Solved Win64/Patched.B.Gen trojan and Win64/Sirefef.W trojan removal

debani · Jun 30, 2012

Hello. I'm having problems with these trojans. I was wondering if anyone help me out.

Broni · Jun 30, 2012

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================================

Please describe your problems.
What Windows version?

debani · Jun 30, 2012

Windows 7 64 bit.
I have ESET Smart Security 5. I keep getting dialogues that say windows/system32/services.exe is infected with Win64/Patched.B.Gen and I have some other quarantined files that are infected with Sirefef.W. ESET is unable to clean or delete these files.

Broni · Jun 30, 2012

Read all of my instructions very carefully.

Please describe your problems.

debani · Jun 30, 2012

D'oh. Updated my post, sorry.

Broni · Jun 30, 2012

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

debani · Jun 30, 2012

I'm having some trouble here. My computer didn't have "repair your computer" under Advanced Boot Options and I no longer have my Windows installation disk. I burned a Windows 7 recovery disk and booted that to get into System Recovery Options but my hard drive isn't recognized. There is an option to load drivers for my hard drive (WD2002FAEX), but I can't find any. I'm unsure how to proceed.

Broni · Jun 30, 2012

You can create Windows 7 DVD.
See pinned topics at my board: http://www.smartestcomputing.us.com/forum/98-windows-7/

debani · Jul 1, 2012

My problem was that my hard drive was encrypted while I was trying to do that. Here's my log:
Scan result of Farbar Recovery Scan Tool Version: 30-06-2012 04
Ran by SYSTEM at 01-07-2012 13:12:54
Running from F:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
HKLM\...\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11545192 2012-02-02] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [103536 2012-01-18] (VMware, Inc.)
HKU\Andrew\...\Run: [F.lux] "C:\Users\Andrew\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-28] ()
HKU\Andrew\...\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon [1517520 2012-01-24] (TrueCrypt Foundation)
HKU\Andrew\...\Run: [zASRockInstantBoot] [x]
HKU\Andrew\...\Run: [Google Update] "C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-06-20] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ======

2 cFosSpeedS; "C:\Program Files\ASRock\XFast LAN\spd.exe" -service [395136 2011-10-19] (cFos Software GmbH)
2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [974944 2011-09-22] (ESET)
2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] ()
3 Sony PC Companion; "C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe" [155320 2012-01-18] (Avanquest Software)
2 VMwareHostd; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe" -u "C:\ProgramData\VMware\hostd\config.xml" [31995 2012-05-18] ()
2 DirMngr; "C:\gpg\dirmngr.exe" --service [x]
3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

3 atillk64; \??\C:\Users\Andrew\Downloads\winflash20113\atillk64.sys [14608 2006-07-19] (ATI Technologies Inc.)
1 cFosSpeed; C:\Windows\System32\DRIVERS\cfosspeed6.sys [1632128 2011-07-04] (cFos Software GmbH)
2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
2 epfw; C:\Windows\System32\Drivers\epfw.sys [187632 2011-08-04] (ESET)
1 EpfwLWF; C:\Windows\System32\Drivers\EpfwLWF.sys [38288 2011-08-04] (ESET)
0 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [62496 2011-08-04] (ESET)
3 FNETTBOH_305; C:\Windows\System32\Drivers\FNETTBOH_305.sys [32320 2012-02-02] (FNet Co., Ltd.)
1 FNETURPX; C:\Windows\System32\Drivers\FNETURPX.sys [15936 2012-02-02] (FNet Co., Ltd.)
0 mv91xx; C:\Windows\System32\Drivers\mv91xx.sys [302120 2010-09-30] (Marvell Semiconductor, Inc.)
2 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2010-06-25] (CACE Technologies, Inc.)
3 RTCore64; \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14648 2010-05-26] ()
3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-01 13:12 - 2012-07-01 13:12 - 00000000 ____D C:\FRST
2012-07-01 09:07 - 2012-07-01 09:07 - 00000000 ____D C:\Users\Andrew\AppData\Local\{918EB4CE-F693-4823-840C-973481571F78}
2012-06-30 22:23 - 2012-06-30 22:23 - 00000000 ____D C:\Users\Andrew\AppData\Local\FalloutNV
2012-06-30 21:05 - 2012-06-30 21:05 - 00002268 ____A C:\Users\Public\Desktop\Fallout New Vegas.lnk
2012-06-30 20:46 - 2012-06-30 20:55 - 00000000 ____D C:\Users\Andrew\Downloads\Fallout.New.Vegas.Update.7-SKIDROW
2012-06-30 20:06 - 2012-06-30 20:06 - 00000219 ____A C:\Users\Andrew\Desktop\Team Fortress 2.url
2012-06-30 20:04 - 2012-06-30 20:49 - 00000000 ____D C:\Users\Andrew\Downloads\Fallout.New.Vegas-SKIDROW
2012-06-30 14:04 - 2012-06-30 14:04 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-30 12:20 - 2012-06-30 12:20 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Andrew\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-30 08:47 - 2012-06-30 08:47 - 00000000 ____D C:\Users\Andrew\AppData\Local\{CC2870CD-0AA7-4255-907D-D96101DF0EEE}
2012-06-30 08:47 - 2012-06-30 08:47 - 00000000 ____D C:\Users\Andrew\AppData\Local\{7ACE39BD-6347-4D46-A724-7276E110BE6D}
2012-06-29 14:42 - 2012-06-29 14:42 - 00000000 ____D C:\Users\Andrew\AppData\Local\{3B6CB001-275D-454B-9A16-84C2D33BA3A7}
2012-06-29 14:41 - 2012-06-29 14:42 - 00000000 ____D C:\Users\Andrew\AppData\Local\{9BD356DE-D33D-4A39-8B7B-8E716E2A9EEC}
2012-06-29 10:39 - 2012-06-29 10:39 - 00000000 ____D C:\Users\Andrew\AppData\Local\{704D08BB-9C06-44AE-BE3E-59AE06EEB608}
2012-06-28 09:30 - 2012-06-28 09:30 - 00000000 ____D C:\Users\Andrew\AppData\Local\{B39DD8D1-E1D9-4107-BBF4-65C2950E3CA4}
2012-06-28 09:30 - 2012-06-28 09:30 - 00000000 ____D C:\Users\Andrew\AppData\Local\{413ECC6D-5E00-44E3-AFAF-57DE4B7B7ADD}
2012-06-28 07:47 - 2012-06-28 07:47 - 00000000 ____D C:\Users\Andrew\AppData\Local\{86C90CC7-6309-4372-B322-5277F9B68199}
2012-06-27 13:14 - 2012-06-27 13:20 - 00000000 ____D C:\Users\Andrew\Downloads\Clams_Casino-Instrumental_Tape_2-2012
2012-06-27 10:44 - 2012-06-27 10:44 - 00000000 ____D C:\Users\Andrew\AppData\Local\{5FA89DDF-6CB2-497B-B736-9EF372AC1188}
2012-06-27 10:44 - 2012-06-27 10:44 - 00000000 ____D C:\Users\Andrew\AppData\Local\{0CF13C35-D43E-4B17-9CF4-863AD3F22AFB}
2012-06-26 21:42 - 2012-06-26 21:42 - 00339849 ____A C:\Users\Andrew\Downloads\WiFiKill-1.7(1).apk
2012-06-26 20:49 - 2012-06-26 20:49 - 00057136 ____A C:\Users\Andrew\Downloads\21.jump.street.(2012).eng.1cd.(4573089).zip
2012-06-26 20:48 - 2012-06-26 20:49 - 00000000 ____D C:\Users\Andrew\Downloads\21 Jump Street 2012.720p.BluRay.x264.YIFY
2012-06-26 20:46 - 2012-06-26 20:46 - 00000000 ____D C:\Users\Andrew\AppData\Local\{A168FC6E-42C3-46F6-ACC3-EF4B37F53939}
2012-06-26 20:46 - 2012-06-26 20:46 - 00000000 ____D C:\Users\Andrew\AppData\Local\{61ACD1A9-93B2-4C2A-9879-B27324E74C48}
2012-06-26 20:03 - 2012-06-26 20:49 - 00000000 ____D C:\Users\Andrew\Downloads\21 Jump Street (2012)
2012-06-26 18:16 - 2012-06-26 18:16 - 00000000 ____D C:\Users\Andrew\AppData\Local\{B62FB72B-7252-4360-AA94-3B438D7F5BAE}
2012-06-26 18:15 - 2012-06-26 18:16 - 00000000 ____D C:\Users\Andrew\AppData\Local\{481D5F58-5E52-41A2-9E13-AE947C7AFD19}
2012-06-26 09:06 - 2012-06-26 09:06 - 00000000 ____D C:\Users\Andrew\AppData\Local\{CF133B0F-C978-4B49-AD46-EA2F6472CD43}
2012-06-25 18:53 - 2012-06-25 18:53 - 00000000 ____D C:\Users\Andrew\AppData\Local\{CB9C1E7C-FFD2-4AAA-9086-4CDAFAFE2002}
2012-06-25 18:53 - 2012-06-25 18:53 - 00000000 ____D C:\Users\Andrew\AppData\Local\{65BA263F-DB57-4784-9533-0018CF813551}
2012-06-25 16:54 - 2012-06-25 16:54 - 00001361 ____A C:\Users\Andrew\Desktop\Auslogics Duplicate File Finder.lnk
2012-06-25 16:53 - 2012-06-25 16:53 - 05015384 ____A (Auslogics Software Pty Ltd ) C:\Users\Andrew\Downloads\duplicate-file-finder-setup.exe
2012-06-25 04:32 - 2012-06-25 04:32 - 00000000 ____D C:\Users\Andrew\AppData\Local\{EDE0967C-8406-4340-9344-9676AC64BDE7}
2012-06-25 04:32 - 2012-06-25 04:32 - 00000000 ____D C:\Users\Andrew\AppData\Local\{024F8484-26EA-414A-BFE2-C6B213A5A038}
2012-06-24 15:34 - 2012-06-24 15:34 - 02951570 ____A C:\Users\Andrew\Downloads\franco.Kernel-modules-r11(2).zip
2012-06-24 15:14 - 2012-06-24 15:15 - 00000000 ____D C:\Users\Andrew\AppData\Local\{7DB05BF6-88C2-4EC4-875E-E3DA4863C706}
2012-06-24 15:14 - 2012-06-24 15:14 - 00000000 ____D C:\Users\Andrew\AppData\Local\{A8053887-7F1E-4E22-9A5F-3F7A3D2DA005}
2012-06-24 14:21 - 2012-06-24 14:22 - 149145411 ____A C:\Users\Andrew\Downloads\cm_endeavoru-ota-eng.noeri_017.zip
2012-06-24 13:14 - 2012-06-24 13:14 - 00000000 ____D C:\Users\Andrew\AppData\Local\{8B2B0A11-24BD-4038-9431-5912226E579F}
2012-06-24 09:42 - 2012-06-24 09:42 - 11795328 ____A C:\Users\Andrew\Downloads\Endeavoru-Faux123-003b10(1).zip
2012-06-24 08:27 - 2012-06-24 09:26 - 00000000 ____D C:\Program Files (x86)\QemuManager
2012-06-24 08:27 - 2012-06-24 08:27 - 07706797 ____A (David T Reynolds ) C:\Users\Andrew\Downloads\setupqemuk70.exe
2012-06-24 08:19 - 2012-06-24 08:29 - 00000000 ____D C:\Program Files (x86)\Bochs-2.5.1
2012-06-24 08:19 - 2012-06-24 08:19 - 04001273 ____A C:\Users\Andrew\Downloads\Bochs-2.5.1.exe
2012-06-24 08:12 - 2012-06-24 08:12 - 00682653 ____A C:\Users\Andrew\Downloads\QEMU.apk
2012-06-24 08:12 - 2012-06-24 08:12 - 00057046 ____A C:\Users\Andrew\Downloads\SDL(QEMU).zip
2012-06-24 08:12 - 2012-06-24 08:12 - 00049779 ____A C:\Users\Andrew\Downloads\SDL(BOCHS).zip
2012-06-24 07:12 - 2012-06-24 14:10 - 00000000 ____D C:\Users\Andrew\Desktop\most recent android stuff
2012-06-24 06:52 - 2012-06-24 06:53 - 10595137 ____A C:\Users\Andrew\Downloads\MIcons Project v1.5X.mtz
2012-06-24 06:20 - 2012-06-24 06:20 - 09941911 ____A C:\Users\Andrew\Downloads\Blue ICSelcius v4 3.4b.mtz
2012-06-24 04:31 - 2012-06-24 04:31 - 01611446 ____A C:\Users\Andrew\Downloads\sr3.0.5.Android.zip
2012-06-24 00:50 - 2012-06-24 00:50 - 00000000 ____D C:\Users\Andrew\AppData\Local\{6D005FEF-EA25-4E67-91B2-D259A9C7BE5C}
2012-06-24 00:50 - 2012-06-24 00:50 - 00000000 ____D C:\Users\Andrew\AppData\Local\{18B7F3E3-61BD-41B0-8C4D-75178462B86B}
2012-06-24 00:38 - 2012-06-24 00:38 - 02951570 ____A C:\Users\Andrew\Downloads\franco.Kernel-modules-r11(1).zip
2012-06-23 23:06 - 2012-06-23 23:06 - 11795328 ____A C:\Users\Andrew\Downloads\Endeavoru-Faux123-003b10.zip
2012-06-23 22:44 - 2012-06-23 22:44 - 01641347 ____A C:\Users\Andrew\Downloads\System Tuner Pro 2.1.3.apk
2012-06-23 22:42 - 2012-06-23 22:42 - 01641347 ____A C:\Users\Andrew\Downloads\System_Tuner_Pro_2.1.3.apk
2012-06-23 12:43 - 2012-06-23 12:43 - 00000218 ____A C:\Users\Andrew\.recently-used.xbel
2012-06-23 08:39 - 2012-06-23 08:39 - 00000000 ____D C:\Users\Andrew\AppData\Local\{6D3ABA27-1AC9-48D7-A374-8BBC4353D0DC}
2012-06-23 08:39 - 2012-06-23 08:39 - 00000000 ____D C:\Users\Andrew\AppData\Local\{0845801E-3819-419A-95DF-F4B436F219FC}
2012-06-23 08:23 - 2012-06-23 08:23 - 00000000 ____D C:\Users\Andrew\AppData\Local\{6135DBFD-B855-46B6-A8DE-2D76FC1FC350}
2012-06-22 22:58 - 2012-06-22 22:58 - 02332544 ____A C:\Users\Andrew\Downloads\f128.zip
2012-06-22 22:56 - 2012-06-22 22:57 - 04882873 ____A C:\Users\Andrew\Downloads\Documents_To_Go_v3.001.apk
2012-06-22 22:52 - 2012-06-22 22:52 - 00401453 ____A C:\Users\Andrew\Downloads\com.speedsoftware.rootexplorer-61-2.20.apk
2012-06-22 22:50 - 2012-06-22 22:50 - 00049707 ____A C:\Users\Andrew\Downloads\RM1.07--Ripper-.apk
2012-06-22 22:46 - 2012-06-22 22:46 - 07678869 ____A C:\Users\Andrew\Downloads\t2584.apk
2012-06-22 22:25 - 2012-06-22 22:25 - 00294548 ____A C:\Users\Andrew\Documents\Untitled-1.psd
2012-06-22 22:20 - 2012-06-22 22:20 - 00077290 ____A C:\Users\Andrew\Documents\Untitled-1.png
2012-06-22 22:02 - 2012-06-24 07:12 - 00000000 ____D C:\Users\Andrew\Desktop\android clutter
2012-06-22 22:01 - 2012-06-22 22:01 - 00000000 ____D C:\Users\Andrew\Desktop\python
2012-06-22 21:56 - 2012-06-22 22:00 - 00000000 ____D C:\Users\Andrew\Documents\android
2012-06-22 18:43 - 2012-06-22 18:55 - 325579535 ____A C:\Users\Andrew\Downloads\RD-MIUI_OneX_2.6.22.zip
2012-06-22 18:11 - 2012-06-22 18:11 - 00204274 ____A C:\Users\Andrew\Downloads\com.franco.kernel_1.apk
2012-06-22 17:37 - 2012-06-22 17:37 - 00000000 ____D C:\Users\Andrew\AppData\Local\{D742E206-3F07-401C-8CFF-50A0E8438E95}
2012-06-22 17:37 - 2012-06-22 17:37 - 00000000 ____D C:\Users\Andrew\AppData\Local\{38E58BDC-A624-4C8E-A01E-03EDEE21D8B1}
2012-06-22 17:16 - 2012-06-22 17:16 - 00008541 ____A C:\Users\Andrew\Downloads\bootscript.sh
2012-06-22 05:36 - 2012-06-22 05:37 - 00000000 ____D C:\Users\Andrew\AppData\Local\{5D4642DE-3AB2-4A53-8FBF-BCC50054DF4A}
2012-06-22 05:36 - 2012-06-22 05:36 - 00000000 ____D C:\Users\Andrew\AppData\Local\{145D89C2-E7EA-48C9-B5D5-ACD3F802E8A3}
2012-06-21 19:34 - 2012-06-21 19:34 - 03152499 ____A C:\Users\Andrew\Downloads\N.O.V.A.3.Near.Orbit.Vanguard.Alliance.1.0.0.Tegra.HTC.Android.apk
2012-06-21 18:16 - 2012-06-21 18:16 - 00007467 ____A C:\Users\Andrew\Downloads\autobootscript.sh
2012-06-21 17:36 - 2012-06-21 17:36 - 00000000 ____D C:\Users\Andrew\AppData\Local\{ADACC506-C152-449D-B5C7-844814DE0935}
2012-06-21 17:36 - 2012-06-21 17:36 - 00000000 ____D C:\Users\Andrew\AppData\Local\{1F4C80C6-8D60-491D-B41C-3D4A18948E75}
2012-06-21 13:23 - 2012-06-21 15:30 - 327886446 ____A C:\Users\Andrew\Downloads\RD-MIUI_OneX_2.6.16_v2.zip
2012-06-21 12:54 - 2012-06-21 12:54 - 02926592 ____A C:\Users\Andrew\Downloads\boot-r11(1).img
2012-06-21 11:33 - 2012-06-21 11:33 - 01641347 ____A C:\Users\Andrew\Downloads\android-softwares.com_System_Tuner_Pro_2.1.3.apk
2012-06-21 07:19 - 2012-06-21 07:19 - 01039957 ____A C:\Users\Andrew\Downloads\Complete Linux Installer v311.apk
2012-06-21 04:07 - 2012-06-21 04:07 - 00000000 ____D C:\Users\Andrew\AppData\Local\{F78F9CEA-EB3D-4806-81EB-E9854476E0BD}
2012-06-21 04:07 - 2012-06-21 04:07 - 00000000 ____D C:\Users\Andrew\AppData\Local\{7C79ED7B-4942-46FE-81D9-B34AAD07DDF7}
2012-06-20 21:16 - 2012-06-20 21:16 - 08503458 ____A C:\Users\Andrew\Downloads\MIcons Project v1.2.3X.mtz
2012-06-20 20:17 - 2012-07-01 08:22 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201679691-783270451-1720172099-1000UA.job
2012-06-20 20:17 - 2012-06-30 20:22 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201679691-783270451-1720172099-1000Core.job
2012-06-20 20:17 - 2012-06-20 20:17 - 00000000 ____D C:\Users\Andrew\AppData\Local\Google
2012-06-20 20:16 - 2012-06-20 20:17 - 00000000 ____D C:\Users\Andrew\AppData\Local\Deployment
2012-06-20 20:16 - 2012-06-20 20:16 - 00000000 ____D C:\Users\Andrew\AppData\Local\Apps\2.0
2012-06-20 19:02 - 2012-06-20 19:02 - 00059867 ____A C:\Users\Andrew\Downloads\pulp.fiction.(1994).eng.1cd.(3391372).zip
2012-06-20 16:06 - 2012-06-20 16:06 - 02926592 ____A C:\Users\Andrew\Downloads\boot-r11.img
2012-06-20 09:39 - 2012-06-20 09:39 - 00000000 ____D C:\Users\Andrew\AppData\Local\{60B3EF89-1EAB-4303-9229-4205741F81AC}
2012-06-20 09:39 - 2012-06-20 09:39 - 00000000 ____D C:\Users\Andrew\AppData\Local\{23FE9280-7827-4142-81FC-B44C320E1CA6}
2012-06-20 09:06 - 2012-06-20 09:06 - 02951570 ____A C:\Users\Andrew\Downloads\franco.Kernel-modules-r11.zip
2012-06-20 08:53 - 2012-06-20 09:03 - 326142102 ____A C:\Users\Andrew\Downloads\RD-MIUI_OneX_2.6.16.zip
2012-06-19 13:21 - 2012-06-19 13:21 - 00000000 ____D C:\Users\Andrew\AppData\Local\{8D23B067-A79B-47BE-BD68-C100034EAAEA}
2012-06-19 13:21 - 2012-06-19 13:21 - 00000000 ____D C:\Users\Andrew\AppData\Local\{17E73727-3769-4974-AA8D-DFD268C88951}
2012-06-19 13:02 - 2012-06-19 13:02 - 00000000 ____D C:\Users\Andrew\AppData\Local\{96B2755A-A20D-4658-B14B-ECC50FAC2677}
2012-06-19 13:02 - 2012-06-19 13:02 - 00000000 ____D C:\Users\Andrew\AppData\Local\{55F0D861-CAB9-4B6C-BE52-38FDDA3A241A}
2012-06-18 18:32 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-18 18:32 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-18 18:32 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-18 18:32 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-18 18:32 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-18 18:32 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-18 18:32 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-18 18:31 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-18 18:31 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-18 15:37 - 2012-06-18 15:37 - 00000000 ____D C:\Users\Andrew\AppData\Local\{C4EC59B1-672D-459B-9ECD-F38CB63D8CF8}
2012-06-18 08:29 - 2012-06-18 08:31 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Garmin
2012-06-18 08:29 - 2012-06-18 08:29 - 11612616 ____A (Igor Pavlov) C:\Users\Andrew\Downloads\WebUpdater_WindowsXPSP3andnewer__256.exe
2012-06-18 08:29 - 2012-06-18 08:29 - 00000000 ____D C:\Users\Andrew\Documents\My Garmin
2012-06-18 08:29 - 2012-06-18 08:29 - 00000000 ____D C:\Users\All Users\GARMIN
2012-06-18 08:29 - 2012-06-18 08:29 - 00000000 ____D C:\Program Files\DIFX
2012-06-18 08:29 - 2012-06-18 08:29 - 00000000 ____D C:\Program Files (x86)\Garmin
2012-06-18 08:27 - 2012-06-18 08:27 - 00000000 ____D C:\Users\Andrew\Downloads\MapSource_6163
2012-06-18 08:24 - 2012-06-18 08:25 - 57051280 ____A (Igor Pavlov) C:\Users\Andrew\Downloads\MapSource_6163.exe
2012-06-18 07:34 - 2012-06-18 07:34 - 00000000 ____D C:\Users\Andrew\AppData\Local\{83FFFEC5-4BDE-44BC-8688-51508CC0A623}
2012-06-17 18:18 - 2012-06-17 18:18 - 02979840 ____A C:\Users\Andrew\Downloads\Franco-r10_arhd_7.0.0.img
2012-06-17 17:59 - 2012-06-17 17:59 - 02580445 ____A C:\Users\Andrew\Downloads\ROM_Cleaner_NO-Sense_v1.1.zip
2012-06-17 17:59 - 2012-06-17 17:59 - 00145619 ____A C:\Users\Andrew\Downloads\Android_Revolution_HD_Super_Wipe_One_X.zip
2012-06-17 17:58 - 2012-06-17 17:59 - 08758028 ____A C:\Users\Andrew\Downloads\Battery_StockHD_OneX_2.05.1_aroma_by_jotha.zip
2012-06-17 16:56 - 2012-06-17 16:56 - 02951573 ____A C:\Users\Andrew\Downloads\franco.Kernel-modules-r10.zip
2012-06-17 16:54 - 2012-06-17 16:58 - 554715164 ____A C:\Users\Andrew\Downloads\Android_Revolution_HD-One_X_7.0.0.zip
2012-06-17 12:01 - 2012-06-17 12:02 - 04464951 ____A C:\Users\Andrew\Downloads\hTC_OneX(S720e)_Radio_1.1204.107.14.zip
2012-06-17 11:57 - 2012-06-17 11:57 - 04378119 ____A C:\Users\Andrew\Downloads\Radio_2.1204.119.17.zip
2012-06-17 11:52 - 2012-06-17 12:17 - 327768302 ____A C:\Users\Andrew\Downloads\RD-MIUI_OneX_2.6.15.zip
2012-06-17 08:45 - 2012-06-17 08:45 - 00000000 ____D C:\Users\Andrew\AppData\Local\{7B607FA1-2AB2-422D-AF80-C9F06C04A2AA}
2012-06-16 16:32 - 2012-06-16 16:32 - 00000000 ____D C:\Users\Andrew\AppData\Local\{781BB407-B4BE-4250-B5AF-F379053CFE8C}
2012-06-15 23:16 - 2012-06-15 23:17 - 00000000 ____D C:\Users\Andrew\AppData\Local\{3DFAD7C0-4FFD-474D-8041-B4996E31FBE2}
2012-06-15 03:59 - 2012-06-15 03:59 - 00000000 ____D C:\Users\Andrew\AppData\Local\{7FB0068B-03BE-4588-B001-F15BB7FD6B1F}
2012-06-14 21:38 - 2012-06-14 21:38 - 00004403 ____A C:\Users\Andrew\Downloads\gas_pressure.gif
2012-06-14 12:44 - 2012-06-14 12:45 - 04270080 ____A C:\Users\Andrew\Downloads\boot(5).img
2012-06-14 11:22 - 2012-06-14 11:22 - 00000000 ____D C:\Users\Andrew\AppData\Local\{DD7A662B-E1E1-4584-8C07-8D678394AD7A}
2012-06-14 11:21 - 2012-06-14 11:22 - 00000000 ____D C:\Users\Andrew\AppData\Local\{502878C5-F500-4E9F-91CD-0D346F018699}
2012-06-14 05:12 - 2012-06-14 05:12 - 00000000 ____D C:\Users\Andrew\AppData\Local\{FC891B90-9F29-4E39-8C97-ECF7EB02CDA4}
2012-06-13 18:10 - 2012-06-13 18:10 - 02938149 ____A C:\Users\Andrew\Downloads\Something To Dance For_TTYLXOX (Mash Up) from Shake It Up.mp3
2012-06-13 17:58 - 2012-06-13 17:58 - 00480165 ____A C:\Users\Andrew\Downloads\RecBoot.zip
2012-06-13 17:07 - 2012-06-13 17:34 - 00000000 ____D C:\Users\Andrew\Downloads\LIBUSB64Fix
2012-06-13 17:07 - 2012-06-13 17:34 - 00000000 ____D C:\Users\Andrew\Downloads\1) ADD HARDWARE WIZARD
2012-06-13 17:07 - 2012-06-13 17:07 - 00753332 ____A C:\Users\Andrew\Downloads\LIBUSB64Fix.zip
2012-06-13 17:07 - 2012-06-13 17:07 - 00000000 ____D C:\Users\Andrew\Downloads\2) INSTALL LIBUSB
2012-06-13 17:06 - 2012-06-13 17:34 - 00000000 ____D C:\Users\Andrew\Downloads\fixrecovery-win
2012-06-13 17:06 - 2012-06-13 17:06 - 00463215 ____A C:\Users\Andrew\Downloads\fixrecovery-win.zip
2012-06-13 17:05 - 2012-06-13 17:07 - 363553480 ____A C:\Users\Andrew\Downloads\iPod2,1_4.2.1_8C148_Restore.ipsw
2012-06-13 17:00 - 2012-06-13 17:34 - 00000000 ____D C:\Program Files (x86)\LibUSB-Win32
2012-06-13 16:59 - 2012-06-13 16:59 - 01387127 ____A C:\Users\Andrew\Downloads\irecovery.zip
2012-06-13 16:59 - 2012-06-13 16:59 - 00000000 ____D C:\Users\Andrew\Downloads\irecovery
2012-06-13 12:20 - 2012-06-13 12:20 - 02951561 ____A C:\Users\Andrew\Downloads\franco.Kernel-modules-r9(1).zip
2012-06-13 11:58 - 2012-06-13 12:00 - 148909136 ____A C:\Users\Andrew\Downloads\cm_endeavoru-ota-eng.noeri_015.zip
2012-06-13 11:58 - 2012-06-13 11:58 - 02922496 ____A C:\Users\Andrew\Downloads\TripCM9r15Francor9.img
2012-06-13 11:46 - 2012-06-13 11:46 - 04276224 ____A C:\Users\Andrew\Downloads\boot(4).img
2012-06-13 11:42 - 2012-06-13 11:42 - 00000000 ____D C:\Users\Andrew\AppData\Local\{62AE5468-C7FC-46F3-B1D8-277F1941CF15}
2012-06-13 11:42 - 2012-06-13 11:42 - 00000000 ____D C:\Users\Andrew\AppData\Local\{0277C7B3-F021-4CA4-B3FC-DA0ECC13D575}
2012-06-13 04:26 - 2012-06-13 04:26 - 00000000 ____D C:\Users\Andrew\AppData\Local\{11261E0D-98F9-42E3-8EDC-785EC1D3711D}
2012-06-13 03:50 - 2012-06-13 03:50 - 00000000 ____D C:\Users\Andrew\AppData\Local\{7C253576-313E-4E57-B13C-394338FB1227}
2012-06-12 16:30 - 2012-06-12 16:31 - 19003209 ____A C:\Users\Andrew\Downloads\Blot-v1.1.0-AppleGuider.org.ipa
2012-06-12 15:43 - 2012-06-12 15:43 - 00000000 ____D C:\Users\Andrew\Downloads\redsn0w_win_0.9.12b2
2012-06-12 15:42 - 2012-06-12 15:42 - 16465538 ____A C:\Users\Andrew\Downloads\redsn0w_win_0.9.12b2.zip
2012-06-12 15:26 - 2012-06-12 15:26 - 00000000 ____D C:\Users\Andrew\Downloads\redsn0w_win_0.9.12b1
2012-06-12 15:25 - 2012-06-12 15:26 - 16388409 ____A C:\Users\Andrew\Downloads\redsn0w_win_0.9.12b1.zip
2012-06-12 12:19 - 2012-06-12 12:19 - 00000000 ____D C:\Users\Andrew\AppData\Local\{ADA1E10A-5482-4A42-8BC3-46E48F9171CD}
2012-06-12 12:19 - 2012-06-12 12:19 - 00000000 ____D C:\Users\Andrew\AppData\Local\{7BE5B0B7-DD1C-4D83-9E1C-4446FCE8C3C0}
2012-06-12 11:33 - 2012-06-12 11:33 - 54485532 ____A C:\Users\Andrew\Downloads\gapps-ics-20120317-signed(2).zip
2012-06-12 11:32 - 2012-06-12 11:37 - 156194976 ____A C:\Users\Andrew\Downloads\cm-9-20120612-alpha-1-endeavoru.zip
2012-06-12 03:54 - 2012-06-12 03:54 - 00000000 ____D C:\Users\Andrew\AppData\Local\{EC3954EB-6372-4624-85A0-65B411F6260D}
2012-06-11 13:51 - 2012-06-11 13:52 - 00000000 ____D C:\Users\Andrew\AppData\Local\{6C61FE46-B1A5-4675-A083-6D89CEF85AF7}
2012-06-11 13:51 - 2012-06-11 13:51 - 00000000 ____D C:\Users\Andrew\AppData\Local\{F1CC5D1A-0628-4E27-A2DF-5D44419CDD0B}
2012-06-10 17:58 - 2012-06-10 17:58 - 00000000 ____D C:\Users\Andrew\AppData\Local\{AF86F540-9CDA-4EFE-9C5D-7BF284C4AB49}
2012-06-10 10:06 - 2012-06-10 10:06 - 00000000 ____D C:\Users\Andrew\AppData\Local\{11E34B14-7373-4843-8B22-8AB4D904F53E}
2012-06-09 13:25 - 2012-06-09 13:25 - 05879808 ____A C:\Users\Andrew\Downloads\recovery-clockwork-touch-5.8.4.0-endeavoru.img
2012-06-09 05:35 - 2012-06-09 05:35 - 00000000 ____D C:\Users\Andrew\AppData\Local\{F14ACD36-BAFA-46E8-9729-12D2FADA35CF}
2012-06-09 05:35 - 2012-06-09 05:35 - 00000000 ____D C:\Users\Andrew\AppData\Local\{68E8B54D-94EC-417B-B29E-A1204FD40C4E}
2012-06-08 11:34 - 2012-06-08 11:34 - 00000000 ____D C:\Users\Andrew\AppData\Local\{EA01D002-2C49-4DAA-82E6-A0FF0D93F56C}
2012-06-08 11:34 - 2012-06-08 11:34 - 00000000 ____D C:\Users\Andrew\AppData\Local\{AF4F6B4D-2EC6-4243-8804-5F5FB55F470A}
2012-06-07 08:29 - 2012-06-07 08:29 - 00000000 ____D C:\Users\Andrew\Downloads\apks
2012-06-07 08:03 - 2012-06-07 08:03 - 00009949 ____A C:\Users\Andrew\Downloads\su_ics_v3.1_wraithdu_installer_v2.1(1).zip
2012-06-07 07:40 - 2012-06-07 07:42 - 00000000 ____D C:\Users\Andrew\Downloads\zImage_Injector_v0.1
2012-06-07 07:40 - 2012-06-07 07:40 - 00213999 ____A C:\Users\Andrew\Downloads\zImage_Injector_v0.1.rar
2012-06-07 05:22 - 2012-06-07 05:22 - 00000000 ____D C:\Users\Andrew\AppData\Local\{59149908-8744-4B93-B42E-F916661DE5A4}
2012-06-07 05:22 - 2012-06-07 05:22 - 00000000 ____D C:\Users\Andrew\AppData\Local\{3B955A1D-0A72-4079-B128-5C8F14336F9F}
2012-06-06 14:11 - 2012-06-06 14:11 - 00025103 ____A C:\Users\Andrew\Downloads\[freefullandroid.blogspot.com] PowerAMP Full Version Unlocker.apk
2012-06-06 14:05 - 2012-06-06 14:05 - 01193386 ____A C:\Users\Andrew\Downloads\MarketMilitia.ORG..franco.kernel.v4.9.zip
2012-06-06 13:54 - 2012-06-06 13:54 - 02951561 ____A C:\Users\Andrew\Downloads\franco.Kernel-modules-r9.zip
2012-06-06 13:54 - 2012-06-06 13:54 - 02926592 ____A C:\Users\Andrew\Downloads\boot-r9.img
2012-06-06 06:45 - 2012-06-06 06:45 - 00000000 ____D C:\Users\Andrew\AppData\Local\{CC93BFF1-1378-48A5-9253-1871D59E11B2}
2012-06-06 06:45 - 2012-06-06 06:45 - 00000000 ____D C:\Users\Andrew\AppData\Local\{4E656FEC-EF1A-4F43-88BF-C24C42DCF4F3}
2012-06-06 06:26 - 2012-06-06 06:26 - 00000000 ____D C:\Users\Andrew\AppData\Local\{52150645-0DEC-4D41-8498-9822D1A2F689}
2012-06-06 03:44 - 2012-06-06 03:44 - 00000000 ____D C:\Users\Andrew\AppData\Local\{7C83678F-7614-468D-BB26-1A0228928140}
2012-06-05 16:52 - 2012-06-05 16:52 - 01631006 ____A C:\Users\Andrew\Downloads\t1u1a0s.zip
2012-06-05 13:39 - 2012-06-05 13:39 - 00000000 ____D C:\Users\Andrew\AppData\Local\{E325F10E-36CD-4F67-BF76-AABE5635E917}
2012-06-05 09:30 - 2012-06-05 09:30 - 00000000 ____D C:\Users\Andrew\Desktop\chad.{ED7BA470-8E54-465E-825C-99712043E01C}
2012-06-05 09:03 - 2012-06-05 09:03 - 00484944 ____A C:\Users\Andrew\Downloads\Sensor_Fix.zip
2012-06-05 04:50 - 2012-06-05 04:50 - 00000000 ____D C:\Users\Andrew\AppData\Local\{B900EE15-3F84-407E-B375-63C11F993F64}
2012-06-05 03:58 - 2012-06-05 03:58 - 00000000 ____D C:\Users\Andrew\AppData\Local\{C26FB529-DB15-4BE8-A672-4AF1CA8A63D6}
2012-06-04 17:08 - 2012-06-04 18:20 - 00000000 ____D C:\Users\Andrew\Downloads\Aqua Teen Hunger Force - Season 1
2012-06-04 13:29 - 2012-06-04 13:29 - 00000000 ____D C:\Users\Andrew\Downloads\HDWallpaper
2012-06-04 13:18 - 2012-06-04 13:21 - 02437399 ____A C:\Users\Andrew\Downloads\GCD v2.25.apk
2012-06-04 13:15 - 2012-06-04 13:15 - 01045321 ____A C:\Users\Andrew\Downloads\A%20Liquid%20Cloud%20Full%201.22.apk
2012-06-04 12:48 - 2012-06-04 12:52 - 304978057 ____A C:\Users\Andrew\Downloads\HDWallpaper.zip
2012-06-04 10:22 - 2012-06-04 10:22 - 00000000 ____D C:\Users\Andrew\AppData\Local\{F819F3D0-BB31-4743-829E-868DA0285420}
2012-06-04 10:22 - 2012-06-04 10:22 - 00000000 ____D C:\Users\Andrew\AppData\Local\{7C492FC1-7F15-4387-8E06-BECE352EBA2F}
2012-06-04 08:06 - 2012-06-04 08:30 - 694960128 ____A C:\Users\Andrew\Downloads\Zelig (Woody Allen 1983) XviD DVDRip.avi
2012-06-04 06:22 - 2012-06-04 06:22 - 00000000 ____D C:\Users\Andrew\AppData\Local\{BC99C6FA-4015-417A-B236-70AA8B19A47F}
2012-06-04 04:30 - 2012-06-04 04:30 - 00000000 ____D C:\Users\All Users\Fallout2
2012-06-04 04:26 - 2012-06-04 04:26 - 00000000 ____D C:\Users\Andrew\Downloads\sfall 2.17
2012-06-04 04:25 - 2012-06-04 04:25 - 00000000 ____D C:\Users\Andrew\Downloads\Fallout2_High_Resolution_Patch_3.06
2012-06-04 04:23 - 2012-06-04 04:23 - 00000000 ____D C:\Users\Andrew\Downloads\f2patch
2012-06-04 04:22 - 2012-06-04 04:22 - 02929870 ____A C:\Users\Andrew\Downloads\f2patch.exe
2012-06-04 04:21 - 2012-06-04 04:21 - 00186151 ____A C:\Users\Andrew\Downloads\sfall 2.17(1).7z
2012-06-04 04:20 - 2012-06-04 04:20 - 08140792 ____A (killap ) C:\Users\Andrew\Downloads\unofficialFO2patch.exe
2012-06-04 04:19 - 2012-06-04 04:19 - 00771697 ____A C:\Users\Andrew\Downloads\Fallout2_High_Resolution_Patch_3.06.zip
2012-06-04 04:12 - 2012-06-17 19:56 - 00001077 ____A C:\Users\Andrew\Desktop\Fallout 2.lnk
2012-06-04 04:11 - 2012-06-04 04:11 - 00052736 ____A (Interplay Productions) C:\Windows\ipuninst.exe
2012-06-04 04:11 - 2012-06-04 04:11 - 00000000 ____D C:\Program Files\BlackIsle
2012-06-04 04:03 - 2012-06-04 04:09 - 00000000 ____D C:\Users\Andrew\Downloads\Fallout 2
2012-06-03 16:52 - 2012-06-03 16:52 - 00000000 ____D C:\Users\Andrew\AppData\Local\{FFAF26E9-31DB-4E26-9BAF-A91FEB062971}
2012-06-03 16:52 - 2012-06-03 16:52 - 00000000 ____D C:\Users\Andrew\AppData\Local\{23EC440C-CE08-4F42-835E-C1F9AFB0B367}
2012-06-03 12:15 - 2012-06-03 12:15 - 04984165 ____A C:\Users\Andrew\Downloads\Reddit News-50.apk
2012-06-03 12:06 - 2012-06-03 12:06 - 01372076 ____A C:\Users\Andrew\Downloads\Sense_4_clock.apk
2012-06-03 11:09 - 2012-06-03 11:09 - 00401453 ____A C:\Users\Andrew\Downloads\Root_Explorer.apk
2012-06-03 10:48 - 2012-06-03 10:48 - 00009949 ____A C:\Users\Andrew\Downloads\su_ics_v3.1_wraithdu_installer_v2.1.zip
2012-06-03 10:15 - 2012-06-03 10:15 - 05898240 ____A C:\Users\Andrew\Downloads\recovery-clockwork-touch-5.8.3.1-endeavoru_fixedadbusb(1).img
2012-06-03 10:13 - 2012-06-03 10:13 - 05898240 ____A C:\Users\Andrew\Downloads\recovery-clockwork-touch-5.8.3.1-endeavoru_fixedadbusb.img
2012-06-03 10:01 - 2012-06-03 10:04 - 148649900 ____A C:\Users\Andrew\Downloads\cm_endeavoru-ota-eng.noeri_014.zip
2012-06-03 10:01 - 2012-06-03 10:02 - 44272586 ____A C:\Users\Andrew\Downloads\tripndroid_gapps_29052012.zip
2012-06-03 09:40 - 2012-06-03 09:40 - 01361437 ____A C:\Users\Andrew\Downloads\Supercharger_HardToKillLauncher_services.jar_1.29.401.11.zip
2012-06-03 05:08 - 2012-06-03 05:08 - 09027043 ____A C:\Users\Andrew\Downloads\grand_theft_auto_iii_v1.3(1).apk
2012-06-03 04:52 - 2012-06-03 04:52 - 00000000 ____D C:\Users\Andrew\AppData\Local\{9264C9BA-536B-482D-9E16-3AD7B9B4152F}
2012-06-03 04:51 - 2012-06-03 04:52 - 00000000 ____D C:\Users\Andrew\AppData\Local\{4E85C139-584D-4117-A85A-461D4B9410DA}
2012-06-03 03:59 - 2012-06-03 03:59 - 00000000 ____D C:\Users\Andrew\AppData\Local\{7F1A4E77-FD3B-44E2-AC9E-4DC33C145FBF}
2012-06-02 05:46 - 2012-06-02 05:47 - 01361437 ____A C:\Users\Andrew\Downloads\services.jar
2012-06-02 05:45 - 2012-06-02 05:45 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-02 05:45 - 2012-06-02 05:45 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-02 05:45 - 2012-04-04 14:33 - 00268680 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-02 05:42 - 2012-06-02 05:42 - 96813000 ____A (Oracle Corporation) C:\Users\Andrew\Downloads\jdk-7u4-windows-x64.exe
2012-06-02 04:20 - 2012-06-02 04:20 - 06276900 ____A C:\Users\Andrew\Downloads\Super Mario 64.zip
2012-06-02 04:11 - 2012-06-02 04:11 - 00000000 ____D C:\Users\Andrew\AppData\Local\{E7C483FB-A216-446B-927A-C4C360B64B14}
2012-06-02 04:11 - 2012-06-02 04:11 - 00000000 ____D C:\Users\Andrew\AppData\Local\{77CD6D51-5C64-4968-B02B-4914ADBBBC51}
2012-06-01 15:01 - 2012-06-01 15:01 - 00002024 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2012-06-01 15:00 - 2012-06-01 15:00 - 00000000 ____D C:\Users\Andrew\AppData\Local\Sony
2012-06-01 15:00 - 2012-06-01 15:00 - 00000000 ____D C:\Users\All Users\Sony
2012-06-01 15:00 - 2012-06-01 15:00 - 00000000 ____D C:\Program Files (x86)\Sony
2012-06-01 12:58 - 2012-06-02 06:40 - 00000000 ____D C:\flerp
2012-06-01 12:58 - 2012-06-01 12:58 - 06054138 ____A C:\Users\Andrew\Downloads\jar file decompile and compiler with tutor.zip
2012-06-01 07:12 - 2012-06-01 07:12 - 00569873 ____A C:\Users\Andrew\Downloads\CWM-SuperSU-v0.89.zip
2012-06-01 07:08 - 2012-06-01 07:08 - 05869568 ____A C:\Users\Andrew\Downloads\recovery-clockwork-touch-5.8.3.1-endeavoru.img
2012-06-01 07:01 - 2012-06-01 07:01 - 00000256 ____A C:\Users\Andrew\Downloads\Unlock_code.bin
2012-06-01 05:26 - 2012-06-01 05:26 - 13783568 ____A (HTC Corporation ) C:\Users\Andrew\Downloads\HTCDriver3.0.0.007.exe
2012-06-01 05:21 - 2012-06-01 05:21 - 02024037 ____A C:\Users\Andrew\Downloads\onxr.zip
2012-06-01 05:21 - 2012-06-01 05:21 - 00000000 ____D C:\Users\Andrew\Downloads\onxr
2012-06-01 04:35 - 2012-06-01 04:35 - 00000000 ____D C:\Program Files (x86)\Spirent Communications
2012-06-01 04:34 - 2012-06-01 04:35 - 00000000 ____D C:\Program Files (x86)\HTC
2012-06-01 04:34 - 2012-06-01 04:34 - 00000000 ____D C:\Users\Andrew\Downloads\One_X_All-In-One_Kit_v1.0
2012-06-01 04:33 - 2012-06-01 04:33 - 46956406 ____A C:\Users\Andrew\Downloads\One_X_All-In-One_Kit_v1.0.rar
2012-06-01 03:45 - 2012-06-01 03:45 - 00000000 ____D C:\Users\Andrew\AppData\Local\{54B7AD09-A02F-43C8-8A0E-62292E1C1B1B}
2012-06-01 03:44 - 2012-06-01 03:45 - 00000000 ____D C:\Users\Andrew\AppData\Local\{0DAF5AAC-9B5E-434B-893E-9AB587DB6875}

debani · Jul 1, 2012

============ 3 Months Modified Files ========================

2012-07-01 09:08 - 2012-01-22 20:33 - 01221233 ____A C:\Windows\WindowsUpdate.log
2012-07-01 09:08 - 2009-07-13 20:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-01 09:08 - 2009-07-13 20:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-01 09:05 - 2012-02-03 11:11 - 00041616 ____A C:\Windows\setupact.log
2012-07-01 09:05 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-01 08:22 - 2012-06-20 20:17 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201679691-783270451-1720172099-1000UA.job
2012-06-30 21:05 - 2012-06-30 21:05 - 00002268 ____A C:\Users\Public\Desktop\Fallout New Vegas.lnk
2012-06-30 20:22 - 2012-06-20 20:17 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201679691-783270451-1720172099-1000Core.job
2012-06-30 20:06 - 2012-06-30 20:06 - 00000219 ____A C:\Users\Andrew\Desktop\Team Fortress 2.url
2012-06-30 13:58 - 2012-05-15 12:54 - 00747096 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-30 12:21 - 2012-01-22 18:30 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-30 12:20 - 2012-06-30 12:20 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Andrew\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-26 21:42 - 2012-06-26 21:42 - 00339849 ____A C:\Users\Andrew\Downloads\WiFiKill-1.7(1).apk
2012-06-26 20:49 - 2012-06-26 20:49 - 00057136 ____A C:\Users\Andrew\Downloads\21.jump.street.(2012).eng.1cd.(4573089).zip
2012-06-25 16:54 - 2012-06-25 16:54 - 00001361 ____A C:\Users\Andrew\Desktop\Auslogics Duplicate File Finder.lnk
2012-06-25 16:53 - 2012-06-25 16:53 - 05015384 ____A (Auslogics Software Pty Ltd ) C:\Users\Andrew\Downloads\duplicate-file-finder-setup.exe
2012-06-24 15:34 - 2012-06-24 15:34 - 02951570 ____A C:\Users\Andrew\Downloads\franco.Kernel-modules-r11(2).zip
2012-06-24 14:22 - 2012-06-24 14:21 - 149145411 ____A C:\Users\Andrew\Downloads\cm_endeavoru-ota-eng.noeri_017.zip
2012-06-24 09:42 - 2012-06-24 09:42 - 11795328 ____A C:\Users\Andrew\Downloads\Endeavoru-Faux123-003b10(1).zip
2012-06-24 08:27 - 2012-06-24 08:27 - 07706797 ____A (David T Reynolds ) C:\Users\Andrew\Downloads\setupqemuk70.exe
2012-06-24 08:19 - 2012-06-24 08:19 - 04001273 ____A C:\Users\Andrew\Downloads\Bochs-2.5.1.exe
2012-06-24 08:12 - 2012-06-24 08:12 - 00682653 ____A C:\Users\Andrew\Downloads\QEMU.apk
2012-06-24 08:12 - 2012-06-24 08:12 - 00057046 ____A C:\Users\Andrew\Downloads\SDL(QEMU).zip
2012-06-24 08:12 - 2012-06-24 08:12 - 00049779 ____A C:\Users\Andrew\Downloads\SDL(BOCHS).zip
2012-06-24 06:53 - 2012-06-24 06:52 - 10595137 ____A C:\Users\Andrew\Downloads\MIcons Project v1.5X.mtz
2012-06-24 06:20 - 2012-06-24 06:20 - 09941911 ____A C:\Users\Andrew\Downloads\Blue ICSelcius v4 3.4b.mtz
2012-06-24 04:31 - 2012-06-24 04:31 - 01611446 ____A C:\Users\Andrew\Downloads\sr3.0.5.Android.zip
2012-06-24 00:38 - 2012-06-24 00:38 - 02951570 ____A C:\Users\Andrew\Downloads\franco.Kernel-modules-r11(1).zip
2012-06-23 23:06 - 2012-06-23 23:06 - 11795328 ____A C:\Users\Andrew\Downloads\Endeavoru-Faux123-003b10.zip
2012-06-23 22:44 - 2012-06-23 22:44 - 01641347 ____A C:\Users\Andrew\Downloads\System Tuner Pro 2.1.3.apk
2012-06-23 22:42 - 2012-06-23 22:42 - 01641347 ____A C:\Users\Andrew\Downloads\System_Tuner_Pro_2.1.3.apk
2012-06-23 12:43 - 2012-06-23 12:43 - 00000218 ____A C:\Users\Andrew\.recently-used.xbel
2012-06-22 22:58 - 2012-06-22 22:58 - 02332544 ____A C:\Users\Andrew\Downloads\f128.zip
2012-06-22 22:57 - 2012-06-22 22:56 - 04882873 ____A C:\Users\Andrew\Downloads\Documents_To_Go_v3.001.apk
2012-06-22 22:52 - 2012-06-22 22:52 - 00401453 ____A C:\Users\Andrew\Downloads\com.speedsoftware.rootexplorer-61-2.20.apk
2012-06-22 22:50 - 2012-06-22 22:50 - 00049707 ____A C:\Users\Andrew\Downloads\RM1.07--Ripper-.apk
2012-06-22 22:46 - 2012-06-22 22:46 - 07678869 ____A C:\Users\Andrew\Downloads\t2584.apk
2012-06-22 22:25 - 2012-06-22 22:25 - 00294548 ____A C:\Users\Andrew\Documents\Untitled-1.psd
2012-06-22 22:20 - 2012-06-22 22:20 - 00077290 ____A C:\Users\Andrew\Documents\Untitled-1.png
2012-06-22 22:20 - 2012-03-04 18:40 - 00000132 ____A C:\Users\Andrew\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-06-22 18:55 - 2012-06-22 18:43 - 325579535 ____A C:\Users\Andrew\Downloads\RD-MIUI_OneX_2.6.22.zip
2012-06-22 18:11 - 2012-06-22 18:11 - 00204274 ____A C:\Users\Andrew\Downloads\com.franco.kernel_1.apk
2012-06-22 17:16 - 2012-06-22 17:16 - 00008541 ____A C:\Users\Andrew\Downloads\bootscript.sh
2012-06-21 19:34 - 2012-06-21 19:34 - 03152499 ____A C:\Users\Andrew\Downloads\N.O.V.A.3.Near.Orbit.Vanguard.Alliance.1.0.0.Tegra.HTC.Android.apk
2012-06-21 18:16 - 2012-06-21 18:16 - 00007467 ____A C:\Users\Andrew\Downloads\autobootscript.sh
2012-06-21 15:30 - 2012-06-21 13:23 - 327886446 ____A C:\Users\Andrew\Downloads\RD-MIUI_OneX_2.6.16_v2.zip
2012-06-21 12:54 - 2012-06-21 12:54 - 02926592 ____A C:\Users\Andrew\Downloads\boot-r11(1).img
2012-06-21 11:33 - 2012-06-21 11:33 - 01641347 ____A C:\Users\Andrew\Downloads\android-softwares.com_System_Tuner_Pro_2.1.3.apk
2012-06-21 07:19 - 2012-06-21 07:19 - 01039957 ____A C:\Users\Andrew\Downloads\Complete Linux Installer v311.apk
2012-06-20 21:16 - 2012-06-20 21:16 - 08503458 ____A C:\Users\Andrew\Downloads\MIcons Project v1.2.3X.mtz
2012-06-20 19:02 - 2012-06-20 19:02 - 00059867 ____A C:\Users\Andrew\Downloads\pulp.fiction.(1994).eng.1cd.(3391372).zip
2012-06-20 16:06 - 2012-06-20 16:06 - 02926592 ____A C:\Users\Andrew\Downloads\boot-r11.img
2012-06-20 15:57 - 2012-03-04 14:50 - 00372312 ____A C:\Windows\DirectX.log
2012-06-20 09:06 - 2012-06-20 09:06 - 02951570 ____A C:\Users\Andrew\Downloads\franco.Kernel-modules-r11.zip
2012-06-20 09:03 - 2012-06-20 08:53 - 326142102 ____A C:\Users\Andrew\Downloads\RD-MIUI_OneX_2.6.16.zip
2012-06-18 08:29 - 2012-06-18 08:29 - 11612616 ____A (Igor Pavlov) C:\Users\Andrew\Downloads\WebUpdater_WindowsXPSP3andnewer__256.exe
2012-06-18 08:25 - 2012-06-18 08:24 - 57051280 ____A (Igor Pavlov) C:\Users\Andrew\Downloads\MapSource_6163.exe
2012-06-17 19:56 - 2012-06-04 04:12 - 00001077 ____A C:\Users\Andrew\Desktop\Fallout 2.lnk
2012-06-17 18:18 - 2012-06-17 18:18 - 02979840 ____A C:\Users\Andrew\Downloads\Franco-r10_arhd_7.0.0.img
2012-06-17 17:59 - 2012-06-17 17:59 - 02580445 ____A C:\Users\Andrew\Downloads\ROM_Cleaner_NO-Sense_v1.1.zip
2012-06-17 17:59 - 2012-06-17 17:59 - 00145619 ____A C:\Users\Andrew\Downloads\Android_Revolution_HD_Super_Wipe_One_X.zip
2012-06-17 17:59 - 2012-06-17 17:58 - 08758028 ____A C:\Users\Andrew\Downloads\Battery_StockHD_OneX_2.05.1_aroma_by_jotha.zip
2012-06-17 16:58 - 2012-06-17 16:54 - 554715164 ____A C:\Users\Andrew\Downloads\Android_Revolution_HD-One_X_7.0.0.zip
2012-06-17 16:56 - 2012-06-17 16:56 - 02951573 ____A C:\Users\Andrew\Downloads\franco.Kernel-modules-r10.zip
2012-06-17 12:17 - 2012-06-17 11:52 - 327768302 ____A C:\Users\Andrew\Downloads\RD-MIUI_OneX_2.6.15.zip
2012-06-17 12:02 - 2012-06-17 12:01 - 04464951 ____A C:\Users\Andrew\Downloads\hTC_OneX(S720e)_Radio_1.1204.107.14.zip
2012-06-17 11:57 - 2012-06-17 11:57 - 04378119 ____A C:\Users\Andrew\Downloads\Radio_2.1204.119.17.zip
2012-06-14 21:38 - 2012-06-14 21:38 - 00004403 ____A C:\Users\Andrew\Downloads\gas_pressure.gif
2012-06-14 12:45 - 2012-06-14 12:44 - 04270080 ____A C:\Users\Andrew\Downloads\boot(5).img
2012-06-13 18:10 - 2012-06-13 18:10 - 02938149 ____A C:\Users\Andrew\Downloads\Something To Dance For_TTYLXOX (Mash Up) from Shake It Up.mp3
2012-06-13 17:58 - 2012-06-13 17:58 - 00480165 ____A C:\Users\Andrew\Downloads\RecBoot.zip
2012-06-13 17:07 - 2012-06-13 17:07 - 00753332 ____A C:\Users\Andrew\Downloads\LIBUSB64Fix.zip
2012-06-13 17:07 - 2012-06-13 17:05 - 363553480 ____A C:\Users\Andrew\Downloads\iPod2,1_4.2.1_8C148_Restore.ipsw
2012-06-13 17:06 - 2012-06-13 17:06 - 00463215 ____A C:\Users\Andrew\Downloads\fixrecovery-win.zip
2012-06-13 16:59 - 2012-06-13 16:59 - 01387127 ____A C:\Users\Andrew\Downloads\irecovery.zip
2012-06-13 12:20 - 2012-06-13 12:20 - 02951561 ____A C:\Users\Andrew\Downloads\franco.Kernel-modules-r9(1).zip
2012-06-13 12:00 - 2012-06-13 11:58 - 148909136 ____A C:\Users\Andrew\Downloads\cm_endeavoru-ota-eng.noeri_015.zip
2012-06-13 11:58 - 2012-06-13 11:58 - 02922496 ____A C:\Users\Andrew\Downloads\TripCM9r15Francor9.img
2012-06-13 11:46 - 2012-06-13 11:46 - 04276224 ____A C:\Users\Andrew\Downloads\boot(4).img
2012-06-12 16:31 - 2012-06-12 16:30 - 19003209 ____A C:\Users\Andrew\Downloads\Blot-v1.1.0-AppleGuider.org.ipa
2012-06-12 15:42 - 2012-06-12 15:42 - 16465538 ____A C:\Users\Andrew\Downloads\redsn0w_win_0.9.12b2.zip
2012-06-12 15:26 - 2012-06-12 15:25 - 16388409 ____A C:\Users\Andrew\Downloads\redsn0w_win_0.9.12b1.zip
2012-06-12 11:37 - 2012-06-12 11:32 - 156194976 ____A C:\Users\Andrew\Downloads\cm-9-20120612-alpha-1-endeavoru.zip
2012-06-12 11:33 - 2012-06-12 11:33 - 54485532 ____A C:\Users\Andrew\Downloads\gapps-ics-20120317-signed(2).zip
2012-06-09 13:25 - 2012-06-09 13:25 - 05879808 ____A C:\Users\Andrew\Downloads\recovery-clockwork-touch-5.8.4.0-endeavoru.img
2012-06-07 08:03 - 2012-06-07 08:03 - 00009949 ____A C:\Users\Andrew\Downloads\su_ics_v3.1_wraithdu_installer_v2.1(1).zip
2012-06-07 07:40 - 2012-06-07 07:40 - 00213999 ____A C:\Users\Andrew\Downloads\zImage_Injector_v0.1.rar
2012-06-06 14:11 - 2012-06-06 14:11 - 00025103 ____A C:\Users\Andrew\Downloads\[freefullandroid.blogspot.com] PowerAMP Full Version Unlocker.apk
2012-06-06 14:05 - 2012-06-06 14:05 - 01193386 ____A C:\Users\Andrew\Downloads\MarketMilitia.ORG..franco.kernel.v4.9.zip
2012-06-06 13:54 - 2012-06-06 13:54 - 02951561 ____A C:\Users\Andrew\Downloads\franco.Kernel-modules-r9.zip
2012-06-06 13:54 - 2012-06-06 13:54 - 02926592 ____A C:\Users\Andrew\Downloads\boot-r9.img
2012-06-05 16:52 - 2012-06-05 16:52 - 01631006 ____A C:\Users\Andrew\Downloads\t1u1a0s.zip
2012-06-05 09:03 - 2012-06-05 09:03 - 00484944 ____A C:\Users\Andrew\Downloads\Sensor_Fix.zip
2012-06-04 13:21 - 2012-06-04 13:18 - 02437399 ____A C:\Users\Andrew\Downloads\GCD v2.25.apk
2012-06-04 13:15 - 2012-06-04 13:15 - 01045321 ____A C:\Users\Andrew\Downloads\A%20Liquid%20Cloud%20Full%201.22.apk
2012-06-04 12:52 - 2012-06-04 12:48 - 304978057 ____A C:\Users\Andrew\Downloads\HDWallpaper.zip
2012-06-04 08:30 - 2012-06-04 08:06 - 694960128 ____A C:\Users\Andrew\Downloads\Zelig (Woody Allen 1983) XviD DVDRip.avi
2012-06-04 04:22 - 2012-06-04 04:22 - 02929870 ____A C:\Users\Andrew\Downloads\f2patch.exe
2012-06-04 04:21 - 2012-06-04 04:21 - 00186151 ____A C:\Users\Andrew\Downloads\sfall 2.17(1).7z
2012-06-04 04:20 - 2012-06-04 04:20 - 08140792 ____A (killap ) C:\Users\Andrew\Downloads\unofficialFO2patch.exe
2012-06-04 04:19 - 2012-06-04 04:19 - 00771697 ____A C:\Users\Andrew\Downloads\Fallout2_High_Resolution_Patch_3.06.zip
2012-06-04 04:11 - 2012-06-04 04:11 - 00052736 ____A (Interplay Productions) C:\Windows\ipuninst.exe
2012-06-03 12:15 - 2012-06-03 12:15 - 04984165 ____A C:\Users\Andrew\Downloads\Reddit News-50.apk
2012-06-03 12:06 - 2012-06-03 12:06 - 01372076 ____A C:\Users\Andrew\Downloads\Sense_4_clock.apk
2012-06-03 11:09 - 2012-06-03 11:09 - 00401453 ____A C:\Users\Andrew\Downloads\Root_Explorer.apk
2012-06-03 10:48 - 2012-06-03 10:48 - 00009949 ____A C:\Users\Andrew\Downloads\su_ics_v3.1_wraithdu_installer_v2.1.zip
2012-06-03 10:15 - 2012-06-03 10:15 - 05898240 ____A C:\Users\Andrew\Downloads\recovery-clockwork-touch-5.8.3.1-endeavoru_fixedadbusb(1).img
2012-06-03 10:13 - 2012-06-03 10:13 - 05898240 ____A C:\Users\Andrew\Downloads\recovery-clockwork-touch-5.8.3.1-endeavoru_fixedadbusb.img
2012-06-03 10:04 - 2012-06-03 10:01 - 148649900 ____A C:\Users\Andrew\Downloads\cm_endeavoru-ota-eng.noeri_014.zip
2012-06-03 10:02 - 2012-06-03 10:01 - 44272586 ____A C:\Users\Andrew\Downloads\tripndroid_gapps_29052012.zip
2012-06-03 09:40 - 2012-06-03 09:40 - 01361437 ____A C:\Users\Andrew\Downloads\Supercharger_HardToKillLauncher_services.jar_1.29.401.11.zip
2012-06-03 05:08 - 2012-06-03 05:08 - 09027043 ____A C:\Users\Andrew\Downloads\grand_theft_auto_iii_v1.3(1).apk
2012-06-02 14:19 - 2012-06-18 18:32 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-18 18:32 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-18 18:32 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-18 18:32 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-18 18:32 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-18 18:32 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-18 18:32 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-18 18:31 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-18 18:31 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 05:47 - 2012-06-02 05:46 - 01361437 ____A C:\Users\Andrew\Downloads\services.jar
2012-06-02 05:45 - 2012-06-02 05:45 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-02 05:45 - 2012-06-02 05:45 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-02 05:42 - 2012-06-02 05:42 - 96813000 ____A (Oracle Corporation) C:\Users\Andrew\Downloads\jdk-7u4-windows-x64.exe
2012-06-02 04:20 - 2012-06-02 04:20 - 06276900 ____A C:\Users\Andrew\Downloads\Super Mario 64.zip
2012-06-01 15:02 - 2012-02-23 17:23 - 00195174 ____A C:\Windows\DPINST.LOG
2012-06-01 15:01 - 2012-06-01 15:01 - 00002024 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2012-06-01 12:58 - 2012-06-01 12:58 - 06054138 ____A C:\Users\Andrew\Downloads\jar file decompile and compiler with tutor.zip
2012-06-01 07:12 - 2012-06-01 07:12 - 00569873 ____A C:\Users\Andrew\Downloads\CWM-SuperSU-v0.89.zip
2012-06-01 07:08 - 2012-06-01 07:08 - 05869568 ____A C:\Users\Andrew\Downloads\recovery-clockwork-touch-5.8.3.1-endeavoru.img
2012-06-01 07:01 - 2012-06-01 07:01 - 00000256 ____A C:\Users\Andrew\Downloads\Unlock_code.bin
2012-06-01 05:26 - 2012-06-01 05:26 - 13783568 ____A (HTC Corporation ) C:\Users\Andrew\Downloads\HTCDriver3.0.0.007.exe
2012-06-01 05:21 - 2012-06-01 05:21 - 02024037 ____A C:\Users\Andrew\Downloads\onxr.zip
2012-06-01 04:33 - 2012-06-01 04:33 - 46956406 ____A C:\Users\Andrew\Downloads\One_X_All-In-One_Kit_v1.0.rar
2012-05-28 05:16 - 2012-05-28 05:16 - 00341811 ____A () C:\Users\Andrew\Downloads\Everything-1.2.1.371.exe
2012-05-22 18:36 - 2012-05-22 18:36 - 00012244 ____A C:\Users\Andrew\Documents\Untitled-2.png
2012-05-21 19:21 - 2012-05-21 19:21 - 00387930 ____A C:\Users\Andrew\Downloads\fallup13.rar
2012-05-21 19:19 - 2012-05-21 19:19 - 00596602 ____A C:\Users\Andrew\Downloads\Fallout_1_TeamX_Patch_ENG_1.2w.zip
2012-05-21 19:16 - 2012-05-21 19:16 - 00186151 ____A C:\Users\Andrew\Downloads\sfall 2.17.7z
2012-05-21 19:16 - 2012-05-21 19:16 - 00032292 ____A C:\Users\Andrew\Downloads\f1npcmod.rar
2012-05-21 19:14 - 2012-05-21 19:14 - 01539344 ____A C:\Users\Andrew\Downloads\F1ChildPatch.rar
2012-05-21 18:58 - 2012-05-21 18:58 - 00942635 ____A C:\Users\Andrew\Downloads\Fallout1_High_Resolution_Patch_3.06.zip
2012-05-21 12:06 - 2012-05-21 12:06 - 00001064 ____A C:\Users\Public\Desktop\Electric Sheep.lnk
2012-05-21 12:05 - 2012-05-21 12:05 - 19832128 ____A C:\Users\Andrew\Downloads\electricsheep-2.7b34.exe
2012-05-19 00:17 - 2012-04-08 14:52 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-19 00:17 - 2012-01-25 23:55 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-19 00:04 - 2012-05-18 23:44 - 732213248 ____A C:\Users\Andrew\Downloads\ubuntu-12.04-desktop-amd64.iso
2012-05-18 23:41 - 2012-05-18 23:41 - 00759634 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-18 23:41 - 2012-05-18 23:41 - 00002135 ____A C:\Users\Public\Desktop\VMware Workstation.lnk
2012-05-18 23:41 - 2012-05-18 23:41 - 00001024 ____A C:\.rnd
2012-05-18 00:03 - 2012-05-18 00:03 - 00494939 ____A C:\Users\Andrew\Downloads\TowerOfLondon.zip
2012-05-15 22:16 - 2012-05-15 22:16 - 146107809 ____A C:\Users\Andrew\Downloads\Young_Sinatra-(DatPiff.com).zip
2012-05-14 14:55 - 2012-05-14 14:55 - 00001246 ____A C:\Users\Public\Desktop\Auslogics Disk Defrag.lnk
2012-05-14 14:54 - 2012-05-14 14:54 - 00254152 ____A (Secure By Design Inc.) C:\Users\Andrew\Downloads\Ninite Auslogics Installer.com
2012-05-13 23:57 - 2012-05-13 21:56 - 00564444 ____A C:\Users\Andrew\Documents\Racial profiling by the police.pptx
2012-05-13 15:31 - 2012-05-13 15:31 - 00000006 ____A C:\Users\Andrew\Documents\linux.txt
2012-05-13 14:51 - 2012-05-13 14:51 - 00001889 ____A C:\Users\Andrew\Downloads\ubuntu-script-v7-ubuntupaid(1).zip
2012-05-13 14:47 - 2012-05-13 14:47 - 00850890 ____A C:\Users\Andrew\Downloads\Complete_Linux_Installer_v301-paypal.apk
2012-05-13 14:47 - 2012-05-13 14:39 - 1420248603 ____A C:\Users\Andrew\Downloads\ubuntu1204-v2-full.zip
2012-05-13 14:40 - 2012-05-13 14:40 - 00001893 ____A C:\Users\Andrew\Downloads\ubuntu-script-v7-complete.zip
2012-05-12 20:31 - 2012-05-12 20:30 - 96635758 ____A C:\Users\Andrew\Downloads\sc st 1.rar
2012-05-12 18:08 - 2012-05-12 18:08 - 00035538 ____A C:\Users\Andrew\Downloads\GScript (1.1.2) (YourSite.Com).apk
2012-05-12 17:52 - 2012-05-12 17:52 - 00001139 ____A C:\Users\Andrew\Downloads\ubuntuV6-1-script.zip
2012-05-12 17:20 - 2012-05-12 17:20 - 00001889 ____A C:\Users\Andrew\Downloads\ubuntu-script-v7-ubuntupaid.zip
2012-05-12 17:20 - 2012-05-12 17:20 - 00000489 ____A C:\Users\Andrew\Downloads\file _F _Movies_
2012-05-12 15:10 - 2012-05-12 14:57 - 122735438 ____A C:\Users\Andrew\Downloads\FXP119_update-cm-9.0.0-RC0-anzu-UNOFFICIAL-signed.zip
2012-05-12 14:58 - 2012-05-12 14:57 - 54485532 ____A C:\Users\Andrew\Downloads\gapps-ics-20120317-signed(1).zip
2012-05-12 14:29 - 2012-05-12 14:28 - 151801119 ____A C:\Users\Andrew\Downloads\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe
2012-05-11 21:00 - 2012-05-11 21:00 - 00036896 ____A C:\Users\Andrew\Downloads\layer.cake.(2004).eng.1cd.(3127356)(1).zip
2012-05-11 20:30 - 2012-05-11 20:30 - 00036970 ____A C:\Users\Andrew\Downloads\layer.cake.(2004).eng.1cd.(3127356).zip
2012-05-11 18:32 - 2012-05-11 18:31 - 01400260 ____A C:\Users\Andrew\Downloads\ScriptDragon_1.5.26.0.zip
2012-05-11 18:29 - 2012-05-11 18:29 - 00316222 ____A C:\Users\Andrew\Downloads\SkyBoost_r5_test_3.zip
2012-05-11 18:15 - 2012-05-11 18:14 - 09406710 ____A C:\Users\Andrew\Downloads\Skyrim_Enhanced_Shaders_FX-822.zip
2012-05-11 17:47 - 2012-05-11 17:47 - 00292184 ____A (Microsoft Corporation) C:\Users\Andrew\Downloads\dxwebsetup(1).exe
2012-05-11 17:44 - 2012-05-11 17:44 - 00001655 ____A C:\Users\Andrew\Desktop\skse_loader.exe - Shortcut.lnk
2012-05-11 17:41 - 2012-05-11 17:41 - 00306868 ____A C:\Users\Andrew\Downloads\skse_1_05_06.7z
2012-05-11 17:33 - 2012-05-11 17:33 - 05699154 ____A C:\Users\Andrew\Downloads\NEW_v21HDR_Realistic_Colors_and_Real_Nights_MANUAL_INSTALLER_for_STEAM_and_NEXUS-1875-2-1.rar
2012-05-11 17:19 - 2012-05-11 17:19 - 00225336 ____A C:\Users\Andrew\Downloads\skse_1_04_15.7z
2012-05-11 17:17 - 2012-05-11 17:17 - 00000890 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2012-05-11 17:17 - 2012-05-11 17:16 - 03802494 ____A (Black Tree Gaming ) C:\Users\Andrew\Downloads\Nexus Mod Manager-0.17.1.exe
2012-05-11 13:45 - 2012-05-11 13:34 - 133603512 ____A C:\Users\Andrew\Downloads\Ariel-Teen-SexMovs.avi
2012-05-11 12:02 - 2012-05-11 12:02 - 00039409 ____A C:\Users\Andrew\Downloads\ski32.zip
2012-05-11 01:23 - 2012-05-10 21:23 - 00924451 ____A C:\Users\Andrew\Documents\Marijuana decriminalization.pptx
2012-05-10 18:55 - 2012-05-10 18:46 - 181260963 ____A C:\Users\Andrew\Downloads\South.Park.S16E06.REPACK.HDTV.x264-ASAP.mp4
2012-05-08 23:05 - 2012-05-08 23:05 - 00001588 ____A C:\Users\Andrew\Desktop\ChessBase 11.lnk
2012-05-08 12:39 - 2012-01-24 00:29 - 00000943 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-05-06 21:07 - 2012-05-06 21:07 - 00002049 ____A C:\Users\Public\Desktop\Baldur's Gate.lnk
2012-05-06 19:54 - 2012-05-06 19:53 - 183358675 ____A C:\Users\Andrew\Downloads\Young_Sinatra_Undeniable-(DatPiff.com).zip
2012-05-06 18:11 - 2012-05-06 18:11 - 00069371 ____A C:\Users\Andrew\Downloads\102728.rar
2012-05-06 15:55 - 2012-05-06 15:55 - 00797186 ____A C:\Users\Andrew\Downloads\widescreen-v3.05.exe
2012-05-06 13:38 - 2012-05-06 13:38 - 00002076 ____A C:\Users\Public\Desktop\Baldur's Gate II.lnk
2012-05-05 15:09 - 2012-03-12 11:55 - 00001780 ____A C:\Users\Andrew\Desktop\PeerBlock.lnk
2012-05-02 09:07 - 2012-02-23 19:34 - 00004488 ____A C:\Windows\PFRO.log
2012-05-02 08:54 - 2012-05-02 08:54 - 00050892 ____A C:\Users\Andrew\Documents\133597698906c0e496-efa6-4273-8628-a7f9343cf6d2__2012050212541823375.rtf
2012-05-01 15:11 - 2012-05-01 15:11 - 04687908 ____A C:\Users\Andrew\Downloads\Mass.Effect.ViTALiTY.Crack.only.rar
2012-05-01 15:11 - 2012-05-01 15:10 - 74354694 ____A (BioWare) C:\Users\Andrew\Downloads\MassEffect_EFIGS_1.02.exe
2012-05-01 15:03 - 2012-05-01 15:03 - 00013026 ____A C:\Users\Andrew\Desktop\MassEffect.exe - Shortcut.lnk
2012-05-01 14:58 - 2012-05-01 14:58 - 00001078 ____A C:\Users\Public\Desktop\Mass Effect.lnk
2012-05-01 14:24 - 2012-02-03 11:09 - 04986864 ____A C:\Windows\System32\FNTCACHE.DAT
2012-04-30 21:57 - 2012-04-30 17:34 - 3466315776 ____A C:\Users\Andrew\Downloads\Mass.Effect.PROPER-reloaded [BTarena.org].iso
2012-04-30 14:25 - 2012-04-30 14:25 - 02387988 ____A C:\Users\Andrew\Downloads\Sharpshooters_Extreme_Graphics_Vision-15105.rar
2012-04-28 14:36 - 2012-04-28 14:36 - 06826953 ____A C:\Users\Andrew\Downloads\win2k_xp1410.zip
2012-04-27 19:46 - 2012-04-27 19:46 - 00000991 ____A C:\Users\Andrew\Desktop\gbrainy.lnk
2012-04-27 19:46 - 2012-04-27 19:45 - 18256260 ____A C:\Users\Andrew\Downloads\gbrainy-206.exe
2012-04-26 21:35 - 2012-04-26 21:35 - 17702520 ____A C:\Users\Andrew\Downloads\jin-2.14.1-windows.exe
2012-04-24 17:57 - 2012-04-24 17:57 - 00223258 ____A C:\Users\Andrew\Downloads\wowlab_figure_1.0.zip
2012-04-24 17:56 - 2012-04-24 17:56 - 00999247 ____A C:\Users\Andrew\Downloads\Cubism.zip
2012-04-22 19:18 - 2012-04-22 19:18 - 00399224 ____A (BitTorrent, Inc.) C:\Users\Andrew\Downloads\utorrent_2.2.1.exe
2012-04-22 16:30 - 2012-04-22 16:29 - 47796216 ____A (Electronic Arts, Inc.) C:\Users\Andrew\Downloads\eadm-installer.exe
2012-04-22 16:18 - 2012-04-22 16:18 - 06181783 ____A (Intel Corporation) C:\Users\Andrew\Downloads\win2k_xp14103.exe
2012-04-22 15:57 - 2012-04-22 15:57 - 22865470 ____A C:\Users\Andrew\Downloads\sb0220_live1_xp.rar
2012-04-22 15:42 - 2012-04-22 15:42 - 07080000 ____A C:\Users\Andrew\Downloads\sdg3845_2kxp.zip
2012-04-22 15:42 - 2012-04-22 15:42 - 06999487 ____A C:\Users\Andrew\Downloads\usb2-wxp.zip
2012-04-22 15:42 - 2012-04-22 15:42 - 05646746 ____A C:\Users\Andrew\Downloads\iaa22.zip
2012-04-22 15:42 - 2012-04-22 15:42 - 04549378 ____A C:\Users\Andrew\Downloads\lan_i61.zip
2012-04-22 15:42 - 2012-04-22 15:42 - 02361481 ____A C:\Users\Andrew\Downloads\alc650_wdm337.zip
2012-04-22 15:42 - 2012-04-22 15:42 - 00216597 ____A C:\Users\Andrew\Downloads\09p4gvm4(1).zip
2012-04-22 15:41 - 2012-04-22 15:41 - 00216597 ____A C:\Users\Andrew\Downloads\09p4gvm4.zip
2012-04-22 15:39 - 2012-04-22 15:39 - 19631799 ____A C:\Users\Andrew\Downloads\p4b533-vm.zip
2012-04-22 15:38 - 2012-04-22 15:37 - 06800480 ____A (SmartTweak Software ) C:\Users\Andrew\Downloads\UpdateMyDrivers.exe
2012-04-22 15:11 - 2012-04-22 15:11 - 04179293 ____A (Lavalys, Inc. ) C:\Users\Andrew\Downloads\everesthome220(1).exe
2012-04-22 12:44 - 2012-04-22 12:48 - 00000824 ____A C:\Users\Andrew\Documents\COMPZZ.txt
2012-04-22 12:44 - 2012-04-22 12:44 - 01174617 ____A (Magical Jelly Bean ) C:\Users\Andrew\Downloads\KeyFinderInstaller.exe
2012-04-22 12:14 - 2012-04-22 12:09 - 1005455431 ____A C:\Users\Andrew\Downloads\sims3_13230150xx_update.zip
2012-04-22 12:12 - 2012-04-22 12:11 - 06888593 ____A C:\Users\Andrew\Downloads\TS3-1.32.3-Crack-by-beibei007.rar
2012-04-21 19:08 - 2012-02-02 20:23 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-20 22:51 - 2012-04-20 22:51 - 01065447 ____A C:\Users\Andrew\Downloads\ClipCube-0.3-Beta1.zip
2012-04-20 10:25 - 2012-04-20 10:25 - 00159559 ____A C:\Users\Andrew\Downloads\TESVAL-1.3.10.0-2011-12-22-skseplugin(1).7z
2012-04-17 17:11 - 2012-04-17 15:47 - 03474044 ____A C:\Users\Andrew\Documents\The 2011 Vancouver Stanley Cup riot.pptx
2012-04-14 21:26 - 2012-04-14 21:26 - 08741536 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-13 15:51 - 2012-04-13 15:50 - 38475313 ____A C:\Users\Andrew\Downloads\hodgybeats-untitledep.zip
2012-04-13 12:39 - 2012-04-13 12:38 - 142866479 ____A C:\Users\Andrew\Downloads\BBNG2-MP3-V0.zip
2012-04-12 17:18 - 2012-04-11 20:36 - 02973348 ____A C:\Users\Andrew\Documents\Household cleaners.pptx
2012-04-11 23:58 - 2012-04-11 23:58 - 00326214 ____A C:\Users\Andrew\Downloads\css3phototwo-481253527.zip
2012-04-11 23:56 - 2012-04-11 23:55 - 12064152 ____A C:\Users\Andrew\Downloads\genericwebsitetemplate.zip
2012-04-11 23:55 - 2012-04-11 23:39 - 00112777 ____A C:\Users\Andrew\Documents\Household cleaner quiz.pptx
2012-04-11 19:36 - 2012-02-03 01:04 - 00115824 ____A C:\Users\Andrew\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-09 21:49 - 2012-04-09 21:48 - 108145088 ____A (Wolfram Research, Inc. ) C:\Users\Andrew\Downloads\CDFPlayer_8.0.4_WIN.exe
2012-04-08 16:00 - 2012-04-08 16:00 - 00001792 ____A C:\Users\Andrew\Desktop\dxhr.exe - Shortcut.lnk
2012-04-08 10:32 - 2012-04-08 10:29 - 09027043 ____A C:\Users\Andrew\Downloads\grand_theft_auto_iii_v1.3.apk
2012-04-08 10:27 - 2012-04-08 10:27 - 01077332 ____A C:\Users\Andrew\Downloads\20lc(1).zip
2012-04-08 10:24 - 2012-04-08 10:24 - 00145907 ____A C:\Users\Andrew\Downloads\live-dmesg-(2.2).apk
2012-04-07 22:02 - 2012-04-07 22:02 - 06403088 ____A C:\Users\Andrew\Downloads\Xperia_PLAY_neo_arc_acroIS11s_acroSO-02C_USB_drivers.zip
2012-04-07 19:59 - 2012-04-07 19:59 - 00047889 ____A C:\Users\Andrew\Downloads\the.big.lebowski.(1998).eng.1cd.(3557133).zip
2012-04-07 14:23 - 2012-04-07 14:23 - 00039611 ____A C:\Users\Andrew\Downloads\trainspotting.(1996).eng.1cd.(3943530).zip
2012-04-07 12:40 - 2012-04-07 12:05 - 120560359 ____A C:\Users\Andrew\Downloads\FXP115_update-cm-9.0.0-RC0-anzu-UNOFFICIAL-signed.zip
2012-04-07 12:04 - 2012-04-07 12:04 - 54485532 ____A C:\Users\Andrew\Downloads\gapps-ics-20120317-signed.zip
2012-04-07 12:04 - 2012-04-07 12:04 - 18072123 ____A C:\Users\Andrew\Downloads\gapps-ics-facelock-20120131-signed.zip
2012-04-05 21:46 - 2012-04-05 21:46 - 13912326 ____A C:\Users\Andrew\Downloads\lunaticdemo_install.exe
2012-04-05 21:46 - 2012-04-05 21:46 - 00001989 ____A C:\Users\Andrew\Desktop\Dr. Lunatic Demo.lnk
2012-04-05 12:33 - 2012-04-05 12:33 - 00002014 ____A C:\Users\Public\Desktop\Fallout.lnk
2012-04-05 12:31 - 2012-04-05 12:28 - 507361719 ____A (GOG.com ) C:\Users\Andrew\Downloads\setup_fallout.exe
2012-04-05 04:03 - 2012-04-05 02:57 - 00434562 ____A C:\Users\Andrew\Documents\Factors affecting drug action.pptx
2012-04-04 14:33 - 2012-06-02 05:45 - 00268680 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-04-04 14:33 - 2012-02-23 17:13 - 00955800 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2012-04-04 14:33 - 2012-02-23 17:13 - 00839056 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-04-04 11:56 - 2012-01-22 18:30 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

ZeroAccess:
C:\Windows\Installer\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}
C:\Windows\Installer\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}\@
C:\Windows\Installer\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}\L
C:\Windows\Installer\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}\U
C:\Windows\Installer\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}\L\00000004.@
C:\Windows\Installer\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}\L\55490ac4
C:\Windows\Installer\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}\U\00000004.@
C:\Windows\Installer\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}\U\00000008.@
C:\Windows\Installer\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}\U\000000cb.@
C:\Windows\Installer\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}\U\80000032.@
C:\Windows\Installer\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}\U\80000064.@

ZeroAccess:
C:\Users\Andrew\AppData\Local\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}
C:\Users\Andrew\AppData\Local\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}\@
C:\Users\Andrew\AppData\Local\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}\L
C:\Users\Andrew\AppData\Local\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff}\U

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 8174.81 MB
Available physical RAM: 7159.28 MB
Total Pagefile: 8173.01 MB
Available Pagefile: 7156.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:1862.92 GB) (Free:612.94 GB) NTFS
2 Drive e: (Repair disc ReadyDriver Plus 64-) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
3 Drive f: () (Removable) (Total:7.63 GB) (Free:2.45 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 1863 GB 0 B
Disk 1 Online 7830 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 1862 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 1862 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 7830 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

==================================================================================

==========================================================

Last Boot: 2012-06-27 21:18

======================= End Of Log ==========================

Broni · Jul 1, 2012

Please do NOT wrap your logs in code brackets.

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

debani · Jul 1, 2012

Farbar Recovery Scan Tool Version: 30-06-2012 04
Ran by SYSTEM at 2012-07-01 13:44:06
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

Broni · Jul 1, 2012

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

debani · Jul 1, 2012

My internet connection won't reconnect now. In adapter settings it shows my internet card sending and receiving packets but in my notification area it says there's no internet access. I've tried restarting multiple times.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 30-06-2012 04
Ran by SYSTEM at 2012-07-01 14:06:02 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Windows\System32\consrv.dll not found.
C:\Windows\Installer\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff} moved successfully.
C:\Users\Andrew\AppData\Local\{19d1ce82-72bb-e8b4-bc14-d80bba5bddff} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

ComboFix 12-07-01.03 - Andrew 07/01/2012 14:18:07.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.6322 [GMT -4:00]
Running from: c:\users\Andrew\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\CCleaner\cc_update.exe
c:\program files\CCleaner\TrayApp.exe
c:\programdata\ntuser.dat
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\es.exe
c:\windows\pthreadGC2.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 )))))))))))))))))))))))))))))))
.
.
2012-07-01 21:12 . 2012-07-01 21:12 -------- d-----w- C:\FRST
2012-07-01 18:27 . 2012-07-01 18:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-01 06:23 . 2012-07-01 06:23 -------- d-----w- c:\users\Andrew\AppData\Local\FalloutNV
2012-06-30 22:04 . 2012-06-30 22:04 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-24 16:27 . 2012-06-24 17:26 -------- d-----w- c:\program files (x86)\QemuManager
2012-06-24 16:19 . 2012-06-24 16:29 -------- d-----w- c:\program files (x86)\Bochs-2.5.1
2012-06-21 04:17 . 2012-06-21 04:17 -------- d-----w- c:\users\Andrew\AppData\Local\Google
2012-06-21 04:16 . 2012-06-21 04:17 -------- d-----w- c:\users\Andrew\AppData\Local\Deployment
2012-06-19 02:32 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 02:32 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 02:32 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 02:32 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 02:32 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 02:32 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 02:32 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 02:31 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 02:31 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 16:29 . 2012-06-18 16:29 -------- d-----w- c:\programdata\GARMIN
2012-06-18 16:29 . 2012-06-18 16:29 -------- d-----w- c:\program files\DIFX
2012-06-18 16:29 . 2012-06-18 16:31 -------- d-----w- c:\users\Andrew\AppData\Roaming\Garmin
2012-06-18 16:29 . 2012-06-18 16:29 -------- d-----w- c:\program files (x86)\Garmin
2012-06-14 01:11 . 2012-06-14 01:27 -------- d-----w- C:\BOOT
2012-06-14 01:00 . 2012-06-14 01:34 -------- d-----w- c:\program files (x86)\LibUSB-Win32
2012-06-07 14:41 . 2012-06-07 14:41 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-07 14:41 . 2012-06-07 14:41 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-04 12:30 . 2012-06-04 12:30 -------- d-----w- c:\programdata\Fallout2
2012-06-04 12:11 . 2012-06-04 12:11 52736 ----a-w- c:\windows\ipuninst.exe
2012-06-04 12:11 . 2012-06-04 12:11 -------- d-----w- c:\program files\BlackIsle
2012-06-01 23:00 . 2012-06-01 23:00 -------- d-----w- c:\users\Andrew\AppData\Local\Sony
2012-06-01 23:00 . 2012-06-01 23:00 -------- d-----w- c:\programdata\Sony
2012-06-01 23:00 . 2012-06-01 23:00 -------- d-----w- c:\program files (x86)\Sony
2012-06-01 20:58 . 2012-06-02 14:40 -------- d-----w- C:\flerp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-19 08:17 . 2012-04-08 22:52 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-19 08:17 . 2012-01-26 07:55 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-15 05:26 . 2012-04-15 05:26 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 08:46 . 2012-05-01 22:30 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4CC93A81-CC1F-41C1-8124-22CD391A1F94}\mpengine.dll
2012-04-04 22:33 . 2012-02-24 01:13 955800 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-04 22:33 . 2012-02-24 01:13 839056 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2012-01-23 02:30 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Andrew\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2012-01-25 1517520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-01-18 103536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DirMngr;DirMngr;f:\gpg\dirmngr.exe [x]
R3 atillk64;atillk64;c:\users\Andrew\Downloads\winflash20113\atillk64.sys [2006-07-19 14608]
R3 AxtuDrv;AxtuDrv;c:\windows\SysWOW64\Drivers\AxtuDrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-04-06 13352]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 51445112]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-31 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-10-01 302120]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-02-03 15936]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-06 235520]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-01-18 11839488]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-12-06 10720256]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-12-06 327168]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2012-02-03 32320]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-03 471144]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201679691-783270451-1720172099-1000Core.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-21 04:17]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201679691-783270451-1720172099-1000UA.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-21 04:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-10-19 1441152]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-03 11545192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\a2o8s4yn.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-GPG4Win - f:\gpg\gpg4win-uninstall.exe
AddRemove-Privoxy - f:\privoxy\privoxy_uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
.
**************************************************************************
.
Completion time: 2012-07-01 14:34:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-01 18:34
.
Pre-Run: 671,775,571,968 bytes free
Post-Run: 673,832,357,888 bytes free
.
- - End Of File - - FF728294731EBCD8FF4ED7CE24E6720E

Broni · Jul 1, 2012

Let's see about your connection...

Please download Farbar Service Scanner Download Link and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

debani · Jul 1, 2012

Farbar Service Scanner Version: 01-07-2012
Ran by Andrew (administrator) on 01-07-2012 at 17:14:30
Running from "F:\"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Broni · Jul 1, 2012

These settings look fine.

Make sure, your settings are correct.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol version 4 (TCP/IPv4), make sure it is checked, and then click Properties
6. Make sure Obtain an IP Address Automatically and Obtain DNS server address Automatically are checked.
7. Click on "Advanced" button and make sure "IP Settings" tab looks like this:

Make sure "DNS" tab looks like this:

Make sure "WINS" tab looks like this:

8. Still in Control Panel double click on "Internet options" then "Connections" tab then "LAN Settings" button. Make sure "Automatically detect settings" is checked.
If you made any changes OK your way out.
Restart computer.

If that doesn't work...
Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.

If that doesn't work, bypass router, and connect computer straight to the modem.

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"

Restart computer.

If that doesn't work...
Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.

debani · Jul 1, 2012

I got my internet working again by removing my internet adapter from my internet bridge and re-bridging my connections.

Broni · Jul 1, 2012

Cool beans

Any other current issues?

========================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=========================================

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

debani · Jul 1, 2012

Not as far as I can tell.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.01.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Andrew :: ANDREW-PC [administrator]

7/1/2012 5:31:55 PM
mbam-log-2012-07-01 (17-31-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211927
Time elapsed: 3 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL logfile created on: 7/1/2012 5:37:26 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Andrew\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.10 Gb Available Physical Memory | 76.37% Memory free
15.96 Gb Paging File | 14.01 Gb Available in Paging File | 87.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 627.62 Gb Free Space | 33.69% Space Free | Partition Type: NTFS
Drive D: | 165.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 7.63 Gb Total Space | 2.45 Gb Free Space | 32.10% Space Free | Partition Type: FAT32

Computer Name: ANDREW-PC | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/01 17:33:13 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
PRC - [2012/02/23 06:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/01/18 15:47:28 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012/01/18 15:47:20 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012/01/18 15:47:10 | 000,103,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2012/01/18 15:04:52 | 011,839,488 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
PRC - [2012/01/18 13:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/22 16:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/03/31 16:08:14 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/02/15 07:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2010/11/20 23:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/05/04 15:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/08/29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Andrew\Local Settings\Apps\F.lux\flux.exe

========== Modules (No Company Name) ==========

MOD - [2011/02/15 07:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2011/02/15 07:20:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2011/02/15 07:20:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2011/02/15 07:19:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2011/02/15 07:19:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2011/02/15 07:19:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2010/07/27 00:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
MOD - [2009/08/29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Andrew\Local Settings\Apps\F.lux\flux.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/12/05 23:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/10/19 17:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
SRV:64bit: - [2011/09/22 16:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/01 00:03:37 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/06/16 10:35:05 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/23 06:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/02/02 21:22:29 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/01/18 15:47:28 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012/01/18 15:47:20 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012/01/18 15:04:52 | 011,839,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2012/01/18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/01/18 13:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/29 22:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011/03/31 16:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/05/04 15:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/02 21:29:19 | 000,032,320 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2012/02/02 21:28:30 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2012/02/02 21:16:20 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/01/24 20:46:35 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012/01/18 15:47:44 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012/01/18 15:46:18 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012/01/18 13:06:00 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012/01/18 13:06:00 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011/12/05 23:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/12/05 22:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/17 13:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/08/29 22:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/08/09 18:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/08/04 13:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2011/08/04 13:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 13:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2011/08/04 13:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/04 16:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed) cFosSpeed for faster Internet connections (NDIS 6)
DRV:64bit: - [2011/05/20 10:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/05/10 11:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 01:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/02/08 01:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 23:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/09/30 23:35:06 | 000,302,120 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/06/11 15:37:14 | 000,015,368 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2009/11/01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 16:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 17:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/06 03:13:46 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2009/04/06 03:13:46 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV - [2010/05/26 20:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/07/19 15:04:00 | 000,014,608 | R--- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Users\Andrew\Downloads\winflash20113\atillk64.sys -- (atillk64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-201679691-783270451-1720172099-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-201679691-783270451-1720172099-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 79 F6 40 9E 64 4F CD 01 [binary data]
IE - HKU\S-1-5-21-201679691-783270451-1720172099-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-201679691-783270451-1720172099-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-201679691-783270451-1720172099-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-201679691-783270451-1720172099-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Andrew\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Andrew\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/01/22 22:34:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 10:35:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Users\Andrew\AppData\Local\Mozilla Thunderbird\components [2012/03/28 21:52:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Users\Andrew\AppData\Local\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/01/22 22:34:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 10:35:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/09/10 07:50:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Extensions
[2012/06/29 15:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\a2o8s4yn.default\extensions
[2012/06/19 22:57:40 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\a2o8s4yn.default\extensions\https-everywhere@eff.org
[2012/06/25 07:53:58 | 000,004,873 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\a2o8s4yn.default\searchplugins\isohunt--bt-search.xml
[2011/09/10 02:32:40 | 000,002,276 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\a2o8s4yn.default\searchplugins\minecraft-wiki-en.xml
[2011/09/11 15:31:23 | 000,001,597 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\a2o8s4yn.default\searchplugins\the-pirate-bay.xml
[2011/09/28 19:33:10 | 000,000,911 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\a2o8s4yn.default\searchplugins\thesauruscom.xml
[2011/10/29 23:42:01 | 000,002,006 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\a2o8s4yn.default\searchplugins\urban-dictionary.xml
[2012/03/01 20:06:43 | 000,001,997 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\a2o8s4yn.default\searchplugins\wolframalpha.xml
[2011/09/10 17:25:58 | 000,004,140 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\a2o8s4yn.default\searchplugins\youtube.xml
[2012/03/26 03:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/08 01:39:10 | 000,061,705 | ---- | M] () (No name found) -- C:\USERS\ANDREW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A2O8S4YN.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
[2012/06/29 15:05:59 | 000,743,305 | ---- | M] () (No name found) -- C:\USERS\ANDREW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A2O8S4YN.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/11/08 22:58:41 | 000,034,228 | ---- | M] () (No name found) -- C:\USERS\ANDREW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A2O8S4YN.DEFAULT\EXTENSIONS\PRIV3@ICSI.BERKELEY.EDU.XPI
[2012/05/08 20:47:30 | 000,195,036 | ---- | M] () (No name found) -- C:\USERS\ANDREW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A2O8S4YN.DEFAULT\EXTENSIONS\SAVEDPASSWORDEDITOR@DANIEL.DAWSON.XPI
[2012/06/23 02:52:35 | 000,072,222 | ---- | M] () (No name found) -- C:\USERS\ANDREW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A2O8S4YN.DEFAULT\EXTENSIONS\SKIPSCREEN@SKIPSCREEN.XPI
[2012/06/10 22:25:52 | 000,009,107 | ---- | M] () (No name found) -- C:\USERS\ANDREW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A2O8S4YN.DEFAULT\EXTENSIONS\YTLIKE@DAVIDEBULDRINI.COM.XPI
[2012/06/16 10:35:06 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/07 10:41:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/07 10:41:47 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/01 14:29:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-201679691-783270451-1720172099-1000..\Run: [F.lux] C:\Users\Andrew\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-201679691-783270451-1720172099-1000..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-201679691-783270451-1720172099-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-201679691-783270451-1720172099-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADB804D6-AD11-4AFD-8016-0972DFA28C9A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD06867E-1F0A-4A8E-A842-2A6AF3726073}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.RTV1 - rtvcvfw32.dll File not found
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/01 17:32:50 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
[2012/07/01 17:12:46 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/01 14:48:51 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Diagnostics
[2012/07/01 14:39:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/01 14:14:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/01 14:14:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/01 14:14:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/01 14:13:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/01 14:12:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/01 14:07:56 | 004,568,829 | R--- | C] (Swearware) -- C:\Users\Andrew\Desktop\ComboFix.exe
[2012/07/01 13:39:26 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{BF9F2E76-1401-49AC-BF17-9622D46DD869}
[2012/07/01 13:39:17 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{99A92D12-0786-4CD6-A2DE-0358816BED5E}
[2012/07/01 13:07:14 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{918EB4CE-F693-4823-840C-973481571F78}
[2012/07/01 02:23:41 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\FalloutNV
[2012/07/01 00:06:56 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012/06/30 18:04:32 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/06/30 12:47:12 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{CC2870CD-0AA7-4255-907D-D96101DF0EEE}
[2012/06/30 12:47:03 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{7ACE39BD-6347-4D46-A724-7276E110BE6D}
[2012/06/29 18:42:01 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{3B6CB001-275D-454B-9A16-84C2D33BA3A7}
[2012/06/29 18:41:51 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{9BD356DE-D33D-4A39-8B7B-8E716E2A9EEC}
[2012/06/29 14:39:47 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{704D08BB-9C06-44AE-BE3E-59AE06EEB608}
[2012/06/28 13:30:37 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{B39DD8D1-E1D9-4107-BBF4-65C2950E3CA4}
[2012/06/28 13:30:27 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{413ECC6D-5E00-44E3-AFAF-57DE4B7B7ADD}
[2012/06/28 11:47:46 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{86C90CC7-6309-4372-B322-5277F9B68199}
[2012/06/27 14:44:17 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{0CF13C35-D43E-4B17-9CF4-863AD3F22AFB}
[2012/06/27 14:44:08 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{5FA89DDF-6CB2-497B-B736-9EF372AC1188}
[2012/06/27 00:46:31 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{A168FC6E-42C3-46F6-ACC3-EF4B37F53939}
[2012/06/27 00:46:21 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{61ACD1A9-93B2-4C2A-9879-B27324E74C48}
[2012/06/26 22:16:07 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{B62FB72B-7252-4360-AA94-3B438D7F5BAE}
[2012/06/26 22:15:58 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{481D5F58-5E52-41A2-9E13-AE947C7AFD19}
[2012/06/26 13:06:42 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{CF133B0F-C978-4B49-AD46-EA2F6472CD43}
[2012/06/25 22:53:44 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{CB9C1E7C-FFD2-4AAA-9086-4CDAFAFE2002}
[2012/06/25 22:53:35 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{65BA263F-DB57-4784-9533-0018CF813551}
[2012/06/25 08:32:14 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{EDE0967C-8406-4340-9344-9676AC64BDE7}
[2012/06/25 08:32:05 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{024F8484-26EA-414A-BFE2-C6B213A5A038}
[2012/06/24 19:14:55 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{7DB05BF6-88C2-4EC4-875E-E3DA4863C706}
[2012/06/24 19:14:46 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{A8053887-7F1E-4E22-9A5F-3F7A3D2DA005}
[2012/06/24 17:14:24 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{8B2B0A11-24BD-4038-9431-5912226E579F}
[2012/06/24 12:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qemu Manager 7.0
[2012/06/24 12:27:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QemuManager
[2012/06/24 12:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bochs 2.5.1
[2012/06/24 12:19:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bochs-2.5.1
[2012/06/24 11:12:47 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\most recent android stuff
[2012/06/24 04:50:21 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{18B7F3E3-61BD-41B0-8C4D-75178462B86B}
[2012/06/24 04:50:12 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{6D005FEF-EA25-4E67-91B2-D259A9C7BE5C}
[2012/06/23 12:39:44 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{6D3ABA27-1AC9-48D7-A374-8BBC4353D0DC}
[2012/06/23 12:39:34 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{0845801E-3819-419A-95DF-F4B436F219FC}
[2012/06/23 12:23:38 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{6135DBFD-B855-46B6-A8DE-2D76FC1FC350}
[2012/06/23 02:02:19 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\android clutter
[2012/06/23 02:01:02 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\python
[2012/06/23 01:56:57 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\android
[2012/06/22 21:37:27 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{38E58BDC-A624-4C8E-A01E-03EDEE21D8B1}
[2012/06/22 21:37:17 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{D742E206-3F07-401C-8CFF-50A0E8438E95}
[2012/06/22 09:36:54 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{5D4642DE-3AB2-4A53-8FBF-BCC50054DF4A}
[2012/06/22 09:36:44 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{145D89C2-E7EA-48C9-B5D5-ACD3F802E8A3}
[2012/06/21 21:36:21 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{ADACC506-C152-449D-B5C7-844814DE0935}
[2012/06/21 21:36:11 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{1F4C80C6-8D60-491D-B41C-3D4A18948E75}
[2012/06/21 08:07:44 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{7C79ED7B-4942-46FE-81D9-B34AAD07DDF7}
[2012/06/21 08:07:34 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{F78F9CEA-EB3D-4806-81EB-E9854476E0BD}
[2012/06/21 00:17:32 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Google

debani · Jul 1, 2012

[2012/06/21 00:16:33 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Deployment
[2012/06/20 13:39:11 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{23FE9280-7827-4142-81FC-B44C320E1CA6}
[2012/06/20 13:39:02 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{60B3EF89-1EAB-4303-9229-4205741F81AC}
[2012/06/19 17:21:34 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{17E73727-3769-4974-AA8D-DFD268C88951}
[2012/06/19 17:21:24 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{8D23B067-A79B-47BE-BD68-C100034EAAEA}
[2012/06/19 17:02:26 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{96B2755A-A20D-4658-B14B-ECC50FAC2677}
[2012/06/19 17:02:16 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{55F0D861-CAB9-4B6C-BE52-38FDDA3A241A}
[2012/06/18 19:37:20 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{C4EC59B1-672D-459B-9ECD-F38CB63D8CF8}
[2012/06/18 12:29:57 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\My Garmin
[2012/06/18 12:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\GARMIN
[2012/06/18 12:29:55 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Garmin
[2012/06/18 12:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2012/06/18 12:29:21 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/06/18 12:29:14 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Garmin
[2012/06/18 12:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin
[2012/06/18 11:34:03 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{83FFFEC5-4BDE-44BC-8688-51508CC0A623}
[2012/06/17 12:45:22 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{7B607FA1-2AB2-422D-AF80-C9F06C04A2AA}
[2012/06/16 20:32:29 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{781BB407-B4BE-4250-B5AF-F379053CFE8C}
[2012/06/16 03:16:51 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{3DFAD7C0-4FFD-474D-8041-B4996E31FBE2}
[2012/06/15 07:59:49 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{7FB0068B-03BE-4588-B001-F15BB7FD6B1F}
[2012/06/14 15:22:06 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{DD7A662B-E1E1-4584-8C07-8D678394AD7A}
[2012/06/14 15:21:56 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{502878C5-F500-4E9F-91CD-0D346F018699}
[2012/06/14 09:12:06 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{FC891B90-9F29-4E39-8C97-ECF7EB02CDA4}
[2012/06/13 21:11:22 | 000,000,000 | ---D | C] -- C:\BOOT
[2012/06/13 21:00:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibUSB-Win32
[2012/06/13 15:42:15 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{62AE5468-C7FC-46F3-B1D8-277F1941CF15}
[2012/06/13 15:42:05 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{0277C7B3-F021-4CA4-B3FC-DA0ECC13D575}
[2012/06/13 08:26:08 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{11261E0D-98F9-42E3-8EDC-785EC1D3711D}
[2012/06/13 07:50:29 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{7C253576-313E-4E57-B13C-394338FB1227}
[2012/06/12 16:19:50 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{ADA1E10A-5482-4A42-8BC3-46E48F9171CD}
[2012/06/12 16:19:41 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{7BE5B0B7-DD1C-4D83-9E1C-4446FCE8C3C0}
[2012/06/12 07:54:50 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{EC3954EB-6372-4624-85A0-65B411F6260D}
[2012/06/11 17:51:53 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{6C61FE46-B1A5-4675-A083-6D89CEF85AF7}
[2012/06/11 17:51:44 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{F1CC5D1A-0628-4E27-A2DF-5D44419CDD0B}
[2012/06/10 21:58:13 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{AF86F540-9CDA-4EFE-9C5D-7BF284C4AB49}
[2012/06/10 14:06:08 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{11E34B14-7373-4843-8B22-8AB4D904F53E}
[2012/06/09 09:35:24 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{F14ACD36-BAFA-46E8-9729-12D2FADA35CF}
[2012/06/09 09:35:14 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{68E8B54D-94EC-417B-B29E-A1204FD40C4E}
[2012/06/08 15:34:12 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{AF4F6B4D-2EC6-4243-8804-5F5FB55F470A}
[2012/06/08 15:34:03 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{EA01D002-2C49-4DAA-82E6-A0FF0D93F56C}
[2012/06/07 09:22:49 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{3B955A1D-0A72-4079-B128-5C8F14336F9F}
[2012/06/07 09:22:40 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{59149908-8744-4B93-B42E-F916661DE5A4}
[2012/06/06 10:45:20 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{4E656FEC-EF1A-4F43-88BF-C24C42DCF4F3}
[2012/06/06 10:45:10 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{CC93BFF1-1378-48A5-9253-1871D59E11B2}
[2012/06/06 10:26:44 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{52150645-0DEC-4D41-8498-9822D1A2F689}
[2012/06/06 07:44:27 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{7C83678F-7614-468D-BB26-1A0228928140}
[2012/06/05 17:39:37 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{E325F10E-36CD-4F67-BF76-AABE5635E917}
[2012/06/05 13:30:08 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\chad.{ED7BA470-8E54-465E-825C-99712043E01C}
[2012/06/05 08:50:20 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{B900EE15-3F84-407E-B375-63C11F993F64}
[2012/06/05 07:58:59 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{C26FB529-DB15-4BE8-A672-4AF1CA8A63D6}
[2012/06/04 14:22:43 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{F819F3D0-BB31-4743-829E-868DA0285420}
[2012/06/04 14:22:34 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{7C492FC1-7F15-4387-8E06-BECE352EBA2F}
[2012/06/04 10:22:35 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{BC99C6FA-4015-417A-B236-70AA8B19A47F}
[2012/06/04 08:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Fallout2
[2012/06/04 08:11:56 | 000,052,736 | ---- | C] (Interplay Productions) -- C:\Windows\ipuninst.exe
[2012/06/04 08:11:56 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Black Isle
[2012/06/04 08:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Isle
[2012/06/04 08:11:32 | 000,000,000 | ---D | C] -- C:\Program Files\BlackIsle
[2012/06/03 20:52:36 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{FFAF26E9-31DB-4E26-9BAF-A91FEB062971}
[2012/06/03 20:52:27 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{23EC440C-CE08-4F42-835E-C1F9AFB0B367}
[2012/06/03 08:52:04 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{9264C9BA-536B-482D-9E16-3AD7B9B4152F}
[2012/06/03 08:51:54 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{4E85C139-584D-4117-A85A-461D4B9410DA}
[2012/06/03 07:59:04 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{7F1A4E77-FD3B-44E2-AC9E-4DC33C145FBF}
[2012/06/02 08:11:18 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{77CD6D51-5C64-4968-B02B-4914ADBBBC51}
[2012/06/02 08:11:09 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{E7C483FB-A216-446B-927A-C4C360B64B14}
[2012/06/01 19:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2012/06/01 19:00:54 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Sony
[2012/06/01 19:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2012/06/01 19:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/01 17:39:16 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 17:39:15 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 17:33:13 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
[2012/07/01 17:30:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/01 17:30:11 | 2133,962,751 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/01 17:28:52 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/01 17:22:08 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-201679691-783270451-1720172099-1000UA.job
[2012/07/01 14:47:00 | 000,747,096 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/01 14:47:00 | 000,638,838 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/01 14:47:00 | 000,111,544 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/01 14:29:14 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/01 14:08:01 | 004,568,829 | R--- | M] (Swearware) -- C:\Users\Andrew\Desktop\ComboFix.exe
[2012/07/01 01:05:53 | 000,002,268 | ---- | M] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
[2012/07/01 00:22:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-201679691-783270451-1720172099-1000Core.job
[2012/07/01 00:06:56 | 000,000,219 | ---- | M] () -- C:\Users\Andrew\Desktop\Team Fortress 2.url
[2012/06/25 20:54:16 | 000,001,361 | ---- | M] () -- C:\Users\Andrew\Desktop\Auslogics Duplicate File Finder.lnk
[2012/06/23 16:43:08 | 000,000,218 | ---- | M] () -- C:\Users\Andrew\.recently-used.xbel
[2012/06/23 02:25:37 | 000,294,548 | ---- | M] () -- C:\Users\Andrew\Documents\Untitled-1.psd
[2012/06/23 02:20:58 | 000,077,290 | ---- | M] () -- C:\Users\Andrew\Documents\Untitled-1.png
[2012/06/23 02:20:57 | 000,000,132 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/06/17 23:56:46 | 000,001,077 | ---- | M] () -- C:\Users\Andrew\Desktop\Fallout 2.lnk
[2012/06/04 08:11:56 | 000,052,736 | ---- | M] (Interplay Productions) -- C:\Windows\ipuninst.exe
[2012/06/01 19:01:16 | 000,002,024 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/01 14:14:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/01 14:14:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/01 14:14:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/01 14:14:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/01 14:14:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/01 01:05:53 | 000,002,268 | ---- | C] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
[2012/07/01 00:06:56 | 000,000,219 | ---- | C] () -- C:\Users\Andrew\Desktop\Team Fortress 2.url
[2012/06/25 20:54:16 | 000,001,361 | ---- | C] () -- C:\Users\Andrew\Desktop\Auslogics Duplicate File Finder.lnk
[2012/06/23 16:43:08 | 000,000,218 | ---- | C] () -- C:\Users\Andrew\.recently-used.xbel
[2012/06/23 02:25:35 | 000,294,548 | ---- | C] () -- C:\Users\Andrew\Documents\Untitled-1.psd
[2012/06/23 02:20:56 | 000,077,290 | ---- | C] () -- C:\Users\Andrew\Documents\Untitled-1.png
[2012/06/21 00:17:32 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-201679691-783270451-1720172099-1000UA.job
[2012/06/21 00:17:32 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-201679691-783270451-1720172099-1000Core.job
[2012/06/04 08:12:13 | 000,001,077 | ---- | C] () -- C:\Users\Andrew\Desktop\Fallout 2.lnk
[2012/06/01 19:01:16 | 000,002,024 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012/05/19 03:41:03 | 000,759,634 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/04 22:40:08 | 000,000,132 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/02/02 21:27:50 | 000,000,003 | ---- | C] () -- C:\Users\Andrew\AppData\Local\user_data.ini
[2012/02/02 21:23:38 | 000,001,112 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2012/02/02 21:23:38 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2012/02/02 21:23:38 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2012/02/02 21:23:37 | 000,181,760 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/02/02 21:23:37 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/02/02 20:22:44 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/01/24 19:48:42 | 000,041,984 | ---- | C] () -- C:\Windows\LockCMD.exe
[2012/01/24 19:48:42 | 000,041,472 | ---- | C] () -- C:\Windows\Lock.exe
[2012/01/22 22:38:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/12/08 19:00:57 | 000,000,600 | ---- | C] () -- C:\Users\Andrew\AppData\Local\PUTTY.RND
[2011/12/07 00:15:15 | 000,000,600 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\winscp.rnd
[2011/12/05 23:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/12/05 23:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/11/09 22:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/11/09 22:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/09/12 19:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/02/21 20:37:09 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\.minecraft
[2012/05/14 18:55:53 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Auslogics
[2012/03/02 17:54:53 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Bitcoin
[2011/10/22 23:10:33 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\ChessBase
[2011/09/09 21:43:04 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\DeviceVm
[2011/12/10 03:43:33 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\EditPlus 3
[2011/09/10 07:53:32 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\ESET
[2011/10/29 15:44:49 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\foobar2000
[2012/06/18 12:31:07 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Garmin
[2012/04/28 14:57:30 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\gbrainy
[2012/06/24 02:33:02 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\gnupg
[2012/06/23 16:33:03 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\gtk-2.0
[2012/04/06 01:46:27 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Hamumu
[2011/11/27 23:25:03 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Jaran Nilsen
[2012/01/16 14:14:29 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Namecoin
[2012/01/16 12:40:50 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\poclbm
[2012/01/08 01:28:18 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Rainmeter
[2012/06/12 19:26:14 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\redsn0w
[2012/01/19 15:41:21 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\SecondLife
[2012/01/23 03:05:59 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\TeamViewer
[2012/01/19 19:46:31 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Thunderbird
[2012/07/01 09:23:06 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\TrueCrypt
[2012/07/01 01:26:50 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\uTorrent
[2012/03/12 20:22:29 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Wireshark
[2009/07/14 01:08:49 | 000,023,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/05/19 03:41:08 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/07/01 14:34:17 | 000,017,699 | ---- | M] () -- C:\ComboFix.txt
[2012/07/01 17:30:11 | 2133,962,751 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 02:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2012/07/01 17:30:16 | 4276,940,799 | -HS- | M] () -- C:\pagefile.sys
[2011/09/18 00:28:34 | 000,148,208 | ---- | M] () -- C:\wubildr
[2011/09/18 00:28:34 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/12/13 11:28:24 | 004,136,960 | ---- | M] () -- C:\Windows\es.scr
[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/01/22 21:54:47 | 000,000,221 | -HS- | M] () -- C:\Users\Andrew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/07/01 14:08:01 | 004,568,829 | R--- | M] (Swearware) -- C:\Users\Andrew\Desktop\ComboFix.exe
[2012/07/01 17:33:13 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
[2012/03/11 13:59:15 | 005,853,460 | ---- | M] () -- C:\Users\Andrew\Desktop\pidgin-2.10.1.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/07/01 00:22:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-201679691-783270451-1720172099-1000Core.job
[2012/07/01 17:22:08 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-201679691-783270451-1720172099-1000UA.job
[2012/07/01 17:30:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/14 01:08:49 | 000,023,646 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2012/02/02 21:15:00 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2012/02/02 21:15:00 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2012/02/02 21:15:00 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2012/02/02 21:15:00 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2012/02/02 21:15:00 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2012/02/02 21:15:00 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/02/24 11:59:04 | 000,000,402 | -HS- | M] () -- C:\Users\Andrew\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

< End of report >

debani · Jul 1, 2012

OTL Extras logfile created on: 7/1/2012 5:37:26 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Andrew\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.10 Gb Available Physical Memory | 76.37% Memory free
15.96 Gb Paging File | 14.01 Gb Available in Paging File | 87.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 627.62 Gb Free Space | 33.69% Space Free | Partition Type: NTFS
Drive D: | 165.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 7.63 Gb Total Space | 2.45 Gb Free Space | 32.10% Space Free | Partition Type: FAT32

Computer Name: ANDREW-PC | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-201679691-783270451-1720172099-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{110EB5C4-E995-4CFB-AB80-A5F315BEA9E9}" = Python 2.6 (64-bit)
"{1111706F-666A-4037-7777-210648764D10}" = JavaFX 2.1.0 (64-bit)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2222706F-666A-4037-7777-210648764D10}" = JavaFX 2.1.0 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
"{4FF5C7C9-86CC-41ED-B93B-0B51AB4FED24}" = VmciSockets
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5586CBEA-C071-4616-B809-6E11815D2190}" = ESET Smart Security
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170040}" = Java SE Development Kit 7 Update 4 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E3B2120-0BD8-9865-0387-E9BAC2A53AD3}" = ccc-utility64
"{BE882A12-5A45-3DFF-9FD0-306DE65EB8A5}" = AMD Catalyst Install Manager
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EF393943-0CCE-9CD9-6181-96DF4E4428EF}" = AMD Media Foundation Decoders
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"A-WIN-Extras 8.0.4 2609412_is1" = Mathematica Extras 8.0 (2609412)
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR 4.20 beta 1 (64-bit)
"XFast LAN" = XFast LAN v6.61

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{0D97F8D1-2102-53D2-5633-C992D6086801}" = CCC Help Chinese Traditional
"{0EA00EA7-42C0-ED9C-9110-2C04B8EDBA66}" = CCC Help Italian
"{0EB86B70-91FF-39BF-633C-785DF2218CC6}" = CCC Help French
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{12FAF8C2-0061-429D-B7B4-FF1C9C58A99C}" = THX TruStudio Pro
"{1686C07D-C2BB-A8B2-C5ED-32C4EE1A3E62}" = CCC Help Spanish
"{18B6A9F8-25BC-5978-6B42-A50FA2CABC18}" = CCC Help English
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{298C6691-46B2-2065-0DD7-1E7B3B669A47}" = CCC Help Finnish
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{347151C4-7F16-B275-8865-CC6B64056D3F}" = Catalyst Control Center Graphics Previews Common
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{400C5445-1AE8-1A41-CAC6-AB114341F65D}" = CCC Help Swedish
"{448B1C6D-02C2-7681-66B2-624E58B25375}" = CCC Help Turkish
"{46EB9D45-FC1A-2635-1693-176E6FA1C672}" = CCC Help Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62AEBBB6-8314-7902-B3DA-1690F97DFA74}" = CCC Help English
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{651F43AA-3F06-9277-6F1B-8E8155017463}" = CCC Help Polish
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder
"{68DE32E1-292B-6A02-6A53-935BFAE70C99}" = CCC Help Chinese Standard
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{818212BA-7F8C-DDF9-64BE-F6D0B6F46D29}" = CCC Help German
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84F4542C-ED64-28AC-49B3-1A9BAB395AB4}" = CCC Help Hungarian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C41195F-11B3-8EEC-6634-7183BE6CB1B1}" = CCC Help Japanese
"{A33A89D0-2F48-FD1C-A243-9073EE0592E0}" = Catalyst Control Center InstallProxy
"{A66FB6C7-B689-AFD5-21BA-7CAF8E44E6E6}" = Catalyst Control Center Graphics Previews Common
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AE136F7F-7DC6-600F-9DF9-BFA0DF516135}" = Catalyst Control Center Localization All
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B4CF00AE-2622-7BC6-24EC-4E5A0A8C9135}" = CCC Help Czech
"{BAE1C0A8-634D-CFF1-0E0C-893092427D34}" = CCC Help Danish
"{C2DEC505-79A9-E952-32B0-31B67B83E231}" = CCC Help Korean
"{C2FB14FB-DF6B-287D-BDC3-C7BEC86F539E}" = Catalyst Control Center
"{CCEFAE22-4D01-0084-D1CA-AC14AA743A97}" = CCC Help Greek
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DE460826-5E72-2357-154F-E376F9926008}" = CCC Help Norwegian
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E21FFD29-D231-3BD3-6941-15710E44BED4}" = CCC Help Dutch
"{E3E313C7-0AE2-7F44-52E8-528D4EDC74B2}" = CCC Help Thai
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.065
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4DA4C73-026F-4D38-8C6B-85F0193E4B56}" = Garmin WebUpdater
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F9929777-7B6E-F53D-3105-1C06E5120CA1}" = CCC Help Russian
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Afterburner" = MSI Afterburner 2.1.0
"Android SDK Tools" = Android SDK Tools
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.26
"Baldur's Gate II_is1" = Baldur's Gate II
"Baldur's Gate_is1" = Baldur's Gate
"Bochs 2.5.1" = Bochs 2.5.1 (remove only)
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"Dr. Lunatic Demo" = Dr. Lunatic Demo (remove only)
"Electric Sheep" = Electric Sheep 2.7b34
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Everything" = Everything 1.2.1.371
"Fallout 2 Unofficial Patch_is1" = Fallout 2 Unofficial Patch 1.02.27.3
"Fallout New Vegas_is1" = Fallout New Vegas
"Fallout_is1" = Fallout
"Fallout2" = Fallout2
"File Shredder_is1" = File Shredder 2.0
"Flashtool" = Flashtool
"gbrainy" = gbrainy 2.06
"Gordon's Gate Flash Driver" = Gordon's Gate Flash Driver 2.2.0.11
"GPG4Win" = Gpg4win (2.1.0)
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"Mozilla Thunderbird 11.0.1 (x86 en-US)" = Mozilla Thunderbird 11.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"M-WIN-D 8.0.4 2609533_is1" = Wolfram CDF Player (M-WIN-D 8.0.4 2609533)
"Privoxy" = Privoxy (remove only)
"Qemu Manager 7.0 - Qemu 0.11.1_is1" = Qemu Manager 7.0
"QueTek File Scavenger 3.2 (en)" = File Scavenger 3.2 (en)
"Saints Row The Third_is1" = Saints Row The Third
"Steam App 440" = Team Fortress 2
"TeamViewer 7" = TeamViewer 7
"TrueCrypt" = TrueCrypt
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.0
"VMware_Workstation" = VMware Workstation
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.6.5
"Wubi" = Ubuntu
"XFastUSB" = XFastUSB

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-201679691-783270451-1720172099-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flux" = F.lux
"Inquisit 3 Web Edition" = Inquisit 3 Web Edition

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/1/2012 6:51:07 AM | Computer Name = Andrew-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/1/2012 1:07:13 PM | Computer Name = Andrew-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/1/2012 1:17:28 PM | Computer Name = Andrew-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/1/2012 1:53:47 PM | Computer Name = Andrew-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/1/2012 2:08:56 PM | Computer Name = Andrew-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/1/2012 2:11:28 PM | Computer Name = Andrew-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/1/2012 2:30:04 PM | Computer Name = Andrew-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/1/2012 2:38:53 PM | Computer Name = Andrew-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/1/2012 2:44:16 PM | Computer Name = Andrew-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/1/2012 5:32:04 PM | Computer Name = Andrew-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 7/1/2012 5:23:02 PM | Computer Name = Andrew-PC | Source = BridgeMP | ID = 14702
Description = Bridge [Adapter Realtek PCIe GBE Family Controller]: The bridge could
not modify the network adapter's packet filter. The network adapter will not function
correctly.

Error - 7/1/2012 5:23:02 PM | Computer Name = Andrew-PC | Source = BridgeMP | ID = 14702
Description = Bridge [Adapter Realtek PCIe GBE Family Controller]: The bridge could
not modify the network adapter's packet filter. The network adapter will not function
correctly.

Error - 7/1/2012 5:23:02 PM | Computer Name = Andrew-PC | Source = BridgeMP | ID = 14702
Description = Bridge [Adapter Realtek PCIe GBE Family Controller]: The bridge could
not modify the network adapter's packet filter. The network adapter will not function
correctly.

Error - 7/1/2012 5:23:03 PM | Computer Name = Andrew-PC | Source = BridgeMP | ID = 14702
Description = Bridge [Adapter Realtek RTL8139/810x Family Fast Ethernet NIC]: The
bridge could not modify the network adapter's packet filter. The network adapter
will not function correctly.

Error - 7/1/2012 5:23:03 PM | Computer Name = Andrew-PC | Source = BridgeMP | ID = 14701
Description = Bridge [Adapter Realtek RTL8139/810x Family Fast Ethernet NIC]: The
bridge could not determine the network adapter's MAC address. The network adapter
will not be used.

Error - 7/1/2012 5:23:03 PM | Computer Name = Andrew-PC | Source = BridgeMP | ID = 14702
Description = Bridge [Adapter Realtek RTL8139/810x Family Fast Ethernet NIC]: The
bridge could not modify the network adapter's packet filter. The network adapter
will not function correctly.

Error - 7/1/2012 5:23:03 PM | Computer Name = Andrew-PC | Source = BridgeMP | ID = 14702
Description = Bridge [Adapter Realtek RTL8139/810x Family Fast Ethernet NIC]: The
bridge could not modify the network adapter's packet filter. The network adapter
will not function correctly.

Error - 7/1/2012 5:23:03 PM | Computer Name = Andrew-PC | Source = BridgeMP | ID = 14702
Description = Bridge [Adapter Realtek RTL8139/810x Family Fast Ethernet NIC]: The
bridge could not modify the network adapter's packet filter. The network adapter
will not function correctly.

Error - 7/1/2012 5:23:03 PM | Computer Name = Andrew-PC | Source = BridgeMP | ID = 14702
Description = Bridge [Adapter Realtek RTL8139/810x Family Fast Ethernet NIC]: The
bridge could not modify the network adapter's packet filter. The network adapter
will not function correctly.

Error - 7/1/2012 5:30:31 PM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7000
Description = The DirMngr service failed to start due to the following error: %%2

< End of report >

debani · Jul 1, 2012

accidental double post

Broni · Jul 1, 2012

OTL logs are clean

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please, run F-Secure Online Scanner

Disable your Antivirus program.
Checkmark I have read and accepted the license terms.
Click on Run Check button.
Quick scan (recommended) option will come pre-checked. Don't change it.
Click on Start button.
When scan is done, in Step 3: Clean the files, leave all settings as they're.
Click Next button.
Click Full report... button.
Copy report's content and paste it into your next reply.

debani · Jul 1, 2012

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 30
Adobe Reader X (10.1.3)
Mozilla Firefox (x86 en-US..)
Mozilla Thunderbird (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

Farbar Service Scanner Version: 01-07-2012
Ran by Andrew (administrator) on 01-07-2012 at 18:32:21
Running from "C:\Users\Andrew\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Online Scanner - Scanning Report - Sunday, July 1, 2012 18:47:43Scanning Report
Sunday, July 1, 2012 18:43:21 - 18:47:43
Computer name: ANDREW-PC
Scanning type: Quick scan
Target: System
No malware found
StatisticsScanned:
Files: 6497
System: 6497
Not scanned: 0
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0
Options
Scanning engines:
Copyright © 1998-2009 Product support | Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Solved Win64/Patched.B.Gen trojan and Win64/Sirefef.W trojan removal

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 56,041 +516

Attachments

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 18 +0

Posts: 18 +0

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Similar threads