Sign in to follow this  
Followers 0
JoeLangston

Trojan Horse Malware didn't detect

32 posts in this topic

Several hours ago, I ran Malwarebytes when it detected a bunch of trojans, then restarted the computer.  Afterwards, everything seemed fine for a few hours, then all my Internet browser shut down and a screen appeared stating that it was detecting Internet threats, even when I disconnected the computer from the Internet.

 

I restarted the computer to run Malware in Safe mode and I didn't detect anything. 

 

Here is the last log.

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.12.05

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 10.0.9200.16635
Peter :: Main-PC [administrator]

Protection: Disabled

7/13/2013 12:03:30 PM
mbam-log-2013-07-13 (12-03-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 247961
Time elapsed: 14 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  

Yep, I think I need some assistance here.

 

 

Share this post


Link to post
Share on other sites

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Post those logs in next reply..

 

Kevin

Share this post


Link to post
Share on other sites

Alright, here is the stuff that I pasted and attached from  Farbar

 

 

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-07-2013 01
Ran by Peter (administrator) on 13-07-2013 19:36:20
Running from C:\AlienSwarm
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7883296 2009-06-25] (Realtek Semiconductor)
HKLM\...\Run: [skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-06-25] (Realtek Semiconductor Corp.)
HKLM\...\Run: [seagate Scheduler2 Service] - "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [395152 2011-06-30] (Seagate)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$e0b61d80456309018e2f1a6e90bde171\n. ATTENTION! ====> ZeroAccess
HKCU\...\Run: [steam] - "C:\Program Files (x86)\Steam\steam.exe" -silent [1672616 2013-07-09] (Valve Corporation)
HKCU\...\Run: [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKCU\...\Run: [PC Speed Maximizer] - {pf}\\PC Speed Maximizer\\SPMStarter.exe [x]
HKCU\...\Run: [sPMTray] - {pf}\\PC Speed Maximizer\\SPMTray.exe [x]
HKCU\...\Run: [skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19604072 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [{81A10E78-06BC-41A3-A54E-55A89F467622}] - rundll32 "C:\Users\Peter\AppData\Local\{D5A81F0F-0D5B-46C1-B5D3-46D9957B044D}\{81A10E78-06BC-41A3-A54E-55A89F467622}\bijkdn.dll",DllRegisterServer [318464 2013-07-08] (Autodesk, Inc.) <===== ATTENTION
HKCU\...\Run: [ATI] - RUNDLL32.EXE C:\Users\Peter\AppData\Local\ATI\airaivnb.dll,PlwxeMStWarPBSEGKVbiMdrzyzP [475136 2013-07-12] (Microsoft Corporation) <===== ATTENTION
HKCU\...\Run: [HydraVisionDesktopManager] - "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [380928 2009-04-29] (AMD)
HKCU\...\Run: [D3dMainVdm] - rundll32.exe "C:\Users\Peter\AppData\Roaming\D3dMainVdm\D3dMainVdm.dll",RpcWITrace90 physxWISvc32 [32256 2013-07-13] () <===== ATTENTION
HKCU\...\Run: [internet Security] - C:\Users\Peter\AppData\Roaming\midefender.exe [845312 2013-07-13] (MindFusion Limited)
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-1726822986-547998923-3148758179-1000\$e0b61d80456309018e2f1a6e90bde171\n. ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [DiscWizardMonitor.exe] - "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2638152 2011-06-30] (Seagate)
HKLM-x32\...\Run: [startCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642304 2013-04-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [20992 2012-03-19] ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\OpenVPN Client.lnk
ShortcutTarget: OpenVPN Client.lnk -> C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe ()
Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9HP
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: (No Name) - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} -  No File
URLSearchHook: (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} -  No File
HKLM-x32 SearchScopes: DefaultScope {3A1405E9-6900-4da2-A6FF-859098571985} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKLM-x32 - {3A1405E9-6900-4da2-A6FF-859098571985} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKCU - {3A1405E9-6900-4da2-A6FF-859098571985} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chrf-devicevm&type=STDVM
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: WinZip Courier BHO - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~2\WINZIP~1\wzwmcie.dll (WinZip Computing, S.L.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: BHO Class - {DD92DE22-ED91-4560-B788-DEE2B26612E6} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\IEHelper.dll (DeviceVM, Inc.)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default
FF user.js: detected! => C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\user.js
FF SelectedSearchEngine: uTorrentControl2 Customized Web Search

FF NetworkProxy: "backup.ftp", "falkenstein.tunnelr.com"
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", "falkenstein.tunnelr.com"
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", "falkenstein.tunnelr.com"
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "falkenstein.tunnelr.com"
FF NetworkProxy: "ftp_port", 53
FF NetworkProxy: "http", "falkenstein.tunnelr.com"
FF NetworkProxy: "http_port", 53
FF NetworkProxy: "no_proxies_on", "10.0.10.197"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "falkenstein.tunnelr.com"
FF NetworkProxy: "socks_port", 53
FF NetworkProxy: "ssl", "falkenstein.tunnelr.com"
FF NetworkProxy: "ssl_port", 53
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @winzip.com/Winzip Courier - C:\Program Files (x86)\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Peter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\searchplugins\conduit.xml
FF Extension: No Name - C:\Users\Peter\AppData\Roaming\Mozilla\Extensions\net.openvpn.client
FF Extension: EPUBReader - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: ChatZilla - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF Extension: DVD: Pluggable Protocol - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\Extensions\{DAC5CBDE-FFFA-ED03-AF43-8CAAE4187244}
FF Extension: gmhashtmzn - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\Extensions\gmhashtmzn@gmhashtmzn.org.xpi
FF Extension: No Name - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{74c841e3-b59f-479e-8d7a-e26a942a87c8}] C:\Program Files (x86)\WinZip Courier\FFExt
FF Extension: WinZip Courier - C:\Program Files (x86)\WinZip Courier\FFExt

==================== Services (Whitelisted) =================

S2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2010-08-12] ()
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-04-19] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe [68760 2008-09-05] (SiSoftware)

==================== Drivers (Whitelisted) ====================

S3 AN983X64; C:\Windows\System32\DRIVERS\AN983X64.sys [48128 2005-05-19] (Infineon Technologies AG)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-03-09] ()
S2 DlinkNdPt60; C:\Windows\System32\DRIVERS\DlinkNdPt60.sys [27648 2010-11-23] (D-Link                                            )
S3 DLINKVLANPT; C:\Windows\System32\DRIVERS\DLINKVlan60.sys [24064 2010-11-23] (Windows ® Win 7 DDK provider)
S3 DLKRT64; C:\Windows\System32\DRIVERS\DLKRT64.sys [346144 2010-11-23] (D-Link Corp.                               )
S2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows ® Win 7 DDK provider)
S2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-16] (DT Soft Ltd)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-03-09] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [33096 2012-04-13] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [33096 2012-04-13] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-05-20] (Duplex Secure Ltd.)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-04-28] (Acronis)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 gdrv; \??\C:\Windows\gdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-13 19:36 - 2013-07-13 19:36 - 00000000 ____D C:\FRST
2013-07-13 08:40 - 2013-07-13 08:40 - 00857088 _____ (DS Team) C:\Users\Peter\java.exe
2013-07-13 08:40 - 2013-07-13 08:40 - 00845312 _____ (MindFusion Limited) C:\Users\Peter\AppData\Roaming\midefender.exe
2013-07-13 08:40 - 2013-07-13 08:40 - 00845312 _____ (MindFusion Limited) C:\Users\Peter\AppData\Roaming\midefender
2013-07-13 08:40 - 2013-07-13 08:40 - 00000790 _____ C:\Users\Peter\Desktop\Internet Security Pro.lnk
2013-07-13 07:05 - 2013-07-13 07:05 - 00000000 ____D C:\Users\Peter\AppData\Roaming\D3dMainVdm
2013-07-12 03:26 - 2013-07-12 03:26 - 00021198 _____ C:\Users\Peter\Documents\wrestlingclinic.odt
2013-07-11 03:09 - 2013-06-11 19:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 03:09 - 2013-06-11 19:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 03:09 - 2013-06-11 19:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 03:09 - 2013-06-11 19:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 03:09 - 2013-06-11 19:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 03:09 - 2013-06-11 19:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 03:09 - 2013-06-11 19:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 03:09 - 2013-06-11 19:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 03:09 - 2013-06-11 19:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 03:09 - 2013-06-11 19:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 03:09 - 2013-06-11 19:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 03:09 - 2013-06-11 19:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 03:09 - 2013-06-11 19:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 03:09 - 2013-06-11 19:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 03:09 - 2013-06-11 19:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 03:09 - 2013-06-11 18:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 03:09 - 2013-06-11 18:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 03:09 - 2013-06-06 23:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 03:09 - 2013-06-06 22:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 03:08 - 2013-06-11 19:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 03:08 - 2013-06-11 19:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 03:08 - 2013-06-11 19:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 03:08 - 2013-06-11 19:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 03:08 - 2013-06-11 19:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 03:08 - 2013-06-11 19:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 03:08 - 2013-06-11 19:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 03:08 - 2013-06-11 19:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 03:08 - 2013-06-11 19:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 03:08 - 2013-06-11 19:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 03:08 - 2013-06-11 19:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 03:08 - 2013-06-11 19:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 21:52 - 2013-06-04 23:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 21:52 - 2013-06-04 02:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 21:52 - 2013-06-04 00:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 21:52 - 2013-05-06 02:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 21:52 - 2013-05-06 00:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 21:52 - 2013-04-09 19:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 21:52 - 2013-04-02 18:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 08:58 - 2013-07-09 08:58 - 00000000 ____D C:\Users\Peter\AppData\Local\Rocket Bear Games
2013-07-05 21:06 - 2013-07-05 21:06 - 00000000 ____D C:\Users\Peter\Documents\Hard Reset Extended
2013-07-05 08:18 - 2013-07-05 08:18 - 00000000 __SHD C:\found.001
2013-07-05 01:18 - 2013-07-05 02:01 - 00000000 ____D C:\Users\Peter\Documents\Bully Scholarship Edition
2013-07-03 15:08 - 2013-07-03 15:08 - 01432424 _____ (                                                            ) C:\Users\Peter\Downloads\cpu-z_1.65-setup-en.exe
2013-07-03 15:08 - 2013-07-03 15:08 - 00000869 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2013-07-03 15:08 - 2013-07-03 15:08 - 00000000 ____D C:\Program Files\CPUID
2013-07-02 05:11 - 2013-07-02 05:11 - 00145741 _____ C:\Users\Peter\Desktop\CH01-Page002-Panel02.svg
2013-06-30 23:55 - 2013-06-30 23:55 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Rogue Legacy
2013-06-27 20:16 - 2013-06-27 20:16 - 00000000 ____D C:\Users\Peter\AppData\Roaming\.mono
2013-06-27 20:16 - 2013-06-27 20:16 - 00000000 ____D C:\Users\Peter\AppData\Local\UWebKit
2013-06-27 00:38 - 2013-07-03 07:46 - 00011776 ___SH C:\Users\Peter\Thumbs.db
2013-06-24 19:21 - 2013-06-24 19:22 - 00000000 ____D C:\Users\Peter\Documents\Alpha Protocol
2013-06-23 13:18 - 2013-06-23 13:18 - 07890865 _____ C:\Users\Peter\Downloads\ironseed-v1.20.0016-2013-03-17.zip
2013-06-21 20:42 - 2013-06-21 20:43 - 00016629 _____ C:\Users\Peter\Documents\Persuasionancompare.odt
2013-06-21 20:25 - 2013-06-21 20:25 - 00012790 _____ C:\Users\Peter\Documents\Persuasion.odt
2013-06-19 16:25 - 2013-06-19 16:25 - 00092718 _____ C:\Users\Peter\Downloads\Angelina Jolie stunt double sues News Corp over hacking _ Reuters.html
2013-06-19 16:23 - 2013-06-19 16:23 - 00000000 ____D C:\Users\Peter\AppData\Roaming\dvdcss
2013-06-18 13:55 - 2013-04-17 03:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-18 13:55 - 2013-04-17 02:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-06-18 03:12 - 2013-06-18 03:12 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-18 03:12 - 2013-06-18 03:12 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-18 03:12 - 2013-06-18 03:12 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-06-18 03:12 - 2013-06-18 03:12 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-06-18 03:12 - 2013-06-18 03:12 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-18 03:12 - 2013-06-18 03:12 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-06-18 03:12 - 2013-06-18 03:12 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-18 03:12 - 2013-06-18 03:12 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-18 03:11 - 2013-06-18 03:11 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-18 03:07 - 2013-06-18 03:14 - 00007985 _____ C:\Windows\IE10_main.log

==================== One Month Modified Files and Folders =======

2013-07-13 19:36 - 2013-07-13 19:36 - 00000000 ____D C:\FRST
2013-07-13 19:36 - 2010-08-18 13:05 - 00000000 ____D C:\AlienSwarm
2013-07-13 12:21 - 2012-02-17 17:10 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-13 12:21 - 2011-12-06 23:07 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-13 12:21 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-13 12:21 - 2009-07-14 00:51 - 00043765 _____ C:\Windows\setupact.log
2013-07-13 12:19 - 2009-07-14 01:13 - 00793706 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-13 12:07 - 2012-09-14 21:56 - 00000000 ____D C:\Users\Peter\AppData\Roaming\BitTorrent
2013-07-13 12:00 - 2009-07-14 00:45 - 00030224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-13 12:00 - 2009-07-14 00:45 - 00030224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-13 11:56 - 2011-12-06 15:56 - 02015788 _____ C:\Windows\WindowsUpdate.log
2013-07-13 11:53 - 2011-12-15 14:27 - 00204642 _____ C:\Windows\PFRO.log
2013-07-13 08:53 - 2011-12-06 17:34 - 00000000 ____D C:\Users\Peter\AppData\Local\ATI
2013-07-13 08:40 - 2013-07-13 08:40 - 00857088 _____ (DS Team) C:\Users\Peter\java.exe
2013-07-13 08:40 - 2013-07-13 08:40 - 00845312 _____ (MindFusion Limited) C:\Users\Peter\AppData\Roaming\midefender.exe
2013-07-13 08:40 - 2013-07-13 08:40 - 00845312 _____ (MindFusion Limited) C:\Users\Peter\AppData\Roaming\midefender
2013-07-13 08:40 - 2013-07-13 08:40 - 00000790 _____ C:\Users\Peter\Desktop\Internet Security Pro.lnk
2013-07-13 08:40 - 2011-12-06 16:57 - 00000000 ____D C:\Users\Peter
2013-07-13 08:10 - 2012-02-26 19:02 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Skype
2013-07-13 07:52 - 2012-02-17 17:10 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-13 07:19 - 2012-10-19 08:49 - 00000000 ____D C:\Users\Peter\Downloads\New folder
2013-07-13 07:05 - 2013-07-13 07:05 - 00000000 ____D C:\Users\Peter\AppData\Roaming\D3dMainVdm
2013-07-13 02:24 - 2013-01-13 02:40 - 00795136 ___SH C:\Users\Peter\Documents\Thumbs.db
2013-07-12 21:30 - 2011-12-06 23:59 - 00000000 ____D C:\Users\Peter\AppData\Roaming\mIRC
2013-07-12 20:47 - 2012-02-17 17:10 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 20:47 - 2012-02-17 17:10 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 03:26 - 2013-07-12 03:26 - 00021198 _____ C:\Users\Peter\Documents\wrestlingclinic.odt
2013-07-11 03:36 - 2009-07-14 00:45 - 00297104 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 03:35 - 2012-05-14 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 03:35 - 2012-05-14 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 03:33 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 03:10 - 2011-12-15 14:55 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-09 08:58 - 2013-07-09 08:58 - 00000000 ____D C:\Users\Peter\AppData\Local\Rocket Bear Games
2013-07-08 05:24 - 2013-03-19 01:12 - 00000000 ____D C:\Users\Peter\AppData\Local\{D5A81F0F-0D5B-46C1-B5D3-46D9957B044D}
2013-07-05 22:29 - 2012-06-19 02:38 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-05 22:29 - 2011-12-18 17:47 - 00000000 ____D C:\Users\Peter\Documents\My Games
2013-07-05 21:06 - 2013-07-05 21:06 - 00000000 ____D C:\Users\Peter\Documents\Hard Reset Extended
2013-07-05 08:18 - 2013-07-05 08:18 - 00000000 __SHD C:\found.001
2013-07-05 02:55 - 2012-04-25 20:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 02:01 - 2013-07-05 01:18 - 00000000 ____D C:\Users\Peter\Documents\Bully Scholarship Edition
2013-07-05 01:17 - 2011-12-07 13:29 - 00859756 _____ C:\Windows\DirectX.log
2013-07-03 15:15 - 2012-10-15 13:43 - 11624448 _____ C:\Users\Peter\AppData\Roaming\Sandra.mdb
2013-07-03 15:08 - 2013-07-03 15:08 - 01432424 _____ (                                                            ) C:\Users\Peter\Downloads\cpu-z_1.65-setup-en.exe
2013-07-03 15:08 - 2013-07-03 15:08 - 00000869 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2013-07-03 15:08 - 2013-07-03 15:08 - 00000000 ____D C:\Program Files\CPUID
2013-07-03 07:46 - 2013-06-27 00:38 - 00011776 ___SH C:\Users\Peter\Thumbs.db
2013-07-02 20:30 - 2013-04-12 00:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 05:11 - 2013-07-02 05:11 - 00145741 _____ C:\Users\Peter\Desktop\CH01-Page002-Panel02.svg
2013-06-30 23:55 - 2013-06-30 23:55 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Rogue Legacy
2013-06-30 23:55 - 2012-06-25 20:59 - 00000000 ____D C:\Users\Peter\Documents\SavedGames
2013-06-27 20:16 - 2013-06-27 20:16 - 00000000 ____D C:\Users\Peter\AppData\Roaming\.mono
2013-06-27 20:16 - 2013-06-27 20:16 - 00000000 ____D C:\Users\Peter\AppData\Local\UWebKit
2013-06-27 13:48 - 2012-08-25 21:50 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-27 13:48 - 2011-12-07 00:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-27 10:50 - 2013-03-17 00:30 - 00000000 ____D C:\Users\Peter\Downloads\City of Heroes
2013-06-24 19:22 - 2013-06-24 19:21 - 00000000 ____D C:\Users\Peter\Documents\Alpha Protocol
2013-06-23 13:18 - 2013-06-23 13:18 - 07890865 _____ C:\Users\Peter\Downloads\ironseed-v1.20.0016-2013-03-17.zip
2013-06-21 20:43 - 2013-06-21 20:42 - 00016629 _____ C:\Users\Peter\Documents\Persuasionancompare.odt
2013-06-21 20:25 - 2013-06-21 20:25 - 00012790 _____ C:\Users\Peter\Documents\Persuasion.odt
2013-06-19 16:25 - 2013-06-19 16:25 - 00092718 _____ C:\Users\Peter\Downloads\Angelina Jolie stunt double sues News Corp over hacking _ Reuters.html
2013-06-19 16:23 - 2013-06-19 16:23 - 00000000 ____D C:\Users\Peter\AppData\Roaming\dvdcss
2013-06-19 03:56 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-06-18 08:09 - 2011-12-06 16:57 - 00001413 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-06-18 07:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-06-18 07:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-06-18 07:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-06-18 07:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-06-18 07:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-18 03:14 - 2013-06-18 03:07 - 00007985 _____ C:\Windows\IE10_main.log
2013-06-18 03:12 - 2013-06-18 03:12 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-06-18 03:12 - 2013-06-18 03:12 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-18 03:12 - 2013-06-18 03:12 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-18 03:12 - 2013-06-18 03:12 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-06-18 03:12 - 2013-06-18 03:12 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-06-18 03:12 - 2013-06-18 03:12 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-18 03:12 - 2013-06-18 03:12 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-06-18 03:12 - 2013-06-18 03:12 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-18 03:12 - 2013-06-18 03:12 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-18 03:11 - 2013-06-18 03:11 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-18 03:06 - 2012-06-25 20:58 - 00787430 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1726822986-547998923-3148758179-1000\$e0b61d80456309018e2f1a6e90bde171

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$e0b61d80456309018e2f1a6e90bde171

Files to move or delete:
====================
C:\Users\Peter\java.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-07-03 00:28

==================== End Of Log ============================

 

 

Share this post


Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop.

 

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

 

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download http://www.bleepingcomputer.com/download/adwcleaner/ by Xplode onto your Desktop.

 

 

  •  

     

  •   Please close all open programs and internet browsers.

     

     

  •   Double click on Adwcleaner.exe to run the tool.

     

     

  •   Click on Delete.

     

     

  •   Confirm each time with OK.

     

     

  •   Your computer will be rebooted automatically. A text file will open after the restart.

     

     

  •   Please post the content of that logfile in your reply.

     

     

  •   You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

     

     

 

 

Next,

 

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if  Malwarebytes is not installed:

 

Download Malwarebytes from one of the following links and save it to your desktop.:

 

 

http://www.malwarebytes.org/mbam.php 

http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml[/url]

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

 

Double Click mbam-setup.exe to install the application.

 

 

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

Post those logs...

 

Kevin

fixlist.txt

Share this post


Link to post
Share on other sites

Putting the two logs in order here.

 

FIXLOG

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-07-2013 01
Ran by Peter at 2013-07-14 07:36:17 Run:2
Running from C:\AlienSwarm
Boot Mode: Safe Mode (minimal)
==============================================

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\{81A10E78-06BC-41A3-A54E-55A89F467622} => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ATI => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\D3dMainVdm => Value not found.
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key not found.
"C:\Users\Peter\AppData\Local\{D5A81F0F-0D5B-46C1-B5D3-46D9957B044D}\{81A10E78-06BC-41A3-A54E-55A89F467622}\bijkdn.dll" => File/Directory not found.
"C:\Users\Peter\AppData\Local\ATI\airaivnb.dll" => File/Directory not found.
"C:\Users\Peter\AppData\Roaming\D3dMainVdm\D3dMainVdm.dll" => File/Directory not found.
"C:\$Recycle.Bin\S-1-5-21-1726822986-547998923-3148758179-1000\$e0b61d80456309018e2f1a6e90bde171" => File/Directory not found.
"C:\$Recycle.Bin\S-1-5-18\$e0b61d80456309018e2f1a6e90bde171" => File/Directory not found.
"C:\Users\Peter\java.exe" => File/Directory not found.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

==== End of Fixlog ====

 

 

 

 

ADwCleaner

 

 

# AdwCleaner v2.305 - Logfile created 07/14/2013 at 07:37:13
# Updated 11/07/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Peter - MAIN
# Boot Mode : Safe mode
# Running from : C:\AlienSwarm\adwcleaner.exe
# Option [Delete]


***** [services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [7619 octets] - [14/07/2013 07:28:47]
AdwCleaner[s2].txt - [718 octets] - [14/07/2013 07:37:13]

########## EOF - C:\AdwCleaner[s2].txt - [777 octets] ##########
 

 

I ran it twice because the first time when I ran AdwCleaners, I started windows 7  in regular mode by mistake so I repeated the instructions from the top.

 

 

 

MBAM

 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.12.05

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16635
Peter :: MAIN [administrator]

Protection: Disabled

7/14/2013 8:23:06 AM
mbam-log-2013-07-14 (08-23-06).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1160771
Time elapsed: 3 hour(s), 25 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

 

 

 

 

 

Share this post


Link to post
Share on other sites

You`ve ran FRST fix twice, hence the log you post shows all entries as not found,

 

 

Ran by Peter at 2013-07-14 07:36:17 Run:2

 

I really need to see the log from the first run or  I have no idea of what happened...

Share this post


Link to post
Share on other sites

I overwrote the first run by mistake when saving it on my USB stick.  Should I start the process over again?

Share this post


Link to post
Share on other sites

Will windows boot into Normal Mode now, if so run FRST in that mode, I give instruction again. Zeroaccess rootkit infection was present and I need to see if it has gone, obviously the second fix run log does not help... If you already have FRST on your desktop and logs etc, delete them before this action...

 

download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Download OTL from any of the following links and save to your desktop.

 

http://itxassociates.com/OT-Tools/OTL.com

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.scr

 

Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

 


  When the window appears, underneath Output at the top, make sure Standard output is selected.
Select Scan all users
Change Drivers to All
Under the Extra Registry section, check Use SafeList
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Click Run Scan and let the program run uninterrupted.
When the scan is complete, two text files will be created on your Desktop.
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized

 

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

 

Kevin....

Share this post


Link to post
Share on other sites

FARBAR

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2013
Ran by Peter (administrator) on 15-07-2013 07:37:50
Running from C:\AlienSwarm
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7883296 2009-06-25] (Realtek Semiconductor)
HKLM\...\Run: [skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-06-25] (Realtek Semiconductor Corp.)
HKLM\...\Run: [seagate Scheduler2 Service] - "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [395152 2011-06-30] (Seagate)
HKLM-x32\...\RunOnce: [1] - C:\AlienSwarm\New Folder\mbam-chameleon.exe /r /p [218184 2012-08-15] ()
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess
HKCU\...\Run: [steam] - "C:\Program Files (x86)\Steam\steam.exe" -silent [1672616 2013-07-09] (Valve Corporation)
HKCU\...\Run: [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKCU\...\Run: [PC Speed Maximizer] - {pf}\\PC Speed Maximizer\\SPMStarter.exe [x]
HKCU\...\Run: [sPMTray] - {pf}\\PC Speed Maximizer\\SPMTray.exe [x]
HKCU\...\Run: [skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19604072 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [HydraVisionDesktopManager] - "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [380928 2009-04-29] (AMD)
HKCU\...\Run: [internet Security] - C:\Users\Peter\AppData\Roaming\midefender.exe [845312 2013-07-13] (MindFusion Limited)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [DiscWizardMonitor.exe] - "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2638152 2011-06-30] (Seagate)
HKLM-x32\...\Run: [startCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642304 2013-04-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [20992 2012-03-19] ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\OpenVPN Client.lnk
ShortcutTarget: OpenVPN Client.lnk -> C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe ()
Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9HP
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - %ProgramFiles(x86)%\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {3A1405E9-6900-4da2-A6FF-859098571985} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKCU - {3A1405E9-6900-4da2-A6FF-859098571985} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chrf-devicevm&type=STDVM
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: WinZip Courier BHO - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~2\WINZIP~1\wzwmcie.dll (WinZip Computing, S.L.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: BHO Class - {DD92DE22-ED91-4560-B788-DEE2B26612E6} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\IEHelper.dll No File
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default
FF NetworkProxy: "backup.ftp", "falkenstein.tunnelr.com"
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", "falkenstein.tunnelr.com"
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", "falkenstein.tunnelr.com"
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "falkenstein.tunnelr.com"
FF NetworkProxy: "ftp_port", 53
FF NetworkProxy: "http", "falkenstein.tunnelr.com"
FF NetworkProxy: "http_port", 53
FF NetworkProxy: "no_proxies_on", "10.0.10.197"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "falkenstein.tunnelr.com"
FF NetworkProxy: "socks_port", 53
FF NetworkProxy: "ssl", "falkenstein.tunnelr.com"
FF NetworkProxy: "ssl_port", 53
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @winzip.com/Winzip Courier - C:\Program Files (x86)\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Peter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Extension: No Name - C:\Users\Peter\AppData\Roaming\Mozilla\Extensions\net.openvpn.client
FF Extension: No Name - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\Extensions\staged
FF Extension: EPUBReader - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: ChatZilla - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF Extension: DVD: Pluggable Protocol - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\Extensions\{DAC5CBDE-FFFA-ED03-AF43-8CAAE4187244}
FF Extension: gmhashtmzn - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\Extensions\gmhashtmzn@gmhashtmzn.org.xpi
FF Extension: No Name - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{74c841e3-b59f-479e-8d7a-e26a942a87c8}] C:\Program Files (x86)\WinZip Courier\FFExt
FF Extension: WinZip Courier - C:\Program Files (x86)\WinZip Courier\FFExt

==================== Services (Whitelisted) =================

R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2010-08-12] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-04-19] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe [68760 2008-09-05] (SiSoftware)

==================== Drivers (Whitelisted) ====================

R3 AN983X64; C:\Windows\System32\DRIVERS\AN983X64.sys [48128 2005-05-19] (Infineon Technologies AG)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-03-09] ()
R2 DlinkNdPt60; C:\Windows\System32\DRIVERS\DlinkNdPt60.sys [27648 2010-11-23] (D-Link                                            )
S3 DLINKVLANPT; C:\Windows\System32\DRIVERS\DLINKVlan60.sys [24064 2010-11-23] (Windows ® Win 7 DDK provider)
R3 DLKRT64; C:\Windows\System32\DRIVERS\DLKRT64.sys [346144 2010-11-23] (D-Link Corp.                               )
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows ® Win 7 DDK provider)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-16] (DT Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-03-09] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-05-20] (Duplex Secure Ltd.)
R3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-04-28] (Acronis)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 gdrv; \??\C:\Windows\gdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-15 07:35 - 2013-07-15 07:35 - 00602112 _____ (OldTimer Tools) C:\Users\Peter\Downloads\OTL.exe
2013-07-15 03:28 - 2013-07-15 03:28 - 00000005 _____ C:\Users\Peter\AppData\Roaming\mbam.context.scan
2013-07-15 01:51 - 2013-07-15 01:51 - 13399154 _____ C:\Users\Peter\Downloads\mbar-1.06.0.1004.zip
2013-07-15 01:51 - 2013-07-15 01:51 - 01440846 _____ C:\Users\Peter\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-07-13 19:36 - 2013-07-14 07:27 - 00000000 ____D C:\FRST
2013-07-13 08:40 - 2013-07-13 08:40 - 00845312 _____ (MindFusion Limited) C:\Users\Peter\AppData\Roaming\midefender.exe
2013-07-13 08:40 - 2013-07-13 08:40 - 00845312 _____ (MindFusion Limited) C:\Users\Peter\AppData\Roaming\midefender
2013-07-13 08:40 - 2013-07-13 08:40 - 00000790 _____ C:\Users\Peter\Desktop\Internet Security Pro.lnk
2013-07-13 07:05 - 2013-07-14 07:27 - 00000000 ____D C:\Users\Peter\AppData\Roaming\D3dMainVdm
2013-07-12 03:26 - 2013-07-12 03:26 - 00021198 _____ C:\Users\Peter\Documents\wrestlingclinic.odt
2013-07-11 03:09 - 2013-06-11 19:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 03:09 - 2013-06-11 19:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 03:09 - 2013-06-11 19:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 03:09 - 2013-06-11 19:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 03:09 - 2013-06-11 19:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 03:09 - 2013-06-11 19:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 03:09 - 2013-06-11 19:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 03:09 - 2013-06-11 19:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 03:09 - 2013-06-11 19:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 03:09 - 2013-06-11 19:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 03:09 - 2013-06-11 19:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 03:09 - 2013-06-11 19:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 03:09 - 2013-06-11 19:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 03:09 - 2013-06-11 19:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 03:09 - 2013-06-11 19:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 03:09 - 2013-06-11 18:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 03:09 - 2013-06-11 18:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 03:09 - 2013-06-06 23:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 03:09 - 2013-06-06 22:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 03:08 - 2013-06-11 19:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 03:08 - 2013-06-11 19:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 03:08 - 2013-06-11 19:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 03:08 - 2013-06-11 19:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 03:08 - 2013-06-11 19:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 03:08 - 2013-06-11 19:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 03:08 - 2013-06-11 19:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 03:08 - 2013-06-11 19:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 03:08 - 2013-06-11 19:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 03:08 - 2013-06-11 19:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 03:08 - 2013-06-11 19:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 03:08 - 2013-06-11 19:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 21:52 - 2013-06-04 23:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 21:52 - 2013-06-04 02:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 21:52 - 2013-06-04 00:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 21:52 - 2013-05-06 02:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 21:52 - 2013-05-06 00:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 21:52 - 2013-04-09 19:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 21:52 - 2013-04-02 18:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 08:58 - 2013-07-09 08:58 - 00000000 ____D C:\Users\Peter\AppData\Local\Rocket Bear Games
2013-07-05 21:06 - 2013-07-05 21:06 - 00000000 ____D C:\Users\Peter\Documents\Hard Reset Extended
2013-07-05 08:18 - 2013-07-05 08:18 - 00000000 __SHD C:\found.001
2013-07-05 01:18 - 2013-07-05 02:01 - 00000000 ____D C:\Users\Peter\Documents\Bully Scholarship Edition
2013-07-03 15:08 - 2013-07-03 15:08 - 01432424 _____ (                                                            ) C:\Users\Peter\Downloads\cpu-z_1.65-setup-en.exe
2013-07-03 15:08 - 2013-07-03 15:08 - 00000869 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2013-07-03 15:08 - 2013-07-03 15:08 - 00000000 ____D C:\Program Files\CPUID
2013-07-02 05:11 - 2013-07-02 05:11 - 00145741 _____ C:\Users\Peter\Desktop\CH01-Page002-Panel02.svg
2013-06-30 23:55 - 2013-06-30 23:55 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Rogue Legacy
2013-06-27 20:16 - 2013-06-27 20:16 - 00000000 ____D C:\Users\Peter\AppData\Roaming\.mono
2013-06-27 20:16 - 2013-06-27 20:16 - 00000000 ____D C:\Users\Peter\AppData\Local\UWebKit
2013-06-27 00:38 - 2013-07-03 07:46 - 00011776 ___SH C:\Users\Peter\Thumbs.db
2013-06-24 19:21 - 2013-06-24 19:22 - 00000000 ____D C:\Users\Peter\Documents\Alpha Protocol
2013-06-23 13:18 - 2013-06-23 13:18 - 07890865 _____ C:\Users\Peter\Downloads\ironseed-v1.20.0016-2013-03-17.zip
2013-06-21 20:42 - 2013-06-21 20:43 - 00016629 _____ C:\Users\Peter\Documents\Persuasionancompare.odt
2013-06-21 20:25 - 2013-06-21 20:25 - 00012790 _____ C:\Users\Peter\Documents\Persuasion.odt
2013-06-19 16:25 - 2013-06-19 16:25 - 00092718 _____ C:\Users\Peter\Downloads\Angelina Jolie stunt double sues News Corp over hacking _ Reuters.html
2013-06-19 16:23 - 2013-06-19 16:23 - 00000000 ____D C:\Users\Peter\AppData\Roaming\dvdcss
2013-06-18 13:55 - 2013-04-17 03:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-18 13:55 - 2013-04-17 02:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-06-18 03:12 - 2013-06-18 03:12 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-18 03:12 - 2013-06-18 03:12 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-18 03:12 - 2013-06-18 03:12 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-06-18 03:12 - 2013-06-18 03:12 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-06-18 03:12 - 2013-06-18 03:12 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-18 03:12 - 2013-06-18 03:12 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-06-18 03:12 - 2013-06-18 03:12 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-18 03:12 - 2013-06-18 03:12 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-18 03:11 - 2013-06-18 03:11 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-18 03:07 - 2013-06-18 03:14 - 00007985 _____ C:\Windows\IE10_main.log

==================== One Month Modified Files and Folders =======

2013-07-15 07:37 - 2010-08-18 13:05 - 00000000 ____D C:\AlienSwarm
2013-07-15 07:35 - 2013-07-15 07:35 - 00602112 _____ (OldTimer Tools) C:\Users\Peter\Downloads\OTL.exe
2013-07-15 07:33 - 2012-08-01 18:59 - 01777839 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe
2013-07-15 07:32 - 2009-07-14 01:13 - 00793706 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-15 07:14 - 2009-07-14 00:45 - 00030224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-15 07:14 - 2009-07-14 00:45 - 00030224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-15 07:11 - 2011-12-06 22:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-15 07:10 - 2011-12-06 15:56 - 02089456 _____ C:\Windows\WindowsUpdate.log
2013-07-15 07:07 - 2012-02-17 17:10 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-15 07:07 - 2011-12-06 23:07 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-15 07:06 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-15 07:05 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-15 07:05 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-15 07:05 - 2009-07-14 00:51 - 00044325 _____ C:\Windows\setupact.log
2013-07-15 06:52 - 2012-02-17 17:10 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-15 03:28 - 2013-07-15 03:28 - 00000005 _____ C:\Users\Peter\AppData\Roaming\mbam.context.scan
2013-07-15 01:51 - 2013-07-15 01:51 - 13399154 _____ C:\Users\Peter\Downloads\mbar-1.06.0.1004.zip
2013-07-15 01:51 - 2013-07-15 01:51 - 01440846 _____ C:\Users\Peter\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-07-14 07:27 - 2013-07-13 19:36 - 00000000 ____D C:\FRST
2013-07-14 07:27 - 2013-07-13 07:05 - 00000000 ____D C:\Users\Peter\AppData\Roaming\D3dMainVdm
2013-07-14 07:27 - 2011-12-06 17:34 - 00000000 ____D C:\Users\Peter\AppData\Local\ATI
2013-07-14 07:27 - 2011-12-06 16:57 - 00000000 ____D C:\Users\Peter
2013-07-14 07:20 - 2011-12-15 14:27 - 00206260 _____ C:\Windows\PFRO.log
2013-07-13 12:07 - 2012-09-14 21:56 - 00000000 ____D C:\Users\Peter\AppData\Roaming\BitTorrent
2013-07-13 08:40 - 2013-07-13 08:40 - 00845312 _____ (MindFusion Limited) C:\Users\Peter\AppData\Roaming\midefender.exe
2013-07-13 08:40 - 2013-07-13 08:40 - 00845312 _____ (MindFusion Limited) C:\Users\Peter\AppData\Roaming\midefender
2013-07-13 08:40 - 2013-07-13 08:40 - 00000790 _____ C:\Users\Peter\Desktop\Internet Security Pro.lnk
2013-07-13 08:10 - 2012-02-26 19:02 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Skype
2013-07-13 07:19 - 2012-10-19 08:49 - 00000000 ____D C:\Users\Peter\Downloads\New folder
2013-07-13 02:24 - 2013-01-13 02:40 - 00795136 ___SH C:\Users\Peter\Documents\Thumbs.db
2013-07-12 21:30 - 2011-12-06 23:59 - 00000000 ____D C:\Users\Peter\AppData\Roaming\mIRC
2013-07-12 20:47 - 2012-02-17 17:10 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 20:47 - 2012-02-17 17:10 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 03:26 - 2013-07-12 03:26 - 00021198 _____ C:\Users\Peter\Documents\wrestlingclinic.odt
2013-07-11 03:36 - 2009-07-14 00:45 - 00297104 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 03:35 - 2012-05-14 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 03:35 - 2012-05-14 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 03:33 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 03:10 - 2011-12-15 14:55 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-09 08:58 - 2013-07-09 08:58 - 00000000 ____D C:\Users\Peter\AppData\Local\Rocket Bear Games
2013-07-08 05:24 - 2013-03-19 01:12 - 00000000 ____D C:\Users\Peter\AppData\Local\{D5A81F0F-0D5B-46C1-B5D3-46D9957B044D}
2013-07-05 22:29 - 2012-06-19 02:38 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-05 22:29 - 2011-12-18 17:47 - 00000000 ____D C:\Users\Peter\Documents\My Games
2013-07-05 21:06 - 2013-07-05 21:06 - 00000000 ____D C:\Users\Peter\Documents\Hard Reset Extended
2013-07-05 08:18 - 2013-07-05 08:18 - 00000000 __SHD C:\found.001
2013-07-05 02:55 - 2012-04-25 20:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 02:01 - 2013-07-05 01:18 - 00000000 ____D C:\Users\Peter\Documents\Bully Scholarship Edition
2013-07-05 01:17 - 2011-12-07 13:29 - 00859756 _____ C:\Windows\DirectX.log
2013-07-03 15:15 - 2012-10-15 13:43 - 11624448 _____ C:\Users\Peter\AppData\Roaming\Sandra.mdb
2013-07-03 15:08 - 2013-07-03 15:08 - 01432424 _____ (                                                            ) C:\Users\Peter\Downloads\cpu-z_1.65-setup-en.exe
2013-07-03 15:08 - 2013-07-03 15:08 - 00000869 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2013-07-03 15:08 - 2013-07-03 15:08 - 00000000 ____D C:\Program Files\CPUID
2013-07-03 07:46 - 2013-06-27 00:38 - 00011776 ___SH C:\Users\Peter\Thumbs.db
2013-07-02 20:30 - 2013-04-12 00:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 05:11 - 2013-07-02 05:11 - 00145741 _____ C:\Users\Peter\Desktop\CH01-Page002-Panel02.svg
2013-06-30 23:55 - 2013-06-30 23:55 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Rogue Legacy
2013-06-30 23:55 - 2012-06-25 20:59 - 00000000 ____D C:\Users\Peter\Documents\SavedGames
2013-06-27 20:16 - 2013-06-27 20:16 - 00000000 ____D C:\Users\Peter\AppData\Roaming\.mono
2013-06-27 20:16 - 2013-06-27 20:16 - 00000000 ____D C:\Users\Peter\AppData\Local\UWebKit
2013-06-27 13:48 - 2012-08-25 21:50 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-27 13:48 - 2011-12-07 00:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-27 10:50 - 2013-03-17 00:30 - 00000000 ____D C:\Users\Peter\Downloads\City of Heroes
2013-06-24 19:22 - 2013-06-24 19:21 - 00000000 ____D C:\Users\Peter\Documents\Alpha Protocol
2013-06-23 13:18 - 2013-06-23 13:18 - 07890865 _____ C:\Users\Peter\Downloads\ironseed-v1.20.0016-2013-03-17.zip
2013-06-21 20:43 - 2013-06-21 20:42 - 00016629 _____ C:\Users\Peter\Documents\Persuasionancompare.odt
2013-06-21 20:25 - 2013-06-21 20:25 - 00012790 _____ C:\Users\Peter\Documents\Persuasion.odt
2013-06-19 16:25 - 2013-06-19 16:25 - 00092718 _____ C:\Users\Peter\Downloads\Angelina Jolie stunt double sues News Corp over hacking _ Reuters.html
2013-06-19 16:23 - 2013-06-19 16:23 - 00000000 ____D C:\Users\Peter\AppData\Roaming\dvdcss
2013-06-19 03:56 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-06-18 08:09 - 2011-12-06 16:57 - 00001413 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-06-18 07:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-06-18 07:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-06-18 07:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-06-18 07:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-06-18 07:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-18 03:14 - 2013-06-18 03:07 - 00007985 _____ C:\Windows\IE10_main.log
2013-06-18 03:12 - 2013-06-18 03:12 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-06-18 03:12 - 2013-06-18 03:12 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-18 03:12 - 2013-06-18 03:12 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-18 03:12 - 2013-06-18 03:12 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-06-18 03:12 - 2013-06-18 03:12 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-06-18 03:12 - 2013-06-18 03:12 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-18 03:12 - 2013-06-18 03:12 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-06-18 03:12 - 2013-06-18 03:12 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-18 03:12 - 2013-06-18 03:12 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-18 03:12 - 2013-06-18 03:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-06-18 03:12 - 2013-06-18 03:12 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-18 03:11 - 2013-06-18 03:11 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-18 03:11 - 2013-06-18 03:11 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-18 03:06 - 2012-06-25 20:58 - 00787430 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 00:28

==================== End Of Log ============================

 

 

OTL and Extra

 

 

OTL Extras logfile created on: 7/15/2013 7:44:09 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\AlienSwarm
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
8.00 Gb Total Physical Memory | 4.72 Gb Available Physical Memory | 59.01% Memory free
19.99 Gb Paging File | 16.40 Gb Available in Paging File | 82.07% Paging File free
Paging file location(s): c:\pagefile.sys 12280 12280 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1863.02 Gb Total Space | 1072.09 Gb Free Space | 57.55% Space Free | Partition Type: NTFS
Drive D: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 7.02 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 959.50 Mb Total Space | 956.73 Mb Free Space | 99.71% Space Free | Partition Type: FAT
 
Computer Name: MAIN | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-1726822986-547998923-3148758179-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java 7 Update 4 (64-bit)
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{65312278-952C-D46E-8297-4CAB93F5B2DF}" = AMD Media Foundation Decoders
"{6809A67A-D099-48EA-9126-8567130CF377}" = AMD Accelerated Video Transcoding
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B69A7CBA-9139-7ACB-7564-4CD5D8C36E26}" = AMD Drag and Drop Transcoding
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE93349C-0BD1-7063-DA1A-D26E0E41477B}" = ccc-utility64
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2012.SP5c
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.65.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{072A5217-8165-4AB7-8366-36CB3245DB60}" = OpenVPN Client
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1C72CC1B-C0F6-F698-0E23-0D705A86E224}" = CCC Help Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{36637D5B-1305-1ED8-EEC3-4C76A6655FCF}" = CCC Help Norwegian
"{37542828-0F05-4BAA-BEB7-B633F27D3E7B}" = SlimDX SDK (September 2011)
"{3795E3F4-CA46-EA65-4FD2-D861A2A12ECD}" = CCC Help Swedish
"{3997DF5C-EF46-B135-D73B-C8BFE797105A}" = CCC Help Turkish
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3C76DB65-E66A-DE04-4CE3-5DA42ED98685}" = CCC Help Chinese Standard
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3DA3BCBA-191C-47FB-9710-2B2DD9A5C257}" = DGE-530T Ethernet Controller All-In-One Windows Driver
"{3DC9D062-2C3E-7C31-504C-BF2751617224}" = CCC Help Portuguese
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3F5AED19-3C1C-6ED5-EAF0-CBE15BB3B8F1}" = Catalyst Control Center Localization All
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{4343080E-448E-4E2C-B27F-B91000028201}" = Dead Rising 2
"{4541091F-1F3D-4BA3-A5A3-F71000000100}" = Age of Empires III: Complete Collection
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{495EB8CB-A455-8033-EF42-65AEFFF4ED97}" = CCC Help Chinese Traditional
"{4A22F96C-993D-3489-2CB1-37C61F29135C}" = CCC Help Korean
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{5612D4CE-C024-80F5-9F59-546B95F884B2}" = CCC Help Polish
"{5662A630-98E4-2FDC-CE6A-73D21240DC52}" = CCC Help Hungarian
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{60982A88-95DF-E0B8-18C7-E7297C200623}" = Catalyst Control Center
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68CE86BC-8CA1-4B4D-A1AC-50C95F8BBC8A}" = Dawn of Discovery - Gold Edition
"{6A09EC92-016B-4032-8CF1-6840B20C254A}" = Dawn of Discovery - Gold Edition
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73E1C443-5420-442D-B314-649AE103D08B}" = CCC Help Thai
"{77864743-57AB-A566-67D6-12EF64165209}" = CCC Help German
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79B1FF35-9EA8-48ED-98D6-19ABE004BE89}" = DefianceRuntimes
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84F49E05-683A-5544-263D-08E4814F196B}" = CCC Help Greek
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{8FB2A014-A0B0-42D8-8E18-9AFC6A6E2814}" = Seagate DiscWizard
"{90579CE9-8FB6-88A3-09ED-68F30E763BBC}" = CCC Help Japanese
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9927F5EF-AAB0-E471-1DBF-3940E9477D23}" = CCC Help Spanish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB7A4789-7A60-8D6C-96F4-4D21702EC7BD}" = CCC Help Czech
"{ABD4AF09-45DC-F830-0DF0-378C354ED351}" = CCC Help English
"{AEB730BE-17B3-2FA0-9D64-78CD3939C60A}" = CCC Help Dutch
"{B0FC3035-362A-4554-A1C9-ACF9F9514274}" = Diagnostics
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B961AE86-6165-0571-CEA6-8C7B88BE31EE}" = HydraVision
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C715FF52-CBA8-780F-EFD8-5DF5525DBF74}" = Catalyst Control Center Graphics Previews Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-11AF-B2CC-ABCD21A325B8}" = WinZip Courier
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF6C9984-8F22-00D5-BA0A-F1330035A80E}" = CCC Help Russian
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6477FB5-3F2F-A7C9-38F7-2FD0E79722B5}" = CCC Help Italian
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D7768225-15B9-F34E-82BD-883CEBE30132}" = CCC Help French
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8511A0F-D91D-4E3D-A59C-3CA8FB8EAFE8}" = MechWarrior Online
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE5683A6-BA08-6417-4F85-96F787B1614E}" = CCC Help Danish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM_7" = AIM 7
"Android SDK Tools" = Android SDK Tools
"Belarc Advisor" = Belarc Advisor 8.3
"Black Market_is1" = Black Market version 1.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"Darkstar One_is1" = Darkstar One
"DFO" = DFOLauncher
"DokanLibrary" = Dokan Library 0.6.0
"EaseUS Data Recovery Wizard 5.8.5_is1" = EaseUS Data Recovery Wizard 5.8.5
"GameFly" = GameFly
"GFWL_{4541091F-1F3D-4BA3-A5A3-F71000000100}" = Age of Empires III: Complete Collection
"http://pso2.jp/appid/charactercreator_is1" = PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版
"Independence War Deluxe_is1" = Independence War Deluxe
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"On the Rain-Slick Precipice of Darkness, Episode Two" = On the Rain-Slick Precipice of Darkness, Episode Two
"OpenAL" = OpenAL
"Origin" = Origin
"PC Speed Maximizer_is1" = PC Speed Maximizer v3.0
"Pidgin" = Pidgin
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"RPG Maker 2000  ShaqFu" = RPG Maker 2000 -  Shaq Fu...The Chosen
"RTP 1.32 Add-On for RM2k" = RTP 1.32 Add-On for RM2k
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"SecondLifeViewer" = SecondLifeViewer (remove only)
"Star Trek Online" = Star Trek Online
"Starsector" = Starsector by Fractal Softworks LLC
"Steam App 107100" = Bastion
"Steam App 108210" = Memoir '44 Online
"Steam App 113020" = Monaco
"Steam App 113400" = APB Reloaded
"Steam App 12200" = Bully: Scholarship Edition
"Steam App 12330" = DarkStar One
"Steam App 1250" = Killing Floor
"Steam App 13510" = Tom Clancy's Ghost Recon: Advanced Warfighter 2
"Steam App 18000" = On the Rain-Slick Precipice of Darkness, Episode One
"Steam App 18020" = On the Rain-Slick Precipice of Darkness, Episode Two
"Steam App 18500" = Defense Grid: The Awakening
"Steam App 200390" = Oil Rush
"Steam App 200410" = SOL: Exodus
"Steam App 200670" = Disciples III: Resurrection
"Steam App 200710" = Torchlight II
"Steam App 200960" = Geneforge 1
"Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
"Steam App 201790" = Orcs Must Die! 2
"Steam App 202170" = Sleeping Dogs™
"Steam App 203510" = Fortune Summoners: Secret of the Elemental Stone
"Steam App 203770" = Crusader Kings II
"Steam App 204100" = Max Payne 3
"Steam App 204450" = Call of Juarez Gunslinger
"Steam App 204530" = Infested Planet
"Steam App 204630" = Retro City Rampage
"Steam App 205530" = Gratuitous Tank Battles
"Steam App 206190" = Gunpoint
"Steam App 206500" = AirMech
"Steam App 207150" = Stellar Impact
"Steam App 207170" = Legend of Grimrock
"Steam App 207320" = Ys: The Oath in Felghana
"Steam App 207350" = Ys Origin
"Steam App 208520" = Omerta - City of Gangsters
"Steam App 209080" = Guns of Icarus Online
"Steam App 210770" = Sanctum 2
"Steam App 211420" = Dark Souls: Prepare to Die Edition
"Steam App 212010" = Galaxy on Fire 2™ Full HD
"Steam App 212070" = Star Conflict
"Steam App 212680" = FTL: Faster Than Light
"Steam App 213030" = Penny Arcade's On the Rain-Slick Precipice of Darkness 3
"Steam App 215510" = Rocketbirds: Hardboiled Chicken
"Steam App 218020" = Nethergate: Resurrection
"Steam App 220820" = Zombie Driver HD
"Steam App 222980" = Dead Pixels
"Steam App 223430" = Miner Wars 2081
"Steam App 223710" = Cry of Fear
"Steam App 223810" = Ys I
"Steam App 223870" = Ys II
"Steam App 224600" = Defiance
"Steam App 22610" = Alien Breed: Impact
"Steam App 226320" = Marvel Heroes
"Steam App 22650" = Alien Breed 2: Assault
"Steam App 22670" = Alien Breed 3: Descent
"Steam App 226740" = Monster Loves You!
"Steam App 227220" = Sang-Froid - Tales of Werewolves
"Steam App 227580" = 10,000,000
"Steam App 2280" = The Ultimate DOOM
"Steam App 228200" = Company of Heroes (New Steam Version)
"Steam App 230410" = Warframe
"Steam App 231430" = Company of Heroes 2 – OPEN BETA
"Steam App 233270" = Far Cry® 3 Blood Dragon
"Steam App 233390" = Cart Life
"Steam App 233740" = Organ Trail: Director's Cut
"Steam App 233860" = Kenshi
"Steam App 233980" = Unepic
"Steam App 234190" = Receiver
"Steam App 234310" = March of War
"Steam App 234710" = Poker Night 2
"Steam App 236370" = Interstellar Marines
"Steam App 236730" = Anomaly 2
"Steam App 237430" = Expeditions: Conquistador
"Steam App 237570" = Penny Arcade's On the Rain-Slick Precipice of Darkness 4
"Steam App 238210" = System Shock 2
"Steam App 241600" = Rogue Legacy
"Steam App 24200" = DC Universe Online
"Steam App 24240" = PAYDAY: The Heist
"Steam App 27810" = GridRunner Revolution
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 31280" = Poker Night at the Inventory
"Steam App 33670" = Disciples III: Renaissance
"Steam App 34010" = Alpha Protocol
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 3470" = Bookworm Adventures Deluxe
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 3630" = BookWorm Adventures Volume 2
"Steam App 3920" = Sid Meier's Pirates!
"Steam App 40400" = AI War: Fleet Command
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 46260" = Star Wolves 3: Civil War
"Steam App 48190" = Assassin's Creed Brotherhood
"Steam App 48240" = Anno 2070
"Steam App 4920" = Natural Selection 2
"Steam App 49520" = Borderlands 2
"Steam App 50300" = Spec Ops: The Line
"Steam App 55230" = Saints Row: The Third
"Steam App 61310" = Fractal
"Steam App 61500" = Age of Wonders
"Steam App 61510" = Age of Wonders 2
"Steam App 61520" = Age of Wonders: Shadow Magic
"Steam App 61530" = Age of Wonders: Trilogy Soundtrack
"Steam App 620" = Portal 2
"Steam App 6200" = Ghost Master
"Steam App 63380" = Sniper Elite V2
"Steam App 6420" = Nexus: The Jupiter Incident
"Steam App 65800" = Dungeon Defenders
"Steam App 70120" = Hacker Evolution Duality
"Steam App 70420" = Chantelise
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 91310" = Dead Island
"Steam App 9200" = RAGE
"Steam App 9480" = Saints Row 2
"Steam App 98400" = Hard Reset
"Steam App 98800" = Dungeons of Dredmor
"Steam App 99300" = Renegade Ops
"Stellar Impact" = Stellar Impact
"SumatraPDF" = SumatraPDF
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"Uplay" = Uplay
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1726822986-547998923-3148758179-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{74d11f91-05cc-44f6-8e49-94fe7f33c79b}" = MechWarrior Online
"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"NAM Hotfix Package" = NAM Hotfix Package 301 (13 April 2012)
"Network Addon Mod" = Network Addon Mod Version 30 with Essentials r132
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 Beta" = gamelauncher-code4344-beta
"UnityWebPlayer" = Unity Web Player
"Wurm Online 3.1.4" = Wurm Online 3.1.4
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/12/2013 12:17:09 PM | Computer Name = Amy-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: a08    Start
 Time: 01ce7e141200ba4d    Termination Time: 0    Application Path: C:\Windows\Explorer.EXE

Report
 Id: 78bb0697-eb0e-11e2-babb-1c7ee523f3ba  
 
Error - 7/12/2013 1:11:31 PM | Computer Name = Amy-PC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16635 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1f10    Start
 Time: 01ce7edec862c61b    Termination Time: 72    Application Path: C:\Program Files (x86)\Internet
 Explorer\IEXPLORE.EXE    Report Id:   
 
Error - 7/12/2013 11:36:36 PM | Computer Name = Amy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 6.5.73.158, time stamp:
 0x51acb7bc  Faulting module name: Skype.exe, version: 6.5.73.158, time stamp: 0x51acb7bc
Exception
 code: 0x40000015  Fault offset: 0x00c5121e  Faulting process id: 0x9cc  Faulting application
 start time: 0x01ce7e1412fd0c2a  Faulting application path: C:\Program Files (x86)\Skype\Phone\Skype.exe
Faulting
 module path: C:\Program Files (x86)\Skype\Phone\Skype.exe  Report Id: 6b33264c-eb6d-11e2-babb-1c7ee523f3ba
 
Error - 7/12/2013 11:45:18 PM | Computer Name = Amy-PC | Source = Application Hang | ID = 1002
Description = The program explorer.exe version 6.1.7601.17567 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 4828    Start
 Time: 01ce7f1b4233c016    Termination Time: 123    Application Path: C:\Windows\explorer.exe

Report
 Id: 9db16e7c-eb6e-11e2-babb-1c7ee523f3ba  
 
Error - 7/13/2013 1:20:43 AM | Computer Name = Amy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 22.0.0.4917,
 time stamp: 0x51c06ab5  Faulting module name: mozalloc.dll, version: 22.0.0.4917,
 time stamp: 0x51c05025  Exception code: 0x80000003  Fault offset: 0x00001988  Faulting
 process id: 0x1570  Faulting application start time: 0x01ce7ee04d247516  Faulting application
 path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe  Faulting module
 path: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll  Report Id: f68b76bc-eb7b-11e2-babb-1c7ee523f3ba
 
Error - 7/13/2013 5:08:54 AM | Computer Name = Amy-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 7/13/2013 6:59:02 AM | Computer Name = Amy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: kdbsync.exe, version: 0.0.0.0, time stamp:
 0x4f67a718  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x00000000  Faulting process id: 0x814  Faulting application
 start time: 0x01ce7fb7f34a35bc  Faulting application path: C:\Program Files (x86)\AMD
 AVT\bin\kdbsync.exe  Faulting module path: unknown  Report Id: 39fabd64-ebab-11e2-91b9-1c7ee523f3ba
 
Error - 7/13/2013 9:19:45 AM | Computer Name = Amy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: kdbsync.exe, version: 0.0.0.0, time stamp:
 0x4f67a718  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x00000000  Faulting process id: 0xce0  Faulting application
 start time: 0x01ce7fcb9dd5a040  Faulting application path: C:\Program Files (x86)\AMD
 AVT\bin\kdbsync.exe  Faulting module path: unknown  Report Id: e2393a19-ebbe-11e2-aa9c-1c7ee523f3ba
 
Error - 7/13/2013 12:21:48 PM | Computer Name = MAIN | Source = Application Error | ID = 1000
Description = Faulting application name: kdbsync.exe, version: 0.0.0.0, time stamp:
 0x4f67a718  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x00000000  Faulting process id: 0x984  Faulting application
 start time: 0x01ce7fe5102e641d  Faulting application path: C:\Program Files (x86)\AMD
 AVT\bin\kdbsync.exe  Faulting module path: unknown  Report Id: 50da353c-ebd8-11e2-821a-1c7ee523f3ba
 
Error - 7/15/2013 2:32:08 AM | Computer Name = MAIN | Source = System Restore | ID = 8193
Description =
 
[ System Events ]
Error - 11/21/2012 5:20:18 AM | Computer Name = Peter-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 11/21/2012 5:25:57 AM | Computer Name = Peter-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 11/21/2012 5:25:59 AM | Computer Name = Peter-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 11/21/2012 2:50:22 PM | Computer Name = Peter-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 11/21/2012 2:50:25 PM | Computer Name = Peter-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 11/21/2012 2:59:58 PM | Computer Name = Peter-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 11/21/2012 3:00:00 PM | Computer Name = Peter-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 11/22/2012 11:02:41 AM | Computer Name = Peter-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:11:15 AM on ?11/?22/?2012 was unexpected.
 
Error - 11/23/2012 7:01:23 AM | Computer Name = Peter-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 11/23/2012 1:54:38 PM | Computer Name = Peter-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:42:26 AM on ?11/?23/?2012 was unexpected.
 
 
< End of report >
 

 

 

 

 

 

 

 

 

Share this post


Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop. (If there are any old versions on your system, delete them first)

 

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

 

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download http://www.bleepingcomputer.com/download/adwcleaner/ by Xplode onto your Desktop.

 

 

  •  

     

  •   Please close all open programs and internet browsers.

     

     

  •   Double click on Adwcleaner.exe to run the tool.

     

     

  •   Click on Delete.

     

     

  •   Confirm each time with OK.

     

     

  •   Your computer will be rebooted automatically. A text file will open after the restart.

     

     

  •   Please post the content of that logfile in your reply.

     

     

  •   You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

     

     

 

 

Next,

 

download RKill from here: http://www.bleepingcomputer.com/download/rkill/

 

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

 

 

  •  

     

  • Double-click on the Rkill desktop icon to run the tool.

     

     

  • If using Vista or Windows 7, right-click on it and Run As Administrator.

     

     

  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

     

     

  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.

     

     

  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.

     

     

  • If the tool does not run from any of the links provided, please let me know.

     

     

 

 

Next,

 

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if  Malwarebytes is not installed:

 

Download Malwarebytes from one of the following links and save it to your desktop.:

 

 

http://www.malwarebytes.org/mbam.php 

http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml[/url]

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

 

Double Click mbam-setup.exe to install the application.

 

 

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

Let me see the logs from above scans...

 

Kevin

fixlist.txt

Share this post


Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-07-2013
Ran by Peter at 2013-07-15 15:38:25 Run:1
Running from C:\AlienSwarm
Boot Mode: Normal
==============================================

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Security => Value deleted successfully.
C:\Users\Peter\AppData\Roaming\midefender.exe => Moved successfully.
C:\Users\Peter\AppData\Roaming\midefender => Moved successfully.
C:\Users\Peter\Desktop\Internet Security Pro.lnk => Moved successfully.

==== End of Fixlog ====

 

 

# AdwCleaner v2.305 - Logfile created 07/15/2013 at 15:43:10
# Updated 11/07/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Peter - MAIN
# Boot Mode : Normal
# Running from : C:\AlienSwarm\AdwCleaner.exe
# Option [Delete]


***** [services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\extensions\staged

***** [Registry] *****


***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[s3].txt - [764 octets] - [15/07/2013 15:43:10]

########## EOF - C:\AdwCleaner[s3].txt - [823 octets] ##########
 

I erased the first two logs beforehand but it came up as 3 anyway

 

 

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 11/21/2011 at 13:17:04.
Operating System: Windows 7 Professional


Processes terminated by Rkill or while it was running:

C:\Repair\eXplorer.exe


Rkill completed on 11/21/2011 at 13:17:06.
 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.15.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Peter :: MAIN [administrator]

Protection: Enabled

7/15/2013 4:08:21 PM
mbam-log-2013-07-15 (16-08-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 249198
Time elapsed: 2 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

 

Just rebooted my computer, doesn't seem to be anything wrong at the moment.

Share this post


Link to post
Share on other sites

We need to run an online AV scan, make sure we`ve missed nothing sinister:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

copy and paste the report here

 

ESET scan is very thorough so may take a few hours to complete..

 

Kevin

Share this post


Link to post
Share on other sites

Sorry for the delay, was away from my computer and Internet for several days.

C:\$RECYCLE.BIN\S-1-5-21-1726822986-547998923-3148758179-1000\$R0C740E28    a variant of Win32/Kryptik.BETL trojan
C:\$RECYCLE.BIN\S-1-5-21-1726822986-547998923-3148758179-1000\$REC903915    a variant of Win32/Kryptik.BETL trojan
C:\$RECYCLE.BIN\S-1-5-21-1726822986-547998923-3148758179-1000\$RG459P9.exe    a variant of Win32/GetNow.A application
C:\$RECYCLE.BIN\S-1-5-21-1726822986-547998923-3148758179-1000\$RUN3WPF.exe    a variant of Win32/GetNow.A application
C:\FRST\Quarantine\bijkdn.dll    Win32/TrojanDownloader.Tracur.V trojan
C:\FRST\Quarantine\java.exe    a variant of Win32/Kryptik.BFSK trojan
C:\FRST\Quarantine\midefender    a variant of Win32/Kryptik.BFSK trojan
C:\FRST\Quarantine\midefender.exe    a variant of Win32/Kryptik.BFSK trojan
C:\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe    a variant of Win32/SpeedingUpMyPC application
C:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe    a variant of Win32/Adware.SpeedingUpMyPC.C application
C:\TDSSKiller_Quarantine\01.08.2012_16.58.12\mbr0000\tdlfs0000\tsk0000.dta    Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\01.08.2012_16.58.12\mbr0000\tdlfs0000\tsk0001.dta    Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\01.08.2012_16.58.12\mbr0000\tdlfs0000\tsk0002.dta    Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\01.08.2012_16.58.12\mbr0000\tdlfs0000\tsk0003.dta    Win64/Olmarik.AL trojan
C:\TDSSKiller_Quarantine\01.08.2012_16.58.12\mbr0000\tdlfs0000\tsk0004.dta    a variant of Win32/Rootkit.Kryptik.NH trojan
C:\TDSSKiller_Quarantine\01.08.2012_16.58.12\mbr0000\tdlfs0000\tsk0005.dta    Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\01.08.2012_16.58.12\mbr0000\tdlfs0000\tsk0009.dta    Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\01.08.2012_16.58.12\mbr0000\tdlfs0000\tsk0010.dta    Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\02.08.2012_11.32.58\mbr0000\tdlfs0000\tsk0000.dta    Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\02.08.2012_11.32.58\mbr0000\tdlfs0000\tsk0001.dta    Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\02.08.2012_11.32.58\mbr0000\tdlfs0000\tsk0002.dta    Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\02.08.2012_11.32.58\mbr0000\tdlfs0000\tsk0003.dta    Win64/Olmarik.AL trojan
C:\TDSSKiller_Quarantine\02.08.2012_11.32.58\mbr0000\tdlfs0000\tsk0004.dta    a variant of Win32/Rootkit.Kryptik.NH trojan
C:\TDSSKiller_Quarantine\02.08.2012_11.32.58\mbr0000\tdlfs0000\tsk0005.dta    Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\02.08.2012_11.32.58\mbr0000\tdlfs0000\tsk0009.dta    Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\02.08.2012_11.32.58\mbr0000\tdlfs0000\tsk0010.dta    Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\02.08.2012_12.24.45\tdlfs0000\tsk0000.dta    Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\02.08.2012_12.24.45\tdlfs0000\tsk0001.dta    Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\02.08.2012_12.24.45\tdlfs0000\tsk0002.dta    Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\02.08.2012_12.24.45\tdlfs0000\tsk0003.dta    Win64/Olmarik.AL trojan
C:\TDSSKiller_Quarantine\02.08.2012_12.24.45\tdlfs0000\tsk0004.dta    a variant of Win32/Rootkit.Kryptik.NH trojan
C:\TDSSKiller_Quarantine\02.08.2012_12.24.45\tdlfs0000\tsk0005.dta    Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\02.08.2012_12.24.45\tdlfs0000\tsk0009.dta    Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\02.08.2012_12.24.45\tdlfs0000\tsk0010.dta    Win64/Olmarik.AK trojan
C:\Users\Peter\AppData\Local\Temp\abc.cfg    Win32/TrojanDownloader.Delf.RRJ trojan
C:\Users\Peter\AppData\Local\Temp\air3215.exe    multiple threats
C:\Users\Peter\AppData\Local\Temp\zjfwwijd\zjfwwijd.dll    Win32/TrojanDownloader.Tracur.V trojan
C:\Users\Peter\AppData\Local\Temp\ztnuse\ztnuse.dll    Win32/TrojanDownloader.Tracur.V trojan
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\7bd7fccb-7525923f    Win32/PSW.Papras.CM trojan
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\3e83c098-6ab9fc20    Win32/PSW.Papras.CM trojan
C:\Users\Peter\Downloads\cbsidlm-tr1_13-EaseUS_Disk_Copy_Home_Edition-ORG-10867157.exe    Win32/DownloadAdmin.G application
C:\Users\Peter\Downloads\DTLite4451-0236.exe    Win32/OpenCandy application
C:\Users\Peter\Downloads\iLividSetupV1.exe    Win32/Toolbar.SearchSuite application
C:\Users\Peter\Downloads\setup (1).exe    a variant of Win32/AirAdInstaller.A application
C:\Windows.old\Program Files (x86)\InstallBrainService\InstallBrainService.exe    a variant of Win32/InstallBrain application
C:\Windows.old\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000cf    Win32/OpenCandy application
C:\Windows.old\Users\Main\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\44d47de1-23e8ed4c    a variant of Win32/Kryptik.VTQ trojan
C:\Windows.old\Users\Main\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-46647444    Java/TrojanDownloader.OpenStream.NCM trojan
C:\Windows.old\Users\Main\AppData\Roaming\E61CEEB9D0CAA7ED9AAA12C1A819FC54\enemies-names.txt    Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Windows.old\Users\Main\AppData\Roaming\XFFF3ppnG5aQ6dK\AV Protection 2011v121.exe    a variant of Win32/Kryptik.VTQ trojan
C:\Windows.old\Users\Main\Downloads\CrystalDiskInfo4_0_2a-en.exe    Win32/OpenCandy application
C:\Windows.old\Users\Main\Downloads\GOMPLAYERENSETUP(2).EXE    a variant of Win32/Bundled.Toolbar.Ask application
C:\Windows.old\Users\Main\Downloads\GOMPLAYERENSETUP.EXE    a variant of Win32/Bundled.Toolbar.Ask application
C:\Windows.old\Users\Main\Downloads\KeyFinderInstaller.exe    Win32/OpenCandy application
 

 

Wow, that isn't good...

Share this post


Link to post
Share on other sites

OK, we continue:

 

Download OTM from either of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Filesipconfig /flushdns /cC:\$RECYCLE.BIN\S-1-5-21-1726822986-547998923-3148758179-1000\$R0C740E28C:\$RECYCLE.BIN\S-1-5-21-1726822986-547998923-3148758179-1000\$REC903915C:\$RECYCLE.BIN\S-1-5-21-1726822986-547998923-3148758179-1000\$RG459P9.exeC:\$RECYCLE.BIN\S-1-5-21-1726822986-547998923-3148758179-1000\$RUN3WPF.exeC:\FRSTC:\TDSSKiller_QuarantineC:\Users\Peter\AppData\Local\Temp\abc.cfgC:\Users\Peter\AppData\Local\Temp\air3215.exeC:\Users\Peter\AppData\Local\Temp\zjfwwijd\zjfwwijd.dllC:\Users\Peter\AppData\Local\Temp\ztnuse\ztnuse.dllC:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\7bd7fccb-7525923fC:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\3e83c098-6ab9fc20C:\Users\Peter\Downloads\cbsidlm-tr1_13-EaseUS_Disk_Copy_Home_Edition-ORG-10867157.exeC:\Users\Peter\Downloads\DTLite4451-0236.exeC:\Users\Peter\Downloads\iLividSetupV1.exeC:\Users\Peter\Downloads\setup (1).exe  C:\Windows.old\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000cfC:\Windows.old\Users\Main\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\44d47de1-23e8ed4cC:\Windows.old\Users\Main\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-46647444C:\Windows.old\Users\Main\AppData\Roaming\E61CEEB9D0CAA7ED9AAA12C1A819FC54\enemies-names.txt  C:\Windows.old\Users\Main\AppData\Roaming\XFFF3ppnG5aQ6dK\AV Protection 2011v121.exeC:\Windows.old\Users\Main\Downloads\CrystalDiskInfo4_0_2a-en.exeC:\Windows.old\Users\Main\Downloads\GOMPLAYERENSETUP(2).EXEC:\Windows.old\Users\Main\Downloads\GOMPLAYERENSETUP.EXE    C:\Windows.old\Users\Main\Downloads\KeyFinderInstaller.exe  :Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Next,

 

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if  Malwarebytes is not installed:

 

Download Malwarebytes from one of the following links and save it to your desktop.:

 

 

http://www.malwarebytes.org/mbam.php 

]

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

 

Double Click mbam-setup.exe to install the application.


Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see those logs, also give update on any remaining issues or concerns...

 

Kevin

Share this post


Link to post
Share on other sites

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Peter\Downloads\cmd.bat deleted successfully.
C:\Users\Peter\Downloads\cmd.txt deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-1726822986-547998923-3148758179-1000\$R0C740E28 moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-1726822986-547998923-3148758179-1000\$REC903915 moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-1726822986-547998923-3148758179-1000\$RG459P9.exe moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-1726822986-547998923-3148758179-1000\$RUN3WPF.exe moved successfully.
C:\FRST\Quarantine\$e0b61d80456309018e2f1a6e90bde171 folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives\Users\00000002 folder moved successfully.
C:\FRST\Hives\Users\00000001 folder moved successfully.
C:\FRST\Hives\Users folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
C:\TDSSKiller_Quarantine\02.08.2012_12.24.45\tdlfs0000 folder moved successfully.
C:\TDSSKiller_Quarantine\02.08.2012_12.24.45 folder moved successfully.
C:\TDSSKiller_Quarantine\02.08.2012_11.32.58\mbr0000\tdlfs0000 folder moved successfully.
C:\TDSSKiller_Quarantine\02.08.2012_11.32.58\mbr0000\mbr0000 folder moved successfully.
C:\TDSSKiller_Quarantine\02.08.2012_11.32.58\mbr0000 folder moved successfully.
C:\TDSSKiller_Quarantine\02.08.2012_11.32.58 folder moved successfully.
C:\TDSSKiller_Quarantine\01.08.2012_16.58.12\mbr0000\tdlfs0000 folder moved successfully.
C:\TDSSKiller_Quarantine\01.08.2012_16.58.12\mbr0000\mbr0000 folder moved successfully.
C:\TDSSKiller_Quarantine\01.08.2012_16.58.12\mbr0000 folder moved successfully.
C:\TDSSKiller_Quarantine\01.08.2012_16.58.12 folder moved successfully.
C:\TDSSKiller_Quarantine folder moved successfully.
C:\Users\Peter\AppData\Local\Temp\abc.cfg moved successfully.
C:\Users\Peter\AppData\Local\Temp\air3215.exe moved successfully.
DllUnregisterServer procedure not found in C:\Users\Peter\AppData\Local\Temp\zjfwwijd\zjfwwijd.dll
C:\Users\Peter\AppData\Local\Temp\zjfwwijd\zjfwwijd.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\Peter\AppData\Local\Temp\ztnuse\ztnuse.dll
C:\Users\Peter\AppData\Local\Temp\ztnuse\ztnuse.dll moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\7bd7fccb-7525923f moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\3e83c098-6ab9fc20 moved successfully.
C:\Users\Peter\Downloads\cbsidlm-tr1_13-EaseUS_Disk_Copy_Home_Edition-ORG-10867157.exe moved successfully.
C:\Users\Peter\Downloads\DTLite4451-0236.exe moved successfully.
C:\Users\Peter\Downloads\iLividSetupV1.exe moved successfully.
C:\Users\Peter\Downloads\setup (1).exe moved successfully.
C:\Windows.old\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000cf moved successfully.
C:\Windows.old\Users\Main\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\44d47de1-23e8ed4c moved successfully.
C:\Windows.old\Users\Main\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-46647444 moved successfully.
C:\Windows.old\Users\Main\AppData\Roaming\E61CEEB9D0CAA7ED9AAA12C1A819FC54\enemies-names.txt moved successfully.
C:\Windows.old\Users\Main\AppData\Roaming\XFFF3ppnG5aQ6dK\AV Protection 2011v121.exe moved successfully.
C:\Windows.old\Users\Main\Downloads\CrystalDiskInfo4_0_2a-en.exe moved successfully.
C:\Windows.old\Users\Main\Downloads\GOMPLAYERENSETUP(2).EXE moved successfully.
C:\Windows.old\Users\Main\Downloads\GOMPLAYERENSETUP.EXE moved successfully.
C:\Windows.old\Users\Main\Downloads\KeyFinderInstaller.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Peter
->Temp folder emptied: 5932242505 bytes
->Temporary Internet Files folder emptied: 718470891 bytes
->Java cache emptied: 489032 bytes
->FireFox cache emptied: 101050841 bytes
->Flash cache emptied: 406316 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 533257364 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 288414299 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42310724 bytes
RecycleBin emptied: 20707205967 bytes
 
Total Files Cleaned = 27,012.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 07202013_144344

Files moved on Reboot...
C:\Users\Peter\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WI413VGC\follow_button.1372833608[1].htm moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WI413VGC\hub[1].htm moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GKHB9ZJ4\facebook_com[1].htm moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Users\Peter\AppData\Local\Mozilla\Firefox\Profiles\tzsdh8o0.default\startupCache\startupCache.4.little moved successfully.
C:\Users\Peter\AppData\Local\Mozilla\Firefox\Profiles\tzsdh8o0.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Peter\AppData\Local\Mozilla\Firefox\Profiles\tzsdh8o0.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Peter\AppData\Local\Mozilla\Firefox\Profiles\tzsdh8o0.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Peter\AppData\Local\Mozilla\Firefox\Profiles\tzsdh8o0.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Peter\AppData\Local\Mozilla\Firefox\Profiles\tzsdh8o0.default\_CACHE_CLEAN_ moved successfully.

Registry entries deleted on Reboot...
 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.19.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Peter :: MAIN [administrator]

Protection: Enabled

7/20/2013 3:30:37 PM
mbam-log-2013-07-20 (15-30-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222173
Time elapsed: 5 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 Results of screen317's Security Check version 0.99.70  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 6 Update 22  
 Java 6 Update 31  
 Java version out of Date!
 Adobe Flash Player 11.7.700.224  
 Mozilla Firefox (22.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

Share this post


Link to post
Share on other sites

My concern is that for the past hour, I have been getting this message from Malwarebytes.  I don't see the capmasxihyzu.exe files even with that folder having its hidden attribute unchecked.  What is going on there?

 

2013/07/20 14:58:56 -0400    MAIN    (null)    MESSAGE    Executing scheduled update:  Daily
2013/07/20 14:58:57 -0400    MAIN    (null)    ERROR    Scheduled update failed:  Host not found failed with error code 0
2013/07/20 14:58:59 -0400    MAIN    (null)    MESSAGE    Starting protection
2013/07/20 14:58:59 -0400    MAIN    (null)    MESSAGE    Protection started successfully
2013/07/20 14:58:59 -0400    MAIN    (null)    MESSAGE    Starting IP protection
2013/07/20 14:59:01 -0400    MAIN    (null)    MESSAGE    IP Protection started successfully
2013/07/20 15:00:09 -0400    MAIN    Peter    DETECTION    C:\Users\Peter\capmasxihyzu.exe    Trojan.Agent.BH    QUARANTINE
2013/07/20 15:11:57 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 49911, Process: explorer.exe)
2013/07/20 15:12:13 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 49913, Process: explorer.exe)
2013/07/20 15:12:21 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 49915, Process: explorer.exe)
2013/07/20 15:12:29 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 49916, Process: explorer.exe)
2013/07/20 15:12:37 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 49918, Process: explorer.exe)
2013/07/20 15:12:53 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 49933, Process: explorer.exe)
2013/07/20 15:13:49 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 49941, Process: explorer.exe)
2013/07/20 15:13:57 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 49988, Process: explorer.exe)
2013/07/20 15:14:05 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50090, Process: explorer.exe)
2013/07/20 15:14:21 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50128, Process: explorer.exe)
2013/07/20 15:14:29 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50138, Process: explorer.exe)
2013/07/20 15:14:38 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50139, Process: explorer.exe)
2013/07/20 15:14:38 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50142, Process: explorer.exe)
2013/07/20 15:14:38 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50143, Process: explorer.exe)
2013/07/20 15:14:38 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50149, Process: explorer.exe)
2013/07/20 15:14:46 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50152, Process: explorer.exe)
2013/07/20 15:14:46 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50153, Process: explorer.exe)
2013/07/20 15:14:46 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50154, Process: explorer.exe)
2013/07/20 15:14:54 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50155, Process: explorer.exe)
2013/07/20 15:14:54 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50156, Process: explorer.exe)
2013/07/20 15:14:54 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50157, Process: explorer.exe)
2013/07/20 15:15:02 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50173, Process: explorer.exe)
2013/07/20 15:15:02 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50175, Process: explorer.exe)
2013/07/20 15:15:10 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50223, Process: explorer.exe)
2013/07/20 15:15:10 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50222, Process: explorer.exe)
2013/07/20 15:15:26 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50301, Process: explorer.exe)
2013/07/20 15:15:26 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50302, Process: explorer.exe)
2013/07/20 15:15:34 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50333, Process: explorer.exe)
2013/07/20 15:15:42 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50335, Process: explorer.exe)
2013/07/20 15:15:50 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50337, Process: explorer.exe)
2013/07/20 15:15:58 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50345, Process: explorer.exe)
2013/07/20 15:15:58 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50348, Process: explorer.exe)
2013/07/20 15:16:06 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50349, Process: explorer.exe)
2013/07/20 15:16:06 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50352, Process: explorer.exe)
2013/07/20 15:16:14 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50356, Process: explorer.exe)
2013/07/20 15:16:30 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50371, Process: explorer.exe)
2013/07/20 15:16:38 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50374, Process: explorer.exe)
2013/07/20 15:16:46 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50378, Process: explorer.exe)
2013/07/20 15:16:54 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50387, Process: explorer.exe)
2013/07/20 15:17:02 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50409, Process: explorer.exe)
2013/07/20 15:17:18 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50415, Process: explorer.exe)
2013/07/20 15:17:26 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50416, Process: explorer.exe)
2013/07/20 15:19:06 -0400    MAIN    (null)    MESSAGE    Starting protection
2013/07/20 15:19:06 -0400    MAIN    (null)    MESSAGE    Protection started successfully
2013/07/20 15:19:06 -0400    MAIN    (null)    MESSAGE    Starting IP protection
2013/07/20 15:19:08 -0400    MAIN    (null)    MESSAGE    IP Protection started successfully
2013/07/20 15:25:53 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50865, Process: explorer.exe)
2013/07/20 15:25:54 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50867, Process: explorer.exe)
2013/07/20 15:25:54 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50869, Process: explorer.exe)
2013/07/20 15:26:02 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50905, Process: explorer.exe)
2013/07/20 15:26:02 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50906, Process: explorer.exe)
2013/07/20 15:26:02 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50907, Process: explorer.exe)
2013/07/20 15:26:10 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50913, Process: explorer.exe)
2013/07/20 15:26:10 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50914, Process: explorer.exe)
2013/07/20 15:26:10 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50915, Process: explorer.exe)
2013/07/20 15:26:18 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50918, Process: explorer.exe)
2013/07/20 15:26:18 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50919, Process: explorer.exe)
2013/07/20 15:26:18 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 50921, Process: explorer.exe)
2013/07/20 15:26:26 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 51022, Process: explorer.exe)
2013/07/20 15:26:26 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 51116, Process: explorer.exe)
2013/07/20 15:26:26 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 51117, Process: explorer.exe)
2013/07/20 15:26:34 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 51154, Process: explorer.exe)
2013/07/20 15:26:43 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 51156, Process: explorer.exe)
2013/07/20 15:26:43 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 51157, Process: explorer.exe)
2013/07/20 15:26:51 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 51175, Process: explorer.exe)
2013/07/20 15:26:51 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 51177, Process: explorer.exe)
2013/07/20 15:26:59 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 51335, Process: explorer.exe)
2013/07/20 15:26:59 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 51336, Process: explorer.exe)
2013/07/20 15:27:15 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 51393, Process: explorer.exe)
2013/07/20 15:27:15 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 51394, Process: explorer.exe)
2013/07/20 15:28:12 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 51876, Process: explorer.exe)
2013/07/20 15:28:12 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 51877, Process: explorer.exe)
2013/07/20 15:28:12 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 51878, Process: explorer.exe)
2013/07/20 15:28:20 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 51891, Process: explorer.exe)
2013/07/20 15:28:20 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 51892, Process: explorer.exe)
2013/07/20 15:28:20 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 51893, Process: explorer.exe)
2013/07/20 15:28:36 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 51918, Process: explorer.exe)
2013/07/20 15:28:36 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 51919, Process: explorer.exe)
2013/07/20 15:28:36 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 51920, Process: explorer.exe)
2013/07/20 15:28:44 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52100, Process: explorer.exe)
2013/07/20 15:28:44 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52102, Process: explorer.exe)
2013/07/20 15:28:44 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52103, Process: explorer.exe)
2013/07/20 15:28:44 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52115, Process: explorer.exe)
2013/07/20 15:28:52 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52133, Process: explorer.exe)
2013/07/20 15:28:52 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52134, Process: explorer.exe)
2013/07/20 15:28:52 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52135, Process: explorer.exe)
2013/07/20 15:29:00 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52141, Process: explorer.exe)
2013/07/20 15:29:00 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52143, Process: explorer.exe)
2013/07/20 15:29:00 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52148, Process: explorer.exe)
2013/07/20 15:29:00 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52149, Process: explorer.exe)
2013/07/20 15:29:00 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52150, Process: explorer.exe)
2013/07/20 15:29:08 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52152, Process: explorer.exe)
2013/07/20 15:29:08 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52153, Process: explorer.exe)
2013/07/20 15:29:16 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52156, Process: explorer.exe)
2013/07/20 15:29:24 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52160, Process: explorer.exe)
2013/07/20 15:29:33 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52208, Process: explorer.exe)
2013/07/20 15:29:49 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52254, Process: explorer.exe)
2013/07/20 15:30:13 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52390, Process: explorer.exe)
2013/07/20 15:30:21 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52415, Process: explorer.exe)
2013/07/20 15:30:29 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52507, Process: explorer.exe)
2013/07/20 15:30:37 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52593, Process: explorer.exe)
2013/07/20 15:30:53 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52718, Process: explorer.exe)
2013/07/20 15:31:01 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52789, Process: explorer.exe)
2013/07/20 15:31:09 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52831, Process: explorer.exe)
2013/07/20 15:31:17 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52852, Process: explorer.exe)
2013/07/20 15:31:34 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52858, Process: explorer.exe)
2013/07/20 15:31:42 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52871, Process: explorer.exe)
2013/07/20 15:31:50 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52893, Process: explorer.exe)
2013/07/20 15:31:50 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52894, Process: explorer.exe)
2013/07/20 15:31:50 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52899, Process: explorer.exe)
2013/07/20 15:31:58 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52902, Process: explorer.exe)
2013/07/20 15:31:58 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52903, Process: explorer.exe)
2013/07/20 15:31:58 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52906, Process: explorer.exe)
2013/07/20 15:32:06 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52922, Process: explorer.exe)
2013/07/20 15:32:06 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 52923, Process: explorer.exe)
2013/07/20 15:32:31 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 53425, Process: explorer.exe)
2013/07/20 15:32:39 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 53491, Process: explorer.exe)
2013/07/20 15:32:48 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 53526, Process: explorer.exe)
2013/07/20 15:33:12 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 53739, Process: explorer.exe)
2013/07/20 15:33:20 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54146, Process: explorer.exe)
2013/07/20 15:33:29 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54272, Process: explorer.exe)
2013/07/20 15:33:45 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54276, Process: explorer.exe)
2013/07/20 15:33:53 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54277, Process: explorer.exe)
2013/07/20 15:33:53 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54279, Process: explorer.exe)
2013/07/20 15:33:53 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54281, Process: explorer.exe)
2013/07/20 15:33:53 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54282, Process: explorer.exe)
2013/07/20 15:34:01 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54332, Process: explorer.exe)
2013/07/20 15:34:01 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54333, Process: explorer.exe)
2013/07/20 15:34:01 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54336, Process: explorer.exe)
2013/07/20 15:34:09 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54349, Process: explorer.exe)
2013/07/20 15:34:09 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54350, Process: explorer.exe)
2013/07/20 15:34:09 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54351, Process: explorer.exe)
2013/07/20 15:34:33 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54391, Process: explorer.exe)
2013/07/20 15:34:33 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54393, Process: explorer.exe)
2013/07/20 15:34:33 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54394, Process: explorer.exe)
2013/07/20 15:34:41 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54453, Process: explorer.exe)
2013/07/20 15:34:41 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54464, Process: explorer.exe)
2013/07/20 15:34:41 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54465, Process: explorer.exe)
2013/07/20 15:34:50 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54474, Process: explorer.exe)
2013/07/20 15:34:50 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54488, Process: explorer.exe)
2013/07/20 15:35:06 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54539, Process: explorer.exe)
2013/07/20 15:35:14 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54567, Process: explorer.exe)
2013/07/20 15:35:22 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54696, Process: explorer.exe)
2013/07/20 15:35:30 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54721, Process: explorer.exe)
2013/07/20 15:35:47 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54732, Process: explorer.exe)
2013/07/20 15:36:52 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54873, Process: explorer.exe)
2013/07/20 15:36:52 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54875, Process: explorer.exe)
2013/07/20 15:37:00 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54877, Process: explorer.exe)
2013/07/20 15:37:00 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54878, Process: explorer.exe)
2013/07/20 15:37:08 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54879, Process: explorer.exe)
2013/07/20 15:37:08 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54880, Process: explorer.exe)
2013/07/20 15:37:16 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54881, Process: explorer.exe)
2013/07/20 15:37:24 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54883, Process: explorer.exe)
2013/07/20 15:37:24 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54886, Process: explorer.exe)
2013/07/20 15:37:24 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54887, Process: explorer.exe)
2013/07/20 15:37:32 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54888, Process: explorer.exe)
2013/07/20 15:37:32 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54889, Process: explorer.exe)
2013/07/20 15:37:40 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54890, Process: explorer.exe)
2013/07/20 15:37:40 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54891, Process: explorer.exe)
2013/07/20 15:37:40 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54892, Process: explorer.exe)
2013/07/20 15:37:48 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54893, Process: explorer.exe)
2013/07/20 15:37:56 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54895, Process: explorer.exe)
2013/07/20 15:38:04 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 54896, Process: explorer.exe)
2013/07/20 15:39:25 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 55096, Process: explorer.exe)
2013/07/20 15:39:25 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 55098, Process: explorer.exe)
2013/07/20 15:39:33 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 55113, Process: explorer.exe)
2013/07/20 15:39:33 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 55115, Process: explorer.exe)
2013/07/20 15:39:33 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 55117, Process: explorer.exe)
2013/07/20 15:39:33 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 55118, Process: explorer.exe)
2013/07/20 15:39:41 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 55123, Process: explorer.exe)
2013/07/20 15:39:41 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 55124, Process: explorer.exe)
2013/07/20 15:39:41 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 55125, Process: explorer.exe)
2013/07/20 15:39:41 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 55126, Process: explorer.exe)
2013/07/20 15:39:49 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 55133, Process: explorer.exe)
2013/07/20 15:39:49 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 55134, Process: explorer.exe)
2013/07/20 15:39:49 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 55136, Process: explorer.exe)
2013/07/20 15:39:49 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 55137, Process: explorer.exe)
2013/07/20 15:40:05 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 55152, Process: explorer.exe)
2013/07/20 15:40:05 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 55151, Process: explorer.exe)
2013/07/20 15:40:13 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 55167, Process: explorer.exe)
2013/07/20 15:40:13 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 55168, Process: explorer.exe)
2013/07/20 15:41:26 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 55879, Process: explorer.exe)
2013/07/20 15:41:34 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 55902, Process: explorer.exe)
2013/07/20 15:41:34 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 55905, Process: explorer.exe)
2013/07/20 15:41:34 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 55911, Process: explorer.exe)
2013/07/20 15:41:42 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 56012, Process: explorer.exe)
2013/07/20 15:41:50 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 56025, Process: explorer.exe)
2013/07/20 15:41:50 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 56042, Process: explorer.exe)
2013/07/20 15:41:58 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 56179, Process: explorer.exe)
2013/07/20 15:41:58 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 56200, Process: explorer.exe)
2013/07/20 15:42:06 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 56308, Process: explorer.exe)
2013/07/20 15:42:06 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 56323, Process: explorer.exe)
2013/07/20 15:42:14 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 56467, Process: explorer.exe)
2013/07/20 15:42:14 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 56484, Process: explorer.exe)
2013/07/20 15:42:22 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 56644, Process: explorer.exe)
2013/07/20 15:42:22 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 56658, Process: explorer.exe)
2013/07/20 15:43:26 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 57621, Process: explorer.exe)
2013/07/20 15:43:26 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 57630, Process: explorer.exe)
2013/07/20 15:43:34 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 57803, Process: explorer.exe)
2013/07/20 15:43:34 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 57806, Process: explorer.exe)
2013/07/20 15:43:42 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 57956, Process: explorer.exe)
2013/07/20 15:43:51 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 57960, Process: explorer.exe)
2013/07/20 15:43:51 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 58014, Process: explorer.exe)
2013/07/20 15:43:59 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 58059, Process: explorer.exe)
2013/07/20 15:44:07 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 58094, Process: explorer.exe)
2013/07/20 15:44:07 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 58100, Process: explorer.exe)
2013/07/20 15:44:15 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 58123, Process: explorer.exe)
2013/07/20 15:44:15 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 58126, Process: explorer.exe)
2013/07/20 15:44:23 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 58200, Process: explorer.exe)
2013/07/20 15:44:31 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 58259, Process: explorer.exe)
2013/07/20 15:44:39 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 58321, Process: explorer.exe)
2013/07/20 15:44:39 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 58392, Process: explorer.exe)
2013/07/20 15:44:47 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 58409, Process: explorer.exe)
2013/07/20 15:44:55 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 58418, Process: explorer.exe)
2013/07/20 15:44:55 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 58432, Process: explorer.exe)
2013/07/20 15:45:03 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 58449, Process: explorer.exe)
2013/07/20 15:45:03 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 58493, Process: explorer.exe)
2013/07/20 15:45:11 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 58539, Process: explorer.exe)
2013/07/20 15:45:19 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 58540, Process: explorer.exe)
2013/07/20 15:45:19 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 58549, Process: explorer.exe)
2013/07/20 15:45:59 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 58706, Process: explorer.exe)
2013/07/20 15:45:59 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 58708, Process: explorer.exe)
2013/07/20 15:46:07 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 58828, Process: explorer.exe)
2013/07/20 15:46:07 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 58831, Process: explorer.exe)
2013/07/20 15:46:15 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 58983, Process: explorer.exe)
2013/07/20 15:46:15 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 58985, Process: explorer.exe)
2013/07/20 15:46:23 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 59067, Process: explorer.exe)
2013/07/20 15:46:39 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 59120, Process: explorer.exe)
2013/07/20 15:46:47 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 59124, Process: explorer.exe)
2013/07/20 15:48:56 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 60269, Process: explorer.exe)
2013/07/20 15:48:56 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 60270, Process: explorer.exe)
2013/07/20 15:49:04 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 60319, Process: explorer.exe)
2013/07/20 15:49:04 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 60320, Process: explorer.exe)
2013/07/20 15:49:20 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 60367, Process: explorer.exe)
2013/07/20 15:49:20 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 60368, Process: explorer.exe)
2013/07/20 15:49:28 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 60425, Process: explorer.exe)
2013/07/20 15:49:28 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 60426, Process: explorer.exe)
2013/07/20 15:49:36 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 60458, Process: explorer.exe)
2013/07/20 15:49:36 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 60459, Process: explorer.exe)
2013/07/20 15:49:44 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 60573, Process: explorer.exe)
2013/07/20 15:49:44 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 60574, Process: explorer.exe)
2013/07/20 15:49:52 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 60585, Process: explorer.exe)
2013/07/20 15:49:52 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 60587, Process: explorer.exe)
2013/07/20 15:50:00 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 60626, Process: explorer.exe)
2013/07/20 15:50:00 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 60627, Process: explorer.exe)
2013/07/20 15:50:09 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 60691, Process: explorer.exe)
2013/07/20 15:50:09 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 60693, Process: explorer.exe)
2013/07/20 15:50:17 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 60717, Process: explorer.exe)
2013/07/20 15:50:33 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 60731, Process: explorer.exe)
2013/07/20 15:50:41 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 60767, Process: explorer.exe)
2013/07/20 15:53:22 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 61631, Process: explorer.exe)
2013/07/20 15:53:30 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 61651, Process: explorer.exe)
2013/07/20 15:53:38 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 61668, Process: explorer.exe)
2013/07/20 15:53:46 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 61676, Process: explorer.exe)
2013/07/20 15:54:02 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 61704, Process: explorer.exe)
2013/07/20 15:54:10 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 61732, Process: explorer.exe)
2013/07/20 15:56:44 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 62399, Process: explorer.exe)
2013/07/20 15:56:52 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 62444, Process: explorer.exe)
2013/07/20 15:57:08 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 62470, Process: explorer.exe)
2013/07/20 15:57:16 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 62526, Process: explorer.exe)
2013/07/20 15:57:24 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 62618, Process: explorer.exe)
2013/07/20 15:57:32 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 62631, Process: explorer.exe)
2013/07/20 15:57:32 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 62685, Process: explorer.exe)
2013/07/20 15:57:40 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 62690, Process: explorer.exe)
2013/07/20 15:57:48 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 62696, Process: explorer.exe)
2013/07/20 15:58:04 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 62705, Process: explorer.exe)
2013/07/20 15:58:04 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 62707, Process: explorer.exe)
2013/07/20 15:58:04 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 62708, Process: explorer.exe)
2013/07/20 15:58:12 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 62715, Process: explorer.exe)
2013/07/20 15:58:12 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 62716, Process: explorer.exe)
2013/07/20 15:58:12 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 62717, Process: explorer.exe)
2013/07/20 15:58:20 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 62718, Process: explorer.exe)
2013/07/20 15:58:21 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 62719, Process: explorer.exe)
2013/07/20 15:58:21 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 62720, Process: explorer.exe)
2013/07/20 15:58:29 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 62721, Process: explorer.exe)
2013/07/20 15:58:29 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 62723, Process: explorer.exe)
2013/07/20 15:58:29 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 62724, Process: explorer.exe)
2013/07/20 15:58:45 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 62769, Process: explorer.exe)
2013/07/20 15:58:45 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 62770, Process: explorer.exe)
2013/07/20 15:58:45 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 62771, Process: explorer.exe)
2013/07/20 15:58:53 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 62845, Process: explorer.exe)
2013/07/20 15:58:53 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 62844, Process: explorer.exe)
2013/07/20 15:58:53 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 62846, Process: explorer.exe)
2013/07/20 15:59:41 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 63187, Process: explorer.exe)
2013/07/20 15:59:49 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 63387, Process: explorer.exe)
2013/07/20 15:59:57 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 63539, Process: explorer.exe)
2013/07/20 16:05:34 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 64795, Process: explorer.exe)
2013/07/20 16:05:50 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 64806, Process: explorer.exe)
2013/07/20 16:05:58 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 64811, Process: explorer.exe)
2013/07/20 16:06:06 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 64812, Process: explorer.exe)
2013/07/20 16:06:14 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 64875, Process: explorer.exe)
2013/07/20 16:06:22 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 64890, Process: explorer.exe)
2013/07/20 16:06:30 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 64930, Process: explorer.exe)
2013/07/20 16:06:38 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 64945, Process: explorer.exe)
2013/07/20 16:06:46 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 64955, Process: explorer.exe)
2013/07/20 16:07:02 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 64969, Process: explorer.exe)
2013/07/20 16:07:11 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 64971, Process: explorer.exe)
2013/07/20 16:07:19 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 64973, Process: explorer.exe)
2013/07/20 16:07:19 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 64974, Process: explorer.exe)
2013/07/20 16:07:35 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 65007, Process: explorer.exe)
2013/07/20 16:07:43 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 65010, Process: explorer.exe)
2013/07/20 16:07:51 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 65022, Process: explorer.exe)
2013/07/20 16:07:59 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 65038, Process: explorer.exe)
2013/07/20 16:08:15 -0400    MAIN    Peter    IP-BLOCK    95.211.194.79 (Type: outgoing, Port: 65050, Process: explorer.exe)
 

Share this post


Link to post
Share on other sites

There appears to still be an infection on your system, I do not see an Anti-virus program listed, is that correct?

 

Run the following:

 

1.Download Malwarebytes Anti-Rootkit from this link:

 http://www.malwarebytes.org/products/mbar/

2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe

Image1.png

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

mbarwm.png

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

Image2.png

7. The following image opens, select Update

Image3.png

8. When the update completes select Next.

Image4.png

9. In the following window ensure "Targets" are ticked. Then select "Scan"

Image5.png

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

MBAntiRKcleanA.png

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.
12. If no threats were found you will see the following image, Select Exit:

Image6.png

13. Verify that your system is now running normally, making sure that the following items are functional:


  •      
  • Internet access
         
  • Windows Update
         
  • Windows Firewall



14.  If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

15. Select "Y" from your Keyboard, tap Enter.

16. The fix will be applied, select any key to Exit.

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log   Date and time of scan will also be shown

Thanks,

Kevin...
 

Share this post


Link to post
Share on other sites

It didn't find a thing....

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16635

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.131000 GHz
Memory total: 8585207808, free: 4881788928

Downloaded database version: v2013.07.21.03
Downloaded database version: v2013.07.15.01
Initializing...
------------ Kernel report ------------
     07/21/2013 10:02:42
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\vsflt53.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\jraid.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vididr.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\AN983X64.sys
\SystemRoot\system32\DRIVERS\DLKRT64.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\tapoas.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\DlinkNdPt60.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\??\C:\Windows\system32\drivers\dokan.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\nsi.dll
\Windows\System32\ole32.dll
\Windows\System32\psapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\kernel32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\iertutil.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\ws2_32.dll
\Windows\System32\usp10.dll
\Windows\System32\sechost.dll
\Windows\System32\imm32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\setupapi.dll
\Windows\System32\lpk.dll
\Windows\System32\shlwapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\advapi32.dll
\Windows\System32\urlmon.dll
\Windows\System32\wininet.dll
\Windows\System32\difxapi.dll
\Windows\System32\user32.dll
\Windows\System32\shell32.dll
\Windows\System32\msctf.dll
\Windows\System32\Wldap32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800782c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-5\
Lower Device Object: 0xfffffa800752d060
Lower Device Driver Name: \Driver\atapi\
IRP handler 0 of \Driver\atapi points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800782c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-5\
Lower Device Object: 0xfffffa800752d060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800782c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800767a940, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa800782cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800782c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007678de0, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xfffffa80066a5480, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800752d060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0xfffff8a01237ce10, 0xfffffa800782c060, 0xfffffa8008200090
Lower DeviceData: 0xfffff8a00fd34290, 0xfffffa800752d060, 0xfffffa80081cfe40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 26BE2C6E

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3907026944
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-3907009168-3907029168)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16635

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.131000 GHz
Memory total: 8585207808, free: 4481003520

=======================================
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.21.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Peter :: MAIN [administrator]

7/21/2013 10:02:47 AM
mbar-log-2013-07-21 (10-02-47).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 251806
Time elapsed: 13 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


 

Share this post


Link to post
Share on other sites

Are you still receiving the alerts via Malwarebytes, also do you have an Anti-virus security program installed....

Share this post


Link to post
Share on other sites

Can you run a quick scan with Malwarebytes and same with Microsoft Security Essentials, anything found?

Share this post


Link to post
Share on other sites

Nope and nope, nothing found.  That sucker from the logs that I have posted hasn't been showing up so everything seems to be clear for now.  Btw, which AV should I be looking into?  Keep MSE or look at something else?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.