Solved Sirefef trojan

tesher07 · Jul 18, 2012

So like many others apparently, I also just got the Sirefef.FC Trojan as well.

Malawarebytes log

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.18.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Tesher :: TESHER-PC [administrator]

7/17/2012 7:49:59 PM
mbam-log-2012-07-17 (19-49-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254722
Time elapsed: 5 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Tesher\AppData\Local\temp\468187657.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

(end)

No GMER log

tesher07 · Jul 18, 2012

DDS log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Tesher at 22:10:26 on 2012-07-17
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3326.1596 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Razer\Mamba\RazerMambaSysTray.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Windows\System32\StikyNot.exe
C:\Users\Tesher\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Razer Mamba Driver] c:\program files\razer\mamba\RazerTray.exe
mRun: [Razer Mamba Elite Driver] c:\program files\razer\mamba\RazerMambaSysTray.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\tesher\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\tesher\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\tesher\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{104E8F57-1D5A-4C18-9EED-220B195F270B} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{78AAEFE7-C15C-42F4-8035-1513D0CB0B92} : DhcpNameServer = 172.27.35.1
TCP: Interfaces\{9F8777B4-9E4D-448D-B59D-14A87D965EDD} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tesher\appdata\roaming\mozilla\firefox\profiles\1mp7cys1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=2&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\tesher\appdata\roaming\mozilla\firefox\profiles\1mp7cys1.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-1-5 239168]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2011-8-9 163424]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-9-22 974944]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-17 655944]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-5-14 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-17 22344]
R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2009-5-25 734208]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2011-8-4 103112]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-2-5 1153368]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-1-10 245760]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2012-1-4 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2012-1-4 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-5-20 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-1-6 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-12-18 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-07-18 03:40:23 -------- d-----w- C:\MGtools
2012-07-18 03:23:03 -------- d-----w- c:\program files\HitmanPro
2012-07-18 03:22:51 -------- d-----w- c:\programdata\HitmanPro
2012-07-18 02:44:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-18 02:44:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-18 02:36:10 1669749 ----a-w- C:\MGtools.exe
2012-07-18 02:18:59 -------- d-----w- c:\program files\CCleaner
2012-07-17 20:19:41 -------- d-----w- c:\users\tesher\appdata\local\{72D2E207-9BEC-4B3D-B094-C2AE0146AF34}
2012-07-17 20:19:30 -------- d-----w- c:\users\tesher\appdata\local\{49B642CB-F60D-4CD2-BBC9-16F85457F4CD}
2012-07-17 19:27:51 -------- d-sh--w- c:\programdata\SecuROM
2012-07-17 19:27:12 -------- d-----w- c:\users\tesher\appdata\local\Rockstar Games
2012-07-17 19:25:34 -------- d-----w- c:\windows\system32\xlive
2012-07-17 19:25:31 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2012-07-17 15:28:04 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{241ac0c4-1e0d-4496-9852-0115d46acae9}\mpengine.dll
2012-07-17 06:49:05 -------- d-----w- c:\users\tesher\appdata\local\{9033BBDE-B18F-41C4-8BDE-694505B8FB38}
2012-07-17 06:48:53 -------- d-----w- c:\users\tesher\appdata\local\{22BB550A-55E1-4EBA-BADE-9E5981F84D73}
2012-07-15 18:39:26 -------- d-----w- c:\users\tesher\appdata\local\{1079D21D-1954-405C-803F-A70A345F4B3D}
2012-07-15 18:39:15 -------- d-----w- c:\users\tesher\appdata\local\{3A780B87-8E6E-4AC2-849F-C82305287C22}
2012-07-14 04:42:30 -------- d-----w- c:\users\tesher\appdata\local\{8AAEED72-CA2E-4D4A-9AE9-9306A2F096A8}
2012-07-14 04:42:20 -------- d-----w- c:\users\tesher\appdata\local\{B85AED15-6FBC-4235-A14B-60C0C54E23DD}
2012-07-12 08:16:38 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 08:15:51 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-09 20:55:44 -------- d-----w- c:\users\tesher\appdata\local\{9738F34F-1C48-4340-918E-C63B58902A03}
2012-07-09 20:55:34 -------- d-----w- c:\users\tesher\appdata\local\{D59D90FF-873B-4075-8069-91B1935D39E4}
2012-07-09 03:44:03 -------- d-----w- c:\users\tesher\appdata\local\Activision
2012-07-08 22:03:10 -------- d-----w- c:\program files\iTunes
2012-07-08 22:03:10 -------- d-----w- c:\program files\iPod
2012-07-08 21:57:11 -------- d-----w- c:\users\tesher\appdata\local\{FBA42229-6A42-4A90-9E62-B342EA0FB138}
2012-07-08 21:56:57 -------- d-----w- c:\users\tesher\appdata\local\{D42AAD77-78C1-4EC1-8E80-21F4AF20E381}
2012-06-28 10:27:55 -------- d-----w- c:\users\tesher\appdata\local\{9BC45243-858C-441B-B556-1F4563B7FB16}
2012-06-28 10:27:45 -------- d-----w- c:\users\tesher\appdata\local\{D5BA5CB4-29A6-453C-A457-BF3EFD79303B}
2012-06-24 21:56:42 -------- d-----w- c:\users\tesher\appdata\local\{784E8ADC-5645-4A16-AB92-3193204DA728}
2012-06-24 21:56:31 -------- d-----w- c:\users\tesher\appdata\local\{8E1490DC-CD15-488D-954E-2D497903F468}
2012-06-23 17:26:55 -------- d-----w- c:\users\tesher\appdata\local\Macromedia
2012-06-23 08:11:34 -------- d-----w- c:\users\tesher\appdata\local\dxhr
2012-06-23 08:07:13 -------- d-----w- c:\users\tesher\appdata\local\28050
2012-06-23 00:33:42 -------- d-----w- c:\users\tesher\appdata\local\{A93143B5-420C-499E-ACB8-85BCCCD2EE09}
2012-06-23 00:33:31 -------- d-----w- c:\users\tesher\appdata\local\{DC301882-CEDD-49FB-A379-F7AED0FA8974}
2012-06-22 06:03:04 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 06:02:46 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 06:02:23 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 06:02:22 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 15:06:42 -------- d-----w- c:\users\tesher\appdata\local\{1D3E46EE-4814-4D26-AB34-DC98C41A4F1B}
2012-06-21 15:06:31 -------- d-----w- c:\users\tesher\appdata\local\{EE11E6FB-C59C-49B1-B262-5524AB9E6971}
2012-06-21 04:46:49 -------- d-----w- c:\users\tesher\appdata\local\{8D0FD221-B720-4F34-8B86-D0C088A9D94A}
2012-06-20 20:20:20 -------- d-----w- c:\users\tesher\appdata\local\{8C0365DE-1A50-4908-8097-0158F137447B}
2012-06-20 20:20:08 -------- d-----w- c:\users\tesher\appdata\local\{EA9F6293-5A66-49CC-A977-6121B69989B5}
2012-06-19 21:15:34 -------- d-----w- c:\users\tesher\appdata\local\{24C4B6F1-E952-4FF8-8191-F6AEA52B2646}
2012-06-19 21:15:24 -------- d-----w- c:\users\tesher\appdata\local\{4260D7C6-863B-4B6B-A895-E1FDC48AE6A0}
2012-06-19 09:14:50 -------- d-----w- c:\users\tesher\appdata\local\{9D7984BE-FEE6-40D2-9B49-38C47CF625AF}
2012-06-19 09:14:40 -------- d-----w- c:\users\tesher\appdata\local\{5E6AFF71-76F7-413A-88C7-6DBC9FAB7333}
2012-06-18 21:14:15 -------- d-----w- c:\users\tesher\appdata\local\{D01CBB46-372C-49DA-AD6E-686F7F118808}
.
==================== Find3M ====================
.
2012-07-17 19:26:48 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-07-13 03:50:09 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-07-13 03:50:09 139152 ----a-w- c:\users\tesher\appdata\roaming\PnkBstrK.sys
2012-07-13 03:49:56 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-07-13 03:49:50 794408 ----a-w- c:\windows\system32\pbsvc.exe
2012-07-13 03:49:50 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-07-13 02:05:54 111928 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-07-11 23:59:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-11 23:59:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 19:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-27 07:37:42 281032 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36:42 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- c:\windows\system32\cryptnet.dll
2009-03-13 18:58:59 550248 ----a-r- c:\program files\DeployUi.dll
2009-03-13 18:58:59 106344 ----a-r- c:\program files\LiteHtml.dll
2009-03-13 18:58:58 87704 ----a-r- c:\program files\AcSetup.dll
2009-03-13 18:58:58 6808 ----a-r- c:\program files\AcSetupRes.dll
2009-03-13 18:58:56 161640 ----a-r- c:\program files\AcDelTree.exe
.
============= FINISH: 22:10:49.12 ===============

tesher07 · Jul 18, 2012

Attach Log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/18/2011 4:40:41 PM
System Uptime: 7/17/2012 8:15:47 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0TP406
Processor: Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz | CPU | 2992/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1397 GiB total, 491.964 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
K: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB HS-CF Card
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB___HS-CF_CARD&REV_7.08#000001013CB3&0#
Manufacturer: DELL
Name: F:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB___HS-CF_CARD&REV_7.08#000001013CB3&0#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB HS-MS Card
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB___HS-MS_CARD&REV_7.08#000001013CB3&2#
Manufacturer: DELL
Name: H:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB___HS-MS_CARD&REV_7.08#000001013CB3&2#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB HS-SD Card
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB___HS-SD_CARD&REV_7.08#000001013CB3&3#
Manufacturer: DELL
Name: I:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB___HS-SD_CARD&REV_7.08#000001013CB3&3#
Service: WUDFRd
.
Class GUID: {997b5d8d-c442-4f2e-baf3-9c8e671e9e21}
Description: XPS MiniView
Device ID: USB\VID_BEEF&PID_0006\AAAAAAAAAAAAAAAAAAAA
Manufacturer: Microsoft Co
Name: XPS MiniView
PNP Device ID: USB\VID_BEEF&PID_0006\AAAAAAAAAAAAAAAAAAAA
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB HS-xD/SM
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB___HS-XD#SM&REV_7.08#000001013CB3&1#
Manufacturer: DELL
Name: G:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB___HS-XD#SM&REV_7.08#000001013CB3&1#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP173: 7/12/2012 1:15:04 AM - Windows Update
RP175: 7/12/2012 6:27:27 PM - Installed DirectX
RP176: 7/12/2012 6:28:57 PM - Installed GameSpy Comrade.
RP178: 7/15/2012 6:27:45 PM - Installed DirectX
RP179: 7/17/2012 8:25:55 AM - Windows Update
RP181: 7/17/2012 12:21:07 PM - Installed DirectX
RP183: 7/17/2012 12:23:32 PM - Installed DirectX
RP185: 7/17/2012 12:25:37 PM - Installed DirectX
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Able2Extract Professional 7.0
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Common File Installer
Adobe Community Help
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Viewer CS3
Adobe Media Player
Adobe PDF Library Files
Adobe Photoshop CS5
Adobe Photoshop Elements 6.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Adobe Reader X (10.1.3)
Adobe Setup
Adobe Shockwave Player
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Soundbooth CS3 Scores
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Age of Empires® III: Complete Collection
AI War: Fleet Command
Amnesia: The Dark Descent
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Autodesk 3ds Max 2010 32-bit
Autodesk 3ds Max 2010 32-bit Additional Files (2010.06.08)
Autodesk Backburner 2008.1
Autodesk FBX Plugin 2009.4 - 3ds Max 2010
Battlefield 2
Bing Bar
Bonjour
Brawl Busters
Brother MFL-Pro Suite MFC-J615W
CCleaner
Company of Heroes: Tales of Valor
Creative ALchemy
Creative Audio Control Panel
Creative Console Launcher
Creative MediaSource
Creative MediaSource 5
Creative Software AutoUpdate
Creative Sound Blaster Properties
Creative WaveStudio 7
Crusader Kings II
D3DX10
DAEMON Tools Lite
Dark Messiah Might and Magic Single Player
Dear Esther
Deus Ex: Human Revolution
Deus Ex: Human Revolution - The Missing Link
Diablo II
Diablo III
DivX Setup
Dropbox
EA SPORTS online 2008
ESET NOD32 Antivirus
Fallout: New Vegas
Free Window Registry Repair
GameSpy Comrade
GCFScape 1.8.2
GIMP 2.6.11
GPL Ghostscript
Hearts of Iron III
Hitman 2: Silent Assassin
Hitman: Blood Money
Hitman: Codename 47
iTunes
Java Auto Updater
Java(TM) 6 Update 30
Java(TM) 7 Update 4
JavaFX 2.1.0
Junk Mail filter update
LIMBO
LockHunter version 1.0 beta 3, 32 bit edition
Madden NFL 08
Malwarebytes Anti-Malware version 1.62.0.1300
Mamba Firmware Updater 1.13
Mesh Runtime
Messenger Companion
Metro 2033
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Midnight Club II
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA 3D Vision Controller Driver 296.10
NVIDIA 3D Vision Driver 296.10
NVIDIA Control Panel 296.10
NVIDIA Graphics Driver 296.10
NVIDIA Install Application
NVIDIA Photoshop Plug-ins
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.7.11
NVIDIA Update Components
OpenAL
Orcs Must Die!
Origin
PaperPort Image Printer
PAYDAY: The Heist
PDF Settings CS5
Picasa 3
PunkBuster Services
QuickTime
Razer Mamba
Realm of the Mad God
Red Orchestra 2: Heroes of Stalingrad
Rochard
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Tools
Roxio EasyArchive
Roxio MyDVD Premier
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Click to Call
Skype™ 5.9
Sonic CinePlayer Decoder Pack
SoundFont Bank Manager
Space Pirates and Zombies
Spybot - Search & Destroy
Steam
StudioCompiler v0.4A
Terraria
The Binding of Isaac
The Ship
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrentBar Toolbar
VC80CRTRedist - 8.0.50727.6195
VLC media player 2.0.1
VTFEdit 1.3.3
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows XP Mode
WinRAR 4.01 (32-bit)
Wolfenstein
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/17/2012 8:16:38 PM, Error: Service Control Manager [7003] - The epfwwfpr service depends the following service: BFE. This service might not be installed.
7/17/2012 8:16:27 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/17/2012 8:16:27 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
7/17/2012 8:16:27 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/17/2012 8:16:27 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
7/17/2012 7:54:36 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
7/17/2012 7:54:36 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
7/17/2012 10:10:16 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
7/17/2012 10:10:16 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
7/16/2012 7:51:16 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{104E8F57-1D5A-4C18-9EED-220B195F270B} because another computer on the network has the same name. The server could not start.
7/16/2012 7:51:12 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
7/16/2012 7:51:12 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
7/15/2012 10:42:15 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
7/14/2012 10:13:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SDRSVC service.
7/13/2012 7:50:38 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================

Jay Pfoutz · Jul 18, 2012

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
If you have already asked for help somewhere, please post the link to the topic you were helped.
We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to the disclaimer.
Place a check next to List Drivers MD5 as well as the default check marks that are already there
Press Scan button.
type exit and reboot the computer normally
FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

tesher07 · Jul 18, 2012

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 16-07-2012 01
Ran by SYSTEM at 18-07-2012 14:29:39
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [3080264 2011-09-22] (ESET)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [CTxfiHlp] CTXFIHLP.EXE [x]
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM\...\Run: [Razer Mamba Driver] C:\Program Files\Razer\Mamba\RazerTray.exe [3278728 2009-12-15] (Razer USA Ltd)
HKLM\...\Run: [Razer Mamba Elite Driver] C:\Program Files\Razer\Mamba\RazerMambaSysTray.exe [973720 2011-11-25] (Razer USA Ltd)
HKLM\...\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [67488 2007-09-10] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" [345 2012-07-18] ()
HKLM\...\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Tesher\...\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R [102400 2004-12-02] (Creative Technology Ltd)
HKU\Tesher\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
HKU\Tesher\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17344176 2012-06-05] (Skype Technologies S.A.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Startup: C:\Users\Tesher\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Tesher\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

================================ Services (Whitelisted) ==================

2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-10] ()
3 BrYNSvc; "C:\Program Files\Browny02\BrYNSvc.exe" [245760 2010-01-25] (Brother Industries, Ltd.)
3 Creative ALchemy AL6 Licensing Service; "C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe" [79360 2012-01-04] (Creative Labs)
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [974944 2011-09-22] (ESET)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
3 IDriverT; "C:\Program Files\Roxio\Roxio MyDVD Premier\InstallShield\Driver\1050\Intel 32\IDriverT.exe" [73728 2004-10-22] (Macrovision Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 mi-raysat_3dsmax2010_32; "C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe" [86016 2009-03-12] ()
2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2348352 2012-02-29] (NVIDIA Corporation)
2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75064 2012-07-12] ()
2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-06-05] (Skype Technologies)
2 Stereo Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382272 2012-02-29] (NVIDIA Corporation)

========================== Drivers (Whitelisted) =============

3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347144 2010-05-05] (Creative Technology Ltd)
1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2012-01-05] (DT Soft Ltd)
3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [163424 2011-08-09] (ESET)
1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [118104 2011-08-04] (ESET)
2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [103112 2011-08-04] (ESET)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)
3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [734208 2009-05-25] (Ralink Technology Corp.)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
3 VSTHWBS2; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-13] (Conexant Systems, Inc.)
3 VST_DPV; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [980992 2009-07-13] (Conexant Systems, Inc.)
3 catchme; \??\C:\Users\Tesher\AppData\Local\Temp\catchme.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-18 13:15 - 2012-07-18 13:15 - 00891630 ____A (Farbar) C:\Users\Tesher\Downloads\FRST.exe
2012-07-17 21:10 - 2012-07-17 21:10 - 00607260 ____A (Swearware) C:\Users\Tesher\Downloads\dds(2).scr
2012-07-17 21:04 - 2012-07-17 21:04 - 00607260 ____R (Swearware) C:\Users\Tesher\Downloads\dds(1).scr
2012-07-17 21:03 - 2012-07-17 21:03 - 00607260 ____R (Swearware) C:\Users\Tesher\Downloads\dds.scr
2012-07-17 21:01 - 2012-07-17 21:01 - 00000000 ____A C:\Users\Tesher\Desktop\gmer.log
2012-07-17 20:08 - 2012-07-17 20:08 - 00302592 ____A C:\Users\Tesher\Desktop\5lv8tr12.exe
2012-07-17 19:55 - 2012-07-18 06:53 - 00002125 ____A C:\Windows\WindowsUpdate.log
2012-07-17 19:40 - 2012-07-17 19:46 - 00371734 ____A C:\MGlogs.zip
2012-07-17 19:40 - 2012-07-17 19:46 - 00000000 ____D C:\MGtools
2012-07-17 19:39 - 2012-07-17 19:39 - 00001150 ____A C:\Users\Tesher\Desktop\hitmanpro.zip
2012-07-17 19:38 - 2012-07-17 19:38 - 00004836 ____A C:\Users\Tesher\Desktop\log.xml
2012-07-17 19:23 - 2012-07-17 19:23 - 00000000 ____D C:\Program Files\HitmanPro
2012-07-17 19:22 - 2012-07-17 19:24 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-07-17 19:16 - 2012-07-18 06:52 - 00000112 ____A C:\Windows\setupact.log
2012-07-17 19:16 - 2012-07-17 19:16 - 00000626 ____A C:\Windows\PFRO.log
2012-07-17 19:16 - 2012-07-17 19:16 - 00000000 ____A C:\Windows\setuperr.log
2012-07-17 18:44 - 2012-07-17 18:44 - 00003446 ____A C:\Users\Tesher\Desktop\RKreport[2].txt
2012-07-17 18:44 - 2012-07-17 18:44 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-17 18:44 - 2012-07-17 18:44 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-07-17 18:44 - 2012-07-03 12:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-17 18:39 - 2012-07-17 18:39 - 00002911 ____A C:\Users\Tesher\Desktop\RKreport[1].txt
2012-07-17 18:37 - 2012-07-17 18:43 - 00000000 ____D C:\Users\Tesher\Desktop\RK_Quarantine
2012-07-17 18:36 - 2012-07-17 18:36 - 01669749 ____A C:\MGtools.exe
2012-07-17 18:35 - 2012-07-17 18:35 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Tesher\Desktop\mb.exe.exe
2012-07-17 18:35 - 2012-07-17 18:35 - 07718272 ____A (SurfRight B.V.) C:\Users\Tesher\Desktop\HitmanPro36.exe
2012-07-17 18:34 - 2012-07-17 18:34 - 01552384 ____A C:\Users\Tesher\Desktop\RogueKiller.exe
2012-07-17 18:19 - 2012-07-17 18:19 - 00000965 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-07-17 18:18 - 2012-07-17 18:19 - 00000000 ____D C:\Program Files\CCleaner
2012-07-17 18:18 - 2012-07-17 18:18 - 02954752 ____A (Piriform Ltd) C:\Users\Tesher\Downloads\ccsetup320_slim.exe
2012-07-17 12:19 - 2012-07-17 12:19 - 00000000 ____D C:\Users\Tesher\AppData\Local\{72D2E207-9BEC-4B3D-B094-C2AE0146AF34}
2012-07-17 12:19 - 2012-07-17 12:19 - 00000000 ____D C:\Users\Tesher\AppData\Local\{49B642CB-F60D-4CD2-BBC9-16F85457F4CD}
2012-07-17 11:27 - 2012-07-17 11:27 - 00000000 __SHD C:\Users\All Users\SecuROM
2012-07-17 11:27 - 2012-07-17 11:27 - 00000000 ____D C:\Users\Tesher\AppData\Local\Rockstar Games
2012-07-17 11:25 - 2012-07-17 11:26 - 00000000 ____D C:\Program Files\Microsoft Games for Windows - LIVE
2012-07-17 11:25 - 2012-07-17 11:25 - 00000000 ____D C:\Windows\System32\xlive
2012-07-16 22:49 - 2012-07-16 22:49 - 00000000 ____D C:\Users\Tesher\AppData\Local\{9033BBDE-B18F-41C4-8BDE-694505B8FB38}
2012-07-16 22:48 - 2012-07-16 22:49 - 00000000 ____D C:\Users\Tesher\AppData\Local\{22BB550A-55E1-4EBA-BADE-9E5981F84D73}
2012-07-15 17:30 - 2012-07-15 17:31 - 00000000 ____D C:\Users\Tesher\Documents\Orcs Must Die
2012-07-15 10:39 - 2012-07-15 10:39 - 00000000 ____D C:\Users\Tesher\AppData\Local\{3A780B87-8E6E-4AC2-849F-C82305287C22}
2012-07-15 10:39 - 2012-07-15 10:39 - 00000000 ____D C:\Users\Tesher\AppData\Local\{1079D21D-1954-405C-803F-A70A345F4B3D}
2012-07-13 20:42 - 2012-07-13 20:42 - 00000000 ____D C:\Users\Tesher\AppData\Local\{B85AED15-6FBC-4235-A14B-60C0C54E23DD}
2012-07-13 20:42 - 2012-07-13 20:42 - 00000000 ____D C:\Users\Tesher\AppData\Local\{8AAEED72-CA2E-4D4A-9AE9-9306A2F096A8}
2012-07-12 17:29 - 2012-07-12 17:29 - 00000000 ____D C:\Program Files\GameSpy
2012-07-12 00:19 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-12 00:19 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-12 00:19 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-12 00:19 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-12 00:19 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-12 00:19 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-12 00:19 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-12 00:19 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-12 00:19 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-12 00:19 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-12 00:19 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-12 00:19 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-12 00:19 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-12 00:19 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-12 00:16 - 2012-06-11 18:40 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-12 00:15 - 2012-07-12 00:15 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-11 12:26 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 12:26 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 12:26 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 12:26 - 2012-06-01 20:45 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 12:26 - 2012-06-01 20:45 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 12:26 - 2012-06-01 20:40 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 12:26 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 12:26 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 12:26 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 12:25 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 22:54 - 2012-07-10 22:54 - 02400256 ____A C:\Users\Tesher\Desktop\_ch_01_PPT_lecture.ppt
2012-07-09 12:55 - 2012-07-09 12:55 - 00000000 ____D C:\Users\Tesher\AppData\Local\{D59D90FF-873B-4075-8069-91B1935D39E4}
2012-07-09 12:55 - 2012-07-09 12:55 - 00000000 ____D C:\Users\Tesher\AppData\Local\{9738F34F-1C48-4340-918E-C63B58902A03}
2012-07-08 19:44 - 2012-07-08 19:44 - 00000000 ____D C:\Users\Tesher\AppData\Local\Activision
2012-07-08 14:04 - 2012-07-08 14:04 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-08 14:03 - 2012-07-08 14:04 - 00000000 ____D C:\Program Files\iTunes
2012-07-08 14:03 - 2012-07-08 14:03 - 00000000 ____D C:\Program Files\iPod
2012-07-08 13:58 - 2012-07-08 13:58 - 00000000 ____D C:\Program Files\QuickTime
2012-07-08 13:57 - 2012-07-08 13:57 - 00000000 ____D C:\Users\Tesher\AppData\Local\{FBA42229-6A42-4A90-9E62-B342EA0FB138}
2012-07-08 13:56 - 2012-07-08 13:57 - 00000000 ____D C:\Users\Tesher\AppData\Local\{D42AAD77-78C1-4EC1-8E80-21F4AF20E381}
2012-06-28 02:27 - 2012-06-28 02:27 - 00000000 ____D C:\Users\Tesher\AppData\Local\{D5BA5CB4-29A6-453C-A457-BF3EFD79303B}
2012-06-28 02:27 - 2012-06-28 02:27 - 00000000 ____D C:\Users\Tesher\AppData\Local\{9BC45243-858C-441B-B556-1F4563B7FB16}
2012-06-24 13:56 - 2012-06-24 13:56 - 00000000 ____D C:\Users\Tesher\AppData\Local\{8E1490DC-CD15-488D-954E-2D497903F468}
2012-06-24 13:56 - 2012-06-24 13:56 - 00000000 ____D C:\Users\Tesher\AppData\Local\{784E8ADC-5645-4A16-AB92-3193204DA728}
2012-06-23 09:26 - 2012-06-23 09:26 - 00000000 ____D C:\Users\Tesher\AppData\Local\Macromedia
2012-06-23 00:11 - 2012-06-27 18:52 - 00000000 ____D C:\Users\Tesher\AppData\Local\dxhr
2012-06-23 00:07 - 2012-06-23 00:07 - 00000000 ____D C:\Users\Tesher\AppData\Local\28050
2012-06-22 16:33 - 2012-06-22 16:33 - 00000000 ____D C:\Users\Tesher\AppData\Local\{DC301882-CEDD-49FB-A379-F7AED0FA8974}
2012-06-22 16:33 - 2012-06-22 16:33 - 00000000 ____D C:\Users\Tesher\AppData\Local\{A93143B5-420C-499E-ACB8-85BCCCD2EE09}
2012-06-21 22:03 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 22:03 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 22:03 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 22:03 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 22:02 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 22:02 - 2012-06-02 14:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 22:02 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 22:02 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 22:02 - 2012-06-02 14:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-21 07:06 - 2012-06-21 07:06 - 00000000 ____D C:\Users\Tesher\AppData\Local\{EE11E6FB-C59C-49B1-B262-5524AB9E6971}
2012-06-21 07:06 - 2012-06-21 07:06 - 00000000 ____D C:\Users\Tesher\AppData\Local\{1D3E46EE-4814-4D26-AB34-DC98C41A4F1B}
2012-06-20 20:46 - 2012-06-20 20:46 - 00000000 ____D C:\Users\Tesher\AppData\Local\{8D0FD221-B720-4F34-8B86-D0C088A9D94A}
2012-06-20 12:20 - 2012-06-20 12:20 - 00000000 ____D C:\Users\Tesher\AppData\Local\{EA9F6293-5A66-49CC-A977-6121B69989B5}
2012-06-20 12:20 - 2012-06-20 12:20 - 00000000 ____D C:\Users\Tesher\AppData\Local\{8C0365DE-1A50-4908-8097-0158F137447B}
2012-06-19 13:15 - 2012-06-19 13:15 - 00000000 ____D C:\Users\Tesher\AppData\Local\{4260D7C6-863B-4B6B-A895-E1FDC48AE6A0}
2012-06-19 13:15 - 2012-06-19 13:15 - 00000000 ____D C:\Users\Tesher\AppData\Local\{24C4B6F1-E952-4FF8-8191-F6AEA52B2646}
2012-06-19 01:14 - 2012-06-19 01:15 - 00000000 ____D C:\Users\Tesher\AppData\Local\{9D7984BE-FEE6-40D2-9B49-38C47CF625AF}
2012-06-19 01:14 - 2012-06-19 01:14 - 00000000 ____D C:\Users\Tesher\AppData\Local\{5E6AFF71-76F7-413A-88C7-6DBC9FAB7333}
2012-06-18 13:14 - 2012-06-18 13:14 - 00000000 ____D C:\Users\Tesher\AppData\Local\{D01CBB46-372C-49DA-AD6E-686F7F118808}

============ 3 Months Modified Files ========================

2012-07-18 13:19 - 2011-12-18 15:39 - 00726142 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-18 13:15 - 2012-07-18 13:15 - 00891630 ____A (Farbar) C:\Users\Tesher\Downloads\FRST.exe
2012-07-18 12:59 - 2012-03-30 09:42 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-18 06:59 - 2009-07-13 20:34 - 00017792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-18 06:59 - 2009-07-13 20:34 - 00017792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-18 06:53 - 2012-07-17 19:55 - 00002125 ____A C:\Windows\WindowsUpdate.log
2012-07-18 06:52 - 2012-07-17 19:16 - 00000112 ____A C:\Windows\setupact.log
2012-07-18 06:52 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-17 21:10 - 2012-07-17 21:10 - 00607260 ____A (Swearware) C:\Users\Tesher\Downloads\dds(2).scr
2012-07-17 21:04 - 2012-07-17 21:04 - 00607260 ____R (Swearware) C:\Users\Tesher\Downloads\dds(1).scr
2012-07-17 21:03 - 2012-07-17 21:03 - 00607260 ____R (Swearware) C:\Users\Tesher\Downloads\dds.scr
2012-07-17 21:01 - 2012-07-17 21:01 - 00000000 ____A C:\Users\Tesher\Desktop\gmer.log
2012-07-17 20:08 - 2012-07-17 20:08 - 00302592 ____A C:\Users\Tesher\Desktop\5lv8tr12.exe
2012-07-17 19:46 - 2012-07-17 19:40 - 00371734 ____A C:\MGlogs.zip
2012-07-17 19:39 - 2012-07-17 19:39 - 00001150 ____A C:\Users\Tesher\Desktop\hitmanpro.zip
2012-07-17 19:38 - 2012-07-17 19:38 - 00004836 ____A C:\Users\Tesher\Desktop\log.xml
2012-07-17 19:16 - 2012-07-17 19:16 - 00000626 ____A C:\Windows\PFRO.log
2012-07-17 19:16 - 2012-07-17 19:16 - 00000000 ____A C:\Windows\setuperr.log
2012-07-17 18:44 - 2012-07-17 18:44 - 00003446 ____A C:\Users\Tesher\Desktop\RKreport[2].txt
2012-07-17 18:44 - 2012-07-17 18:44 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-17 18:39 - 2012-07-17 18:39 - 00002911 ____A C:\Users\Tesher\Desktop\RKreport[1].txt
2012-07-17 18:36 - 2012-07-17 18:36 - 01669749 ____A C:\MGtools.exe
2012-07-17 18:35 - 2012-07-17 18:35 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Tesher\Desktop\mb.exe.exe
2012-07-17 18:35 - 2012-07-17 18:35 - 07718272 ____A (SurfRight B.V.) C:\Users\Tesher\Desktop\HitmanPro36.exe
2012-07-17 18:34 - 2012-07-17 18:34 - 01552384 ____A C:\Users\Tesher\Desktop\RogueKiller.exe
2012-07-17 18:19 - 2012-07-17 18:19 - 00000965 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-07-17 18:18 - 2012-07-17 18:18 - 02954752 ____A (Piriform Ltd) C:\Users\Tesher\Downloads\ccsetup320_slim.exe
2012-07-17 11:26 - 2012-01-06 16:38 - 00107888 ____A (Sony DADC Austria AG.) C:\Windows\System32\CmdLineExt.dll
2012-07-12 19:50 - 2012-02-18 12:48 - 00139152 ____A C:\Windows\System32\Drivers\PnkBstrK.sys
2012-07-12 19:50 - 2012-02-18 12:48 - 00139152 ____A C:\Users\Tesher\AppData\Roaming\PnkBstrK.sys
2012-07-12 19:49 - 2012-02-18 12:48 - 00794408 ____A C:\Windows\System32\pbsvc.exe
2012-07-12 19:49 - 2012-02-18 12:48 - 00111928 ____A C:\Windows\System32\PnkBstrB.exe
2012-07-12 19:49 - 2012-02-18 12:48 - 00075064 ____A C:\Windows\System32\PnkBstrA.exe
2012-07-12 18:05 - 2012-02-18 12:48 - 00111928 ____A C:\Windows\System32\PnkBstrB.ex0
2012-07-12 07:17 - 2009-07-13 20:33 - 03903960 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 00:17 - 2011-12-25 19:05 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-11 15:59 - 2012-03-30 09:42 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-11 15:59 - 2011-12-24 17:35 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-10 22:54 - 2012-07-10 22:54 - 02400256 ____A C:\Users\Tesher\Desktop\_ch_01_PPT_lecture.ppt
2012-07-08 14:04 - 2012-07-08 14:04 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-03 12:46 - 2012-07-17 18:44 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-15 17:07 - 2012-06-15 17:07 - 00108375 ____A C:\Users\Tesher\Downloads\smdexp204-max2010.rar
2012-06-13 06:54 - 2009-07-13 20:53 - 00032548 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-11 19:28 - 2012-06-11 19:28 - 00243152 ____A C:\Users\Tesher\Downloads\Project_X__2012__DVDRip_XviD__AMIABLE.exe
2012-06-11 18:40 - 2012-07-12 00:16 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 20:41 - 2012-07-11 12:25 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 21:05 - 2012-07-11 12:26 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:05 - 2012-07-11 12:26 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:03 - 2012-07-11 12:26 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-04 06:55 - 2012-01-22 22:33 - 00000982 ____A C:\Users\Tesher\Desktop\Dropbox.lnk
2012-06-02 14:19 - 2012-06-21 22:03 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 22:03 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 22:03 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 22:02 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 22:02 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-21 22:02 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-21 22:03 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-21 22:02 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-21 22:02 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-12 00:19 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-12 00:19 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-12 00:19 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-12 00:19 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-12 00:19 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-12 00:19 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-12 00:19 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-12 00:19 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-12 00:19 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-12 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-12 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-12 00:19 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-12 00:19 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-12 00:19 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 20:45 - 2012-07-11 12:26 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:45 - 2012-07-11 12:26 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:40 - 2012-07-11 12:26 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:40 - 2012-07-11 12:26 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:39 - 2012-07-11 12:26 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-31 11:25 - 2011-12-18 15:49 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-29 19:08 - 2012-05-29 19:07 - 00314898 ____A C:\Users\Tesher\Desktop\Copy of Project 1 Database-1 tesh.xlsx
2012-05-26 23:37 - 2012-05-25 21:47 - 00281032 ____A C:\Windows\System32\PnkBstrB.xtr
2012-05-25 11:28 - 2012-05-25 11:28 - 05435543 ____A (Blizzard Entertainment) C:\Users\Tesher\Downloads\LODPatch_113c.exe
2012-05-25 11:28 - 2012-05-25 11:28 - 00000165 ____A C:\Users\Tesher\Downloads\prepatch.log
2012-05-25 11:26 - 2012-05-25 11:25 - 00000724 ____A C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk
2012-05-25 11:18 - 2012-05-25 11:18 - 02678867 ____A (Blizzard Entertainment) C:\Users\Tesher\Downloads\Downloader_Diablo2_Lord_of_Destruction_enUS.exe
2012-05-25 10:48 - 2012-05-25 10:48 - 02764854 ____A (Blizzard Entertainment) C:\Users\Tesher\Downloads\Downloader_Diablo2_enUS.exe
2012-05-14 15:53 - 2012-05-14 15:53 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-05-14 15:51 - 2012-05-14 15:48 - 123137160 ____A (NVIDIA Corporation) C:\Users\Tesher\Downloads\296.10-desktop-win7-winvista-32bit-english-whql.exe
2012-05-14 15:46 - 2012-01-05 22:40 - 00174024 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-05-14 15:46 - 2012-01-05 22:40 - 00174024 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-05-14 15:45 - 2012-05-14 15:44 - 00892360 ____A (Oracle Corporation) C:\Users\Tesher\Downloads\jxpiinstall(1).exe
2012-05-14 07:37 - 2012-05-14 07:37 - 00001147 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-05-14 07:36 - 2012-05-14 07:36 - 32288896 ____A (Blizzard Entertainment) C:\Users\Tesher\Downloads\Diablo-III-Setup-enUS.exe
2012-05-08 20:59 - 2012-05-08 20:59 - 00001024 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-05-08 20:59 - 2012-05-08 20:58 - 22259528 ____A C:\Users\Tesher\Downloads\vlc-2.0.1-win32.exe
2012-05-06 13:28 - 2012-05-06 13:28 - 00001368 ____A C:\Users\Public\Desktop\Able2Extract Professional.lnk
2012-05-06 13:28 - 2012-05-06 13:27 - 20679288 ____A (Investintech.com Inc. ) C:\Users\Tesher\Downloads\InstallAble2ExtractPro.exe
2012-04-30 20:44 - 2012-06-13 14:07 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-28 13:59 - 2012-04-28 13:59 - 01263344 ____A (ESET) C:\Users\Tesher\Downloads\eset_nod32_antivirus_live_installer(2).exe
2012-04-27 19:17 - 2012-06-13 14:07 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 20:45 - 2012-06-13 14:07 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 20:45 - 2012-06-13 14:07 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 20:41 - 2012-06-13 14:07 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 20:36 - 2012-06-13 14:07 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 20:36 - 2012-06-13 14:07 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 14:07 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 08:07 - 2012-01-04 10:57 - 00002503 ____A C:\Users\Public\Desktop\Skype.lnk
2012-04-21 11:47 - 2012-04-21 11:45 - 46104904 ____A (Blizzard Entertainment) C:\Users\Tesher\Downloads\Diablo-III-Beta-enUS-Setup.exe

ZeroAccess:
C:\Windows\Installer\{c3767afb-4d01-9ed6-b38f-ffc8c8f1c097}
C:\Windows\Installer\{c3767afb-4d01-9ed6-b38f-ffc8c8f1c097}\U

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 4029.93 MB
Available physical RAM: 3312.09 MB
Total Pagefile: 4028.2 MB
Available Pagefile: 3319.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:1397.25 GB) (Free:477.06 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
4 Drive f: ("ë&¿ë`) (Removable) (Total:3.73 GB) (Free:0.77 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 1397 GB 8 MB
Disk 1 Online 3819 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1397 GB 31 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 1397 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3818 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F "‰&¨‰` FAT32 Removable 3818 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-18 08:03

======================= End Of Log ==========================

tesher07 · Jul 18, 2012

Also, I am currently receiving help from majorgeek's forums, though they also are on the same step as you.

http://forums.majorgeeks.com/showthread.php?t=262028

tesher07 · Jul 18, 2012

I have closed the thread on the Major geeks forum so I would like to continue getting help with the virus on the forum.

Jay Pfoutz · Jul 19, 2012

Additional FRST Scan

Once again, please boot to the System Recovery Options and run FRST, as done previously.

Type the following text in the blank box after Search:

services.exe

Click: Search file(s)

When done searching, FRST makes a log, Search.txt, on the C:\ drive.

Please provide the Search.txt in your reply.

tesher07 · Jul 19, 2012

Farbar Recovery Scan Tool Version: 16-07-2012 01
Ran by SYSTEM at 2012-07-19 08:41:52
Running from J:\

================== Search: "services.exe" ===================

C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:22] - [2008-01-20 18:22] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows.old\Windows\System32\services.exe
[2008-01-20 18:22] - [2008-01-20 18:22] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

C:\Windows\ERDNT\cache\services.exe
[2012-02-05 14:53] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

=== End Of Search ===

Jay Pfoutz · Jul 20, 2012

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\Installer\{c3767afb-4d01-9ed6-b38f-ffc8c8f1c097}
Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went. If you can run Windows just fine, then please do the following scan:

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

msconfig
safebootminimal
activex
drivers32
netsvcs
CreateRestorePoint
%AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
%AppData%\Local\
%systemroot%\system32\sysprep
*.xpi /md5
%systemroot%\Downloaded Program Files\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\System32\config\*.sav
%SYSTEMDRIVE%\*.exe /md5
"%WinDir%\$NtUninstallKB*$." /30
%systemdrive%\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%USERPROFILE%\AppData\Local\ /s
%systemroot%\Installer\ /s
%systemroot%\system32\Cache\ /s
%systemroot%\system32\config\systemprofile\Application Data /s
%PROGRAMFILES%\*.
%appdata%\*.*
/md5start
volsnap.sys
services.exe
userinit.exe
afd.sys
tcpip.sys
netbt.sys
ipsec.sys
dnsrslvr.dll
ipnathlp.dll
netman.dll
WMIsvc.dll
srsvc.dll
sr.sys
wscsvc.dll
wuauserv.dll
qmgr.dll
es.dll
cryptsvc.dll
svchost.exe
rpcss.dll
tdx.sys
wininit.exe
winlogon.exe
atapi.sys
explorer.exe
/md5stop
Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

tesher07 · Jul 20, 2012

Windows runs fine and I have yet to get the virus popup but my Antivirus still says "An error occurred while starting services. Analysis of application protocols (POP3, HTTP) will not function."

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 01
Ran by SYSTEM at 2012-07-20 12:58:11 Run:1
Running from J:\

==============================================

C:\Windows\Installer\{c3767afb-4d01-9ed6-b38f-ffc8c8f1c097} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

tesher07 · Jul 20, 2012

IMPORTANT: My antivirus just popped up saying that there is still a threat found, so it isn't fixed yet.
Object: C:\FRST\Quarantine\services.exe
Thread: Win32/Sirefef.FC.trojan
Event occurred during an attempt to access the file by the application C:\Users\Tesher\Download\OTL.exe

I will have the OTL up scan up in a bit as it is still running on my Desktop.

tesher07 · Jul 20, 2012

OTL logfile created on: 7/20/2012 1:08:32 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Tesher\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 69.30% Memory free
6.49 Gb Paging File | 5.44 Gb Available in Paging File | 83.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1397.25 Gb Total Space | 474.97 Gb Free Space | 33.99% Space Free | Partition Type: NTFS
Drive L: | 3.72 Gb Total Space | 3.72 Gb Free Space | 99.98% Space Free | Partition Type: FAT32

Computer Name: TESHER-PC | User Name: Tesher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/20 13:07:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tesher\Downloads\OTL.exe
PRC - [2012/05/24 11:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Tesher\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/02/29 16:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/29 13:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/02/29 13:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/25 15:03:24 | 000,973,720 | ---- | M] (Razer USA Ltd) -- C:\Program Files\Razer\Mamba\RazerMambaSysTray.exe
PRC - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/09/22 13:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/05/05 20:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe
PRC - [2010/05/05 20:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2009/12/15 11:17:08 | 003,278,728 | ---- | M] (Razer USA Ltd) -- C:\Program Files\Razer\Mamba\RazerTray.exe
PRC - [2009/07/13 18:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009/03/12 17:36:24 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
PRC - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/09/11 00:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
PRC - [2004/12/02 19:23:34 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 16:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/05/05 20:56:46 | 000,002,560 | ---- | M] () -- C:\Windows\CTXFIRES.DLL
MOD - [2009/03/26 15:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2007/07/19 12:50:12 | 000,104,520 | ---- | M] () -- C:\Windows\System32\OSD.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/07/19 08:03:35 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/11 16:59:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/18 22:02:42 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/29 16:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/01/06 00:24:51 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/01/04 19:55:00 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012/01/04 16:58:44 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/18 16:58:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011/04/01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/03/12 17:36:24 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Premier\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Tesher\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/02/29 16:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/01/05 21:20:34 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/08/09 15:24:52 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2011/08/04 10:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2011/08/04 10:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/11/20 04:30:18 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 04:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 02:50:38 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/05/05 22:29:18 | 001,178,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2010/05/05 22:29:10 | 000,095,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/05/05 22:29:02 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/05/05 22:28:54 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/05/05 22:24:44 | 000,130,136 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/05/05 22:24:34 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/05/05 22:24:24 | 000,526,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/05/05 22:24:14 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/05/05 22:24:04 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV - [2010/05/05 22:24:04 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2010/05/05 22:23:52 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV - [2010/05/05 22:23:52 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2010/05/05 22:23:46 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV - [2010/05/05 22:23:46 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2009/07/13 17:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 15:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/06/05 19:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express) Intel(R)
DRV - [2009/05/25 05:38:16 | 000,734,208 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 43 AE 23 E5 63 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=2&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: J:\Program Files\Google\Picasa3\npPicasa3.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/05 22:12:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 08:03:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/08 14:58:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/01/04 11:32:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 08:03:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/08 14:58:58 | 000,000,000 | ---D | M]

[2011/12/24 16:33:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tesher\AppData\Roaming\Mozilla\Extensions
[2012/07/18 13:15:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tesher\AppData\Roaming\Mozilla\Firefox\Profiles\1mp7cys1.default\extensions
[2012/07/17 18:25:54 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Tesher\AppData\Roaming\Mozilla\Firefox\Profiles\1mp7cys1.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/07/18 13:15:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Tesher\AppData\Roaming\Mozilla\Firefox\Profiles\1mp7cys1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/04/30 16:50:42 | 000,000,925 | ---- | M] () -- C:\Users\Tesher\AppData\Roaming\Mozilla\Firefox\Profiles\1mp7cys1.default\searchplugins\conduit.xml
[2012/02/01 21:06:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/23 09:07:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/01/05 22:12:03 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video&gt

-- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/03/30 10:42:33 | 000,685,019 | ---- | M] () (No name found) -- C:\USERS\TESHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1MP7CYS1.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2012/01/06 11:31:51 | 000,013,039 | ---- | M] () (No name found) -- C:\USERS\TESHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1MP7CYS1.DEFAULT\EXTENSIONS\SAVESESSION@NOASOBI.NET.XPI
[2012/07/19 08:03:35 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/05 23:40:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/20 21:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 21:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/08 08:34:01 | 000,442,086 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15215 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Razer Mamba Driver] C:\Program Files\Razer\Mamba\RazerTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [Razer Mamba Elite Driver] C:\Program Files\Razer\Mamba\RazerMambaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Tesher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tesher\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{104E8F57-1D5A-4C18-9EED-220B195F270B}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78AAEFE7-C15C-42F4-8035-1513D0CB0B92}: DhcpNameServer = 172.27.35.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F8777B4-9E4D-448D-B59D-14A87D965EDD}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: hitmanpro36 - Reg Error: Value error.
SafeBootMin: hitmanpro36.sys - Reg Error: Value error.
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {23C4E54D-2037-407D-3B40-56F994A46723} - Internet Explorer
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A77871AA-02BD-4054-85CC-2DAC0E3307B3} - Browser Customizations
ActiveX: {B06FB1C4-A2E0-6182-6B1D-15EF7959308A} - Microsoft Windows Media Player 12.0
ActiveX: {BBCBD300-C2C8-9977-2D4B-EB96E65189A9} - DirectX
ActiveX: {C5286645-E286-CCB3-8A38-B8CED317A07A} - Adobe Shockwave Director 10.2
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found
NetSvcs: BITS - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/18 22:30:21 | 000,000,000 | ---D | C] -- C:\Users\Tesher\Documents\4A Games
[2012/07/18 22:28:59 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\4A Games
[2012/07/18 20:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/07/18 15:27:11 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/18 15:11:04 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{CE912EBF-5699-481B-A7C8-33AC3B2EE00B}
[2012/07/18 15:10:54 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{DF53996F-4324-4BE5-9F60-A02A21767EF7}
[2012/07/17 20:40:23 | 000,000,000 | ---D | C] -- C:\MGtools
[2012/07/17 20:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/07/17 20:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/07/17 19:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/17 19:44:54 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/17 19:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/17 19:37:17 | 000,000,000 | ---D | C] -- C:\Users\Tesher\Desktop\RK_Quarantine
[2012/07/17 19:35:24 | 007,718,272 | ---- | C] (SurfRight B.V.) -- C:\Users\Tesher\Desktop\HitmanPro36.exe
[2012/07/17 19:35:00 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tesher\Desktop\mb.exe.exe
[2012/07/17 19:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/07/17 19:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/07/17 13:19:41 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{72D2E207-9BEC-4B3D-B094-C2AE0146AF34}
[2012/07/17 13:19:30 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{49B642CB-F60D-4CD2-BBC9-16F85457F4CD}
[2012/07/17 12:27:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2012/07/17 12:27:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2012/07/17 12:27:12 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\Rockstar Games
[2012/07/17 12:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2012/07/17 12:25:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2012/07/17 12:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2012/07/16 23:49:05 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{9033BBDE-B18F-41C4-8BDE-694505B8FB38}
[2012/07/16 23:48:53 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{22BB550A-55E1-4EBA-BADE-9E5981F84D73}
[2012/07/15 18:30:12 | 000,000,000 | ---D | C] -- C:\Users\Tesher\Documents\Orcs Must Die
[2012/07/15 11:39:26 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{1079D21D-1954-405C-803F-A70A345F4B3D}
[2012/07/15 11:39:15 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{3A780B87-8E6E-4AC2-849F-C82305287C22}
[2012/07/13 21:42:30 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{8AAEED72-CA2E-4D4A-9AE9-9306A2F096A8}
[2012/07/13 21:42:20 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{B85AED15-6FBC-4235-A14B-60C0C54E23DD}
[2012/07/12 18:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy
[2012/07/12 18:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\GameSpy
[2012/07/12 01:19:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/07/12 01:19:07 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/12 01:19:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/12 01:19:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/12 01:19:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/07/12 01:19:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/12 01:19:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/07/12 01:16:38 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/12 01:15:51 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/07/11 13:26:08 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/11 13:26:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012/07/11 13:26:03 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012/07/09 13:55:44 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{9738F34F-1C48-4340-918E-C63B58902A03}
[2012/07/09 13:55:34 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{D59D90FF-873B-4075-8069-91B1935D39E4}
[2012/07/08 20:44:03 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\Activision
[2012/07/08 15:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/08 15:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/08 15:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/08 14:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/07/08 14:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/07/08 14:57:11 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{FBA42229-6A42-4A90-9E62-B342EA0FB138}
[2012/07/08 14:56:57 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{D42AAD77-78C1-4EC1-8E80-21F4AF20E381}
[2012/06/28 03:27:55 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{9BC45243-858C-441B-B556-1F4563B7FB16}
[2012/06/28 03:27:45 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{D5BA5CB4-29A6-453C-A457-BF3EFD79303B}
[2012/06/24 14:56:42 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{784E8ADC-5645-4A16-AB92-3193204DA728}
[2012/06/24 14:56:31 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{8E1490DC-CD15-488D-954E-2D497903F468}
[2012/06/23 10:26:55 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\Macromedia
[2012/06/23 01:11:34 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\dxhr
[2012/06/23 01:07:13 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\28050
[2012/06/22 17:33:42 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{A93143B5-420C-499E-ACB8-85BCCCD2EE09}
[2012/06/22 17:33:31 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{DC301882-CEDD-49FB-A379-F7AED0FA8974}
[2012/06/21 23:03:04 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/21 23:03:04 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/21 23:02:46 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/21 23:02:46 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/21 23:02:46 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/21 23:02:23 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/21 23:02:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/21 08:06:42 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{1D3E46EE-4814-4D26-AB34-DC98C41A4F1B}
[2012/06/21 08:06:31 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{EE11E6FB-C59C-49B1-B262-5524AB9E6971}
[2012/06/20 21:46:49 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{8D0FD221-B720-4F34-8B86-D0C088A9D94A}
[2012/06/20 13:20:20 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{8C0365DE-1A50-4908-8097-0158F137447B}
[2012/06/20 13:20:08 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{EA9F6293-5A66-49CC-A977-6121B69989B5}
[2012/01/05 22:47:36 | 001,474,560 | R--- | C] (Apache Software Foundation) -- C:\Program Files\xerces-c_1_6_0.dll
[2012/01/05 22:47:36 | 001,447,176 | R--- | C] (Autodesk, Inc.) -- C:\Program Files\ProjectPointClient.dll
[2012/01/05 22:47:36 | 001,048,576 | R--- | C] (Autodesk, Inc.) -- C:\Program Files\PatchMgr.dll
[2012/01/05 22:47:36 | 000,674,664 | R--- | C] (Autodesk, Inc.) -- C:\Program Files\SetupUi.dll
[2012/01/05 22:47:36 | 000,672,616 | R--- | C] (Autodesk, Inc.) -- C:\Program Files\SetupAcadUi.dll
[2012/01/05 22:47:36 | 000,664,424 | R--- | C] (Autodesk, Inc.) -- C:\Program Files\SetupRes.dll
[2012/01/05 22:47:36 | 000,655,872 | R--- | C] (Microsoft Corporation) -- C:\Program Files\msvcr90.dll
[2012/01/05 22:47:36 | 000,378,128 | R--- | C] (Autodesk, Inc.) -- C:\Program Files\UPI32.dll
[2012/01/05 22:47:36 | 000,006,656 | R--- | C] (Autodesk, Inc.) -- C:\Program Files\PatchMgrRes.dll
[2012/01/05 22:47:35 | 000,568,832 | R--- | C] (Microsoft Corporation) -- C:\Program Files\msvcp90.dll
[2012/01/05 22:47:35 | 000,224,768 | R--- | C] (Microsoft Corporation) -- C:\Program Files\msvcm90.dll
[2012/01/05 22:47:34 | 001,645,320 | R--- | C] (Microsoft Corporation) -- C:\Program Files\gdiplus.dll
[2012/01/05 22:47:34 | 001,245,032 | R--- | C] (Autodesk) -- C:\Program Files\adlmPIT.dll
[2012/01/05 22:47:34 | 000,550,248 | R--- | C] (Autodesk, Inc.) -- C:\Program Files\DeployUi.dll
[2012/01/05 22:47:34 | 000,182,632 | R--- | C] (Autodesk) -- C:\Program Files\adlmutil.dll
[2012/01/05 22:47:34 | 000,106,344 | R--- | C] (Autodesk, Inc.) -- C:\Program Files\LiteHtml.dll
[2012/01/05 22:47:34 | 000,087,704 | R--- | C] (Autodesk, Inc.) -- C:\Program Files\AcSetup.dll
[2012/01/05 22:47:34 | 000,006,808 | R--- | C] (Autodesk, Inc.) -- C:\Program Files\AcSetupRes.dll
[2012/01/05 22:47:25 | 000,161,640 | R--- | C] (Autodesk, Inc.) -- C:\Program Files\AcDelTree.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/20 13:07:13 | 000,017,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

tesher07 · Jul 20, 2012

[2012/07/20 13:07:13 | 000,017,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/20 12:59:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/20 12:59:43 | 2615,611,392 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/20 12:52:34 | 000,055,084 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2012/07/20 12:52:34 | 000,055,084 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2012/07/20 12:52:34 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2012/07/20 11:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/18 14:19:57 | 000,625,532 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/18 14:19:57 | 000,106,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/17 21:08:27 | 000,302,592 | ---- | M] () -- C:\Users\Tesher\Desktop\5lv8tr12.exe
[2012/07/17 20:46:13 | 000,371,734 | ---- | M] () -- C:\MGlogs.zip
[2012/07/17 20:39:22 | 000,001,150 | ---- | M] () -- C:\Users\Tesher\Desktop\hitmanpro.zip
[2012/07/17 20:38:49 | 000,004,836 | ---- | M] () -- C:\Users\Tesher\Desktop\log.xml
[2012/07/17 19:44:55 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/17 19:36:11 | 001,669,749 | ---- | M] () -- C:\MGtools.exe
[2012/07/17 19:35:45 | 007,718,272 | ---- | M] (SurfRight B.V.) -- C:\Users\Tesher\Desktop\HitmanPro36.exe
[2012/07/17 19:35:34 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tesher\Desktop\mb.exe.exe
[2012/07/17 19:34:17 | 001,552,384 | ---- | M] () -- C:\Users\Tesher\Desktop\RogueKiller.exe
[2012/07/17 19:19:04 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/17 12:26:48 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2012/07/16 19:17:34 | 000,044,186 | ---- | M] () -- C:\Users\Tesher\Desktop\$T2eC16dHJGoE9nuQg1-kBP-drYp6S!~~60_12.JPG
[2012/07/12 20:50:09 | 000,139,152 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/07/12 20:50:09 | 000,139,152 | ---- | M] () -- C:\Users\Tesher\AppData\Roaming\PnkBstrK.sys
[2012/07/12 20:49:50 | 000,794,408 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
[2012/07/12 19:05:54 | 000,111,928 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2012/07/12 18:29:57 | 000,001,965 | ---- | M] () -- C:\Users\Tesher\Application Data\Microsoft\Internet Explorer\Quick Launch\GameSpy Comrade.lnk
[2012/07/12 08:17:33 | 003,903,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/11 16:59:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/11 16:59:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/08 15:04:14 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/17 21:08:24 | 000,302,592 | ---- | C] () -- C:\Users\Tesher\Desktop\5lv8tr12.exe
[2012/07/17 20:40:27 | 000,371,734 | ---- | C] () -- C:\MGlogs.zip
[2012/07/17 20:39:22 | 000,001,150 | ---- | C] () -- C:\Users\Tesher\Desktop\hitmanpro.zip
[2012/07/17 20:38:49 | 000,004,836 | ---- | C] () -- C:\Users\Tesher\Desktop\log.xml
[2012/07/17 19:44:55 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/17 19:36:10 | 001,669,749 | ---- | C] () -- C:\MGtools.exe
[2012/07/17 19:34:15 | 001,552,384 | ---- | C] () -- C:\Users\Tesher\Desktop\RogueKiller.exe
[2012/07/17 19:19:04 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/16 19:17:15 | 000,044,186 | ---- | C] () -- C:\Users\Tesher\Desktop\$T2eC16dHJGoE9nuQg1-kBP-drYp6S!~~60_12.JPG
[2012/07/12 18:29:57 | 000,001,965 | ---- | C] () -- C:\Users\Tesher\Application Data\Microsoft\Internet Explorer\Quick Launch\GameSpy Comrade.lnk
[2012/07/08 15:04:14 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/02/18 13:48:28 | 000,139,152 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/02/18 13:48:27 | 000,139,152 | ---- | C] () -- C:\Users\Tesher\AppData\Roaming\PnkBstrK.sys
[2012/02/18 13:48:03 | 000,111,928 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/02/18 13:48:02 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/02/18 13:48:01 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012/02/05 15:37:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/05 15:37:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/05 15:37:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/05 15:37:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/05 15:37:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/05 15:22:38 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2012/02/05 15:22:38 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2012/02/05 15:22:38 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2012/02/05 15:22:38 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2012/01/27 15:59:21 | 000,000,132 | ---- | C] () -- C:\Users\Tesher\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2012/01/24 20:50:18 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2012/01/14 21:56:38 | 000,000,132 | ---- | C] () -- C:\Users\Tesher\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/01/10 12:13:43 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/01/10 12:13:38 | 000,000,242 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/01/10 12:12:30 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/01/10 12:11:20 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRIDF10B.DAT
[2012/01/10 12:10:58 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/01/10 12:10:56 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/01/10 12:07:14 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2012/01/07 16:38:14 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/01/06 16:25:07 | 000,002,091 | ---- | C] () -- C:\Users\Tesher\.recently-used.xbel
[2012/01/06 11:40:46 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/01/05 22:47:56 | 000,018,852 | R--- | C] () -- C:\Program Files\ProjectPointClient.tlb
[2012/01/05 22:47:55 | 000,000,856 | ---- | C] () -- C:\Program Files\3dsMaxConfig.pit
[2012/01/05 22:47:36 | 000,061,952 | R--- | C] () -- C:\Program Files\PPZlib123.dll
[2012/01/05 22:47:24 | 000,010,043 | ---- | C] () -- C:\Program Files\setup.ini
[2012/01/04 16:44:22 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2012/01/04 16:44:22 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/19 08:03:34 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/19 08:03:34 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/19 08:03:34 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/19 08:03:35 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/19 08:03:35 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/19 08:03:35 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/01/05 21:26:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/01/05 21:26:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/01/05 21:26:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/02 02:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/06/02 02:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/19 08:03:34 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/19 08:03:34 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/19 08:03:34 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/19 08:03:35 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/19 08:03:35 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/19 08:03:35 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/01/05 21:26:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/01/05 21:26:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/01/05 21:26:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/02 02:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/06/02 02:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/06/01 21:40:59 | 000,369,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\cng.sys
[2012/06/01 21:45:04 | 000,067,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecdd.sys
[2012/06/01 21:45:03 | 000,134,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecpkg.sys
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2012/07/12 20:50:09 | 000,139,152 | ---- | M] () -- C:\Windows\system32\drivers\PnkBstrK.sys
[2012/04/27 20:17:07 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rdpwd.sys

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.exe /md5 >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) MD5=520A6D1CBCC9CF642C625FE814C93C58 -- C:\install.exe
[2012/07/17 19:36:11 | 001,669,749 | ---- | M] () MD5=F888E9C8C610011E91F6F0BD12E847AA -- C:\MGtools.exe

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %USERPROFILE%\AppData\Local\ /s >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2012/01/08 17:10:48 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2012/01/08 17:08:55 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2012/01/04 12:07:53 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2012/01/06 00:24:55 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk
[2012/01/04 12:06:13 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2012/01/10 12:10:58 | 000,000,000 | ---D | M] -- C:\Program Files\Brother
[2012/01/10 12:11:15 | 000,000,000 | ---D | M] -- C:\Program Files\Browny02
[2012/07/17 19:19:05 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2012/05/14 16:48:31 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2012/01/05 21:46:09 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2012/01/04 20:09:05 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2012/01/04 19:53:34 | 000,000,000 | -H-D | M] -- C:\Program Files\Creative Installation Information
[2012/05/25 12:10:44 | 000,000,000 | ---D | M] -- C:\Program Files\D2-1.12A-enUS
[2012/05/25 12:25:28 | 000,000,000 | ---D | M] -- C:\Program Files\D2LOD-1.12A-enUS
[2012/01/05 21:20:34 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
[2012/07/13 14:50:12 | 000,000,000 | ---D | M] -- C:\Program Files\Diablo III
[2012/02/20 22:35:43 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2012/01/06 12:10:05 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2012/01/06 17:33:54 | 000,000,000 | ---D | M] -- C:\Program Files\EA SPORTS
[2012/01/04 11:32:49 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2009/03/13 11:59:07 | 000,000,000 | ---D | M] -- C:\Program Files\eula
[2012/01/05 23:22:51 | 000,000,000 | ---D | M] -- C:\Program Files\Free Window Registry Repair
[2012/07/12 18:29:54 | 000,000,000 | ---D | M] -- C:\Program Files\GameSpy
[2012/01/06 16:17:12 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2012/01/06 01:41:26 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2012/01/04 11:58:41 | 000,000,000 | ---D | M] -- C:\Program Files\gs
[2012/07/17 20:23:03 | 000,000,000 | ---D | M] -- C:\Program Files\HitmanPro
[2012/02/22 17:53:27 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2012/07/12 08:15:17 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2012/05/06 14:28:34 | 000,000,000 | ---D | M] -- C:\Program Files\Investintech.com Inc
[2012/07/08 15:03:10 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2012/07/08 15:04:14 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2012/05/14 16:46:33 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/12/24 16:38:32 | 000,000,000 | ---D | M] -- C:\Program Files\LockHunter
[2009/03/13 11:59:07 | 000,000,000 | ---D | M] -- C:\Program Files\main
[2012/07/17 19:44:55 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/04 20:50:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2012/05/25 22:44:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Chart Controls
[2012/07/17 12:26:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2012/01/07 17:55:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/05/10 02:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2012/01/04 21:01:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/01/07 17:00:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2012/01/07 16:29:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2012/07/19 08:03:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2012/07/19 08:32:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
[2009/07/13 21:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/03/13 11:59:07 | 000,000,000 | ---D | M] -- C:\Program Files\msi
[2012/01/07 17:26:44 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2012/01/24 20:56:46 | 000,000,000 | ---D | M] -- C:\Program Files\Nem's Tools
[2012/01/10 12:07:55 | 000,000,000 | ---D | M] -- C:\Program Files\Nuance
[2012/05/14 16:54:11 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2012/01/04 16:44:23 | 000,000,000 | ---D | M] -- C:\Program Files\OpenAL
[2012/05/14 16:48:01 | 000,000,000 | ---D | M] -- C:\Program Files\Oracle
[2012/06/19 19:21:06 | 000,000,000 | ---D | M] -- C:\Program Files\Origin
[2012/01/06 16:38:42 | 000,000,000 | ---D | M] -- C:\Program Files\Origin Games
[2012/07/08 14:58:57 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2012/01/06 11:06:42 | 000,000,000 | ---D | M] -- C:\Program Files\Razer
[2009/07/13 21:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2012/01/15 18:58:21 | 000,000,000 | ---D | M] -- C:\Program Files\RoadKill
[2012/01/07 17:23:43 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2012/01/10 12:05:30 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2009/03/13 12:00:32 | 000,000,000 | ---D | M] -- C:\Program Files\Setup
[2009/03/13 11:59:05 | 000,000,000 | ---D | M] -- C:\Program Files\SetupRes
[2012/04/23 09:07:31 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2012/02/05 14:56:47 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2012/07/20 12:35:24 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2012/01/24 20:51:13 | 000,000,000 | ---D | M] -- C:\Program Files\StudioCompiler
[2009/03/13 11:59:15 | 000,000,000 | ---D | M] -- C:\Program Files\support
[2009/07/13 21:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2012/05/22 12:57:54 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2012/01/13 19:48:37 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrentBar
[2012/02/20 21:36:35 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2012/01/06 12:10:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2012/05/10 12:58:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2012/05/20 02:36:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2012/01/06 12:10:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2012/01/06 12:10:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/13 21:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2012/01/06 12:10:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2012/01/06 12:10:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2012/01/06 12:10:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2011/12/24 20:12:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Virtual PC
[2011/12/24 20:05:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows XP Mode
[2012/01/04 11:20:37 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2012/01/04 12:54:22 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2012/01/16 19:25:55 | 000,000,132 | ---- | M] () -- C:\Users\Tesher\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/01/27 16:03:24 | 000,000,132 | ---- | M] () -- C:\Users\Tesher\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2012/07/12 20:50:09 | 000,139,152 | ---- | M] () -- C:\Users\Tesher\AppData\Roaming\PnkBstrK.sys

< MD5 for: AFD.SYS >
[2011/04/24 19:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2010/11/20 01:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2010/11/20 00:40:04 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2008/01/20 19:22:25 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows.old\Windows\System32\drivers\afd.sys
[2008/01/20 19:22:25 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2011/04/24 19:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys
[2011/04/24 19:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011/04/24 19:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011/04/24 20:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2009/07/13 16:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 19:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2008/01/20 19:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 19:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\MGtools\temp\ERDNT\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2012/04/23 21:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\System32\cryptsvc.dll
[2012/04/23 21:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2012/04/23 21:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2012/04/23 21:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
[2008/01/20 19:22:43 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows.old\Windows\System32\cryptsvc.dll
[2008/01/20 19:22:43 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
[2009/07/13 18:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 04:18:26 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\ERDNT\cache\cryptsvc.dll
[2010/11/20 05:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2010/11/20 04:18:26 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2012/04/23 21:33:53 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=F522279B4717E2BFF269C771FAC2B78E -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2010/11/20 05:18:33 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=2FE30D71919C51131405797620E0A714 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_e3e9e6c8e09b7c76\dnsrslvr.dll
[2010/11/20 04:18:34 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=2FE30D71919C51131405797620E0A714 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_e3e9e6c8e09b7c76\dnsrslvr.dll
[2011/03/02 22:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=33EF4861F19A0736B11314AAD9AE28D0 -- C:\Windows\System32\dnsrslvr.dll
[2011/03/02 22:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=33EF4861F19A0736B11314AAD9AE28D0 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_e3a50618e0cfbec0\dnsrslvr.dll
[2011/03/02 22:29:23 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B15BE77A2BACF9C3177D27518AFE26A9 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_e1c0a9a6e3a78582\dnsrslvr.dll
[2011/03/02 22:50:46 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B3A0A4414D8EC1DD28018004CE8DCBEE -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_e28d2873fc92ad7b\dnsrslvr.dll
[2009/07/13 18:15:12 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=D0722E963D3C6145446874241401B209 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_e1b8d300e3acf8dc\dnsrslvr.dll
[2011/03/02 22:12:25 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=F3501CA4E93BF218C71CF9DEECEE838F -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_e431a3c1f9eaaa8f\dnsrslvr.dll
[2008/01/20 19:22:36 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=F5A0F1DA1ED8B429597E71D27D976E31 -- C:\Windows.old\Windows\System32\dnsrslvr.dll
[2008/01/20 19:22:36 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=F5A0F1DA1ED8B429597E71D27D976E31 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b\dnsrslvr.dll

< MD5 for: ES.DLL >
[2008/01/20 19:22:19 | 000,262,144 | ---- | M] (Microsoft Corporation) MD5=F4BF4FA769DB51B106D2B4B35256988B -- C:\Windows.old\Windows\System32\es.dll
[2008/01/20 19:22:19 | 000,262,144 | ---- | M] (Microsoft Corporation) MD5=F4BF4FA769DB51B106D2B4B35256988B -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18000_none_0ced9f1d51bda029\es.dll
[2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Users\Tesher\AppData\Local\temp\es.dll
[2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\ERDNT\cache\es.dll
[2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\System32\es.dll
[2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_0cc3f540b311359a\es.dll

< MD5 for: EXPLORER.EXE >
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2010/11/20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2008/01/20 19:22:34 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows.old\Windows\explorer.exe
[2008/01/20 19:22:34 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2009/07/13 18:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\System32\ipnathlp.dll
[2009/07/13 18:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_04a3b4c9aa9fddd8\ipnathlp.dll
[2008/01/20 19:22:17 | 000,288,256 | ---- | M] (Microsoft Corporation) MD5=E1499BD0FF76B1B2FBBF1AF339D91165 -- C:\Windows.old\Windows\System32\ipnathlp.dll
[2008/01/20 19:22:17 | 000,288,256 | ---- | M] (Microsoft Corporation) MD5=E1499BD0FF76B1B2FBBF1AF339D91165 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.0.6001.18000_none_04cd5ea6494c4867\ipnathlp.dll

< MD5 for: NETBT.SYS >
[2010/11/20 01:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys
[2010/11/20 00:39:46 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\System32\drivers\netbt.sys
[2010/11/20 00:39:46 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys
[2008/01/20 19:23:10 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows.old\Windows\System32\drivers\netbt.sys
[2008/01/20 19:23:10 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
[2009/07/13 16:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=DD52A733BF4CA5AF84562A5E2F963B91 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys

< MD5 for: NETMAN.DLL >
[2009/07/13 18:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\ERDNT\cache\netman.dll
[2009/07/13 18:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\System32\netman.dll
[2009/07/13 18:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_0f9371b9b32368a4\netman.dll
[2008/01/20 19:22:19 | 000,274,432 | ---- | M] (Microsoft Corporation) MD5=C8052711DAECC48B982434C5116CA401 -- C:\Windows.old\Windows\System32\netman.dll
[2008/01/20 19:22:19 | 000,274,432 | ---- | M] (Microsoft Corporation) MD5=C8052711DAECC48B982434C5116CA401 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.0.6001.18000_none_0fbd1b9651cfd333\netman.dll

< MD5 for: QMGR.DLL >
[2008/01/20 19:23:10 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows.old\Windows\System32\qmgr.dll
[2008/01/20 19:23:10 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2009/07/13 18:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll
[2010/11/20 04:21:00 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\ERDNT\cache\qmgr.dll
[2010/11/20 05:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll
[2010/11/20 04:21:00 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll
[2010/11/20 04:21:00 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

< MD5 for: RPCSS.DLL >
[2008/01/20 19:22:14 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=33FB1F0193EE2051067441492D56113C -- C:\Windows.old\Windows\System32\rpcss.dll
[2008/01/20 19:22:14 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=33FB1F0193EE2051067441492D56113C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
[2010/11/20 04:21:04 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\ERDNT\cache\rpcss.dll
[2010/11/20 05:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
[2010/11/20 04:21:04 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\System32\rpcss.dll
[2010/11/20 04:21:04 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
[2009/07/13 18:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) MD5=B82CD39E336973359D7C9BF911E8E84F -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll

tesher07 · Jul 20, 2012

< MD5 for: SERVICES.EXE >
[2008/01/20 19:22:56 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows.old\Windows\System32\services.exe
[2008/01/20 19:22:56 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
[2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009/07/13 18:14:36 | 000,259,072 | ---- | M] () Unable to obtain MD5 -- C:\FRST\Quarantine\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 19:21:53 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows.old\Windows\System32\svchost.exe
[2008/01/20 19:21:53 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/24 21:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011/09/29 09:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
[2011/04/24 21:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009/07/13 18:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010/11/20 05:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2010/11/20 04:30:14 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011/09/29 09:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2012/03/30 03:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
[2011/09/29 08:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
[2011/09/29 09:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\ERDNT\cache\tcpip.sys
[2011/09/29 09:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2011/04/24 23:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2012/03/30 03:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\System32\drivers\tcpip.sys
[2012/03/30 03:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2011/04/24 21:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2012/03/30 02:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2012/03/30 03:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys
[2008/01/20 19:23:13 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows.old\Windows\System32\drivers\tcpip.sys
[2008/01/20 19:23:13 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys

< MD5 for: TDX.SYS >
[2010/11/20 00:39:18 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\ERDNT\cache\tdx.sys
[2010/11/20 01:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[2010/11/20 00:39:18 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\System32\drivers\tdx.sys
[2010/11/20 00:39:18 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[2009/07/13 16:12:11 | 000,074,240 | ---- | M] (Microsoft Corporation) MD5=CB39E896A2A83702D1737BFD402B3542 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
[2008/01/20 19:23:00 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=D09276B1FAB033CE1D40DCBDF303D10F -- C:\Windows.old\Windows\System32\drivers\tdx.sys
[2008/01/20 19:23:00 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=D09276B1FAB033CE1D40DCBDF303D10F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys

< MD5 for: USERINIT.EXE >
[2008/01/20 19:22:58 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe
[2008/01/20 19:22:58 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2006/11/02 02:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/07/13 18:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys
[2008/01/20 19:21:29 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows.old\Windows\System32\drivers\volsnap.sys
[2008/01/20 19:21:29 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/20 19:21:29 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows.old\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys
[2010/11/20 05:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys
[2010/11/20 04:30:18 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys
[2010/11/20 04:30:18 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys
[2010/11/20 04:30:18 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/20 19:21:52 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\System32\wininit.exe
[2008/01/20 19:21:52 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/27 23:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/27 22:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2010/11/20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/13 18:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2008/01/20 19:22:59 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\System32\winlogon.exe
[2008/01/20 19:22:59 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WMISVC.DLL >
[2008/01/20 19:23:10 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=00B79A7C984678F24CF052E5BEB3A2F5 -- C:\Windows.old\Windows\System32\wbem\WMIsvc.dll
[2008/01/20 19:23:10 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=00B79A7C984678F24CF052E5BEB3A2F5 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.0.6001.18000_none_a0b2bbcff6f11e8e\WMIsvc.dll
[2009/07/13 18:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\System32\wbem\WMIsvc.dll
[2009/07/13 18:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7600.16385_none_a08911f35844b3ff\WMIsvc.dll
[2009/07/13 18:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_a2ba25bb55333799\WMIsvc.dll

< MD5 for: WSCSVC.DLL >
[2008/01/20 19:21:47 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=683DD16B590372F2C9661D277F35E49C -- C:\Windows.old\Windows\System32\wscsvc.dll
[2008/01/20 19:21:47 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=683DD16B590372F2C9661D277F35E49C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.0.6001.18000_none_1a405db2b218d641\wscsvc.dll
[2009/07/13 18:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\System32\wscsvc.dll
[2009/07/13 18:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16385_none_1a16b3d6136c6bb2\wscsvc.dll
[2009/07/13 18:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_1c47c79e105aef4c\wscsvc.dll
[2010/12/20 22:38:24 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=A661A76333057B383A06E65F0073222F -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16723_none_1a559a62133d85fa\wscsvc.dll
[2010/12/20 22:29:14 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=FC6DB3FF10A271A83A2CAFB340120FC4 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.20862_none_1ab2f7332c7c7c31\wscsvc.dll

========== Files - Unicode (All) ==========
[2011/12/25 18:00:31 | 000,010,127 | ---- | C] ()(C:\Users\Tesher\Documents\Coß?L.docx) -- C:\Users\Tesher\Documents\CoßλL.docx
[2008/04/09 20:18:27 | 000,010,127 | ---- | M] ()(C:\Users\Tesher\Documents\Coß?L.docx) -- C:\Users\Tesher\Documents\CoßλL.docx

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

tesher07 · Jul 20, 2012

EXTRAS:

OTL Extras logfile created on: 7/20/2012 1:08:32 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Tesher\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 69.30% Memory free
6.49 Gb Paging File | 5.44 Gb Available in Paging File | 83.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1397.25 Gb Total Space | 474.97 Gb Free Space | 33.99% Space Free | Partition Type: NTFS
Drive L: | 3.72 Gb Total Space | 3.72 Gb Free Space | 99.98% Space Free | Partition Type: FAT32

Computer Name: TESHER-PC | User Name: Tesher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio EasyArchive
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4650F3BF-F9ED-45AB-00A3-C927351E177F}" = Madden NFL 08
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6C6ED584-9F75-4235-8718-1F35B59814E8}" = Mamba Firmware Updater 1.13
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE49DA7-EDA4-4C63-AA06-DCDF6858C3F3}" = Razer Mamba
"{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}" = Brother MFL-Pro Suite MFC-J615W
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{84D58782-A2F0-47D4-A557-3041363893CF}" = Adobe Setup
"{8537ABE9-DCE4-4149-A0B4-9926E449AD01}" = ESET NOD32 Antivirus
"{894084B6-BC69-43B7-BF06-B93AECFEA520}" = GameSpy Comrade
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92A300C0-E97B-48CC-9702-AB1AAED167E1}" = Adobe Soundbooth CS3 Scores
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAC90D5F-B8B1-4A06-B888-F3A241124D0D}" = Roxio MyDVD Premier
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF60B320-3AA3-4DFB-B542-BDA6D4F1A60E}" = Razer Mamba
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C894CC24-0DEC-4340-BCC9-DD4310DF3BEC}_is1" = Able2Extract Professional 7.0
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Premier
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF3BA6A1-7FB1-4720-B911-942DA28C0811}" = Autodesk 3ds Max 2010 32-bit Additional Files (2010.06.08)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_19c4ee81f9cc4b3dffb9a17d9b648b2" = Adobe Soundbooth CS3
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio Control Panel
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"DivX Setup" = DivX Setup
"Free Window Registry Repair" = Free Window Registry Repair
"GCFScape_is1" = GCFScape 1.8.2
"GPL Ghostscript 9.04" = GPL Ghostscript
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LockHunter_is1" = LockHunter version 1.0 beta 3, 32 bit edition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"Picasa 3" = Picasa 3
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"PunkBusterSvc" = PunkBuster Services
"SFBM" = SoundFont Bank Manager
"Steam App 10170" = Wolfenstein
"Steam App 102600" = Orcs Must Die!
"Steam App 105450" = Age of Empires® III: Complete Collection
"Steam App 105600" = Terraria
"Steam App 107200" = Space Pirates and Zombies
"Steam App 107800" = Rochard
"Steam App 109410" = Brawl Busters
"Steam App 113200" = The Binding of Isaac
"Steam App 12160" = Midnight Club II
"Steam App 19900" = Far Cry 2
"Steam App 200210" = Realm of the Mad God
"Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
"Steam App 203770" = Crusader Kings II
"Steam App 203810" = Dear Esther
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 2100" = Dark Messiah Might and Magic Single Player
"Steam App 22380" = Fallout: New Vegas
"Steam App 2400" = The Ship
"Steam App 24240" = PAYDAY: The Heist
"Steam App 24860" = Battlefield 2
"Steam App 25890" = Hearts of Iron III
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 40400" = AI War: Fleet Command
"Steam App 42170" = Krater
"Steam App 43110" = Metro 2033
"Steam App 48000" = LIMBO
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 6850" = Hitman 2: Silent Assassin
"Steam App 6860" = Hitman: Blood Money
"Steam App 6900" = Hitman: Codename 47
"Steam App 8190" = Just Cause 2
"StudioCompiler" = StudioCompiler v0.4A
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VLC media player" = VLC media player 2.0.1
"VTFEdit_is1" = VTFEdit 1.3.3
"WaveStudio 7" = Creative WaveStudio 7
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/12/2012 2:11:10 PM | Computer Name = Tesher-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/07/12 11:11:10.331]: [00001024]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.65]

Error - 7/12/2012 2:12:22 PM | Computer Name = Tesher-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/07/12 11:12:22.331]: [00001024]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.65]

Error - 7/12/2012 2:13:33 PM | Computer Name = Tesher-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/07/12 11:13:33.331]: [00001024]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.65]

Error - 7/12/2012 2:14:44 PM | Computer Name = Tesher-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/07/12 11:14:44.331]: [00001024]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.65]

Error - 7/12/2012 2:15:57 PM | Computer Name = Tesher-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/07/12 11:15:57.331]: [00001024]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.65]

Error - 7/12/2012 2:17:10 PM | Computer Name = Tesher-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/07/12 11:17:10.332]: [00001024]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.65]

Error - 7/12/2012 2:18:22 PM | Computer Name = Tesher-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/07/12 11:18:22.331]: [00001024]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.65]

Error - 7/12/2012 2:19:33 PM | Computer Name = Tesher-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/07/12 11:19:33.331]: [00001024]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.65]

Error - 7/12/2012 2:20:44 PM | Computer Name = Tesher-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/07/12 11:20:44.331]: [00001024]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.65]

Error - 7/12/2012 2:21:57 PM | Computer Name = Tesher-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/07/12 11:21:57.331]: [00001024]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.65]

Error - 7/12/2012 2:23:10 PM | Computer Name = Tesher-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/07/12 11:23:10.331]: [00001024]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.65]

[ OSession Events ]
Error - 1/16/2012 3:03:21 PM | Computer Name = Tesher-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 610 seconds with 480 seconds of active time. This session ended with a crash.

Error - 2/21/2012 4:07:09 AM | Computer Name = Tesher-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 22379 seconds with 1260 seconds of active time. This session ended with
a crash.

Error - 6/10/2012 11:04:44 PM | Computer Name = Tesher-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1547
seconds with 480 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/20/2012 3:59:58 PM | Computer Name = Tesher-PC | Source = Service Control Manager | ID = 7003
Description = The epfwwfpr service depends the following service: BFE. This service
might not be installed.

Error - 7/20/2012 3:59:58 PM | Computer Name = Tesher-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 7/20/2012 3:59:58 PM | Computer Name = Tesher-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 7/20/2012 3:59:58 PM | Computer Name = Tesher-PC | Source = Service Control Manager | ID = 7003
Description = The SBSD Security Center Service service depends the following service:
wscsvc. This service might not be installed.

Error - 7/20/2012 3:59:58 PM | Computer Name = Tesher-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 7/20/2012 4:00:10 PM | Computer Name = Tesher-PC | Source = Service Control Manager | ID = 7003
Description = The epfwwfpr service depends the following service: BFE. This service
might not be installed.

Error - 7/20/2012 4:00:28 PM | Computer Name = Tesher-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 7/20/2012 4:00:28 PM | Computer Name = Tesher-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 7/20/2012 4:32:01 PM | Computer Name = Tesher-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 7/20/2012 4:32:01 PM | Computer Name = Tesher-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

< End of report >

Jay Pfoutz · Jul 21, 2012

It's okay. That services.exe is in Quarantine, meaning it is locked. It can no longer infect the computer. But, I've got it included in the fixes here...

Please run OTL

Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

:OTL
[2009/07/13 18:14:36 | 000,259,072 | ---- | M] () Unable to obtain MD5 -- C:\FRST\Quarantine\services.exe
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=2&q="
[2012/07/17 18:25:54 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Tesher\AppData\Roaming\Mozilla\Firefox\Profiles\1mp7cys1.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1)
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:CB0AACC9

:commands
[emptytemp]
[reboot]
Then click the Run Fix button at the top.
Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

tesher07 · Jul 21, 2012

All processes killed
========== OTL ==========
C:\FRST\Quarantine\services.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
C:\Program Files\uTorrentBar\prxtbuTo0.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files\uTorrentBar\prxtbuTo0.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "uTorrentBar Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=2&q=" removed from keyword.URL
C:\Users\Tesher\AppData\Roaming\Mozilla\Firefox\Profiles\1mp7cys1.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
C:\Users\Tesher\AppData\Roaming\Mozilla\Firefox\Profiles\1mp7cys1.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\Plugins folder moved successfully.
C:\Users\Tesher\AppData\Roaming\Mozilla\Firefox\Profiles\1mp7cys1.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules folder moved successfully.
C:\Users\Tesher\AppData\Roaming\Mozilla\Firefox\Profiles\1mp7cys1.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.
C:\Users\Tesher\AppData\Roaming\Mozilla\Firefox\Profiles\1mp7cys1.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
C:\Users\Tesher\AppData\Roaming\Mozilla\Firefox\Profiles\1mp7cys1.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
C:\Users\Tesher\AppData\Roaming\Mozilla\Firefox\Profiles\1mp7cys1.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.
C:\Users\Tesher\AppData\Roaming\Mozilla\Firefox\Profiles\1mp7cys1.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files\uTorrentBar\prxtbuTo0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
File C:\Program Files\uTorrentBar\prxtbuTo0.dll not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Tesher
->Temp folder emptied: 100334638 bytes
->Temporary Internet Files folder emptied: 7085506 bytes
->Java cache emptied: 722653 bytes
->FireFox cache emptied: 1156375295 bytes
->Flash cache emptied: 59904 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26204359 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2765482 bytes

Total Files Cleaned = 1,234.00 mb

OTL by OldTimer - Version 3.2.54.0 log created on 07212012_112756

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

tesher07 · Jul 21, 2012

Also my antivirus still has the error so I went to check the services.msc to see if I was missing files and apparently the "basic filtering engine" is missing for the ESETNOD 32, and my "Windows update service" is missing from the list. Are these caused by the virus? So in turn I am unable to run my windows update at all.

Jay Pfoutz · Jul 22, 2012

May very well be. We'll continue fixes...

Please run Panda ActiveScan online scan.

Choose Quick Scan then click the big green Scan now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
Once the scan is completed, please hit the notepad icon next to the text Export to:
Save it to a convenient location such as your Desktop
Post the contents of the ActiveScan.txt in your next reply

tesher07 · Jul 22, 2012

;***********************************************************************************************************************************************************************************
ANALYSIS: 2012-07-22 16:30:01
PROTECTIONS: 1
MALWARE: 0
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
ESET NOD32 Antivirus 5.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\mgtools.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

So I guess I'm virus free but my ESET Nod and windows update are still not working.

Jay Pfoutz · Jul 23, 2012

Do you have backup download of ESET software with disc or online account?

What about service key?

tesher07 · Jul 23, 2012

I could probably re download it online but what about the windows update than?

Jay Pfoutz · Jul 23, 2012

For the ESET software, I can see that reinstalling it should repair the issue...but the protection is still active and working according to the Panda ActiveScan log above.

Now, I would like for you to run a test for me...

Please test your DNS Resolution by visiting here: http://www.dns-ok.us/

Tell me if that is green or not...

Also for this site: http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

Tell me if you see all six images at the top...

tesher07 · Jul 23, 2012

Says it can no longer determine if your computer is infected as the servers were deactivated on July 9.

Also I see all six images.

I might just follow the instructions to replace the missing files in the service.msc.

Solved Sirefef trojan

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 4,279 +49

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 4,279 +49

Posts: 26 +0

Posts: 4,279 +49

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 4,279 +49

Posts: 26 +0

Posts: 26 +0

Posts: 4,279 +49

Posts: 26 +0

Posts: 4,279 +49

Posts: 26 +0

Posts: 4,279 +49

Posts: 26 +0

Similar threads