Actions:
    Disinfected: 0
    Renamed: 0
    Deleted: 0
    Not cleaned: 0
    Submitted: 0
    Options
    Scanning engines:
    Copyright © 1998-2009 Product support | Send virus sample to F-Secure
    F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.