Sirefef .AA .W .AN .P .AB being detected by anti-virus help please!

Solved
By Brennan
Jul 14, 2012
Topic Status:
Not open for further replies.
  1. Brennan

    Brennan TechSpot Enthusiast Topic Starter Posts: 101

    < %USERPROFILE%\AppData\Local\ /s >

    < %systemroot%\Installer\ /s >

    < %systemroot%\system32\Cache\ /s >

    < %systemroot%\system32\config\systemprofile\Application Data /s >

    < %PROGRAMFILES%\*. >
    [2012/01/12 14:32:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
    [2011/07/13 13:13:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
    [2011/01/06 06:44:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AviSynth 2.5
    [2011/10/29 01:56:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
    [2012/02/16 00:38:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Brother
    [2012/02/16 00:38:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Browny02
    [2012/07/21 22:54:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
    [2011/01/16 06:21:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
    [2012/07/05 20:56:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative
    [2012/07/05 20:45:28 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Creative Installation Information
    [2012/06/26 09:25:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Diablo III
    [2011/09/01 05:49:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electronic Arts
    [2012/07/21 23:31:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Everything
    [2011/05/07 13:16:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FrostWire
    [2011/10/27 01:45:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Full Tilt Poker
    [2011/12/12 10:13:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GOG.com
    [2012/07/05 20:52:44 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
    [2010/09/13 13:29:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
    [2012/06/13 07:53:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
    [2011/12/14 04:39:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IrfanView
    [2012/02/24 05:45:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ishutdown
    [2012/06/17 05:03:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
    [2011/10/27 18:49:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
    [2011/12/15 01:04:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LibreOffice 3.4
    [2012/07/18 13:31:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/15 01:04:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/05/20 03:00:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
    [2010/12/18 11:24:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    [2010/12/18 10:42:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
    [2012/07/10 23:19:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/07/11 03:19:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
    [2012/06/02 00:04:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
    [2010/12/18 11:47:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenAL
    [2012/05/07 02:46:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PacificPoker
    [2012/05/18 22:42:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
    [2011/01/06 06:43:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Red Kawa
    [2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
    [2011/01/06 06:44:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Regensoft
    [2012/04/18 18:19:20 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
    [2012/07/10 20:28:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\StarCraft II
    [2012/07/22 01:51:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
    [2012/04/18 02:34:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SystemRequirementsLab
    [2012/02/11 03:32:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Tibia
    [2012/04/18 03:59:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\trend micro
    [2011/07/22 06:30:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TuneUpMedia
    [2009/07/13 21:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
    [2012/01/28 03:09:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Universe Sandbox
    [2010/12/21 02:40:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
    [2012/01/05 06:45:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vuze
    [2011/12/19 01:09:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vuze_Remote
    [2009/07/13 22:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
    [2012/04/13 23:16:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
    [2010/12/17 14:42:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
    [2010/10/15 08:43:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
    [2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
    [2009/07/13 22:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
    [2009/07/13 22:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
    [2009/07/13 22:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
    [2012/06/15 03:13:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\World of Warcraft

    < %appdata%\*.* >

    < MD5 for: AFD.SYS >
    [2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
    [2011/12/27 21:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
    [2011/04/24 19:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
    [2009/07/13 16:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
    [2011/12/27 21:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
    [2011/04/24 19:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
    [2011/12/27 20:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\SysNative\drivers\afd.sys
    [2011/12/27 20:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
    [2011/04/24 20:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
    [2011/04/24 19:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

    < MD5 for: ATAPI.SYS >
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

    < MD5 for: CRYPTSVC.DLL >
    [2012/04/23 21:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
    [2012/04/23 21:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
    [2012/04/23 22:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
    [2012/04/23 21:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\erdnt\cache86\cryptsvc.dll
    [2012/04/23 21:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\SysWOW64\cryptsvc.dll
    [2012/04/23 21:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
    [2009/07/13 18:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
    [2009/07/13 18:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
    [2012/04/23 22:22:32 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=B7337E9C9E5936355BB700AA33E0936E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll
    [2012/04/23 22:36:46 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=CE8BF1423AEE47DA5275FBC8AD3BD642 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_d2773c98cda297d3\cryptsvc.dll
    [2012/04/23 22:59:45 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=F02786B66375292E58C8777082D4396D -- C:\Windows\erdnt\cache64\cryptsvc.dll
    [2012/04/23 22:59:45 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=F02786B66375292E58C8777082D4396D -- C:\Windows\SysNative\cryptsvc.dll
    [2012/04/23 22:59:45 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=F02786B66375292E58C8777082D4396D -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll
    [2012/04/23 21:33:53 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=F522279B4717E2BFF269C771FAC2B78E -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll

    < MD5 for: DNSRSLVR.DLL >
    [2011/03/02 23:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsrslvr.dll
    [2009/07/13 18:40:32 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=676108C4E3AA6F6B34633748BD0BEBD9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_3dd76e849c0a6a12\dnsrslvr.dll
    [2011/03/02 23:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=85CF424C74A1D5EC33533E1DBFF9920A -- C:\Windows\SysNative\dnsrslvr.dll
    [2011/03/02 23:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=85CF424C74A1D5EC33533E1DBFF9920A -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_3ddf452a9c04f6b8\dnsrslvr.dll
    [2011/03/02 23:12:55 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=B2205BAEAE4C178ABEB1B149751FC2B9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsrslvr.dll
    [2011/03/02 23:23:37 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=D8065FA366D28746EE3D75F08ED6B2FE -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_3eabc3f7b4f01eb1\dnsrslvr.dll

    < MD5 for: ES.DLL >
    [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\erdnt\cache64\es.dll
    [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\SysNative\es.dll
    [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
    [2012/06/28 03:27:57 | 000,008,216 | ---- | M] () MD5=8C4CBA187C451FAE0C9C1674B9C3AC39 -- C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.47\Locales\es.dll
    [2012/07/09 21:07:57 | 000,008,216 | ---- | M] () MD5=D088A143E3692E65FCEECBEAF6B66E08 -- C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\Locales\es.dll
    [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\erdnt\cache86\es.dll
    [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\SysWOW64\es.dll
    [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll

    < MD5 for: EXPLORER.EXE >
    [2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\erdnt\cache86\explorer.exe
    [2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
    [2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
    [2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
    [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
    [2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

    < MD5 for: IPNATHLP.DLL >
    [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\SysNative\ipnathlp.dll
    [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ipnathlp.dll

    < MD5 for: NETBT.SYS >
    [2009/07/13 16:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=9162B273A44AB9DCE5B44362731D062A -- C:\Windows\SysNative\drivers\netbt.sys
    [2009/07/13 16:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=9162B273A44AB9DCE5B44362731D062A -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_bc59ba0910f52e0c\netbt.sys

    < MD5 for: NETMAN.DLL >
    [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\erdnt\cache64\netman.dll
    [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\SysNative\netman.dll
    [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll

    < MD5 for: QMGR.DLL >
    [2009/07/13 18:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\erdnt\cache64\qmgr.dll
    [2009/07/13 18:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\SysNative\qmgr.dll
    [2009/07/13 18:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

    < MD5 for: RPCSS.DLL >
    [2009/07/13 18:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows\erdnt\cache64\rpcss.dll
    [2009/07/13 18:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows\SysNative\rpcss.dll
    [2009/07/13 18:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll

    < MD5 for: SERVICES.EXE >
    [2012/07/14 00:50:28 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
    [2012/07/14 00:50:28 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
    [2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

    < MD5 for: SVCHOST.EXE >
    [2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
    [2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
    [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
    [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
    [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

    < MD5 for: TCPIP.SYS >
    [2011/04/24 22:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
    [2011/09/29 10:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
    [2011/06/20 23:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
    [2010/06/13 23:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
    [2012/03/30 03:19:17 | 001,877,872 | ---- | M] (Microsoft Corporation) MD5=5EFD096DEF47F8B88EF591DA92143440 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
    [2011/04/24 22:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
    [2012/03/30 04:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\erdnt\cache64\tcpip.sys
    [2012/03/30 04:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\SysNative\drivers\tcpip.sys
    [2012/03/30 04:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
    [2010/04/09 04:06:28 | 001,898,376 | ---- | M] (Microsoft Corporation) MD5=7FC877A25796D8ADF539E64703FCA7E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65\tcpip.sys
    [2012/03/30 03:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
    [2010/06/13 23:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
    [2009/07/13 18:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
    [2011/04/24 22:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
    [2011/06/20 23:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
    [2010/04/09 00:56:29 | 001,892,232 | ---- | M] (Microsoft Corporation) MD5=A9C0F786AC1F736891D05CE0A1D29DEB -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463\tcpip.sys
    [2011/09/29 09:17:51 | 001,886,064 | ---- | M] (Microsoft Corporation) MD5=AC3E29880DB5659532A1AA3439304A43 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
    [2012/03/30 04:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
    [2011/04/24 23:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
    [2011/06/20 23:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
    [2011/06/20 23:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
    [2011/09/29 09:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
    [2011/09/29 09:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

    < MD5 for: TDX.SYS >
    [2009/07/13 16:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\erdnt\cache64\tdx.sys
    [2009/07/13 16:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\SysNative\drivers\tdx.sys
    [2009/07/13 16:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e\tdx.sys

    < MD5 for: USERINIT.EXE >
    [2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache86\userinit.exe
    [2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
    [2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
    [2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\erdnt\cache64\userinit.exe
    [2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
    [2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

    < MD5 for: VOLSNAP.SYS >
    [2009/07/13 18:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\SysNative\drivers\volsnap.sys
    [2009/07/13 18:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_1b1a512d99c5b72c\volsnap.sys
    [2009/07/13 18:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

    < MD5 for: WININIT.EXE >
    [2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\erdnt\cache64\wininit.exe
    [2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
    [2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
    [2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\erdnt\cache86\wininit.exe
    [2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
    [2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

    < MD5 for: WINLOGON.EXE >
    [2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\erdnt\cache64\winlogon.exe
    [2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
    [2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

    < MD5 for: WMISVC.DLL >
    [2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\SysNative\wbem\WMIsvc.dll
    [2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7600.16385_none_fca7ad7710a22535\WMIsvc.dll

    < MD5 for: WSCSVC.DLL >
    [2010/12/20 23:09:08 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=34D280957E8681E4BD9492B3F1FC27B9 -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.20862_none_76d192b6e4d9ed67\wscsvc.dll
    [2010/12/20 23:16:27 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=8F9F3969933C02DA96EB0F84576DB43E -- C:\Windows\SysNative\wscsvc.dll
    [2010/12/20 23:16:27 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=8F9F3969933C02DA96EB0F84576DB43E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16723_none_767435e5cb9af730\wscsvc.dll
    [2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16385_none_76354f59cbc9dce8\wscsvc.dll

    < End of report >
  2. Brennan

    Brennan TechSpot Enthusiast Topic Starter Posts: 101

    OTL Extras logfile created on: 22/07/2012 11:02:55 PM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\User\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    3.87 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 62.50% Memory free
    6.64 Gb Paging File | 5.00 Gb Available in Paging File | 75.27% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 2.88 Gb Free Space | 0.62% Space Free | Partition Type: NTFS

    Computer Name: USER-PC | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{7AD1CB49-8904-429D-A8F2-9B00C2DF9225}C:\program files (x86)\steam\steamapps\brennanb\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\brennanb\counter-strike source\hl2.exe |
    "TCP Query User{85CF49DD-4131-48A9-934E-2460FDE7B408}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "TCP Query User{C0A4D0AF-1CF3-412C-BBAA-617696ACC053}C:\program files (x86)\ishutdown\ishutdown\ishutdown.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ishutdown\ishutdown\ishutdown.exe |
    "UDP Query User{7AE475E9-3BCE-4589-BE63-4F1D5343D9D9}C:\program files (x86)\steam\steamapps\brennanb\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\brennanb\counter-strike source\hl2.exe |
    "UDP Query User{B81FBB08-5DB4-4814-82A6-4F88959A1F17}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "UDP Query User{FE5BB7A2-DBFC-47A7-B17C-52EF5D902698}C:\program files (x86)\ishutdown\ishutdown\ishutdown.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ishutdown\ishutdown\ishutdown.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
    "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "CCleaner" = CCleaner
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{08AB3EB6-158A-4415-8627-C41C629CC611}" = iShutdown
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D64833F8-860D-4216-8EDC-DD08AD68C0B5}" = LibreOffice 3.4
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2270DW
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "8461-7759-5462-8226" = Vuze
    "888poker" = 888poker
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "ALchemy" = Creative ALchemy
    "AudioCS" = Creative Audio Control Panel
    "AviSynth" = AviSynth 2.5
    "Console Launcher" = Creative Console Launcher
    "Creative Software AutoUpdate" = Creative Software AutoUpdate
    "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
    "Diablo III" = Diablo III
    "Empire Earth Gold Edition_is1" = Empire Earth Gold Edition
    "Everything" = Everything 1.2.1.371
    "FrostWire" = FrostWire 4.21.6
    "HijackThis" = HijackThis 2.0.2
    "IrfanView" = IrfanView (remove only)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OpenAL" = OpenAL
    "SequoiaView" = SequoiaView
    "SFBM" = SoundFont Bank Manager
    "Smart Recorder" = Creative Smart Recorder
    "StarCraft II" = StarCraft II
    "Steam App 21100" = F.E.A.R. 3
    "Steam App 240" = Counter-Strike: Source
    "Steam App 24790" = Command and Conquer 3: Tiberium Wars
    "Steam App 300" = Day of Defeat: Source
    "Steam App 39160" = Dungeon Siege III
    "Steam App 39200" = Dungeon Siege 2
    "Steam App 550" = Left 4 Dead 2
    "Steam App 6870" = Battlestations: Midway
    "SystemRequirementsLab" = System Requirements Lab
    "Tibia_is1" = Tibia
    "Universe Sandbox" = Universe Sandbox
    "Videora iPod Converter" = Videora iPod Converter 6
    "VLC media player" = VLC media player 1.1.10
    "Vuze_Remote Toolbar" = Vuze Remote Toolbar
    "WaveStudio 7" = Creative WaveStudio 7
    "WinLiveSuite" = Windows Live Essentials
    "World of Warcraft" = World of Warcraft
    "YouTube Downloader App" = YouTube Downloader App 3.00

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 13/06/2012 8:14:13 AM | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 28/06/2012 1:41:18 AM | Computer Name = User-PC | Source = Application Hang | ID = 1002
    Description = The program hl2.exe version 0.0.0.0 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: 1270 Start Time:
    01cd54ef7798ce25 Termination Time: 225 Application Path: c:\program files (x86)\steam\steamapps\brennanb\counter-strike
    source\hl2.exe Report Id:

    Error - 29/06/2012 4:08:42 AM | Computer Name = User-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
    0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
    time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x7468e36c Faulting
    process id: 0xb88 Faulting application start time: 0x01cd55c4f95e06a5 Faulting application
    path: c:\program files (x86)\steam\steamapps\brennanb\counter-strike source\hl2.exe
    Faulting
    module path: filesystem_steam.dll Report Id: a3af8c8e-c1c1-11e1-81f6-485b39f76cef

    Error - 05/07/2012 10:08:57 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
    0x4febb13c Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
    time stamp: 0x4ff1ec29 Exception code: 0xc0000005 Fault offset: 0x7412e279 Faulting
    process id: 0x13f4 Faulting application start time: 0x01cd5b1a3e2e093e Faulting application
    path: c:\program files (x86)\steam\steamapps\brennanb\counter-strike source\hl2.exe
    Faulting
    module path: filesystem_steam.dll Report Id: 8ae96056-c70f-11e1-be4f-485b39f76cef

    Error - 10/07/2012 10:50:01 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
    0x4febb13c Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
    time stamp: 0x4ff1ec29 Exception code: 0xc0000005 Fault offset: 0x6c2de279 Faulting
    process id: 0x13c0 Faulting application start time: 0x01cd5f0c09cb1f8a Faulting application
    path: c:\program files (x86)\steam\steamapps\brennanb\counter-strike source\hl2.exe
    Faulting
    module path: filesystem_steam.dll Report Id: 1bd078a6-cb03-11e1-bc18-485b39f76cef

    Error - 17/07/2012 6:11:06 PM | Computer Name = User-PC | Source = Application Hang | ID = 1002
    Description = The program firefox.exe version 13.0.1.4548 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: fd8 Start
    Time: 01cd628204cba94a Termination Time: 229 Application Path: C:\Program Files (x86)\Mozilla
    Firefox\firefox.exe Report Id: 4b6797ca-d05c-11e1-8a03-485b39f76cef

    Error - 19/07/2012 1:12:39 AM | Computer Name = User-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: FlashPlayerPlugin_11_3_300_265.exe, version:
    11.3.300.265, time stamp: 0x4febd5ac Faulting module name: NPSWF32_11_3_300_265.dll,
    version: 11.3.300.265, time stamp: 0x4febd798 Exception code: 0xc0000005 Fault offset:
    0x001d1e33 Faulting process id: 0x12e8 Faulting application start time: 0x01cd65393c37cc78
    Faulting
    application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
    Faulting
    module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll Report
    Id: 5c0f2afa-d160-11e1-8f13-485b39f76cef

    Error - 19/07/2012 3:15:01 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: FlashPlayerPlugin_11_3_300_265.exe, version:
    11.3.300.265, time stamp: 0x4febd5ac Faulting module name: NPSWF32_11_3_300_265.dll,
    version: 11.3.300.265, time stamp: 0x4febd798 Exception code: 0xc0000005 Fault offset:
    0x000d6da0 Faulting process id: 0x2fc Faulting application start time: 0x01cd65dd935e19e5
    Faulting
    application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
    Faulting
    module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll Report
    Id: 094c3121-d1d6-11e1-8f2d-485b39f76cef

    Error - 19/07/2012 6:15:43 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: FlashPlayerPlugin_11_3_300_265.exe, version:
    11.3.300.265, time stamp: 0x4febd5ac Faulting module name: NPSWF32_11_3_300_265.dll,
    version: 11.3.300.265, time stamp: 0x4febd798 Exception code: 0xc0000005 Fault offset:
    0x004923d1 Faulting process id: 0x1d3c Faulting application start time: 0x01cd65fa5c679591
    Faulting
    application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
    Faulting
    module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll Report
    Id: 47663953-d1ef-11e1-8f2d-485b39f76cef

    Error - 22/07/2012 1:49:43 AM | Computer Name = User-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: nvtray.exe, version: 7.17.13.142, time
    stamp: 0x4fb20fcd Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850,
    time stamp: 0x4e211da1 Exception code: 0xc000041d Fault offset: 0x000000000000a88d
    Faulting
    process id: 0xc8c Faulting application start time: 0x01cd66ae332ccc65 Faulting application
    path: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe Faulting module path:
    C:\Windows\system32\KERNELBASE.dll Report Id: 08b1a5bc-d3c1-11e1-81c4-485b39f76cef

    [ Media Center Events ]
    Error - 16/11/2010 12:52:44 PM | Computer Name = User-PC | Source = MCUpdate | ID = 0
    Description = 8:52:44 AM - Error connecting to the internet. 8:52:44 AM - Unable
    to contact server..

    Error - 16/11/2010 12:52:50 PM | Computer Name = User-PC | Source = MCUpdate | ID = 0
    Description = 8:52:49 AM - Error connecting to the internet. 8:52:49 AM - Unable
    to contact server..

    Error - 17/11/2010 12:25:49 PM | Computer Name = User-PC | Source = MCUpdate | ID = 0
    Description = 8:25:49 AM - Error connecting to the internet. 8:25:49 AM - Unable
    to contact server..

    Error - 17/11/2010 12:25:58 PM | Computer Name = User-PC | Source = MCUpdate | ID = 0
    Description = 8:25:54 AM - Error connecting to the internet. 8:25:54 AM - Unable
    to contact server..

    Error - 18/11/2010 1:39:56 PM | Computer Name = User-PC | Source = MCUpdate | ID = 0
    Description = 9:39:56 AM - Error connecting to the internet. 9:39:56 AM - Unable
    to contact server..

    Error - 18/11/2010 1:40:05 PM | Computer Name = User-PC | Source = MCUpdate | ID = 0
    Description = 9:40:01 AM - Error connecting to the internet. 9:40:01 AM - Unable
    to contact server..

    Error - 19/11/2010 1:10:24 PM | Computer Name = User-PC | Source = MCUpdate | ID = 0
    Description = 9:10:24 AM - Error connecting to the internet. 9:10:24 AM - Unable
    to contact server..

    Error - 19/11/2010 1:10:34 PM | Computer Name = User-PC | Source = MCUpdate | ID = 0
    Description = 9:10:30 AM - Error connecting to the internet. 9:10:30 AM - Unable
    to contact server..

    Error - 20/11/2010 1:18:14 PM | Computer Name = User-PC | Source = MCUpdate | ID = 0
    Description = 9:18:09 AM - Error connecting to the internet. 9:18:09 AM - Unable
    to contact server..

    Error - 05/01/2012 12:33:21 AM | Computer Name = User-PC | Source = MCUpdate | ID = 0
    Description = 8:33:16 PM - Failed to retrieve SportsSchedule (Error: The underlying
    connection was closed: Could not establish trust relationship for the SSL/TLS secure
    channel.)

    [ System Events ]
    Error - 20/07/2012 3:33:02 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 20/07/2012 3:33:02 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 20/07/2012 3:35:43 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the eventlog service.

    Error - 22/07/2012 1:49:41 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 22/07/2012 1:49:41 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 22/07/2012 1:54:35 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 22/07/2012 1:56:36 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 22/07/2012 1:57:32 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 22/07/2012 2:00:27 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 22/07/2012 2:00:27 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069


    < End of report >
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
  4. Brennan

    Brennan TechSpot Enthusiast Topic Starter Posts: 101

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=f9f25a16f618d1428505d2c3a678de5e
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-07-24 10:26:04
    # local_time=2012-07-24 03:26:04 (-0800, Pacific Daylight Time)
    # country="Canada"
    # lang=1033
    # osver=6.1.7600 NT
    # compatibility_mode=512 16777215 100 0 7452881 7452881 0 0
    # compatibility_mode=5893 16776574 100 94 54022 94664674 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=297154
    # found=3
    # cleaned=3
    # scan_time=4340
    C:\backup\Drive(D)\Documents and Settings\Brennan\Local Settings\Temp\CSM1A.tmp a variant of Win32/Adware.Mongoose.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\backup\Local Settings\Temp\CSM1A.tmp a variant of Win32/Adware.Mongoose.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Qoobox\Quarantine\C\Windows\Installer\{5804b618-ffb5-9da5-151c-c2bec33ea925}\U\00000008.@.vir Win64/Agent.BA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please run OTL
  6. Brennan

    Brennan TechSpot Enthusiast Topic Starter Posts: 101

    All processes killed
    ========== OTL ==========
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4920A831-C75B-45AE-8A72-5A4A3F5D70BB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4920A831-C75B-45AE-8A72-5A4A3F5D70BB}\ not found.
    Prefs.js: "Ask.com" removed from browser.search.defaultengine
    Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
    Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
    Prefs.js: "http://search.babylon.com/?affID=11...ss&mntrId=589b1fbf000000000000485b39f76cef&q=" removed from keyword.URL
    C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z4oofidk.default\searchplugins\askcom.xml moved successfully.
    Use Chrome's Settings page to remove the default_search_provider items.
    Use Chrome's Settings page to remove the default_search_provider items.
    C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhnadmefmkcgjpegkbigbnmaakejlka\1.1_0 folder moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
    C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
    File C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
    File C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
  7. Brennan

    Brennan TechSpot Enthusiast Topic Starter Posts: 101

    Great for some reason now this fake antivirus thing has taken over my computer (LiveSecurityPlatinum) even after "removal" with Malewarebytes, I am now in safe-mode w/ networking because it wouldn't let me open my "infected programs" aka everything in normal mode. It says no action taken but I was sure I selected removal and it prompted me to restart.

    Database version: v2012.07.18.09

    Windows 7 x64 NTFS (Safe Mode)
    Internet Explorer 8.0.7600.16385
    User :: USER-PC [administrator]

    25/07/2012 1:38:27 AM
    mbam-log-2012-07-25 (01-41-11).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 207183
    Time elapsed: 2 minute(s), 13 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> No action taken.

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|hdwwabel (IPH.Trojan.Agent.CPN) -> Data: rundll32 "C:\Users\User\AppData\Local\Temp\ntkrkrnl.dll",CreateProcessNotify -> No action taken.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 1
    C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> No action taken.

    Files Detected: 3
    C:\Users\User\AppData\Local\Temp\ntkrkrnl.dll (IPH.Trojan.Agent.CPN) -> No action taken.
    C:\Users\User\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> No action taken.
    C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> No action taken.

    (end)
  8. Brennan

    Brennan TechSpot Enthusiast Topic Starter Posts: 101

    I did another scan with Malewarebytes in safemode this time it detected different things and successfully removed them and now it (the fake antivirus scareware) "seems" like it's gone. Here's the other log.

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.25.03

    Windows 7 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.7600.16385
    User :: USER-PC [administrator]

    25/07/2012 1:55:59 AM
    mbam-log-2012-07-25 (01-55-59).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 208530
    Time elapsed: 2 minute(s), 7 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|7531CC770009EDE70303F3074F147CE7 (Trojan.LameShield) -> Data: C:\ProgramData\7531CC770009EDE70303F3074F147CE7\7531CC770009EDE70303F3074F147CE7.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\ProgramData\7531CC770009EDE70303F3074F147CE7\7531CC770009EDE70303F3074F147CE7.exe (Trojan.LameShield) -> Quarantined and deleted successfully.

    (end)
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Something else is hidden, then...

    Please download aswMBR from here

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below

    [​IMG]

    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
  10. Brennan

    Brennan TechSpot Enthusiast Topic Starter Posts: 101

    Thankyou for your time and patience with me in this.

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-25 04:02:30
    -----------------------------
    04:02:30.710 OS Version: Windows x64 6.1.7600
    04:02:30.710 Number of processors: 4 586 0x2502
    04:02:30.710 ComputerName: USER-PC UserName: User
    04:02:31.349 Initialize success
    04:03:46.804 AVAST engine defs: 12072500
    04:04:16.345 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
    04:04:16.347 Disk 0 Vendor: WDC_WD5000AAKS-00UU3A0 01.03B01 Size: 476940MB BusType: 3
    04:04:16.349 Disk 0 MBR read successfully
    04:04:16.350 Disk 0 MBR scan
    04:04:16.353 Disk 0 Windows 7 default MBR code
    04:04:16.356 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    04:04:16.389 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
    04:04:16.448 Disk 0 scanning C:\Windows\system32\drivers
    04:04:27.761 Service scanning
    04:04:58.789 Modules scanning
    04:04:58.789 Disk 0 trace - called modules:
    04:04:58.820 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    04:04:58.820 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048bd060]
    04:04:58.836 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8004662520]
    04:04:58.836 5 ACPI.sys[fffff88000ed3781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800465e680]
    04:04:59.959 AVAST engine scan C:\Windows
    04:05:03.984 AVAST engine scan C:\Windows\system32
    04:08:33.260 AVAST engine scan C:\Windows\system32\drivers
    04:08:45.974 AVAST engine scan C:\Users\User
    04:25:03.757 AVAST engine scan C:\ProgramData
    04:28:51.377 Scan finished successfully
    04:39:14.333 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
    04:39:14.442 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    I'm only glad to help. :)
    • Download RogueKiller and save it on your desktop.
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan
    [​IMG]

    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.
    [​IMG]

    • The report has been created on the desktop.
    • Next click on the ShortcutsFix

      [​IMG]
    • The report has been created on the desktop.
    Please post:

    All RKreport.txt text files located on your desktop.
     
  12. Brennan

    Brennan TechSpot Enthusiast Topic Starter Posts: 101

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User: User [Admin rights]
    Mode: Scan -- Date: 07/25/2012 14:40:21

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 4 ¤¤¤
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD5000AAKS-00UU3A0 ATA Device +++++
    --- User ---
    [MBR] 0af43876e4cee27dd482a2b70b27b356
    [BSP] 9cba2c0a0cebbb0adaf098c14e15233e : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt


    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User: User [Admin rights]
    Mode: Remove -- Date: 07/25/2012 14:40:49

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 4 ¤¤¤
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD5000AAKS-00UU3A0 ATA Device +++++
    --- User ---
    [MBR] 0af43876e4cee27dd482a2b70b27b356
    [BSP] 9cba2c0a0cebbb0adaf098c14e15233e : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User: User [Admin rights]
    Mode: Shortcuts HJfix -- Date: 07/25/2012 14:41:48

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ File attributes restored: ¤¤¤
    Desktop: Success 1 / Fail 0
    Quick launch: Success 1 / Fail 0
    Programs: Success 7 / Fail 0
    Start menu: Success 1 / Fail 0
    User folder: Success 129 / Fail 0
    My documents: Success 4 / Fail 0
    My favorites: Success 0 / Fail 0
    My pictures: Success 0 / Fail 0
    My music: Success 1418 / Fail 0
    My videos: Success 0 / Fail 0
    Local drives: Success 11932 / Fail 0
    Backup: [NOT FOUND]

    Drives:
    [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
    [D:] \Device\CdRom0 -- 0x5 --> Skipped
    [F:] \Device\HarddiskVolume3 -- 0x2 --> Restored
    [G:] \Device\HarddiskVolume4 -- 0x2 --> Restored
    [H:] \Device\HarddiskVolume5 -- 0x2 --> Restored
    [I:] \Device\HarddiskVolume6 -- 0x2 --> Restored

    ¤¤¤ Infection : ¤¤¤

    Finished : << RKreport[3].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    WhyIGotInfected

    Download WhyIGotInfected.exe to your Desktop.

    Double-click on WhyIGotInfected.exe to start the program.

    • In "Plugins"
    • Click on "Scan".
    • Then click "Report." Close the report.
      • If the lines appear in red, the plugin is outdated. In this case, double click on the line in question, and it will download and install the plugin (from the official site)
    • When all outdated plugins are updated:
      • Click again on "Scan".
      • Then click the "Report".
      • Copy paste the contents of two reports (on the desktop, WIGIReport [x].txt) in your next reply.
  14. Brennan

    Brennan TechSpot Enthusiast Topic Starter Posts: 101

    WhyIGotInfected v1.5.4(by Tigzy)
    ********************************

    Run : 26/07/2012 3:15:37 AM [Normal Mode]
    Machine : USER-PC (4 CPUs) [User : NOT ADMIN]
    OS: Microsoft Windows 7 Home Premium (x64)

    ~~ Plugins check: ~~

    OUTDATED [Microsoft Windows 7 Home Premium ] Current : -- Latest : Service Pack 1
    OUTDATED [Firefox (x86)] Current : 13.0.1 -- Latest : 14.0.1
    OUTDATED [Internet Explorer] Current : 8.0.7600.16385 -- Latest : 9.0.8112.16421
    OUTDATED [Internet Explorer (x86)] Current : 8.0.7600.16385 -- Latest : 9.0.8112.16421
    OUTDATED [Java (x86)] Current : 1.6.0_31 -- Latest : 1.7.0_05
    OUTDATED [Adobe Reader (x86)] Current : 90 -- Latest : 10
    UPTODATE [Adobe Flash FF Plugin] Current : 11.3.300.265 -- Latest : 11.3.300.265
    UPTODATE [Adobe Flash FF Plugin (x86)] Current : 11.3.300.265 -- Latest : 11.3.300.265


    Finished
    <C:\Users\User\Desktop\WIGIReport[0].txt>
    WIGIReport[0].txt


    WhyIGotInfected v1.5.4(by Tigzy)
    ********************************

    Run : 26/07/2012 3:55:26 AM [Normal Mode]
    Machine : USER-PC (4 CPUs) [User : NOT ADMIN]
    OS: Microsoft Windows 7 Home Premium (x64)

    ~~ Plugins check: ~~

    OUTDATED [Microsoft Windows 7 Home Premium ] Current : -- Latest : Service Pack 1 - Windows Update isn't listing it.
    UPTODATE [Firefox (x86)] Current : 14.0.1 -- Latest : 14.0.1
    UPTODATE [Internet Explorer] Current : 9.0.8112.16421 -- Latest : 9.0.8112.16421
    UPTODATE [Internet Explorer (x86)] Current : 9.0.8112.16421 -- Latest : 9.0.8112.16421
    UPTODATE [Java (x86)] Current : 1.7.0_05 -- Latest : 1.7.0_05
    OUTDATED [Adobe Reader (x86)] Current : 100 -- Latest : 10 - Installed and working maybe it's checking for the French version? (It linked to the French website)
    UPTODATE [Adobe Flash FF Plugin] Current : 11.3.300.265 -- Latest : 11.3.300.265
    UPTODATE [Adobe Flash FF Plugin (x86)] Current : 11.3.300.265 -- Latest : 11.3.300.265


    Finished
    <C:\Users\User\Desktop\WIGIReport[1].txt>
    WIGIReport[0].txt ; WIGIReport[1].txt
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Probably. LOL

    Here is the information obtained from:http://windows.microsoft.com/en-US/windows7/install-windows-7-service-pack-1
  16. Brennan

    Brennan TechSpot Enthusiast Topic Starter Posts: 101

  17. Brennan

    Brennan TechSpot Enthusiast Topic Starter Posts: 101

    All my Firefox bookmarks disappeared not sure what I did.
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

     
  19. Brennan

    Brennan TechSpot Enthusiast Topic Starter Posts: 101

    I downloaded the ISO last night and burned it to a DVD and tried to do the install that way (before you replied) but it "froze" I left it for 20 minutes and it hadn't moved (the install bar progress thing) and now this one has froze at the exact same point. KB976932
  20. Brennan

    Brennan TechSpot Enthusiast Topic Starter Posts: 101

    I don't think I was waiting long enough it worked this time (I did update my mobo drivers first this time) Will canceling the install twice before cause any problems? My bookmarks are back after a restart not sure what that was.

    UPTODATE [Microsoft Windows 7 Home Premium ] Current : Service Pack 1 -- Latest : Service Pack 1
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    And now Quick Scan from OTL please...
  22. Brennan

    Brennan TechSpot Enthusiast Topic Starter Posts: 101

    OTL logfile created on: 27/07/2012 4:58:00 AM - Run 2
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\User\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    3.87 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 62.31% Memory free
    7.74 Gb Paging File | 6.12 Gb Available in Paging File | 79.08% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 30.14 Gb Free Space | 6.47% Space Free | Partition Type: NTFS

    Computer Name: USER-PC | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/22 23:00:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    PRC - [2012/06/20 11:47:13 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2011/10/11 11:28:41 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
    PRC - [2011/05/31 02:00:56 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\ishutdown\iShutdown\ilauncher.exe
    PRC - [2010/06/10 14:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    PRC - [2010/05/05 20:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
    PRC - [2010/05/05 20:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
    PRC - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    PRC - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
    PRC - [2009/11/04 13:39:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/11/04 13:39:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/03/12 18:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
    PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
    PRC - [2004/12/02 19:23:34 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe
    PRC - [1999/12/13 02:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTSVCCDA.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/20 11:47:10 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
    MOD - [2012/06/20 11:47:08 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
    MOD - [2012/06/20 11:47:06 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
    MOD - [2012/06/20 11:47:04 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
    MOD - [2012/06/20 11:47:02 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
    MOD - [2012/04/23 15:35:09 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    MOD - [2012/03/21 15:32:36 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    MOD - [2012/01/03 19:51:03 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    MOD - [2012/01/03 19:50:59 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/05/31 02:00:56 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\ishutdown\iShutdown\ilauncher.exe
    MOD - [2010/05/05 20:56:46 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIRES.DLL
    MOD - [2009/06/10 14:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    MOD - [2009/03/26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
    MOD - [2009/03/12 18:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
    MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/07/25 05:01:44 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/13 17:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/05 20:45:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/06/20 11:47:13 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/05/15 03:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2010/12/18 12:21:20 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
    SRV - [2009/11/04 13:39:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2009/11/04 13:39:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [1999/12/13 02:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Windows\SysWOW64\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/26 16:42:55 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/04/18 10:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
    DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2010/05/05 22:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
    DRV:64bit: - [2010/05/05 22:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
    DRV:64bit: - [2010/05/05 22:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV:64bit: - [2010/05/05 22:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV:64bit: - [2010/05/05 22:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
    DRV:64bit: - [2010/05/05 22:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
    DRV:64bit: - [2010/05/05 22:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
    DRV:64bit: - [2010/05/05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
    DRV:64bit: - [2010/05/05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
    DRV:64bit: - [2010/05/05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
    DRV:64bit: - [2010/05/05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
    DRV:64bit: - [2010/05/05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
    DRV:64bit: - [2010/05/05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
    DRV:64bit: - [2010/04/21 18:18:46 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009/07/15 20:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2006/12/05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE9HP&PC=UP50
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A7 BB 87 4E 84 53 CB 01 [binary data]
    IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{5A682723-4FC1-488F-9414-65722B0E0E8C}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\..\SearchScopes\{BC0C2AA9-7FD6-446B-8058-26F32035299C}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: ""
    FF - prefs.js..browser.search.defaultenginename: ""
    FF - prefs.js..browser.search.order.1: ""
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.ca"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
    FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=11...ss&mntrId=589b1fbf000000000000485b39f76cef&q="


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\User\AppData\Local\RewardsArcade\498\Firefox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/26 03:18:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/26 03:44:40 | 000,000,000 | ---D | M]

    [2010/12/21 00:43:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
    [2012/07/26 00:56:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z4oofidk.default\extensions
    [2012/07/26 03:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/07/25 03:18:00 | 000,049,607 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z4OOFIDK.DEFAULT\EXTENSIONS\{3E9BB2A7-62CA-4EFA-A4E6-F6F6168A652D}.XPI
    [2012/07/26 00:56:37 | 000,525,861 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z4OOFIDK.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
    [2012/06/28 20:54:48 | 000,123,007 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z4OOFIDK.DEFAULT\EXTENSIONS\MAFIAAFIRE@MAFIAAFIRE.COM.XPI
    [2012/07/25 22:17:45 | 000,051,994 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z4OOFIDK.DEFAULT\EXTENSIONS\NEWTABURL@SOGAME.CAT.XPI
    [2011/12/07 09:32:00 | 000,017,877 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z4OOFIDK.DEFAULT\EXTENSIONS\VTZILLA@VIRUSTOTAL.COM.XPI
    [2012/07/13 17:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/07/13 17:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/07/13 17:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
  23. Brennan

    Brennan TechSpot Enthusiast Topic Starter Posts: 101

    ========== Chrome ==========

    CHR - homepage: http://www.google.ca/
    CHR - default_search_provider: Search the web (Babylon) (Enabled)
    CHR - default_search_provider: search_url = http://search.babylon.com/?q={searc...SP_ss&mntrId=589b1fbf000000000000485b39f76cef
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.ca/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/07/21 22:57:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
    O4 - HKCU..\Run: [Creative Detector] C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
    O4 - HKCU..\Run: [ishutdown2] C:\Program Files (x86)\ishutdown\iShutdown\ilauncher.exe ()
    O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
    O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEBEC50A-0523-446D-979C-2166E23665DB}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/26 18:00:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
    [2012/07/26 17:29:09 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
    [2012/07/26 17:27:05 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
    [2012/07/26 17:04:55 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
    [2012/07/26 16:46:01 | 000,215,040 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
    [2012/07/26 16:42:50 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\RTL8111BCRTL8112L_LAN_V735222009_Win7
    [2012/07/26 16:38:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
    [2012/07/26 16:38:04 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
    [2012/07/26 16:32:36 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
    [2012/07/26 15:55:32 | 000,000,000 | ---D | C] -- C:\4470915eeb6b043b763cac9dcc
    [2012/07/26 05:30:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
    [2012/07/26 03:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/07/26 03:45:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
    [2012/07/26 03:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2012/07/26 03:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
    [2012/07/26 03:41:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2012/07/26 03:24:14 | 000,773,632 | ---- | C] (Robert Simpson, et al.) -- C:\Users\User\AppData\Roaming\System.Data.SQLite.dll
    [2012/07/26 03:13:18 | 000,886,272 | ---- | C] (Tigzy) -- C:\Users\User\Desktop\WhyIGotInfected.exe
    [2012/07/25 14:39:49 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\RK_Quarantine
    [2012/07/25 04:01:42 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
    [2012/07/25 02:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/07/25 01:18:50 | 000,000,000 | ---D | C] -- C:\ProgramData\7531CC770009EDE70303F3074F147CE7
    [2012/07/24 15:41:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3AF9414B-43AF-4E4F-AAED-C7D22DAC1E29}
    [2012/07/24 15:41:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2B16D1FC-F499-4A94-A7DA-27A930D0216E}
    [2012/07/24 15:14:37 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/07/24 02:08:28 | 002,322,184 | ---- | C] (ESET) -- C:\Users\User\Desktop\esetsmartinstaller_enu.exe
    [2012/07/22 23:00:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    [2012/07/21 23:04:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/21 22:58:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/21 22:48:16 | 004,582,474 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
    [2012/07/19 01:07:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{47F569FA-D49F-4BFA-B107-50D6F4646E98}
    [2012/07/19 01:07:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{52FCC9BD-51F0-488F-ADF9-E23891FB76AB}
    [2012/07/18 13:39:51 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
    [2012/07/18 13:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
    [2012/07/18 13:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/18 13:31:10 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/18 13:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/17 17:45:23 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/17 15:29:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2012/07/17 15:08:15 | 001,437,107 | ---- | C] (Farbar) -- C:\Users\User\Desktop\FRST64.exe
    [2012/07/15 01:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/07/15 01:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/07/15 00:39:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\User\Desktop\dds.scr
    [2012/07/14 01:05:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/14 01:05:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/14 01:05:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/14 01:05:26 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/14 01:05:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/12 12:14:00 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012/07/05 22:24:27 | 000,000,000 | ---D | C] -- C:\MyAudio
    [2012/07/05 22:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2012/07/05 22:22:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Babylon
    [2012/07/05 22:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2012/07/05 14:14:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C10A0F99-E347-4810-9CC8-A7EABBB435FA}
    [2012/07/05 14:13:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6B40FE08-5D1F-40F4-8E53-57117E930208}
    [2012/06/28 16:26:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1F8E927B-8889-4CB5-AC23-C1547454A102}
    [2012/06/28 16:25:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D54BE971-E239-487F-9D1C-DFBB5CA13F05}
    [2012/06/27 11:13:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{09BD7D8B-4489-4270-8858-A75DE8689E6B}
    [2012/06/27 11:12:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1BA0E979-F501-4281-AE03-E813D706815E}
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/27 04:58:17 | 000,020,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/27 04:58:17 | 000,020,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/27 04:57:26 | 000,729,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/27 04:57:26 | 000,630,542 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/27 04:57:26 | 000,111,626 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/27 04:50:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/27 04:50:08 | 3119,030,272 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/27 04:49:39 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000007-00000000-00000002-00001102-00000005-00211102}.rfx
    [2012/07/27 04:49:39 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000007-00000000-00000002-00001102-00000005-00211102}.rfx
    [2012/07/27 04:49:39 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000007-00000000-00000002-00001102-00000005-00211102}.rfx
    [2012/07/27 04:33:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/27 04:28:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-592917798-1658097988-3837472857-1000UA.job
    [2012/07/27 04:28:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-592917798-1658097988-3837472857-1000Core.job
    [2012/07/26 18:30:37 | 000,300,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/07/26 18:11:25 | 000,773,632 | ---- | M] (Robert Simpson, et al.) -- C:\Users\User\AppData\Roaming\System.Data.SQLite.dll
    [2012/07/26 16:42:55 | 000,215,040 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
    [2012/07/26 16:42:55 | 000,067,584 | ---- | M] () -- C:\Windows\SysNative\RtNicProp64.dll
    [2012/07/26 16:37:59 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
    [2012/07/26 16:29:47 | 000,053,248 | ---- | M] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
    [2012/07/26 16:25:53 | 001,656,601 | ---- | M] () -- C:\Users\User\Desktop\AiCharger_V10006_XpVistaWin7.zip
    [2012/07/26 03:28:23 | 000,001,437 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/07/26 03:24:53 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2012/07/26 03:24:50 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2012/07/26 03:19:07 | 000,002,044 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/07/26 03:13:19 | 000,886,272 | ---- | M] (Tigzy) -- C:\Users\User\Desktop\WhyIGotInfected.exe
    [2012/07/25 14:38:28 | 001,552,384 | ---- | M] () -- C:\Users\User\Desktop\RogueKiller.exe
    [2012/07/25 04:39:14 | 000,000,512 | ---- | M] () -- C:\Users\User\Desktop\MBR.dat
    [2012/07/25 04:02:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
    [2012/07/24 20:09:47 | 000,000,055 | ---- | M] () -- C:\Windows\SysWow64\BRDH2270DW.DAT
    [2012/07/24 02:08:36 | 002,322,184 | ---- | M] (ESET) -- C:\Users\User\Desktop\esetsmartinstaller_enu.exe
    [2012/07/22 23:00:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    [2012/07/21 22:57:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/21 22:48:19 | 004,582,474 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
    [2012/07/18 13:31:11 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/17 15:56:18 | 3224,686,592 | ---- | M] () -- C:\Users\User\Desktop\X15-65733.iso
    [2012/07/17 15:08:15 | 001,437,107 | ---- | M] (Farbar) -- C:\Users\User\Desktop\FRST64.exe
    [2012/07/16 09:22:41 | 000,000,212 | ---- | M] () -- C:\Users\User\Desktop\VirHelp.url
    [2012/07/15 01:05:00 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/07/15 01:04:42 | 000,735,282 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/15 00:39:21 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\User\Desktop\dds.scr
    [2012/07/14 11:52:17 | 000,302,592 | ---- | M] () -- C:\Users\User\Desktop\4r3mlo0h.exe
    [2012/07/14 01:20:47 | 522,565,534 | ---- | M] () -- C:\Users\User\Desktop\Hirens.BootCD.15.1.zip
    [2012/07/06 04:36:46 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
    [2012/07/06 04:36:46 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
    [2012/07/05 22:22:46 | 000,000,249 | ---- | M] () -- C:\user.js
    [2012/07/05 20:43:58 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2012/07/05 20:43:57 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [2012/07/05 20:43:57 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
    [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/26 17:29:51 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
    [2012/07/26 17:29:07 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
    [2012/07/26 17:27:13 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
    [2012/07/26 17:27:12 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
    [2012/07/26 17:27:11 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
    [2012/07/26 16:46:01 | 000,067,584 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
    [2012/07/26 16:25:52 | 001,656,601 | ---- | C] () -- C:\Users\User\Desktop\AiCharger_V10006_XpVistaWin7.zip
    [2012/07/26 03:42:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2012/07/26 03:24:53 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2012/07/26 03:24:50 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2012/07/25 14:38:28 | 001,552,384 | ---- | C] () -- C:\Users\User\Desktop\RogueKiller.exe
    [2012/07/25 05:01:44 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/25 04:39:14 | 000,000,512 | ---- | C] () -- C:\Users\User\Desktop\MBR.dat
    [2012/07/24 20:09:47 | 000,000,055 | ---- | C] () -- C:\Windows\SysWow64\BRDH2270DW.DAT
    [2012/07/18 13:31:11 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/17 15:38:12 | 3224,686,592 | ---- | C] () -- C:\Users\User\Desktop\X15-65733.iso
    [2012/07/16 09:22:28 | 000,000,212 | ---- | C] () -- C:\Users\User\Desktop\VirHelp.url
    [2012/07/15 01:04:48 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/07/14 11:52:15 | 000,302,592 | ---- | C] () -- C:\Users\User\Desktop\4r3mlo0h.exe
    [2012/07/14 01:14:55 | 522,565,534 | ---- | C] () -- C:\Users\User\Desktop\Hirens.BootCD.15.1.zip
    [2012/07/14 01:05:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/14 01:05:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/14 01:05:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/14 01:05:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/14 01:05:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/10 23:19:53 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/07/06 04:36:46 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm
    [2012/07/06 04:36:46 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm
    [2012/07/05 22:22:45 | 000,000,249 | ---- | C] () -- C:\user.js
    [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2012/02/29 05:38:47 | 000,003,584 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/02/16 00:38:54 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
    [2012/02/16 00:38:52 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
    [2011/03/17 22:07:15 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/02/07 04:21:50 | 000,735,282 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/01/20 17:48:29 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2010/12/18 11:47:17 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2010/12/18 11:47:17 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2010/09/13 13:26:19 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2010/09/13 13:26:16 | 000,030,566 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

    ========== LOP Check ==========

    [2012/07/26 19:04:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Azureus
    [2012/07/05 22:22:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon
    [2011/09/22 06:43:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Command & Conquer 3 Tiberium Wars
    [2011/09/13 21:56:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Command & Conquer 3 Tiberium Wars Demo
    [2012/06/14 00:25:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Day 1 Studios
    [2012/05/26 10:34:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FrostWire
    [2011/12/14 04:39:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IrfanView
    [2011/12/15 01:05:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LibreOffice
    [2012/05/07 02:46:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PacificPoker
    [2011/10/27 01:45:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Red Kawa
    [2011/01/06 06:44:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Regensoft
    [2011/11/12 08:50:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\System
    [2012/04/18 02:34:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SystemRequirementsLab
    [2011/09/01 00:50:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\The Creative Assembly
    [2011/07/21 17:56:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUpMedia
    [2011/01/19 12:07:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Windows Live Writer
    [2012/01/28 03:10:17 | 000,000,000 | --SD | M] -- C:\Users\User\AppData\Roaming\wyUpdate AU
    [2012/03/30 22:51:10 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Looks good from here. Everything else looks fine! Your logs appear to be clean. If there are no more issues, then we shall clean up!

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Please download TFC by OldTimer to your desktop
    • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start
      button to begin the process. Depending on how often you clean temp
      files, execution time should be anywhere from a few seconds to a minute
      or two. Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Tell me in your next reply, if you have completed these tasks:
    • Cleaned System Restore
    • Ran OTC
    • Ran TFC
    • Ran Security Check
    Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.
  25. Brennan

    Brennan TechSpot Enthusiast Topic Starter Posts: 101

    Before I remove the tools I wanted to mention I still go to Babylon search whenever I open a new tab in Firefox/Chrome.
    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=11...ss&mntrId=589b1fbf000000000000485b39f76cef&q="
    [2012/07/05 22:22:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon

    Can you help me get rid of all that Babylon stuff I never actual installed it it just showed up after I downloaded some freeware video application. Thanks again.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.