Brian Kelly
Posts: 41 +0
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/09/28 10:01:45 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{52D25318-4AF0-419C-BC04-C27ECB27D768}
[2012/09/27 17:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/09/26 17:29:05 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/09/26 15:50:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/26 15:50:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/26 15:50:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/26 15:49:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/26 15:48:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/26 15:48:00 | 004,756,287 | R--- | C] (Swearware) -- C:\Users\HP\Desktop\svchost.exe.exe
[2012/09/26 15:19:22 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\RK_Quarantine
[2012/09/26 15:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/09/26 15:10:59 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Qwiklinx
[2012/09/26 15:10:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Qwiklinx
[2012/09/26 15:10:49 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 27
[2012/09/26 15:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shop to Win 27
[2012/09/26 15:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-zip
[2012/09/26 15:10:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-zip
[2012/09/26 15:10:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Consumer Input
[2012/09/26 15:09:26 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\DefaultTab
[2012/09/26 15:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/09/26 15:08:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2012/09/26 15:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012/09/26 15:08:33 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Yahoo!
[2012/09/26 15:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012/09/26 15:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/09/26 15:03:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WiseConvert
[2012/09/26 14:17:01 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Malwarebytes
[2012/09/26 14:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/26 14:16:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/26 14:16:47 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/26 14:16:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/26 14:05:39 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{EB12702E-D0E5-477F-B75F-90ECA385C206}
[2012/09/26 12:42:35 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{EE1F7AC9-D5B1-419D-ABBB-E63BD7D5811C}
[2012/09/26 09:29:34 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/09/26 00:20:53 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{0A802E64-116D-493B-AEF6-714983CE8A84}
[2012/09/25 12:20:27 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{81D85EEB-1086-4562-8111-2130FB16DD6A}
[2012/09/24 22:04:39 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{65935919-1290-485F-8A53-116BE7681923}
[2012/09/24 12:42:54 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Bitconstructor
[2012/09/23 22:53:27 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{D8FC46B6-2C8E-4251-8CCD-9044C00269F0}
[2012/09/23 09:25:46 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/23 09:25:46 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/23 09:25:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/23 09:25:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/23 09:25:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/23 09:25:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/23 09:25:42 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/23 09:25:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/23 09:25:40 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/23 09:25:40 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/23 09:25:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/23 09:25:40 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/23 09:25:35 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/23 09:25:34 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/23 09:25:34 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/23 09:22:29 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{2C978A3C-36FA-428E-BB14-3E9CC2BACFAE}
[2012/09/22 07:10:12 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{954596D8-6CD0-4FF2-9B53-8E203563F758}
[2012/09/21 16:59:13 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{801DEF11-EDD7-4613-B07A-952E5D036EAE}
[2012/09/20 23:23:36 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{40DDB4B3-01C3-4908-BA8F-748DB63C80F6}
[2012/09/20 14:09:06 | 000,000,000 | R--D | C] -- C:\Users\HP\Dropbox
[2012/09/20 14:00:49 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/09/20 13:59:41 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Dropbox
[2012/09/20 00:11:29 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{464AE01B-5D1B-4A74-BA02-1267361C8C61}
[2012/09/19 08:35:01 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{0B74C9C4-1198-4A7A-8EA9-C312DA7E0407}
[2012/09/18 08:41:18 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{9275E41D-A90F-4518-9E39-E0F4602E3C8D}
[2012/09/17 09:01:38 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{CE23DC19-64AC-4A6E-ABA3-21A8BBE1E451}
[2012/09/16 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{B339E967-D15A-49AB-9D87-48421C37999B}
[2012/09/16 07:32:08 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{2DD82A21-3C80-4F26-8A38-D86BA26B5C1F}
[2012/09/15 07:44:24 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{2514DA98-2C82-4DE3-B47D-A7D9486EB7AC}
[2012/09/14 11:28:20 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{5EDD95D0-919B-46FB-B2A7-48FA7EC4B8EF}
[2012/09/13 13:18:57 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{C47A0429-2ED0-4169-9BA3-355DDAE5EF11}
[2012/09/13 00:07:17 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{EB49356C-AE11-434F-80EA-15DDEF5F3DD6}
[2012/09/12 11:44:22 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{31CC4A97-FABE-48CF-8432-8E047D55C24B}
[2012/09/12 10:46:00 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/12 10:45:58 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/12 10:45:57 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/12 10:45:57 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/11 21:19:42 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{0B354537-8101-4774-898C-9E12F1A12B0C}
[2012/09/11 11:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2012/09/11 11:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Center
[2012/09/11 09:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/09/11 09:19:17 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{19249C39-5282-42E7-97F0-5395D3B2F827}
[2012/09/10 00:53:24 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{D83EE0D6-C28D-4433-8C3F-33B6B5748E45}
[2012/09/09 09:15:28 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{50292DB7-CC7E-496C-8D22-CB39131F0641}
[2012/09/08 19:42:02 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{6B3FF494-88FF-434E-8CAA-5E755B6D0228}
[2012/09/07 12:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/07 09:17:45 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{0CF27CF3-C351-4C23-87E5-53BBDE1047B3}
[2012/09/05 23:58:52 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{3EC96BAE-1D4B-4FEB-8588-80DA8BE184BE}
[2012/09/05 11:39:02 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{AF1A07A3-6B01-447D-BE94-22CCDD3190D6}
[2012/09/04 23:13:55 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{1A58BA52-887E-4A89-A7C7-6D2FE8220EAC}
[2012/09/04 18:16:54 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Phone Transfer
[2012/09/04 06:53:11 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{82841809-1E4C-476F-973F-C5A64D1D5987}
[2012/09/03 12:52:53 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/09/03 04:33:16 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{128BD68A-A771-419F-AA10-E37C2C968AC8}
[2012/09/02 13:06:37 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{09ABF84A-83A1-451D-8A6A-9E71137D1677}
[2012/09/01 03:04:45 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{7CDED6BA-C889-497B-8FC2-0270A44A339F}
[2012/08/31 10:29:56 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{3ECAD69B-D935-44D0-B8E6-2DBE1969A658}
[2012/08/30 13:06:06 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{2FF8B5CA-CA24-47D8-B2D6-5A262C8CFA36}
[2012/08/30 01:05:41 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{220482C5-DA12-4D8D-B6FE-57E09C363375}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\HP\Desktop\*.tmp files -> C:\Users\HP\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/09/28 14:23:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/28 13:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/28 08:16:00 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/28 08:16:00 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/28 08:12:29 | 095,916,623 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/09/28 08:00:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/27 19:23:41 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/27 15:45:11 | 3018,190,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/26 17:55:41 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/26 17:55:41 | 000,627,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/26 17:55:41 | 000,107,600 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/26 17:28:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/26 15:48:00 | 004,756,287 | R--- | M] (Swearware) -- C:\Users\HP\Desktop\svchost.exe.exe
[2012/09/26 15:20:00 | 001,391,616 | ---- | M] () -- C:\Users\HP\Desktop\RogueKiller.exe
[2012/09/26 14:16:50 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/25 18:26:01 | 000,404,959 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/09/24 15:21:48 | 002,179,261 | ---- | M] () -- C:\Users\HP\Desktop\2012_NAICS Definition_File.pdf
[2012/09/20 14:09:06 | 000,001,033 | ---- | M] () -- C:\Users\HP\Desktop\Dropbox.lnk
[2012/09/20 14:01:07 | 000,001,043 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/09/17 22:21:42 | 000,120,746 | ---- | M] () -- C:\Users\HP\Desktop\mre.pdf
[2012/09/14 11:26:28 | 000,416,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/11 11:01:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/09/11 10:44:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/09/11 09:24:13 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/03 12:52:53 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\HP\Desktop\*.tmp files -> C:\Users\HP\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/09/26 15:50:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/26 15:50:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/26 15:50:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/26 15:50:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/26 15:50:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/26 15:20:00 | 001,391,616 | ---- | C] () -- C:\Users\HP\Desktop\RogueKiller.exe
[2012/09/26 14:16:50 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/24 15:21:48 | 002,179,261 | ---- | C] () -- C:\Users\HP\Desktop\2012_NAICS Definition_File.pdf
[2012/09/20 14:09:06 | 000,001,033 | ---- | C] () -- C:\Users\HP\Desktop\Dropbox.lnk
[2012/09/20 14:01:07 | 000,001,043 | ---- | C] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/09/17 22:21:42 | 000,120,746 | ---- | C] () -- C:\Users\HP\Desktop\mre.pdf
[2012/09/11 11:01:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/09/11 10:44:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/08/11 17:36:45 | 000,027,520 | ---- | C] () -- C:\Users\HP\AppData\Local\dt.dat
[2012/02/06 16:42:50 | 000,207,547 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011/09/19 12:43:55 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/09/19 12:43:54 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7220.DAT
[2011/04/09 07:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/02 17:02:47 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/04 10:29:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/07 07:02:56 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
========== Custom Scans ==========
< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >
< %AppData%\Local\ >
< %systemroot%\system32\sysprep >
< *.xpi /md5 >
< %systemroot%\Downloaded Program Files\ >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/07 12:56:14 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/07 12:56:14 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/07 12:56:14 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/09/07 12:56:16 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/09/07 12:56:16 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/07 12:56:16 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/11/22 10:54:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/11/22 10:54:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/11/22 10:54:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/09/07 12:56:14 | 000,883,896 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/09/07 12:56:14 | 000,883,896 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/09/07 12:56:14 | 000,883,896 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/09/07 12:56:16 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/09/07 12:56:16 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/09/07 12:56:16 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/11/22 10:54:51 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/11/22 10:54:51 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/11/22 10:54:51 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\system32\drivers\*.sys /90 >
< %systemroot%\System32\config\*.sav >
< %SYSTEMDRIVE%\*.exe /md5 >
< "%WinDir%\$NtUninstallKB*$." /30 >
< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >
< %systemroot%\*. /mp /s >
< %systemroot%\*. /rp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 21:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\Installer\ /s >
< %systemroot%\system32\Cache\ /s >
< %systemroot%\system32\config\systemprofile\Application Data /s >
< %PROGRAMFILES%\*. >
[2012/09/26 15:10:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\7-zip
[2011/06/23 03:56:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2011/02/01 08:24:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AMD
[2011/02/26 04:05:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ASIO4ALL v2
[2011/09/08 10:29:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG
[2012/09/03 12:53:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG Secure Search
[2010/12/17 23:42:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BitZipper
[2010/12/18 05:11:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Combined Community Codec Pack
[2012/09/26 17:23:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2012/09/26 15:03:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
[2012/09/26 15:10:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Consumer Input
[2012/09/27 17:55:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ESET
[2012/09/26 15:10:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2012/08/24 10:33:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2012/01/21 00:32:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2012/02/06 16:49:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP
[2011/02/26 04:05:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Image-Line
[2012/01/21 00:45:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/09/23 09:42:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2012/01/12 10:51:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2012/09/26 14:16:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/17 09:33:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2010/07/02 12:53:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft ActiveSync
[2010/11/07 06:49:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/05/06 14:46:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010/11/07 06:52:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2012/05/11 03:35:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/11/07 06:52:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/11/07 06:52:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/11/07 06:52:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010/07/02 12:53:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/11/07 06:50:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/12/26 06:47:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2012/09/07 13:58:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2011/04/07 01:52:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8
[2012/09/11 10:40:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2010/11/07 06:53:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2012/08/24 10:27:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2011/02/21 21:23:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Outsim
[2012/09/26 15:10:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Qwiklinx
[2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2012/08/24 10:20:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Secunia
[2012/09/27 18:15:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Shop to Win 27
[2012/08/24 10:30:08 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2011/01/31 13:48:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SP45119
[2010/12/16 13:17:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TransCore
[2009/07/14 00:57:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/10/25 05:16:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Veetle
[2010/10/18 00:40:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\vShare
[2011/02/27 04:05:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VstPlugins
[2011/02/08 14:16:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vuze
[2010/07/09 15:50:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2012/04/17 09:30:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2011/09/18 19:46:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/09/18 19:46:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2011/09/18 19:46:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2011/09/18 19:46:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/09/18 19:46:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2012/09/26 15:04:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WiseConvert
[2012/08/24 10:13:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WOT
[2012/09/26 15:08:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!
< %appdata%\*.* >
< MD5 for: AFD.SYS >
[2011/12/27 23:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/27 23:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/28 00:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2011/04/24 22:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009/07/13 19:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2011/12/28 00:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
[2010/11/20 05:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/24 22:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/12/27 23:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
[2011/04/24 23:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011/04/24 22:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys
< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CRYPTSVC.DLL >
[2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\erdnt\cache86\cryptsvc.dll
[2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\SysWOW64\cryptsvc.dll
[2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2010/11/20 09:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2012/04/24 00:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2012/04/24 01:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\erdnt\cache64\cryptsvc.dll
[2012/04/24 01:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\SysNative\cryptsvc.dll
[2012/04/24 01:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
[2012/04/24 00:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
[2009/07/13 21:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009/07/13 21:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 08:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2012/04/24 01:22:32 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=B7337E9C9E5936355BB700AA33E0936E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll
[2012/04/24 01:36:46 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=CE8BF1423AEE47DA5275FBC8AD3BD642 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_d2773c98cda297d3\cryptsvc.dll
[2012/04/24 01:59:45 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=F02786B66375292E58C8777082D4396D -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll
[2012/04/24 00:33:53 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=F522279B4717E2BFF269C771FAC2B78E -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll
< MD5 for: DNSRSLVR.DLL >
[2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\SysNative\dnsrslvr.dll
[2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsrslvr.dll
[2009/07/13 21:40:32 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=676108C4E3AA6F6B34633748BD0BEBD9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_3dd76e849c0a6a12\dnsrslvr.dll
[2011/03/03 02:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=85CF424C74A1D5EC33533E1DBFF9920A -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_3ddf452a9c04f6b8\dnsrslvr.dll
[2011/03/03 02:12:55 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=B2205BAEAE4C178ABEB1B149751FC2B9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsrslvr.dll
[2010/11/20 09:26:07 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=CD55F5355D8F55D44C9F4ED875705BD6 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsrslvr.dll
[2011/03/03 02:23:37 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=D8065FA366D28746EE3D75F08ED6B2FE -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_3eabc3f7b4f01eb1\dnsrslvr.dll
< MD5 for: ES.DLL >
[2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\erdnt\cache64\es.dll
[2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\SysNative\es.dll
[2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
[2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\erdnt\cache86\es.dll
[2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\SysWOW64\es.dll
[2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/09/28 10:01:45 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{52D25318-4AF0-419C-BC04-C27ECB27D768}
[2012/09/27 17:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/09/26 17:29:05 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/09/26 15:50:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/26 15:50:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/26 15:50:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/26 15:49:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/26 15:48:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/26 15:48:00 | 004,756,287 | R--- | C] (Swearware) -- C:\Users\HP\Desktop\svchost.exe.exe
[2012/09/26 15:19:22 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\RK_Quarantine
[2012/09/26 15:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/09/26 15:10:59 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Qwiklinx
[2012/09/26 15:10:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Qwiklinx
[2012/09/26 15:10:49 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 27
[2012/09/26 15:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shop to Win 27
[2012/09/26 15:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-zip
[2012/09/26 15:10:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-zip
[2012/09/26 15:10:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Consumer Input
[2012/09/26 15:09:26 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\DefaultTab
[2012/09/26 15:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/09/26 15:08:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2012/09/26 15:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012/09/26 15:08:33 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Yahoo!
[2012/09/26 15:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012/09/26 15:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/09/26 15:03:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WiseConvert
[2012/09/26 14:17:01 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Malwarebytes
[2012/09/26 14:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/26 14:16:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/26 14:16:47 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/26 14:16:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/26 14:05:39 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{EB12702E-D0E5-477F-B75F-90ECA385C206}
[2012/09/26 12:42:35 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{EE1F7AC9-D5B1-419D-ABBB-E63BD7D5811C}
[2012/09/26 09:29:34 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/09/26 00:20:53 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{0A802E64-116D-493B-AEF6-714983CE8A84}
[2012/09/25 12:20:27 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{81D85EEB-1086-4562-8111-2130FB16DD6A}
[2012/09/24 22:04:39 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{65935919-1290-485F-8A53-116BE7681923}
[2012/09/24 12:42:54 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Bitconstructor
[2012/09/23 22:53:27 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{D8FC46B6-2C8E-4251-8CCD-9044C00269F0}
[2012/09/23 09:25:46 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/23 09:25:46 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/23 09:25:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/23 09:25:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/23 09:25:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/23 09:25:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/23 09:25:42 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/23 09:25:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/23 09:25:40 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/23 09:25:40 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/23 09:25:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/23 09:25:40 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/23 09:25:35 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/23 09:25:34 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/23 09:25:34 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/23 09:22:29 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{2C978A3C-36FA-428E-BB14-3E9CC2BACFAE}
[2012/09/22 07:10:12 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{954596D8-6CD0-4FF2-9B53-8E203563F758}
[2012/09/21 16:59:13 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{801DEF11-EDD7-4613-B07A-952E5D036EAE}
[2012/09/20 23:23:36 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{40DDB4B3-01C3-4908-BA8F-748DB63C80F6}
[2012/09/20 14:09:06 | 000,000,000 | R--D | C] -- C:\Users\HP\Dropbox
[2012/09/20 14:00:49 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/09/20 13:59:41 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Dropbox
[2012/09/20 00:11:29 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{464AE01B-5D1B-4A74-BA02-1267361C8C61}
[2012/09/19 08:35:01 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{0B74C9C4-1198-4A7A-8EA9-C312DA7E0407}
[2012/09/18 08:41:18 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{9275E41D-A90F-4518-9E39-E0F4602E3C8D}
[2012/09/17 09:01:38 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{CE23DC19-64AC-4A6E-ABA3-21A8BBE1E451}
[2012/09/16 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{B339E967-D15A-49AB-9D87-48421C37999B}
[2012/09/16 07:32:08 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{2DD82A21-3C80-4F26-8A38-D86BA26B5C1F}
[2012/09/15 07:44:24 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{2514DA98-2C82-4DE3-B47D-A7D9486EB7AC}
[2012/09/14 11:28:20 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{5EDD95D0-919B-46FB-B2A7-48FA7EC4B8EF}
[2012/09/13 13:18:57 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{C47A0429-2ED0-4169-9BA3-355DDAE5EF11}
[2012/09/13 00:07:17 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{EB49356C-AE11-434F-80EA-15DDEF5F3DD6}
[2012/09/12 11:44:22 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{31CC4A97-FABE-48CF-8432-8E047D55C24B}
[2012/09/12 10:46:00 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/12 10:45:58 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/12 10:45:57 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/12 10:45:57 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/11 21:19:42 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{0B354537-8101-4774-898C-9E12F1A12B0C}
[2012/09/11 11:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2012/09/11 11:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Center
[2012/09/11 09:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/09/11 09:19:17 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{19249C39-5282-42E7-97F0-5395D3B2F827}
[2012/09/10 00:53:24 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{D83EE0D6-C28D-4433-8C3F-33B6B5748E45}
[2012/09/09 09:15:28 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{50292DB7-CC7E-496C-8D22-CB39131F0641}
[2012/09/08 19:42:02 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{6B3FF494-88FF-434E-8CAA-5E755B6D0228}
[2012/09/07 12:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/07 09:17:45 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{0CF27CF3-C351-4C23-87E5-53BBDE1047B3}
[2012/09/05 23:58:52 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{3EC96BAE-1D4B-4FEB-8588-80DA8BE184BE}
[2012/09/05 11:39:02 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{AF1A07A3-6B01-447D-BE94-22CCDD3190D6}
[2012/09/04 23:13:55 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{1A58BA52-887E-4A89-A7C7-6D2FE8220EAC}
[2012/09/04 18:16:54 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Phone Transfer
[2012/09/04 06:53:11 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{82841809-1E4C-476F-973F-C5A64D1D5987}
[2012/09/03 12:52:53 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/09/03 04:33:16 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{128BD68A-A771-419F-AA10-E37C2C968AC8}
[2012/09/02 13:06:37 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{09ABF84A-83A1-451D-8A6A-9E71137D1677}
[2012/09/01 03:04:45 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{7CDED6BA-C889-497B-8FC2-0270A44A339F}
[2012/08/31 10:29:56 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{3ECAD69B-D935-44D0-B8E6-2DBE1969A658}
[2012/08/30 13:06:06 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{2FF8B5CA-CA24-47D8-B2D6-5A262C8CFA36}
[2012/08/30 01:05:41 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{220482C5-DA12-4D8D-B6FE-57E09C363375}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\HP\Desktop\*.tmp files -> C:\Users\HP\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/09/28 14:23:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/28 13:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/28 08:16:00 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/28 08:16:00 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/28 08:12:29 | 095,916,623 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/09/28 08:00:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/27 19:23:41 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/27 15:45:11 | 3018,190,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/26 17:55:41 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/26 17:55:41 | 000,627,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/26 17:55:41 | 000,107,600 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/26 17:28:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/26 15:48:00 | 004,756,287 | R--- | M] (Swearware) -- C:\Users\HP\Desktop\svchost.exe.exe
[2012/09/26 15:20:00 | 001,391,616 | ---- | M] () -- C:\Users\HP\Desktop\RogueKiller.exe
[2012/09/26 14:16:50 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/25 18:26:01 | 000,404,959 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/09/24 15:21:48 | 002,179,261 | ---- | M] () -- C:\Users\HP\Desktop\2012_NAICS Definition_File.pdf
[2012/09/20 14:09:06 | 000,001,033 | ---- | M] () -- C:\Users\HP\Desktop\Dropbox.lnk
[2012/09/20 14:01:07 | 000,001,043 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/09/17 22:21:42 | 000,120,746 | ---- | M] () -- C:\Users\HP\Desktop\mre.pdf
[2012/09/14 11:26:28 | 000,416,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/11 11:01:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/09/11 10:44:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/09/11 09:24:13 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/03 12:52:53 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\HP\Desktop\*.tmp files -> C:\Users\HP\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/09/26 15:50:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/26 15:50:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/26 15:50:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/26 15:50:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/26 15:50:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/26 15:20:00 | 001,391,616 | ---- | C] () -- C:\Users\HP\Desktop\RogueKiller.exe
[2012/09/26 14:16:50 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/24 15:21:48 | 002,179,261 | ---- | C] () -- C:\Users\HP\Desktop\2012_NAICS Definition_File.pdf
[2012/09/20 14:09:06 | 000,001,033 | ---- | C] () -- C:\Users\HP\Desktop\Dropbox.lnk
[2012/09/20 14:01:07 | 000,001,043 | ---- | C] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/09/17 22:21:42 | 000,120,746 | ---- | C] () -- C:\Users\HP\Desktop\mre.pdf
[2012/09/11 11:01:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/09/11 10:44:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/08/11 17:36:45 | 000,027,520 | ---- | C] () -- C:\Users\HP\AppData\Local\dt.dat
[2012/02/06 16:42:50 | 000,207,547 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011/09/19 12:43:55 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/09/19 12:43:54 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7220.DAT
[2011/04/09 07:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/02 17:02:47 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/04 10:29:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/07 07:02:56 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
========== Custom Scans ==========
< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >
< %AppData%\Local\ >
< %systemroot%\system32\sysprep >
< *.xpi /md5 >
< %systemroot%\Downloaded Program Files\ >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/07 12:56:14 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/07 12:56:14 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/07 12:56:14 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/09/07 12:56:16 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/09/07 12:56:16 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/07 12:56:16 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/11/22 10:54:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/11/22 10:54:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/11/22 10:54:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/09/07 12:56:14 | 000,883,896 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/09/07 12:56:14 | 000,883,896 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/09/07 12:56:14 | 000,883,896 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/09/07 12:56:16 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/09/07 12:56:16 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/09/07 12:56:16 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/11/22 10:54:51 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/11/22 10:54:51 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/11/22 10:54:51 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\system32\drivers\*.sys /90 >
< %systemroot%\System32\config\*.sav >
< %SYSTEMDRIVE%\*.exe /md5 >
< "%WinDir%\$NtUninstallKB*$." /30 >
< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >
< %systemroot%\*. /mp /s >
< %systemroot%\*. /rp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 21:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\Installer\ /s >
< %systemroot%\system32\Cache\ /s >
< %systemroot%\system32\config\systemprofile\Application Data /s >
< %PROGRAMFILES%\*. >
[2012/09/26 15:10:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\7-zip
[2011/06/23 03:56:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2011/02/01 08:24:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AMD
[2011/02/26 04:05:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ASIO4ALL v2
[2011/09/08 10:29:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG
[2012/09/03 12:53:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG Secure Search
[2010/12/17 23:42:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BitZipper
[2010/12/18 05:11:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Combined Community Codec Pack
[2012/09/26 17:23:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2012/09/26 15:03:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
[2012/09/26 15:10:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Consumer Input
[2012/09/27 17:55:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ESET
[2012/09/26 15:10:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2012/08/24 10:33:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2012/01/21 00:32:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2012/02/06 16:49:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP
[2011/02/26 04:05:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Image-Line
[2012/01/21 00:45:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/09/23 09:42:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2012/01/12 10:51:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2012/09/26 14:16:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/17 09:33:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2010/07/02 12:53:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft ActiveSync
[2010/11/07 06:49:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/05/06 14:46:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010/11/07 06:52:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2012/05/11 03:35:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/11/07 06:52:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/11/07 06:52:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/11/07 06:52:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010/07/02 12:53:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/11/07 06:50:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/12/26 06:47:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2012/09/07 13:58:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2011/04/07 01:52:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8
[2012/09/11 10:40:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2010/11/07 06:53:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2012/08/24 10:27:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2011/02/21 21:23:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Outsim
[2012/09/26 15:10:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Qwiklinx
[2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2012/08/24 10:20:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Secunia
[2012/09/27 18:15:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Shop to Win 27
[2012/08/24 10:30:08 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2011/01/31 13:48:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SP45119
[2010/12/16 13:17:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TransCore
[2009/07/14 00:57:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/10/25 05:16:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Veetle
[2010/10/18 00:40:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\vShare
[2011/02/27 04:05:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VstPlugins
[2011/02/08 14:16:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vuze
[2010/07/09 15:50:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2012/04/17 09:30:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2011/09/18 19:46:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/09/18 19:46:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2011/09/18 19:46:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2011/09/18 19:46:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/09/18 19:46:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2012/09/26 15:04:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WiseConvert
[2012/08/24 10:13:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WOT
[2012/09/26 15:08:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!
< %appdata%\*.* >
< MD5 for: AFD.SYS >
[2011/12/27 23:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/27 23:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/28 00:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2011/04/24 22:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009/07/13 19:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2011/12/28 00:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
[2010/11/20 05:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/24 22:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/12/27 23:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
[2011/04/24 23:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011/04/24 22:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys
< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CRYPTSVC.DLL >
[2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\erdnt\cache86\cryptsvc.dll
[2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\SysWOW64\cryptsvc.dll
[2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2010/11/20 09:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2012/04/24 00:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2012/04/24 01:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\erdnt\cache64\cryptsvc.dll
[2012/04/24 01:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\SysNative\cryptsvc.dll
[2012/04/24 01:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
[2012/04/24 00:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
[2009/07/13 21:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009/07/13 21:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 08:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2012/04/24 01:22:32 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=B7337E9C9E5936355BB700AA33E0936E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll
[2012/04/24 01:36:46 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=CE8BF1423AEE47DA5275FBC8AD3BD642 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_d2773c98cda297d3\cryptsvc.dll
[2012/04/24 01:59:45 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=F02786B66375292E58C8777082D4396D -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll
[2012/04/24 00:33:53 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=F522279B4717E2BFF269C771FAC2B78E -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll
< MD5 for: DNSRSLVR.DLL >
[2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\SysNative\dnsrslvr.dll
[2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsrslvr.dll
[2009/07/13 21:40:32 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=676108C4E3AA6F6B34633748BD0BEBD9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_3dd76e849c0a6a12\dnsrslvr.dll
[2011/03/03 02:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=85CF424C74A1D5EC33533E1DBFF9920A -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_3ddf452a9c04f6b8\dnsrslvr.dll
[2011/03/03 02:12:55 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=B2205BAEAE4C178ABEB1B149751FC2B9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsrslvr.dll
[2010/11/20 09:26:07 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=CD55F5355D8F55D44C9F4ED875705BD6 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsrslvr.dll
[2011/03/03 02:23:37 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=D8065FA366D28746EE3D75F08ED6B2FE -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_3eabc3f7b4f01eb1\dnsrslvr.dll
< MD5 for: ES.DLL >
[2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\erdnt\cache64\es.dll
[2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\SysNative\es.dll
[2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
[2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\erdnt\cache86\es.dll
[2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\SysWOW64\es.dll
[2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll