Win7 64-Bit infected by Sirefef.B and Sirefef.Y - Laptop keeps restarting

Solved
By Deus Mantra
Jul 2, 2012
  1. Hello,

    I'm in desperate need to remove both Sirefef.B and Sirefef.Y trojans infecting my laptop.
    My laptop is running on Windows 7 64-Bit Home Premium.
    I believe that my laptop may have contracted the trojans when I downloaded a "new" update for Adobe Flash Player, since I have read on the internet that these sirefef trojans are capable of disguising themselves as Adobe updates. Although, I'm not entirely sure if this is the case.

    Regardless of the cause, I noticed the symptoms of a sirefef trojan when my Microsoft Security Essentials disabled real-time updates. I uninstalled MSE and installed a fresh MSE, however I believe this may have worsened the infection on my laptop. I tried installing Super AntiSpyware and made it perform a full scan, however my laptop keeps displaying a pop-up telling me that the laptop will restart after one minute.I essentially have no time to perform any sort of scan since the laptop keeps restarting. I was at least able to identify the trojans through MSE's history of detected malware.

    My laptop seems to also be very sensitive to Microsoft Security Essentials whenever I attempt to remove the sirefef trojans.

    What can I do to remove the Sirefef.B and Sirefef.Y trojans?

    Thank you for your help.
  2. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  3. Deus Mantra

    Deus Mantra Newcomer, in training Topic Starter Posts: 30

    Scan result of Farbar Recovery Scan Tool Version: 01-07-2012 01
    Ran by SYSTEM at 03-07-2012 14:41:54
    Running from F:\
    Windows 7 Professional (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-15] ()
    HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [649608 2010-06-09] (ELAN Microelectronic Corp.)
    HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-10] (Alcor Micro Corp.)
    HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2277992 2011-11-15] (Realtek Semiconductor)
    HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe" [613536 2010-11-25] (Atheros Commnucations)
    HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe" [379040 2010-11-25] (Atheros Commnucations)
    HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-16] ()
    HKLM\...\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd [x]
    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [170264 2012-03-19] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [398616 2012-03-19] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [439064 2012-03-19] (Intel Corporation)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [37888 2010-11-19] (Windows (R) Win 7 DDK provider)
    HKLM-x32\...\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
    HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
    HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
    HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
    HKLM-x32\...\Run: [SessionLogon] C:\ExpressGateUtil\SessionLogon.exe [x]
    HKLM-x32\...\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-12] ()
    HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [87336 2010-02-02] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [222504 2010-11-16] (CyberLink Corp.)
    HKLM-x32\...\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [248320 2011-03-21] ()
    HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-07-11] (Nullsoft, Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
    HKLM-x32\...\Run: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [124832 2012-01-22] (Yuna Software)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [801792 2012-02-26] (Yuna Software)
    HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-20] (Microsoft Corporation)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKU\Simon\...\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
    HKU\Simon\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
    HKU\Simon\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-24] (Valve Corporation)
    HKU\Simon\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\Simon\...\Run: [Akamai NetSession Interface] "C:\Users\Simon\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-25] (Akamai Technologies, Inc)
    HKU\Simon\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4787072 2012-06-26] (SUPERAntiSpyware.com)
    HKU\UpdatusUser\...\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
    HKU\UpdatusUser\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
    HKU\UpdatusUser\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-24] (Valve Corporation)
    HKU\UpdatusUser\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
    ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk
    ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe ()
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\SketchBook Snapshot.lnk
    ShortcutTarget: SketchBook Snapshot.lnk -> C:\Program Files (D-Drive)\Autodesk\Sketchbook Pro\SketchBookSnapshot.exe (No File)

    ==================== Services (Whitelisted) ======

    2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
    2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
    2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe [151552 2010-05-24] (Atheros)
    2 AtherosSvc; C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe [52896 2010-11-25] (Atheros Commnucations)
    2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
    3 cphs; C:\Windows\SysWow64\IntelCpHeciSvc.exe [276248 2012-03-19] (Intel Corporation)
    2 MsgPlusService; "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [124832 2012-01-22] (Yuna Software)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon90 [4737024 2008-07-29] (Microsoft Corporation)
    4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-02-16] ()
    3 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-04-17] ()
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)
    2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-20] ()

    ========================== Drivers (Whitelisted) =============

    2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
    3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [36000 2010-11-25] (Atheros)
    1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-26] (ASUS)
    3 BTATH_A2DP; C:\Windows\System32\Drivers\BTATH_A2DP.sys [298144 2010-11-25] (Atheros)
    3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [28832 2010-11-25] (Atheros)
    3 BTATH_HCRP; C:\Windows\System32\Drivers\BTATH_HCRP.sys [201376 2010-11-25] (Atheros)
    3 BTATH_LWFLT; C:\Windows\System32\Drivers\BTATH_LWFLT.sys [55456 2010-11-25] (Atheros)
    3 BTATH_RCP; C:\Windows\System32\Drivers\BTATH_RCP.sys [154272 2010-11-25] (Atheros)
    3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [283136 2011-01-24] (Atheros)
    3 CYUSB; C:\Windows\System32\Drivers\CYUSB.sys [47104 2009-08-10] (Cypress Semiconductor)
    3 FLxHCIc; C:\Windows\System32\Drivers\FLxHCIc.sys [210944 2010-11-19] (Fresco Logic)
    3 FLxHCIh; C:\Windows\System32\Drivers\FLxHCIh.sys [49664 2010-11-19] (Fresco Logic)
    3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
    3 RDID1093; C:\Windows\System32\Drivers\rdwm1093.sys [81920 2009-09-17] (Roland Corporation)
    1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13832 2010-04-16] ()
    3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
    3 X6va005; \??\C:\Users\Simon\AppData\Local\Temp\005E2CF.tmp [x]
    3 X6va006; \??\C:\Users\Simon\AppData\Local\Temp\0067EF0.tmp [x]
    3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-01 06:51 - 2012-07-01 06:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0E2805699D424E47
    2012-07-01 06:51 - 2012-07-01 06:51 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\akrgcdsc.sys
    2012-07-01 06:47 - 2012-07-01 06:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F236A902502C5F27
    2012-07-01 06:47 - 2012-07-01 06:47 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cxwjtyzd.sys
    2012-07-01 06:41 - 2012-07-01 06:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8A131241BAE56AFE
    2012-07-01 06:29 - 2012-07-01 06:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EB9C0DDA0961446B
    2012-07-01 06:29 - 2012-07-01 06:29 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zlrgwrny.sys
    2012-07-01 06:24 - 2012-07-01 06:24 - 00000000 ____D C:\Users\Simon\AppData\Local\{ECE2D7F2-2988-4C47-A0E1-342DD277CD7B}
    2012-07-01 06:20 - 2012-07-01 06:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0BB6C7D5C003EA47
    2012-07-01 06:12 - 2012-07-01 06:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.131946F6E4611A10
    2012-07-01 06:07 - 2012-07-01 06:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3731BFBF292929DE
    2012-07-01 06:01 - 2012-07-01 06:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7BED6034CC233557
    2012-07-01 05:49 - 2012-07-01 05:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B4AA0DB6813560EE
    2012-07-01 05:49 - 2012-07-01 05:49 - 00000000 ____D C:\Users\Simon\AppData\Roaming\SUPERAntiSpyware.com
    2012-07-01 05:48 - 2012-07-01 05:49 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2012-07-01 05:48 - 2012-07-01 05:48 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2012-07-01 05:48 - 2012-07-01 05:48 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
    2012-07-01 05:44 - 2012-07-01 05:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7403DA2E277B3B8A
    2012-07-01 05:40 - 2012-07-01 05:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FB2A0FEA3B89F9E1
    2012-07-01 05:31 - 2012-07-01 05:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.118BA8028F3D8461
    2012-07-01 05:22 - 2012-07-01 05:22 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-07-01 05:22 - 2012-07-01 05:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-30 18:31 - 2012-06-30 18:31 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-30 18:19 - 2012-06-30 18:19 - 00000000 ____D C:\Users\Simon\AppData\Local\{CA9D0E40-14EA-43A3-A419-DE664360FBFD}
    2012-06-30 18:18 - 2012-06-30 18:19 - 00000000 ____D C:\Users\Simon\AppData\Local\{A9A1911F-6209-4131-979D-CC584E9FEEB1}
    2012-06-29 19:53 - 2012-06-29 19:53 - 00000980 ____A C:\Users\Simon\Desktop\MUSIC (D-Drive) - Shortcut.lnk
    2012-06-29 19:03 - 2012-06-29 19:04 - 00000000 ____D C:\Users\Simon\AppData\Local\{00492D94-5B49-4C67-A004-4EFAD42B8A48}
    2012-06-29 19:03 - 2012-06-29 19:03 - 00000000 ____D C:\Users\Simon\AppData\Local\{3A286414-B58D-4E50-B4FD-8FB1F7AF52A4}
    2012-06-28 18:52 - 2012-06-28 18:52 - 00000000 ____D C:\Users\Simon\AppData\Local\{6682D541-A7DB-4004-BFC9-99EF3A2C29EB}
    2012-06-27 19:04 - 2012-06-27 19:04 - 00000000 ____D C:\Users\Simon\AppData\Local\{E68958E3-52DD-4839-A9F1-9A77EAFD4E42}
    2012-06-27 19:04 - 2012-06-27 19:04 - 00000000 ____D C:\Users\Simon\AppData\Local\{0C4ACFB1-1BC4-4385-BE4B-E0DD68A04C77}
    2012-06-26 19:39 - 2012-06-26 19:39 - 00000000 ____D C:\Users\Simon\AppData\Local\{6622D1E4-BF97-4DFA-BEB9-D8D22B02CF1A}
    2012-06-26 19:39 - 2012-06-26 19:39 - 00000000 ____D C:\Users\Simon\AppData\Local\{5EC9BCC0-B08E-4840-BED2-65E346CD7AA1}
    2012-06-25 21:46 - 2012-06-25 21:46 - 00000000 ____D C:\Users\Simon\AppData\Local\{B45296F7-ECED-4279-99C4-3B73B63D43C0}
    2012-06-25 21:46 - 2012-06-25 21:46 - 00000000 ____D C:\Users\Simon\AppData\Local\{46B4E834-4B30-4067-9CC8-B53A188A1ABF}
    2012-06-24 20:10 - 2012-06-24 20:10 - 00000000 ____D C:\Users\Simon\AppData\Local\{5D57473C-55D7-4F34-91AA-A05BE5051D89}
    2012-06-24 20:10 - 2012-06-24 20:10 - 00000000 ____D C:\Users\Simon\AppData\Local\{0ADA2B3B-B1C4-4DB4-A1A0-B82DF83E2475}
    2012-06-24 02:11 - 2012-06-24 02:11 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Blender Foundation
    2012-06-23 21:32 - 2012-06-23 21:32 - 00000000 ____D C:\Users\Simon\AppData\Local\{D3C0583D-2038-47E0-81F6-14F5A043E128}
    2012-06-23 21:32 - 2012-06-23 21:32 - 00000000 ____D C:\Users\Simon\AppData\Local\{CF831655-922D-4610-984E-F74F4876978F}
    2012-06-22 23:09 - 2012-06-22 23:09 - 00000000 ____D C:\Users\Simon\.thumbnails
    2012-06-22 23:06 - 2012-06-22 23:06 - 00000904 ____A C:\Users\Public\Desktop\Blender.lnk
    2012-06-22 18:03 - 2012-06-22 18:03 - 00000000 ____D C:\Users\Simon\AppData\Local\{0D5A5598-6D8B-4183-A6AF-AED0A83D05E6}
    2012-06-22 18:03 - 2012-06-22 18:03 - 00000000 ____D C:\Users\Simon\AppData\Local\{04EF851B-37E8-47E9-AEBA-8394FB003E8B}
    2012-06-21 19:30 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-21 19:30 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-21 19:30 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-21 19:30 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-21 19:30 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-21 19:30 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-21 19:30 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-21 19:30 - 2012-06-01 21:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-21 19:30 - 2012-06-01 21:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-21 19:26 - 2012-06-21 19:26 - 00000000 ____D C:\Users\Simon\AppData\Local\{D31385C6-591F-41C8-882D-4E6284381512}
    2012-06-21 19:26 - 2012-06-21 19:26 - 00000000 ____D C:\Users\Simon\AppData\Local\{5CA5CF86-342D-445C-B07F-1159D1037112}
    2012-06-20 22:51 - 2012-06-20 22:59 - 00541142 ____A C:\Users\Simon\Desktop\Randdom sketch2.tif
    2012-06-20 18:57 - 2012-06-20 18:57 - 00000000 ____D C:\Users\Simon\AppData\Local\{76B1975A-2133-40BD-B072-93DEA8769F14}
    2012-06-20 18:57 - 2012-06-20 18:57 - 00000000 ____D C:\Users\Simon\AppData\Local\{045DAD97-CD07-4177-9190-050C00D9918F}
    2012-06-20 06:54 - 2012-06-20 06:55 - 00000000 ____D C:\Users\Simon\AppData\Local\{231F5F88-20BE-4A94-80D9-59BA3C12394A}
    2012-06-20 06:54 - 2012-06-20 06:54 - 00000000 ____D C:\Users\Simon\AppData\Local\{D2774CF5-2E08-45FA-BC7D-4668AB8BDB73}
    2012-06-20 06:46 - 2012-06-20 06:53 - 00058227 ____A C:\Windows\DIIUnin.dat
    2012-06-20 06:46 - 2012-06-20 06:46 - 00094208 ____A (Blizzard Entertainment) C:\Windows\DIIUnin.exe
    2012-06-20 06:46 - 2012-06-20 06:46 - 00002829 ____A C:\Windows\DIIUnin.pif
    2012-06-20 05:23 - 2012-06-20 06:49 - 00021840 ___AT C:\Windows\SysWOW64\SIntfNT.dll
    2012-06-20 05:23 - 2012-06-20 06:49 - 00017212 ___AT C:\Windows\SysWOW64\SIntf32.dll
    2012-06-20 05:23 - 2012-06-20 06:49 - 00012067 ___AT C:\Windows\SysWOW64\SIntf16.dll
    2012-06-20 05:11 - 2012-06-20 06:48 - 00001075 ____A C:\Users\UpdatusUser\Desktop\Diablo II - Lord of Destruction.lnk
    2012-06-19 22:43 - 2012-06-19 22:43 - 00001713 ____A C:\Users\Simon\Desktop\The Elder Scrolls V Skyrim.lnk
    2012-06-19 22:40 - 2012-06-19 22:40 - 00000000 ____D C:\Users\Public\Documents\Explorer Suite Signatures
    2012-06-19 22:40 - 2012-06-19 22:40 - 00000000 ____D C:\Program Files\NTCore
    2012-06-19 18:53 - 2012-06-19 18:53 - 00000000 ____D C:\Users\Simon\AppData\Local\{DD8BABD0-4491-4284-93C7-7FDA6F090D5A}
    2012-06-19 18:53 - 2012-06-19 18:53 - 00000000 ____D C:\Users\Simon\AppData\Local\{6788261A-18B0-48BF-B4A7-6FE5F13E811D}
    2012-06-18 19:06 - 2012-06-18 19:07 - 00000000 ____D C:\Users\Simon\AppData\Local\{C310C55A-341E-44BA-9232-62313573B4E2}
    2012-06-18 19:06 - 2012-06-18 19:06 - 00000000 ____D C:\Users\Simon\AppData\Local\{B3AC5BCA-A560-4968-8E4A-F5FD9390209D}
    2012-06-18 06:28 - 2012-06-18 06:28 - 00000000 ____D C:\Users\Simon\AppData\Local\{B99C3EB4-0A14-4795-A50E-8E1AD3D1B431}
    2012-06-18 04:18 - 2012-06-24 04:29 - 00000000 ____D C:\Program Files (x86)\1ClickDownload
    2012-06-17 18:28 - 2012-06-17 18:28 - 00000000 ____D C:\Users\Simon\AppData\Local\{A84BE64F-43E5-4A6B-B42B-3AA5CB631DC3}
    2012-06-17 01:46 - 2012-06-17 01:46 - 00000000 ____D C:\Users\All Users\Premium
    2012-06-17 01:46 - 2012-06-17 01:46 - 00000000 ____D C:\Users\All Users\InstallMate
    2012-06-17 01:32 - 2012-06-17 01:32 - 00000000 ____D C:\Users\Simon\AppData\Local\{81EB61B4-BE38-45FC-A16B-E04E9EF8BD5E}
    2012-06-15 19:37 - 2012-06-15 19:37 - 00000000 ____D C:\Users\Simon\AppData\Local\{3DFDF2CB-3171-4DD7-934B-20F4EAF65AAA}
    2012-06-15 01:13 - 2012-06-15 01:13 - 00001149 ____A C:\Users\Public\Desktop\Autodesk SketchBook Copic Edition.lnk
    2012-06-14 19:55 - 2012-06-14 19:55 - 00000000 ____D C:\Users\Simon\AppData\Local\{2FCA472A-6E31-48A8-835A-8C5641CFDA66}
    2012-06-13 23:37 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-13 23:37 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-13 23:37 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-13 23:37 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-13 23:37 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-13 23:37 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-13 23:37 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-13 23:37 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-13 23:37 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-13 23:37 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-13 23:37 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-13 23:37 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-13 23:37 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-13 23:37 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-13 23:37 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-13 23:37 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-13 23:37 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-13 23:37 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-13 23:37 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-13 23:37 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-13 23:37 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-13 23:37 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-13 23:37 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-13 23:37 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-13 23:37 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-13 23:37 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-13 23:37 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-13 23:37 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-13 23:36 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-13 23:36 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-13 23:36 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-06-13 23:36 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-13 23:36 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-13 23:36 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2012-06-13 23:36 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-13 23:36 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-13 23:36 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 23:36 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-13 23:36 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 23:36 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-13 23:36 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-13 23:36 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-13 23:36 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-13 23:36 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-13 23:36 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-13 23:36 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-13 23:36 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-13 23:34 - 2012-06-13 23:34 - 00000000 ____D C:\Users\Simon\AppData\Local\Macromedia
    2012-06-13 23:31 - 2012-06-13 23:31 - 00000000 ____D C:\Users\Simon\AppData\Local\{740453C2-3E96-4686-9AF4-8A1534DE9354}
    2012-06-13 23:30 - 2012-06-13 23:31 - 00000000 ____D C:\Users\Simon\AppData\Local\{76C08A89-1445-49EC-80FF-F3387004640E}
    2012-06-13 00:55 - 2012-06-13 00:58 - 00000000 ____D C:\Users\Simon\AppData\Local\Temporary Projects
    2012-06-12 19:31 - 2012-06-12 19:31 - 00000000 ____D C:\Users\Simon\AppData\Local\{FF07121B-EFC2-4E87-8CD9-F5855AB22553}
    2012-06-12 19:31 - 2012-06-12 19:31 - 00000000 ____D C:\Users\Simon\AppData\Local\{4B8B13C0-AA5D-468B-B008-E5E573C0B66F}
    2012-06-11 19:07 - 2012-06-11 19:07 - 00000000 ____D C:\Users\Simon\AppData\Local\{E4BC1DA5-2D16-409F-913E-558192043D23}
    2012-06-11 19:07 - 2012-06-11 19:07 - 00000000 ____D C:\Users\Simon\AppData\Local\{1109AA84-55C2-41BB-9D1C-3699FD2BD7BD}
    2012-06-11 06:48 - 2012-06-11 06:48 - 00000000 ____D C:\Users\Simon\AppData\Local\{FC6883F1-089C-4955-86B7-7672ABB0013B}
    2012-06-11 06:48 - 2012-06-11 06:48 - 00000000 ____D C:\Users\Simon\AppData\Local\{49EA3B8E-F877-440D-940B-E3A85E670408}
    2012-06-10 18:47 - 2012-06-10 18:47 - 00000000 ____D C:\Users\Simon\AppData\Local\{969D72E3-4F81-4B3C-ADEF-953882EC5BED}
    2012-06-10 18:47 - 2012-06-10 18:47 - 00000000 ____D C:\Users\Simon\AppData\Local\{529832C7-7E59-4437-B1C4-304ECF5FC77B}
    2012-06-09 19:19 - 2012-06-09 19:20 - 00000000 ____D C:\Users\Simon\AppData\Local\{828933AA-FD7A-42C6-9C78-6087C2CE3EB1}
    2012-06-09 19:19 - 2012-06-09 19:19 - 00000000 ____D C:\Users\Simon\AppData\Local\{F3A52EB8-DB64-427F-ADD1-EE16B9FA2FF0}
    2012-06-08 19:32 - 2012-06-08 19:33 - 00000000 ____D C:\Users\Simon\AppData\Local\{817808F2-C7DF-4E18-A73F-59FFE169A9C8}
    2012-06-08 19:32 - 2012-06-08 19:32 - 00000000 ____D C:\Users\Simon\AppData\Local\{12E2AF37-CF10-4F24-AF7C-453EC7655151}
    2012-06-07 23:44 - 2012-06-07 23:44 - 00000000 ____D C:\Users\Simon\AppData\Local\{E3001039-B1B4-4654-AD75-0240FA6E4214}
    2012-06-07 23:44 - 2012-06-07 23:44 - 00000000 ____D C:\Users\Simon\AppData\Local\{DE77C0FE-6EDB-4C24-A11E-30370D21A72A}
    2012-06-07 02:37 - 2012-06-07 02:38 - 00000000 ____D C:\Users\Simon\Documents\RMIT Uni Stuff
    2012-06-06 19:26 - 2012-06-06 19:26 - 00000000 ____D C:\Users\Simon\AppData\Local\{7D0D6D6C-9DDC-473A-A151-996C32F43F89}
    2012-06-06 19:25 - 2012-06-06 19:26 - 00000000 ____D C:\Users\Simon\AppData\Local\{24FDA383-927B-46CE-9936-1F2786995D17}
    2012-06-05 20:00 - 2012-06-05 20:00 - 00000000 ____D C:\Users\Simon\AppData\Local\{949A3261-D785-43E0-AAAA-A514116E2273}
    2012-06-05 20:00 - 2012-06-05 20:00 - 00000000 ____D C:\Users\Simon\AppData\Local\{3FD686E0-F428-4A84-A42F-80FF1EF3DFF8}
    2012-06-04 19:15 - 2012-06-04 19:15 - 00000000 ____D C:\Users\Simon\AppData\Local\{5FD3481E-B816-4AE2-B10E-22575C656491}
    2012-06-04 05:13 - 2012-06-04 05:13 - 00000000 ____D C:\Users\Simon\AppData\Local\{78511D4E-74C9-4EA0-86EC-E00100AA5495}
    2012-06-04 05:12 - 2012-06-04 05:13 - 00000000 ____D C:\Users\Simon\AppData\Local\{8E47266C-B7BF-4D3D-A7A4-B970A355510D}
    2012-06-04 02:34 - 2012-06-04 02:34 - 00000807 ____A C:\Users\Public\Desktop\MuseScore.lnk
    2012-06-04 02:34 - 2012-06-04 02:34 - 00000000 ____D C:\Users\Simon\AppData\Roaming\MusE
    2012-06-04 02:34 - 2012-06-04 02:34 - 00000000 ____D C:\Users\Simon\AppData\Local\MusE
    2012-06-03 17:12 - 2012-06-03 17:12 - 00000000 ____D C:\Users\Simon\AppData\Local\{C601BA4F-4CC3-484F-9F05-5A50A7FFF8B0}
    2012-06-03 17:10 - 2012-06-03 17:12 - 00000000 ____D C:\Users\Simon\AppData\Local\{604977A9-F72D-4D9D-A644-24B2819B365B}


    ============ 3 Months Modified Files ========================

    2012-07-02 04:16 - 2011-09-05 21:01 - 00002243 ____A C:\Windows\epplauncher.mif
    2012-07-01 06:51 - 2012-07-01 06:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0E2805699D424E47
    2012-07-01 06:51 - 2012-07-01 06:51 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\akrgcdsc.sys
    2012-07-01 06:47 - 2012-07-01 06:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F236A902502C5F27
    2012-07-01 06:47 - 2012-07-01 06:47 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cxwjtyzd.sys
    2012-07-01 06:44 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-07-01 06:43 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-01 06:42 - 2009-07-13 20:51 - 00125620 ____A C:\Windows\setupact.log
    2012-07-01 06:41 - 2012-07-01 06:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8A131241BAE56AFE
    2012-07-01 06:29 - 2012-07-01 06:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EB9C0DDA0961446B
    2012-07-01 06:29 - 2012-07-01 06:29 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zlrgwrny.sys
    2012-07-01 06:24 - 2011-04-06 23:05 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-01 06:23 - 2011-04-06 23:50 - 00000035 ____A C:\Users\Public\Documents\AtherosServiceConfig.ini
    2012-07-01 06:20 - 2012-07-01 06:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0BB6C7D5C003EA47
    2012-07-01 06:12 - 2012-07-01 06:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.131946F6E4611A10
    2012-07-01 06:09 - 2011-06-18 20:45 - 00045056 ____A C:\Windows\System32\acovcnt.exe
    2012-07-01 06:07 - 2012-07-01 06:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3731BFBF292929DE
    2012-07-01 06:01 - 2012-07-01 06:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7BED6034CC233557
    2012-07-01 06:01 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-01 06:01 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-01 05:52 - 2012-04-09 21:49 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-01 05:52 - 2011-04-06 23:51 - 00001390 ____A C:\Windows\System32\ServiceFilter.ini
    2012-07-01 05:49 - 2012-07-01 05:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B4AA0DB6813560EE
    2012-07-01 05:48 - 2012-07-01 05:48 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2012-07-01 05:44 - 2012-07-01 05:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7403DA2E277B3B8A
    2012-07-01 05:40 - 2012-07-01 05:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FB2A0FEA3B89F9E1
    2012-07-01 05:36 - 2011-04-06 22:53 - 01054746 ____A C:\Windows\WindowsUpdate.log
    2012-07-01 05:32 - 2011-04-06 23:05 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-01 05:31 - 2012-07-01 05:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.118BA8028F3D8461
    2012-07-01 05:22 - 2011-09-05 21:01 - 00788414 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-30 18:27 - 2012-04-09 21:49 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-06-30 18:27 - 2012-02-05 15:35 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-06-30 03:58 - 2011-09-30 13:28 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
    2012-06-30 03:58 - 2011-09-30 13:24 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe
    2012-06-30 03:58 - 2011-09-30 13:24 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
    2012-06-29 19:53 - 2012-06-29 19:53 - 00000980 ____A C:\Users\Simon\Desktop\MUSIC (D-Drive) - Shortcut.lnk
    2012-06-27 22:22 - 2009-07-13 21:13 - 00782742 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-22 23:06 - 2012-06-22 23:06 - 00000904 ____A C:\Users\Public\Desktop\Blender.lnk
    2012-06-20 22:59 - 2012-06-20 22:51 - 00541142 ____A C:\Users\Simon\Desktop\Randdom sketch2.tif
    2012-06-20 06:53 - 2012-06-20 06:46 - 00058227 ____A C:\Windows\DIIUnin.dat
    2012-06-20 06:49 - 2012-06-20 05:23 - 00021840 ___AT C:\Windows\SysWOW64\SIntfNT.dll
    2012-06-20 06:49 - 2012-06-20 05:23 - 00017212 ___AT C:\Windows\SysWOW64\SIntf32.dll
    2012-06-20 06:49 - 2012-06-20 05:23 - 00012067 ___AT C:\Windows\SysWOW64\SIntf16.dll
    2012-06-20 06:48 - 2012-06-20 05:11 - 00001075 ____A C:\Users\UpdatusUser\Desktop\Diablo II - Lord of Destruction.lnk
    2012-06-20 06:46 - 2012-06-20 06:46 - 00094208 ____A (Blizzard Entertainment) C:\Windows\DIIUnin.exe
    2012-06-20 06:46 - 2012-06-20 06:46 - 00002829 ____A C:\Windows\DIIUnin.pif
    2012-06-19 22:43 - 2012-06-19 22:43 - 00001713 ____A C:\Users\Simon\Desktop\The Elder Scrolls V Skyrim.lnk
    2012-06-17 18:25 - 2011-04-06 23:20 - 00583674 ____A C:\Windows\PFRO.log
    2012-06-17 01:30 - 2009-07-13 21:08 - 00032552 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-16 02:23 - 2011-12-21 18:14 - 00000892 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
    2012-06-15 01:13 - 2012-06-15 01:13 - 00001149 ____A C:\Users\Public\Desktop\Autodesk SketchBook Copic Edition.lnk
    2012-06-14 19:53 - 2009-07-13 20:45 - 00442424 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-13 23:43 - 2011-08-06 17:02 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-11 01:46 - 2011-06-18 20:47 - 00125464 ____A C:\Users\Simon\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-06-04 02:34 - 2012-06-04 02:34 - 00000807 ____A C:\Users\Public\Desktop\MuseScore.lnk
    2012-06-03 05:43 - 2012-01-24 14:46 - 00951486 ____A C:\Users\Simon\Downloads\Warriors Orochi 3 - Vertical Node.MP3
    2012-06-03 05:43 - 2012-01-24 00:46 - 01698075 ____A C:\Users\Simon\Downloads\Warriors Orochi 3 - Ryu Hayabusa Theme.MP3
    2012-06-03 05:42 - 2012-02-16 22:38 - 02487211 ____A C:\Users\Simon\Downloads\Parov Stelar - Silent Snow.MP3
    2012-06-03 05:42 - 2012-02-16 22:32 - 02216000 ____A C:\Users\Simon\Downloads\Parov Stelar - Libella Swing.MP3
    2012-06-03 05:42 - 2012-01-27 21:53 - 00976112 ____A C:\Users\Simon\Downloads\Shadow of the Colossus OST Music_ A Despair Filled Farewell ~Battle with the Colossus~.MP3
    2012-06-03 05:41 - 2012-03-03 23:56 - 02066452 ____A C:\Users\Simon\Downloads\Schroeder-Headz - ?boobies-hi?.MP3
    2012-06-02 21:43 - 2012-06-02 21:43 - 00006406 ____A C:\Users\Simon\Documents\EXAM WEEK 2 - Location (Intro - BIS).png
    2012-06-02 21:41 - 2012-06-02 21:41 - 00020667 ____A C:\Users\Simon\Documents\EXAM WEEK 1 - Locations.png
    2012-06-02 14:19 - 2012-06-21 19:30 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-21 19:30 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 19:30 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-21 19:30 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-21 19:30 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-21 19:30 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-21 19:30 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-01 21:19 - 2012-06-21 19:30 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-01 21:15 - 2012-06-21 19:30 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-05-27 20:27 - 2011-04-06 23:51 - 00002318 ____A C:\Windows\System32\AutoRunFilter.ini
    2012-05-27 04:55 - 2012-05-27 04:55 - 00001787 ____A C:\Users\Public\Desktop\Autodesk Maya 2013 64-bit.lnk
    2012-05-27 04:49 - 2011-04-06 23:08 - 00371426 ____A C:\Windows\DirectX.log
    2012-05-27 03:26 - 2012-05-27 03:26 - 00001034 ____A C:\Users\Public\Desktop\Autodesk SketchBookPro 2011.lnk
    2012-05-21 01:12 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
    2012-05-19 02:41 - 2012-05-19 02:41 - 00001016 ____A C:\Users\Simon\Desktop\DOCUMENTS (D-Drive).lnk
    2012-05-19 02:40 - 2012-05-19 02:40 - 00001043 ____A C:\Users\Simon\Desktop\GAMES (D-Drive Folder).lnk
    2012-05-17 18:47 - 2012-06-13 23:37 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-06-13 23:37 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-06-13 23:37 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-06-13 23:37 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-06-13 23:37 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-06-13 23:37 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-06-13 23:37 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-06-13 23:37 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-06-13 23:37 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-06-13 23:37 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-06-13 23:37 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-06-13 23:37 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-06-13 23:37 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-06-13 23:37 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 15:11 - 2012-06-13 23:37 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-06-13 23:37 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-06-13 23:37 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-06-13 23:37 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-06-13 23:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-13 23:37 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-06-13 23:37 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-06-13 23:37 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-06-13 23:37 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-06-13 23:37 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-13 23:37 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-06-13 23:37 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-06-13 23:37 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-06-13 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-14 17:32 - 2012-06-13 23:36 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-08 22:54 - 2012-05-08 22:26 - 00524288 ____A C:\Users\Simon\Documents\Hammer_1(Own).accdb
    2012-05-05 23:03 - 2012-05-05 23:03 - 00001001 ____A C:\Users\UpdatusUser\Desktop\Forsaken World.lnk
    2012-05-05 21:22 - 2012-05-05 21:22 - 00000575 ____A C:\Users\Public\Desktop\BitTorrent.lnk
    2012-05-04 03:06 - 2012-06-13 23:36 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 03:00 - 2012-06-13 23:36 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-05-04 02:03 - 2012-06-13 23:36 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-13 23:36 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-04 01:59 - 2012-06-13 23:36 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2012-04-30 21:40 - 2012-06-13 23:36 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-27 19:55 - 2012-06-13 23:36 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-25 21:41 - 2012-06-13 23:36 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-13 23:36 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-13 23:36 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 19:38 - 2012-04-24 19:38 - 00001016 ____A C:\Users\Simon\Desktop\DOWNLOADS (D-Drive).lnk
    2012-04-23 21:37 - 2012-06-13 23:36 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 21:37 - 2012-06-13 23:36 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 21:37 - 2012-06-13 23:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 20:36 - 2012-06-13 23:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 20:36 - 2012-06-13 23:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 20:36 - 2012-06-13 23:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-20 03:37 - 2012-04-20 03:37 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2012-04-18 02:56 - 2012-04-18 02:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
    2012-04-18 02:56 - 2012-04-18 02:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
    2012-04-16 04:43 - 2012-04-16 04:41 - 989855744 ___AH C:\Users\Simon\Desktop\Lucifer's call.iso
    2012-04-16 04:39 - 2012-04-16 04:37 - 10031422 ____A C:\Users\Simon\Downloads\Playstation-2-Bios-Pack.7z
    2012-04-16 04:36 - 2012-04-16 04:37 - 00048109 ____A C:\Users\Simon\Downloads\1.htm
    2012-04-15 04:43 - 2012-04-15 04:43 - 00286792 ____A C:\Windows\Minidump\041512-101260-01.dmp
    2012-04-15 04:42 - 2012-04-15 04:42 - 738427596 ____N C:\Windows\MEMORY.DMP
    2012-04-07 04:31 - 2012-06-13 23:36 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-04-07 03:26 - 2012-06-13 23:36 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll


    ZeroAccess:
    C:\Windows\Installer\{54b63cbd-d53c-12fe-2892-336914eccaa0}
    C:\Windows\Installer\{54b63cbd-d53c-12fe-2892-336914eccaa0}\@
    C:\Windows\Installer\{54b63cbd-d53c-12fe-2892-336914eccaa0}\L
    C:\Windows\Installer\{54b63cbd-d53c-12fe-2892-336914eccaa0}\n
    C:\Windows\Installer\{54b63cbd-d53c-12fe-2892-336914eccaa0}\U
    C:\Windows\Installer\{54b63cbd-d53c-12fe-2892-336914eccaa0}\U\00000001.@
    C:\Windows\Installer\{54b63cbd-d53c-12fe-2892-336914eccaa0}\U\80000000.@
    C:\Windows\Installer\{54b63cbd-d53c-12fe-2892-336914eccaa0}\U\800000cb.@

    ZeroAccess:
    C:\Users\Simon\AppData\Local\{54b63cbd-d53c-12fe-2892-336914eccaa0}
    C:\Users\Simon\AppData\Local\{54b63cbd-d53c-12fe-2892-336914eccaa0}\@
    C:\Users\Simon\AppData\Local\{54b63cbd-d53c-12fe-2892-336914eccaa0}\L
    C:\Users\Simon\AppData\Local\{54b63cbd-d53c-12fe-2892-336914eccaa0}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 8%
    Total physical RAM: 12199.08 MB
    Available physical RAM: 11219.53 MB
    Total Pagefile: 12197.23 MB
    Available Pagefile: 11216.75 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ======================= Partitions =========================

    1 Drive c: (OS) (Fixed) (Total:149.04 GB) (Free:6.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (DATA) (Fixed) (Total:425.64 GB) (Free:258.08 GB) NTFS
    4 Drive f: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 596 GB 1024 KB
    Disk 1 Online 964 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 21 GB 31 KB
    Partition 2 Primary 149 GB 21 GB
    Partition 0 Extended 425 GB 170 GB
    Partition 3 Logical 425 GB 170 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 1C
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C OS NTFS Partition 149 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D DATA NTFS Partition 425 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 964 MB 0 B

    ==================================================================================

    Disk: 1
    There is no partition selected.

    There is no partition selected.
    Please select a partition and try again.

    ==================================================================================

    ==========================================================

    Last Boot: 2012-06-29 04:06

    ======================= End Of Log ==========================
  4. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
  5. Deus Mantra

    Deus Mantra Newcomer, in training Topic Starter Posts: 30

    Farbar Recovery Scan Tool Version: 01-07-2012 01
    Ran by SYSTEM at 2012-07-03 15:07:15
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2012-07-01 06:44] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
  6. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

    Attached Files:

  7. Deus Mantra

    Deus Mantra Newcomer, in training Topic Starter Posts: 30

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 01-07-2012 01
    Ran by SYSTEM at 2012-07-04 14:18:02 Run:1
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\System32\services.exe.0E2805699D424E47 moved successfully.
    C:\Windows\System32\Drivers\akrgcdsc.sys moved successfully.
    C:\Windows\System32\services.exe.F236A902502C5F27 moved successfully.
    C:\Windows\System32\Drivers\cxwjtyzd.sys moved successfully.
    C:\Windows\System32\services.exe.8A131241BAE56AFE moved successfully.
    C:\Windows\System32\services.exe.EB9C0DDA0961446B moved successfully.
    C:\Windows\System32\Drivers\zlrgwrny.sys moved successfully.
    C:\Users\Simon\AppData\Local\{ECE2D7F2-2988-4C47-A0E1-342DD277CD7B} moved successfully.
    C:\Windows\System32\services.exe.0BB6C7D5C003EA47 moved successfully.
    C:\Windows\System32\services.exe.131946F6E4611A10 moved successfully.
    C:\Windows\System32\services.exe.3731BFBF292929DE moved successfully.
    C:\Windows\System32\services.exe.7BED6034CC233557 moved successfully.
    C:\Windows\System32\services.exe.B4AA0DB6813560EE moved successfully.
    C:\Windows\System32\services.exe.7403DA2E277B3B8A moved successfully.
    C:\Windows\System32\services.exe.FB2A0FEA3B89F9E1 moved successfully.
    C:\Windows\System32\services.exe.118BA8028F3D8461 moved successfully.
    C:\Windows\Installer\{54b63cbd-d53c-12fe-2892-336914eccaa0} moved successfully.
    C:\Users\Simon\AppData\Local\{54b63cbd-d53c-12fe-2892-336914eccaa0} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
  8. Deus Mantra

    Deus Mantra Newcomer, in training Topic Starter Posts: 30

    I'll post the contents of the combofix.txt soon
  9. Deus Mantra

    Deus Mantra Newcomer, in training Topic Starter Posts: 30

    ComboFix 12-07-02.01 - Simon 04/07/2012 14:33:00.1.8 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.12199.9557 [GMT 10:00]
    Running from: d:\program files (d-drive)\DOWNLOADS (D-Drive)\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\FullRemove.exe
    D:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-03 22:41 . 2012-07-03 22:41 -------- d-----w- C:\FRST
    2012-07-01 14:00 . 2012-07-01 14:50 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1871F2A3-F109-4041-A6ED-43812AA7F11E}\offreg.dll
    2012-07-01 13:49 . 2012-07-01 13:49 -------- d-----w- c:\users\Simon\AppData\Roaming\SUPERAntiSpyware.com
    2012-07-01 13:48 . 2012-07-01 13:49 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-07-01 13:48 . 2012-07-01 13:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-07-01 13:26 . 2012-02-09 04:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B896D988-7190-4CAB-90B1-6C0BF0E0CDCB}\gapaengine.dll
    2012-07-01 13:26 . 2012-06-17 17:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1871F2A3-F109-4041-A6ED-43812AA7F11E}\mpengine.dll
    2012-07-01 13:22 . 2012-07-01 13:22 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-07-01 13:22 . 2012-07-01 13:22 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-01 02:31 . 2012-07-01 02:31 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-06-24 10:11 . 2012-06-24 10:11 -------- d-----w- c:\users\Simon\AppData\Roaming\Blender Foundation
    2012-06-23 07:09 . 2012-06-23 07:09 -------- d-----w- c:\users\Simon\.thumbnails
    2012-06-22 03:30 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-22 03:30 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-22 03:30 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-22 03:30 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-22 03:30 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-22 03:30 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-22 03:30 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-22 03:30 . 2012-06-02 05:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-22 03:30 . 2012-06-02 05:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-20 14:46 . 2012-06-20 14:46 2829 ----a-w- c:\windows\DIIUnin.pif
    2012-06-20 14:46 . 2012-06-20 14:46 94208 ----a-w- c:\windows\DIIUnin.exe
    2012-06-20 13:23 . 2012-06-20 14:49 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
    2012-06-20 13:23 . 2012-06-20 14:49 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
    2012-06-20 13:23 . 2012-06-20 14:49 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
    2012-06-20 06:40 . 2012-06-20 06:40 -------- d-----w- c:\program files\NTCore
    2012-06-18 12:19 . 2012-06-18 12:19 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-18 12:19 . 2012-06-18 12:19 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-18 12:18 . 2012-06-24 12:29 -------- d-----w- c:\program files (x86)\1ClickDownload
    2012-06-17 09:46 . 2012-06-17 09:46 -------- d-----w- c:\programdata\Premium
    2012-06-17 09:46 . 2012-06-17 09:46 -------- d-----w- c:\programdata\InstallMate
    2012-06-14 07:36 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-14 07:34 . 2012-06-14 07:34 -------- d-----w- c:\users\Simon\AppData\Local\Macromedia
    2012-06-13 08:55 . 2012-06-13 08:58 -------- d-----w- c:\users\Simon\AppData\Local\Temporary Projects
    2012-06-04 10:34 . 2012-06-04 10:34 -------- d-----w- c:\users\Simon\AppData\Roaming\MusE
    2012-06-04 10:34 . 2012-06-04 10:34 -------- d-----w- c:\users\Simon\AppData\Local\MusE
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-04 04:41 . 2011-06-19 04:45 45056 ----a-w- c:\windows\system32\acovcnt.exe
    2012-07-01 02:27 . 2012-04-10 05:49 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-01 02:27 . 2012-02-05 23:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-30 11:58 . 2011-09-30 21:28 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-06-30 11:58 . 2011-09-30 21:24 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-06-30 11:58 . 2011-09-30 21:24 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-04-18 10:56 . 2012-04-18 10:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2012-04-18 10:56 . 2012-04-18 10:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"= "c:\program files (x86)\WinZipBar\prxtbWinZ.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
    2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\WinZipBar\prxtbWinZ.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"= "c:\program files (x86)\WinZipBar\prxtbWinZ.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-25 1242448]
    "Akamai NetSession Interface"="c:\users\Simon\AppData\Local\Akamai\netsession_win.exe" [2012-05-25 4327744]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-26 4787072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 37888]
    "SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
    "VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-13 21504]
    "RemoteControl10"="c:\program files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
    "UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-11-17 222504]
    "DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2011-03-21 248320]
    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "MessengerPlusForSkypeService"="c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2012-01-23 124832]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-7 548528]
    FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-4-7 12862]
    SketchBook Snapshot.lnk - d:\program files (d-drive)\Autodesk\Sketchbook Pro\SketchBookSnapshot.exe [2010-9-8 721408]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "midi1"=bassmididrv.dll
    "midi4"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-07 135664]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 257224]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-08-11 44032]
    R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
    R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\Drivers\CYUSB.sys [2009-08-10 47104]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-05-27 1432400]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-07 135664]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 RDID1093;UM-1G;c:\windows\system32\Drivers\rdwm1093.sys [2009-09-18 81920]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-07 1255736]
    R3 X6va005;X6va005;c:\users\Simon\AppData\Local\Temp\005E2CF.tmp [x]
    R3 X6va006;X6va006;c:\users\Simon\AppData\Local\Temp\0067EF0.tmp [x]
    R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-03-01 28992]
    S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
    S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Atheros\Ath_CoexAgent.exe [2010-05-24 151552]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Atheros\Bluetooth Suite\adminservice.exe [2010-11-26 52896]
    S2 MsgPlusService;Messenger Plus! Service;c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-01-23 124832]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
    S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
    S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-11-26 36000]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-11-26 298144]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-11-26 28832]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-11-26 201376]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-11-26 55456]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-11-26 154272]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-01-24 283136]
    S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-03-23 12032]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-09-08 129024]
    S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-11-19 210944]
    S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2010-11-19 49664]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 333928]
    S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 02:27]
    .
    2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-07 07:05]
    .
    2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-07 07:05]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
    @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
    [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
    2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
    @="{64174815-8D98-4CE6-8646-4C039977D808}"
    [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
    2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-16 2277992]
    "AtherosBtStack"="c:\program files (x86)\Atheros\Bluetooth Suite\BtvStack.exe" [2010-11-26 613536]
    "AthBtTray"="c:\program files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe" [2010-11-26 379040]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3106777
    mStart Page = hxxp://asus.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\n63ef001.default\
    FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
    Wow6432Node-HKLM-Run-SessionLogon - c:\expressgateutil\SessionLogon.exe
    Toolbar-Locked - (no file)
    WebBrowser-{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - (no file)
    HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
    HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
    AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
    AddRemove-Guitar Pro 5_is1 - h:\guitar pro 5\unins000.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\Simon\AppData\Local\Temp\005E2CF.tmp"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
    "ImagePath"="\??\c:\users\Simon\AppData\Local\Temp\0067EF0.tmp"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
    "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-04 14:47:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-04 04:47
    .
    Pre-Run: 6,388,031,488 bytes free
    Post-Run: 7,768,498,176 bytes free
    .
    - - End Of File - - 0ECE0363C8062B5EFFE412710E489788
  10. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Looks good :)

    Any current issues?

    =============================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ===============================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  11. Deus Mantra

    Deus Mantra Newcomer, in training Topic Starter Posts: 30

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.04.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Simon :: SIMON-LAPTOP [administrator]

    4/07/2012 3:53:50 PM
    mbam-log-2012-07-04 (15-53-50).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 232029
    Time elapsed: 4 minute(s), 7 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  12. Deus Mantra

    Deus Mantra Newcomer, in training Topic Starter Posts: 30

    OTL logfile created on: 7/4/2012 4:03:16 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Simon\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    11.91 Gb Total Physical Memory | 9.37 Gb Available Physical Memory | 78.66% Memory free
    23.82 Gb Paging File | 21.07 Gb Available in Paging File | 88.42% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 149.04 Gb Total Space | 7.04 Gb Free Space | 4.72% Space Free | Partition Type: NTFS
    Drive D: | 425.64 Gb Total Space | 260.80 Gb Free Space | 61.27% Space Free | Partition Type: NTFS

    Computer Name: SIMON-LAPTOP | User Name: Simon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/02 00:45:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
    PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Simon\AppData\Local\Akamai\netsession_win.exe
    PRC - [2012/02/27 13:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
    PRC - [2012/02/17 10:19:48 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2012/01/23 10:39:49 | 000,124,832 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
    PRC - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/07/12 07:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
    PRC - [2011/04/15 04:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
    PRC - [2011/04/07 17:51:23 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
    PRC - [2011/03/22 04:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
    PRC - [2010/12/21 11:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/21 11:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/11/17 03:33:06 | 000,965,728 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    PRC - [2010/10/08 07:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    PRC - [2010/10/08 02:43:00 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    PRC - [2010/09/24 09:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    PRC - [2010/09/08 07:22:30 | 000,721,408 | ---- | M] (Autodesk Inc) -- D:\Program Files (D-Drive)\Autodesk\Sketchbook Pro\SketchBookSnapshot.exe
    PRC - [2010/08/21 11:47:58 | 000,077,312 | ---- | M] () -- C:\ExpressGateUtil\VAWinService.exe
    PRC - [2010/08/18 07:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    PRC - [2010/08/13 10:52:16 | 000,021,504 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe
    PRC - [2010/07/20 05:26:00 | 000,370,480 | ---- | M] (syncables, LLC) -- C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
    PRC - [2010/07/20 05:26:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
    PRC - [2010/07/10 15:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
    PRC - [2010/05/25 08:44:48 | 000,151,552 | ---- | M] (Atheros) -- C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe
    PRC - [2010/04/28 07:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
    PRC - [2010/02/03 17:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    PRC - [2009/12/16 03:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    PRC - [2009/11/03 07:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    PRC - [2009/06/20 03:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    PRC - [2009/06/20 03:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    PRC - [2009/06/16 10:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    PRC - [2008/12/23 10:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    PRC - [2008/08/14 14:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    PRC - [2007/12/20 04:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
    PRC - [2007/12/01 04:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/04/27 21:37:02 | 000,061,440 | ---- | M] () -- C:\Windows\SysWOW64\bassmididrv.dll
    MOD - [2011/04/15 04:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
    MOD - [2011/03/22 04:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
    MOD - [2010/09/24 09:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    MOD - [2010/08/13 10:52:16 | 000,021,504 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe
    MOD - [2010/04/28 07:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
    MOD - [2009/11/03 07:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
    MOD - [2009/11/03 07:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
    MOD - [2007/12/01 04:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/05/27 22:55:03 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/08/12 09:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2010/12/01 06:19:52 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
    SRV:64bit: - [2010/09/23 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/04/17 09:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R)
    SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2008/07/30 06:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
    SRV - [2012/07/01 12:27:20 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/06/20 17:01:39 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/06/18 22:19:40 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/03/19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel(R)
    SRV - [2012/03/01 10:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/02/17 10:19:48 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012/01/23 10:39:49 | 000,124,832 | ---- | M] (Yuna Software) [Auto | Running] -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService)
    SRV - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010/12/21 11:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2010/12/21 11:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2010/11/26 13:29:54 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Atheros\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
    SRV - [2010/08/21 11:47:58 | 000,077,312 | ---- | M] () [Auto | Running] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService)
    SRV - [2010/05/25 08:44:48 | 000,151,552 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
    SRV - [2010/03/19 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/12/16 03:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
    SRV - [2009/06/16 10:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
    SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
  13. Deus Mantra

    Deus Mantra Newcomer, in training Topic Starter Posts: 30

    OTL.txt (Continued...)
    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/03/01 10:02:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
    DRV:64bit: - [2011/10/08 04:49:50 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2011/07/23 02:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/13 07:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/24 23:31:10 | 000,283,136 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
    DRV:64bit: - [2011/01/16 02:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
    DRV:64bit: - [2010/12/17 08:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2010/11/26 13:30:12 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
    DRV:64bit: - [2010/11/26 13:30:12 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
    DRV:64bit: - [2010/11/26 13:30:12 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
    DRV:64bit: - [2010/11/26 13:30:12 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
    DRV:64bit: - [2010/11/26 13:30:12 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
    DRV:64bit: - [2010/11/26 13:30:10 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
    DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 21:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 09:25:40 | 000,210,944 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3)
    DRV:64bit: - [2010/11/20 09:25:40 | 000,049,664 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) Fresco Logic xHCI (USB3)
    DRV:64bit: - [2010/11/06 01:45:47 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/10/20 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/10/15 02:28:15 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2010/10/01 17:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
    DRV:64bit: - [2010/09/08 21:39:31 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2010/08/11 16:11:25 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
    DRV:64bit: - [2010/06/23 11:31:11 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/04/17 09:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2010/03/24 09:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
    DRV:64bit: - [2009/09/18 17:44:00 | 000,081,920 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rdwm1093.sys -- (RDID1093)
    DRV:64bit: - [2009/08/11 08:25:32 | 000,047,104 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CYUSB.sys -- (CYUSB)
    DRV:64bit: - [2009/07/20 19:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
    DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 10:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
    DRV:64bit: - [2009/06/11 06:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
    DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/04/09 08:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2008/05/24 10:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2010/07/27 06:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
    DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/03 10:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE - HKLM\..\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1462070027-3645743796-4251045998-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3106777
    IE - HKU\S-1-5-21-1462070027-3645743796-4251045998-1001\..\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1462070027-3645743796-4251045998-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1462070027-3645743796-4251045998-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1462070027-3645743796-4251045998-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/18 22:19:42 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/29 17:03:21 | 000,000,000 | ---D | M]

    [2011/08/07 10:23:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\Mozilla\Extensions
    [2012/07/01 12:19:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\n63ef001.default\extensions
    [2012/05/30 15:33:14 | 000,000,000 | ---D | M] (WinZipBar Community Toolbar) -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\n63ef001.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}
    [2012/06/18 22:19:34 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\n63ef001.default\extensions\OneClickDownload@OneClickDownload.com
    [2012/03/19 21:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/02/13 07:45:02 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\SIMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63EF001.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
    [2012/07/01 12:19:44 | 000,216,376 | ---- | M] () (No name found) -- C:\USERS\SIMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63EF001.DEFAULT\EXTENSIONS\ONECLICKDOWNLOADER@ONECLICKDOWNLOADER.COM.XPI
    [2012/06/18 22:19:41 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/02/22 12:08:00 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2011/07/12 07:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
    [2012/06/18 22:19:37 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/06/18 22:19:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/06/18 22:19:37 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/06/18 22:19:37 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/06/18 22:19:37 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
    [2012/06/18 22:19:37 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2012/07/04 14:41:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
    O2 - BHO: (WinZipBar Toolbar) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (WinZipBar Toolbar) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1462070027-3645743796-4251045998-1001\..\Toolbar\WebBrowser: (WinZipBar Toolbar) - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
    O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
    O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
    O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
    O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
    O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
    O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
    O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
    O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
    O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
    O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus)
    O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe ()
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
    O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
    O4 - HKU\S-1-5-21-1462070027-3645743796-4251045998-1001..\Run: [Akamai NetSession Interface] C:\Users\Simon\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
    O4 - HKU\S-1-5-21-1462070027-3645743796-4251045998-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - HKU\S-1-5-21-1462070027-3645743796-4251045998-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKU\S-1-5-21-1462070027-3645743796-4251045998-1001..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\syncables.exe (syncables, LLC)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1462070027-3645743796-4251045998-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1462070027-3645743796-4251045998-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
    O7 - HKU\S-1-5-21-1462070027-3645743796-4251045998-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18D7F6B2-27A3-48EC-ADA5-2633E79CEB99}: DhcpNameServer = 123.254.115.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3F9ECB0-FDA7-43A8-B004-D8BE0FFCEE43}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
  14. Deus Mantra

    Deus Mantra Newcomer, in training Topic Starter Posts: 30

    OTL.txt (continued again...)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/04 16:01:30 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
    [2012/07/04 15:53:11 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Malwarebytes
    [2012/07/04 15:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/04 15:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/04 15:53:02 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/04 15:53:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/04 15:39:45 | 000,000,000 | R--D | C] -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    [2012/07/04 14:54:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/04 14:47:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/04 14:31:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/04 14:31:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/04 14:31:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/04 14:31:48 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/04 14:31:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/04 14:24:27 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{CE02D4CF-057C-4BB9-8C71-D82122BF84AE}
    [2012/07/04 08:41:42 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/01 23:49:06 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\SUPERAntiSpyware.com
    [2012/07/01 23:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/07/01 23:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012/07/01 23:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/07/01 23:22:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/07/01 23:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/07/01 12:31:00 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
    [2012/07/01 12:19:05 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{CA9D0E40-14EA-43A3-A419-DE664360FBFD}
    [2012/07/01 12:18:52 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{A9A1911F-6209-4131-979D-CC584E9FEEB1}
    [2012/06/30 13:03:58 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{00492D94-5B49-4C67-A004-4EFAD42B8A48}
    [2012/06/30 13:03:45 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{3A286414-B58D-4E50-B4FD-8FB1F7AF52A4}
    [2012/06/29 12:52:25 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{6682D541-A7DB-4004-BFC9-99EF3A2C29EB}
    [2012/06/28 13:04:21 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{E68958E3-52DD-4839-A9F1-9A77EAFD4E42}
    [2012/06/28 13:04:08 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{0C4ACFB1-1BC4-4385-BE4B-E0DD68A04C77}
    [2012/06/27 13:39:41 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{5EC9BCC0-B08E-4840-BED2-65E346CD7AA1}
    [2012/06/27 13:39:29 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{6622D1E4-BF97-4DFA-BEB9-D8D22B02CF1A}
    [2012/06/26 15:46:35 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{B45296F7-ECED-4279-99C4-3B73B63D43C0}
    [2012/06/26 15:46:23 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{46B4E834-4B30-4067-9CC8-B53A188A1ABF}
    [2012/06/25 14:10:43 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{0ADA2B3B-B1C4-4DB4-A1A0-B82DF83E2475}
    [2012/06/25 14:10:30 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{5D57473C-55D7-4F34-91AA-A05BE5051D89}
    [2012/06/24 20:11:40 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Blender Foundation
    [2012/06/24 15:32:27 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{CF831655-922D-4610-984E-F74F4876978F}
    [2012/06/24 15:32:15 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{D3C0583D-2038-47E0-81F6-14F5A043E128}
    [2012/06/23 17:09:07 | 000,000,000 | ---D | C] -- C:\Users\Simon\.thumbnails
    [2012/06/23 17:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
    [2012/06/23 12:03:17 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{0D5A5598-6D8B-4183-A6AF-AED0A83D05E6}
    [2012/06/23 12:03:05 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{04EF851B-37E8-47E9-AEBA-8394FB003E8B}
    [2012/06/22 13:26:16 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{5CA5CF86-342D-445C-B07F-1159D1037112}
    [2012/06/22 13:26:03 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{D31385C6-591F-41C8-882D-4E6284381512}
    [2012/06/21 12:57:48 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{045DAD97-CD07-4177-9190-050C00D9918F}
    [2012/06/21 12:57:35 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{76B1975A-2133-40BD-B072-93DEA8769F14}
    [2012/06/21 00:54:59 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{231F5F88-20BE-4A94-80D9-59BA3C12394A}
    [2012/06/21 00:54:47 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{D2774CF5-2E08-45FA-BC7D-4668AB8BDB73}
    [2012/06/21 00:48:44 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo II
    [2012/06/21 00:46:20 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
    [2012/06/20 23:03:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
    [2012/06/20 16:40:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Explorer Suite Signatures
    [2012/06/20 16:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Explorer Suite
    [2012/06/20 16:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\NTCore
    [2012/06/20 12:53:43 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{6788261A-18B0-48BF-B4A7-6FE5F13E811D}
    [2012/06/20 12:53:30 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{DD8BABD0-4491-4284-93C7-7FDA6F090D5A}
    [2012/06/19 13:06:53 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{C310C55A-341E-44BA-9232-62313573B4E2}
    [2012/06/19 13:06:40 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{B3AC5BCA-A560-4968-8E4A-F5FD9390209D}
    [2012/06/19 00:28:48 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{B99C3EB4-0A14-4795-A50E-8E1AD3D1B431}
    [2012/06/18 22:18:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload
    [2012/06/18 16:33:34 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ControlMK
    [2012/06/18 16:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ControlMK
    [2012/06/18 12:28:23 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{A84BE64F-43E5-4A6B-B42B-3AA5CB631DC3}
    [2012/06/17 22:38:56 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    [2012/06/17 22:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
    [2012/06/17 19:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
    [2012/06/17 19:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
    [2012/06/17 19:32:14 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{81EB61B4-BE38-45FC-A16B-E04E9EF8BD5E}
    [2012/06/16 13:37:21 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{3DFDF2CB-3171-4DD7-934B-20F4EAF65AAA}
    [2012/06/15 13:55:02 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{2FCA472A-6E31-48A8-835A-8C5641CFDA66}
    [2012/06/14 17:34:30 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\Macromedia
    [2012/06/14 17:31:11 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{740453C2-3E96-4686-9AF4-8A1534DE9354}
    [2012/06/14 17:30:59 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{76C08A89-1445-49EC-80FF-F3387004640E}
    [2012/06/13 18:55:49 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\Temporary Projects
    [2012/06/13 13:31:47 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{4B8B13C0-AA5D-468B-B008-E5E573C0B66F}
    [2012/06/13 13:31:34 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{FF07121B-EFC2-4E87-8CD9-F5855AB22553}
    [2012/06/12 13:07:15 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{1109AA84-55C2-41BB-9D1C-3699FD2BD7BD}
    [2012/06/12 13:07:02 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{E4BC1DA5-2D16-409F-913E-558192043D23}
    [2012/06/12 00:48:28 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{49EA3B8E-F877-440D-940B-E3A85E670408}
    [2012/06/12 00:48:16 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{FC6883F1-089C-4955-86B7-7672ABB0013B}
    [2012/06/11 20:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 5
    [2012/06/11 12:47:39 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{969D72E3-4F81-4B3C-ADEF-953882EC5BED}
    [2012/06/11 12:47:27 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{529832C7-7E59-4437-B1C4-304ECF5FC77B}
    [2012/06/10 13:19:53 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{828933AA-FD7A-42C6-9C78-6087C2CE3EB1}
    [2012/06/10 13:19:40 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{F3A52EB8-DB64-427F-ADD1-EE16B9FA2FF0}
    [2012/06/09 13:32:59 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{817808F2-C7DF-4E18-A73F-59FFE169A9C8}
    [2012/06/09 13:32:46 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{12E2AF37-CF10-4F24-AF7C-453EC7655151}
    [2012/06/08 17:44:42 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{E3001039-B1B4-4654-AD75-0240FA6E4214}
    [2012/06/08 17:44:30 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{DE77C0FE-6EDB-4C24-A11E-30370D21A72A}
    [2012/06/07 20:37:46 | 000,000,000 | ---D | C] -- C:\Users\Simon\Documents\RMIT Uni Stuff
    [2012/06/07 13:26:00 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{7D0D6D6C-9DDC-473A-A151-996C32F43F89}
    [2012/06/07 13:25:48 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{24FDA383-927B-46CE-9936-1F2786995D17}
    [2012/06/06 14:00:18 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{3FD686E0-F428-4A84-A42F-80FF1EF3DFF8}
    [2012/06/06 14:00:06 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{949A3261-D785-43E0-AAAA-A514116E2273}
    [2012/06/05 13:15:30 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{5FD3481E-B816-4AE2-B10E-22575C656491}
    [2012/06/04 23:13:01 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{78511D4E-74C9-4EA0-86EC-E00100AA5495}
    [2012/06/04 23:12:50 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{8E47266C-B7BF-4D3D-A7A4-B970A355510D}
    [2012/06/04 20:34:24 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\MusE
    [2012/06/04 20:34:23 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\MusE
    [2012/06/04 20:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MuseScore
    [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/04 15:53:07 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/04 15:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/04 15:51:50 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/04 15:51:50 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/04 15:39:40 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
    [2012/07/04 15:39:40 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
    [2012/07/04 15:39:39 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/04 15:39:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/04 15:38:57 | 1003,810,814 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/04 14:50:30 | 000,782,568 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/04 14:50:30 | 000,667,136 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/04 14:50:30 | 000,126,740 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/04 14:41:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/04 14:32:11 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/02 22:16:50 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/07/02 00:45:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
    [2012/07/01 23:52:38 | 000,001,390 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
    [2012/07/01 23:48:48 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/07/01 23:22:55 | 000,788,414 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/01 17:41:42 | 002,020,182 | ---- | M] () -- C:\Users\Simon\Desktop\IMG_20120701_171156.jpg
    [2012/07/01 17:09:52 | 001,107,494 | ---- | M] () -- C:\Users\Simon\Desktop\IMG_20120701_170952.jpg
    [2012/06/30 22:53:13 | 001,118,961 | ---- | M] () -- C:\Users\Simon\Desktop\IMG_20120630_225313.jpg
    [2012/06/30 21:58:23 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2012/06/30 21:58:23 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/06/30 21:58:08 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
    [2012/06/30 13:53:51 | 000,000,980 | ---- | M] () -- C:\Users\Simon\Desktop\MUSIC (D-Drive) - Shortcut.lnk
    [2012/06/23 17:06:55 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Blender.lnk
    [2012/06/21 16:59:58 | 000,541,142 | ---- | M] () -- C:\Users\Simon\Desktop\Randdom sketch2.tif
    [2012/06/21 00:53:53 | 000,058,227 | ---- | M] () -- C:\Windows\DIIUnin.dat
    [2012/06/21 00:49:57 | 000,021,840 | ---- | M] () -- C:\Windows\SysWow64\SIntfNT.dll
    [2012/06/21 00:49:57 | 000,017,212 | ---- | M] () -- C:\Windows\SysWow64\SIntf32.dll
    [2012/06/21 00:49:57 | 000,012,067 | ---- | M] () -- C:\Windows\SysWow64\SIntf16.dll
    [2012/06/21 00:46:21 | 000,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
    [2012/06/21 00:46:20 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
    [2012/06/20 16:43:26 | 000,001,713 | ---- | M] () -- C:\Users\Simon\Desktop\The Elder Scrolls V Skyrim.lnk
    [2012/06/16 20:23:28 | 000,000,892 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
    [2012/06/15 19:13:13 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk SketchBook Copic Edition.lnk
    [2012/06/15 19:13:11 | 000,001,917 | ---- | M] () -- C:\Users\Simon\Application Data\Microsoft\Internet Explorer\Quick Launch\SketchBook Copic Edition.lnk
    [2012/06/15 13:53:05 | 000,442,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/06/04 20:34:23 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\MuseScore.lnk
    [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/04 15:53:07 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/04 14:31:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/04 14:31:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/04 14:31:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/04 14:31:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/04 14:31:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/01 23:48:48 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/07/01 23:22:57 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/07/01 18:39:14 | 001,118,961 | ---- | C] () -- C:\Users\Simon\Desktop\IMG_20120630_225313.jpg
    [2012/07/01 17:39:29 | 001,107,494 | ---- | C] () -- C:\Users\Simon\Desktop\IMG_20120701_170952.jpg
    [2012/07/01 17:39:14 | 002,020,182 | ---- | C] () -- C:\Users\Simon\Desktop\IMG_20120701_171156.jpg
    [2012/06/30 13:53:51 | 000,000,980 | ---- | C] () -- C:\Users\Simon\Desktop\MUSIC (D-Drive) - Shortcut.lnk
    [2012/06/23 17:06:55 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\Blender.lnk
    [2012/06/21 16:51:07 | 000,541,142 | ---- | C] () -- C:\Users\Simon\Desktop\Randdom sketch2.tif
    [2012/06/21 00:46:22 | 000,058,227 | ---- | C] () -- C:\Windows\DIIUnin.dat
    [2012/06/21 00:46:21 | 000,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif
    [2012/06/20 23:23:43 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
    [2012/06/20 23:23:43 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
    [2012/06/20 23:23:43 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
    [2012/06/20 16:43:26 | 000,001,713 | ---- | C] () -- C:\Users\Simon\Desktop\The Elder Scrolls V Skyrim.lnk
    [2012/06/15 19:13:13 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk SketchBook Copic Edition.lnk
    [2012/06/15 19:13:11 | 000,001,917 | ---- | C] () -- C:\Users\Simon\Application Data\Microsoft\Internet Explorer\Quick Launch\SketchBook Copic Edition.lnk
    [2012/06/04 20:34:23 | 000,000,807 | ---- | C] () -- C:\Users\Public\Desktop\MuseScore.lnk
    [2012/03/19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2012/03/19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2012/02/14 18:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2012/02/14 18:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2012/01/05 15:30:06 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2011/10/01 07:24:10 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2011/10/01 07:24:09 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2011/09/19 17:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
    [2011/09/19 17:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
    [2011/09/18 05:53:39 | 000,067,959 | ---- | C] () -- C:\Windows\SysWow64\bassmididrvuninstall.exe
    [2011/09/06 15:01:16 | 000,788,414 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/08/07 12:26:10 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
    [2011/04/27 21:37:44 | 000,210,432 | ---- | C] () -- C:\Windows\SysWow64\bassmididrvcfg.exe
    [2011/04/27 21:37:02 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\bassmididrv.dll
    [2010/11/28 23:21:29 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
  15. Deus Mantra

    Deus Mantra Newcomer, in training Topic Starter Posts: 30

    OTL.txt (remaining contents of report)

    ========== LOP Check ==========

    [2012/06/20 20:45:33 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\.minecraft
    [2011/06/19 15:04:07 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Asus WebStorage
    [2012/06/15 19:13:53 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Autodesk
    [2011/11/21 17:24:02 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\BANDISOFT
    [2012/06/23 17:31:04 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\BitTorrent
    [2012/06/24 20:11:40 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Blender Foundation
    [2012/03/01 11:39:40 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\e-academy Inc
    [2011/09/22 15:04:38 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\fltk.org
    [2012/01/14 14:31:38 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\LEGO Company
    [2012/03/01 14:55:33 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\MakeMusic
    [2012/06/04 20:34:24 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\MusE
    [2012/05/20 00:41:51 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Narcissu Side 2nd
    [2011/08/07 12:29:41 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Nuance
    [2011/10/27 13:15:31 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Origin
    [2012/05/19 22:53:14 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Ponscripter
    [2011/08/07 10:39:31 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Razer
    [2012/01/26 12:34:15 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\RenPy
    [2012/05/16 21:13:51 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\SQLyog
    [2012/06/11 19:54:32 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Synthesia
    [2011/09/02 09:34:46 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\SystemRequirementsLab
    [2012/02/23 15:38:13 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\YCanPDF
    [2011/08/07 12:29:37 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Zeon
    [2012/06/17 19:30:00 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D20FFA63

    < End of report >
  16. Deus Mantra

    Deus Mantra Newcomer, in training Topic Starter Posts: 30

    OTL Extras logfile created on: 7/4/2012 4:03:16 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Simon\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    11.91 Gb Total Physical Memory | 9.37 Gb Available Physical Memory | 78.66% Memory free
    23.82 Gb Paging File | 21.07 Gb Available in Paging File | 88.42% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 149.04 Gb Total Space | 7.04 Gb Free Space | 4.72% Space Free | Partition Type: NTFS
    Drive D: | 425.64 Gb Total Space | 260.80 Gb Free Space | 61.27% Space Free | Partition Type: NTFS

    Computer Name: SIMON-LAPTOP | User Name: Simon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1462070027-3645743796-4251045998-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{51C36A60-8384-41B0-A67C-BCD5D58A8395}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
    "TCP Query User{66FE0A41-0316-4490-A952-0A0CEC592B76}C:\users\simon\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\simon\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{85070736-E1A8-41C0-9BF0-839CA4679A98}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
    "UDP Query User{44EEE2BC-4D4B-45AD-A1C6-96886D7651B9}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
    "UDP Query User{BC5F749E-9F76-4FB4-A4CB-02D170ADB848}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
    "UDP Query User{E1EFC591-300A-4AD2-8D0D-C63391EC2B2D}C:\users\simon\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\simon\appdata\local\akamai\netsession_win.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
    "{02E5BCCA-317C-418F-9E06-42526E050829}" = Windows Live Family Safety
    "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
    "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
    "{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
    "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
    "{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64
    "{2F808931-D235-4FC7-90CD-F8A890C97B2F}" = Composite 2013 64-bit
    "{324297F8-2898-454B-9AC4-07050AEB35B3}" = Autodesk DirectConnect 2013 64-bit
    "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
    "{45C1C61B-9DA9-4B61-8C89-C76B1746C3AA}" = Fresco Logic USB3.0 Host Controller
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5B77A046-DAD6-4F19-A8B9-4E5B3EAD2C24}" = Autodesk MatchMover 2013 64-bit
    "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
    "{698EAE05-09DE-47D0-9586-29E41A0934DD}" = Windows Live Family Safety
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8832CAA2-4934-4916-A8BF-A9A51C6B58B3}" = Windows Live Family Safety
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
    "{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.11
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
    "{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
    "{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety
    "{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
    "{FC7084CE-5090-4770-8B5B-CA3125526F0D}" = Autodesk Maya 2013 64-bit
    "{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
    "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
    "Autodesk DirectConnect 2013 64-bit" = Autodesk DirectConnect 2013 64-bit
    "Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit" = Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit
    "Autodesk Maya 2013 64-bit" = Autodesk Maya 2013 64-bit
    "Blender" = Blender
    "Elantech" = ETDWare PS/2-x64 7.0.5.16_WHQL
    "Explorer Suite_is1" = Explorer Suite III
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
    "RolandRDID0093" = UM-1G Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
    "{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
    "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
    "{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
    "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
    "{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = SonicMaster
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
    "{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
    "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros WLAN and Bluetooth Client Installation Program
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
    "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
    "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
    "{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger
    "{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
    "{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
    "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
    "{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
    "{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2013.0.0
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
    "{499DED08-6FA8-4749-8E94-8526CC9D1CA8}" = ExpressGate Cloud
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
    "{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
    "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
    "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
    "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
    "{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
    "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
    "{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
    "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
    "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
    "{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
    "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
    "{7F061FA8-5A87-4758-876B-17EE28B358D0}" = Messenger 浏览器插件
    "{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
    "{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
    "{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
    "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
    "{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
    "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
    "{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
    "{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
    "{C28422FB-F2CD-427A-ADED-9F281745CDB2}" = Secure Download Manager
    "{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
    "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
    "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
    "{E655DDFC-24DB-4FC3-8474-271E911309B4}_is1" = Elsword version 1.35
    "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
    "{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
    "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
    "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
    "{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
    "{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
    "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
    "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
    "{F0B27584-72DD-4CED-A329-57C7F91586C0}" = Autodesk SketchBookPro 2011
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{F992409C-9D10-4AE2-BAEB-B5409AD3785E}" = 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)
    "{FA82D553-7A07-43A4-98E8-14C62402A4F2}" = Autodesk SketchBook Copic Edition
    "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "1ClickDownload" = 1ClickDownloader
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Aika Online: Epic II" = Aika Online: Epic II
    "Asus Vibe2.0" = AsusVibe2.0
    "ASUS WebStorage" = ASUS WebStorage
    "ASUS_Screensaver" = ASUS_Screensaver
    "BandiMPEG1" = Bandisoft MPEG-1 Decoder
    "BASSMIDI System Synth" = BASSMIDI System Synth
    "Battlelog Web Plugins" = Battlelog Web Plugins
    "BitTorrent" = BitTorrent
    "Bookworm Deluxe" = Bookworm Deluxe
    "Company of Heroes" = Company of Heroes
    "ControlMK" = ControlMK 0.232
    "Cooking Dash" = Cooking Dash
    "Diablo II" = Diablo II
    "Eastern Front" = Eastern Front
    "ESN Sonar-0.70.0" = ESN Sonar
    "ESN Sonar-0.70.4" = ESN Sonar
    "Finale NotePad 2012" = Finale NotePad 2012
    "Google Chrome" = Google Chrome
    "Governor of Poker" = Governor of Poker
    "Guitar Pro 5_is1" = Guitar Pro 5.2
    "Hotel Dash Suite Success" = Hotel Dash Suite Success
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "InstallShield_{499DED08-6FA8-4749-8E94-8526CC9D1CA8}" = ExpressGate Cloud
    "InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
    "Jewel Quest 3" = Jewel Quest 3
    "jZip" = jZip
    "Katawa Shoujo" = Katawa Shoujo
    "Luxor 3" = Luxor 3
    "Mahjongg dimensions" = Mahjongg dimensions
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "MapleStory" = MapleStory
    "Messenger Plus!" = Messenger Plus! 5
    "Messenger Plus! for Skype" = Messenger Plus! for Skype
    "Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
    "Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
    "Mozilla Firefox 13.0.1 (x86 en-GB)" = Mozilla Firefox 13.0.1 (x86 en-GB)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MuseScore" = MuseScore 1.2 MuseScore score typesetter
    "New LEGO Digital Designer" = LEGO Digital Designer
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Origin" = Origin
    "pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
    "PDFZilla_is1" = PDFZilla V1.2.9
    "Plants vs Zombies" = Plants vs Zombies
    "Postal 2_is1" = Portal 2
    "PunkBusterSvc" = PunkBuster Services
    "SQLyog Community" = SQLyog Community 7.15
    "Steam App 13260" = Unreal Development Kit
    "Steam App 202480" = Creation Kit
    "Steam App 36630" = Rusty Hearts
    "Steam App 440" = Team Fortress 2
    "Steam App 55100" = Homefront
    "Steam App 72850" = The Elder Scrolls V: Skyrim
    "Synthesia" = Synthesia (remove only)
    "SystemRequirementsLab" = System Requirements Lab
    "VirtualCloneDrive" = VirtualCloneDrive
    "Winamp" = Winamp
    "WinLiveSuite" = Windows Live Essentials
    "WinZipBar Toolbar" = WinZipBar Toolbar
    "World of Goo" = World of Goo
    "World of Warcraft" = World of Warcraft
    "Wrye Bash" = Wrye Bash

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1462070027-3645743796-4251045998-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "Narcissu 2 English" = Narcissu 2 English v1.0
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/1/2012 5:22:20 AM | Computer Name = Simon-LAPTOP | Source = Application Error | ID = 1000
    Description = Faulting application name: ePSXe.exe, version: 0.0.0.0, time stamp:
    0x3f2ed1c6 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x09bb04c0 Faulting process id: 0xbb0 Faulting application
    start time: 0x01cd576afc128cb9 Faulting application path: D:\Program Files (D-Drive)\GAMES
    (D-Drive Folder)\Emulators\ePSXe (V1.6)\ePSXe.exe Faulting module path: unknown Report
    Id: 418140fe-c35e-11e1-abb4-e0b9a54888ce

    Error - 7/1/2012 5:27:00 AM | Computer Name = Simon-LAPTOP | Source = Application Error | ID = 1000
    Description = Faulting application name: ePSXe.exe, version: 0.0.0.0, time stamp:
    0x3f2ed1c6 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x0d9f04c0 Faulting process id: 0x1d84 Faulting application
    start time: 0x01cd576b067aebc6 Faulting application path: D:\Program Files (D-Drive)\GAMES
    (D-Drive Folder)\Emulators\ePSXe (V1.6)\ePSXe.exe Faulting module path: unknown Report
    Id: e86c6ab9-c35e-11e1-abb4-e0b9a54888ce

    Error - 7/1/2012 5:28:33 AM | Computer Name = Simon-LAPTOP | Source = Application Error | ID = 1000
    Description = Faulting application name: ePSXe.exe, version: 0.0.0.0, time stamp:
    0x483816fa Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x0d3d0500 Faulting process id: 0x1f08 Faulting application
    start time: 0x01cd576bca64c19d Faulting application path: C:\Users\Simon\Documents\GAMES\ePSXe
    1.7.0\ePSXe.exe Faulting module path: unknown Report Id: 1fe711e6-c35f-11e1-abb4-e0b9a54888ce

    Error - 7/1/2012 8:06:37 AM | Computer Name = Simon-LAPTOP | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
    2013\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 7/1/2012 9:58:55 AM | Computer Name = Simon-LAPTOP | Source = MsiInstaller | ID = 11921
    Description =

    Error - 7/1/2012 10:20:54 AM | Computer Name = Simon-LAPTOP | Source = Microsoft-Windows-CAPI2 | ID = 512
    Description = The Cryptographic Services service failed to initialize the VSS backup
    "System Writer" object. Details: Could not query the status of the EventSystem service.

    System
    Error: The RPC server is unavailable. .

    Error - 7/1/2012 10:29:27 AM | Computer Name = Simon-LAPTOP | Source = Microsoft Security Client Setup | ID = 100
    Description = HRESULT:0x8004FF11 Description:Can’t install Microsoft Security Essentials
    on a computer running in safe mode. Your computer is currently running in safe
    mode. To install Security Essentials, your computer must be running in normal mode.
    Please restart your computer in normal mode, and then try to run the Security Essentials
    Setup Wizard again. Error code:0x8004FF11.

    Error - 7/1/2012 10:41:08 AM | Computer Name = Simon-LAPTOP | Source = Microsoft-Windows-CAPI2 | ID = 512
    Description = The Cryptographic Services service failed to initialize the VSS backup
    "System Writer" object. Details: Could not query the status of the EventSystem service.

    System
    Error: The RPC server is unavailable. .

    Error - 7/1/2012 10:47:46 AM | Computer Name = Simon-LAPTOP | Source = Microsoft-Windows-CAPI2 | ID = 512
    Description = The Cryptographic Services service failed to initialize the VSS backup
    "System Writer" object. Details: Could not query the status of the EventSystem service.

    System
    Error: The RPC server is unavailable. .

    Error - 7/2/2012 8:16:50 AM | Computer Name = Simon-LAPTOP | Source = Microsoft Security Client Setup | ID = 100
    Description = HRESULT:0x8004FF11 Description:Can’t install Microsoft Security Essentials
    on a computer running in safe mode. Your computer is currently running in safe
    mode. To install Security Essentials, your computer must be running in normal mode.
    Please restart your computer in normal mode, and then try to run the Security Essentials
    Setup Wizard again. Error code:0x8004FF11.

    [ System Events ]
    Error - 7/4/2012 12:44:06 AM | Computer Name = Simon-LAPTOP | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 7/4/2012 12:44:06 AM | Computer Name = Simon-LAPTOP | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 7/4/2012 12:51:25 AM | Computer Name = Simon-LAPTOP | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.129.793.0 Update Source: %%859 Update Stage:
    %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.

    Error - 7/4/2012 12:56:11 AM | Computer Name = Simon-LAPTOP | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 7/4/2012 12:56:11 AM | Computer Name = Simon-LAPTOP | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 7/4/2012 1:03:53 AM | Computer Name = Simon-LAPTOP | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.129.793.0 Update Source: %%859 Update Stage:
    %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.

    Error - 7/4/2012 1:41:37 AM | Computer Name = Simon-LAPTOP | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 7/4/2012 1:41:37 AM | Computer Name = Simon-LAPTOP | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 7/4/2012 1:49:22 AM | Computer Name = Simon-LAPTOP | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.129.793.0 Update Source: %%859 Update Stage:
    %%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error
    code: 0x80240022 Error description: The program can't check for definition updates.


    Error - 7/4/2012 1:49:22 AM | Computer Name = Simon-LAPTOP | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.129.793.0 Update Source: %%859 Update Stage:
    %%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error
    code: 0x80240022 Error description: The program can't check for definition updates.



    < End of report >
  17. Deus Mantra

    Deus Mantra Newcomer, in training Topic Starter Posts: 30

    I should mention that when I completed a quick scan on Malwarebytes, there was nothing to select and remove. Can I assume that the sirefef trojans have been removed?
  18. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Sirefef is gone but you didn't answer my question:
    ==========================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-1462070027-3645743796-4251045998-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
      O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D20FFA63
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =============================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  19. Deus Mantra

    Deus Mantra Newcomer, in training Topic Starter Posts: 30

    There doesn't seem to be any current issues. My laptop's working fine now :)
    I'll perform the final necessary scans and reply any required reports/logs soon
  20. Broni

    Broni Malware Annihilator Posts: 45,217   +243

  21. Deus Mantra

    Deus Mantra Newcomer, in training Topic Starter Posts: 30

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    MuseScore 1.2 MuseScore score typesetter
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 31
    Adobe Flash Player 11.3.300.262
    Adobe Reader X (10.1.3)
    Mozilla Firefox (x86 en-GB..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    ``````````End of Log````````````
  22. Deus Mantra

    Deus Mantra Newcomer, in training Topic Starter Posts: 30

    Farbar Service Scanner Version: 02-07-2012
    Ran by Simon (administrator) on 05-07-2012 at 14:03:55
    Running from "C:\Users\Simon\Desktop"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============
    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  23. Deus Mantra

    Deus Mantra Newcomer, in training Topic Starter Posts: 30

    Uh oh I've just realised that I forgot to perform the custom scan on OTL. At the moment I'm performing a scan on ESET. Should I continue ESET's scan or should I do the OTL custom scan first then re-scan with ESET?
  24. Deus Mantra

    Deus Mantra Newcomer, in training Topic Starter Posts: 30

    Here's the log for ESET's scan:

    C:\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan deleted - quarantined
    C:\FRST\Quarantine\{54b63cbd-d53c-12fe-2892-336914eccaa0}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined
    C:\FRST\Quarantine\{54b63cbd-d53c-12fe-2892-336914eccaa0}\U\80000000.@ Win64/Sirefef.AL trojan cleaned by deleting - quarantined
    C:\FRST\Quarantine\{54b63cbd-d53c-12fe-2892-336914eccaa0}\U\800000cb.@ Win64/Sirefef.T trojan cleaned by deleting - quarantined
    C:\Users\Simon\Downloads\Setup-MsgPlus-511.exe a variant of Win32/MessengerPlus.A application deleted - quarantined
    D:\Program Files (D-Drive)\DOWNLOADS (D-Drive)\Baldur's_Gate_2_[GoG].exe Win32/Adware.1ClickDownload.E application cleaned by deleting - quarantined
    D:\Program Files (D-Drive)\DOWNLOADS (D-Drive)\Baldur's_Gate_2___Throne_of_Bhaal_[Intel_Cider].exe Win32/Adware.1ClickDownload application cleaned by deleting - quarantined
    D:\Program Files (D-Drive)\DOWNLOADS (D-Drive)\Baldur's_Gate_Compilation.exe Win32/Adware.1ClickDownload application cleaned by deleting - quarantined
    D:\Program Files (D-Drive)\DOWNLOADS (D-Drive)\BestVideoDownloader.exe probably a variant of Win32/KBM application cleaned by deleting - quarantined
    D:\Program Files (D-Drive)\DOWNLOADS (D-Drive)\Diablo_II_&amp;_Expansion_(ISO_Files)_with_keys_included.exe Win32/Adware.1ClickDownload.C application cleaned by deleting - quarantined
    D:\Program Files (D-Drive)\DOWNLOADS (D-Drive)\DownloadSetup(1).exe Win32/InstallMate.A application cleaned by deleting - quarantined
    D:\Program Files (D-Drive)\DOWNLOADS (D-Drive)\DownloadSetup.exe Win32/InstallMate.A application cleaned by deleting - quarantined
    D:\Program Files (D-Drive)\GAMES (D-Drive Folder)\Emulators\NTLEA\neko.dll a variant of Win32/FlyStudio application cleaned by deleting - quarantined
    D:\Program Files (D-Drive)\Setup Files\Setup-MsgPlus-502.exe a variant of Win32/MessengerPlus.A application deleted - quarantined
    D:\Program Files (D-Drive)\Setup Files\Setup-MsgPlus-510.exe a variant of Win32/MessengerPlus.A application deleted - quarantined
  25. Deus Mantra

    Deus Mantra Newcomer, in training Topic Starter Posts: 30

    If I were to perform the custom scan on OTL now, would I need to perform scans with Security Check, FSS and TFC again?


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.