Jump to content

JoeLangston

Honorary Members
  • Posts

    22
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Roguekiller seems to be stuck at Policy Hijacks -> (HJ INPROC) for about three hours. Going to wait several more hours, then try again.
  2. Um, before I start, I got another problem. When I save a file using IE or Firefox, I can't seem my files in the directory. When I check to see if they are there from Windows Explores, I can see and interact with them but trying to browse them through Firefox or IE, nothing. Running Malware and MSE right now.
  3. Nope and nope, nothing found. That sucker from the logs that I have posted hasn't been showing up so everything seems to be clear for now. Btw, which AV should I be looking into? Keep MSE or look at something else?
  4. No for the alerts and Microsoft Security Essentials for the av.
  5. It didn't find a thing.... --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16635 Java version: 1.6.0_31 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.131000 GHz Memory total: 8585207808, free: 4881788928 Downloaded database version: v2013.07.21.03 Downloaded database version: v2013.07.15.01 Initializing... ------------ Kernel report ------------ 07/21/2013 10:02:42 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\sptd.sys \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\vsflt53.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\DRIVERS\jraid.sys \SystemRoot\system32\DRIVERS\SCSIPORT.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\vididr.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\system32\DRIVERS\snapman.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\dtsoftbus01.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\drivers\usbuhci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\AN983X64.sys \SystemRoot\system32\DRIVERS\DLKRT64.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\tapoas.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\flpydisk.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtihdW76.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\DlinkNdPt60.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\atksgt.sys \??\C:\Windows\system32\drivers\dokan.sys \SystemRoot\system32\DRIVERS\lirsgt.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \SystemRoot\System32\ATMFD.DLL \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\nsi.dll \Windows\System32\ole32.dll \Windows\System32\psapi.dll \Windows\System32\normaliz.dll \Windows\System32\kernel32.dll \Windows\System32\imagehlp.dll \Windows\System32\iertutil.dll \Windows\System32\rpcrt4.dll \Windows\System32\comdlg32.dll \Windows\System32\msvcrt.dll \Windows\System32\ws2_32.dll \Windows\System32\usp10.dll \Windows\System32\sechost.dll \Windows\System32\imm32.dll \Windows\System32\clbcatq.dll \Windows\System32\setupapi.dll \Windows\System32\lpk.dll \Windows\System32\shlwapi.dll \Windows\System32\gdi32.dll \Windows\System32\advapi32.dll \Windows\System32\urlmon.dll \Windows\System32\wininet.dll \Windows\System32\difxapi.dll \Windows\System32\user32.dll \Windows\System32\shell32.dll \Windows\System32\msctf.dll \Windows\System32\Wldap32.dll \Windows\System32\oleaut32.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\cfgmgr32.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\wintrust.dll \Windows\System32\devobj.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\KernelBase.dll \Windows\System32\crypt32.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800782c060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-5\ Lower Device Object: 0xfffffa800752d060 Lower Device Driver Name: \Driver\atapi\ IRP handler 0 of \Driver\atapi points to an unknown module Unhooking enabled. <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800782c060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-5\ Lower Device Object: 0xfffffa800752d060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa800782c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800767a940, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xfffffa800782cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800782c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8007678de0, DeviceName: Unknown, DriverName: \Driver\vidsflt53\ DevicePointer: 0xfffffa80066a5480, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa800752d060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-5\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\ Upper DeviceData: 0xfffff8a01237ce10, 0xfffffa800782c060, 0xfffffa8008200090 Lower DeviceData: 0xfffff8a00fd34290, 0xfffffa800752d060, 0xfffffa80081cfe40 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 26BE2C6E Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 3907026944 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 2000398934016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-3907009168-3907029168)... Done! Scan finished ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16635 Java version: 1.6.0_31 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.131000 GHz Memory total: 8585207808, free: 4481003520 ======================================= Malwarebytes Anti-Rootkit BETA 1.06.0.1004 www.malwarebytes.org Database version: v2013.07.21.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 Peter :: MAIN [administrator] 7/21/2013 10:02:47 AM mbar-log-2013-07-21 (10-02-47).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged. Objects scanned: 251806 Time elapsed: 13 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end)
  6. My concern is that for the past hour, I have been getting this message from Malwarebytes. I don't see the capmasxihyzu.exe files even with that folder having its hidden attribute unchecked. What is going on there? 2013/07/20 14:58:56 -0400 MAIN (null) MESSAGE Executing scheduled update: Daily 2013/07/20 14:58:57 -0400 MAIN (null) ERROR Scheduled update failed: Host not found failed with error code 0 2013/07/20 14:58:59 -0400 MAIN (null) MESSAGE Starting protection 2013/07/20 14:58:59 -0400 MAIN (null) MESSAGE Protection started successfully 2013/07/20 14:58:59 -0400 MAIN (null) MESSAGE Starting IP protection 2013/07/20 14:59:01 -0400 MAIN (null) MESSAGE IP Protection started successfully 2013/07/20 15:00:09 -0400 MAIN Peter DETECTION C:\Users\Peter\capmasxihyzu.exe Trojan.Agent.BH QUARANTINE 2013/07/20 15:11:57 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 49911, Process: explorer.exe) 2013/07/20 15:12:13 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 49913, Process: explorer.exe) 2013/07/20 15:12:21 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 49915, Process: explorer.exe) 2013/07/20 15:12:29 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 49916, Process: explorer.exe) 2013/07/20 15:12:37 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 49918, Process: explorer.exe) 2013/07/20 15:12:53 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 49933, Process: explorer.exe) 2013/07/20 15:13:49 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 49941, Process: explorer.exe) 2013/07/20 15:13:57 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 49988, Process: explorer.exe) 2013/07/20 15:14:05 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50090, Process: explorer.exe) 2013/07/20 15:14:21 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50128, Process: explorer.exe) 2013/07/20 15:14:29 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50138, Process: explorer.exe) 2013/07/20 15:14:38 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50139, Process: explorer.exe) 2013/07/20 15:14:38 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50142, Process: explorer.exe) 2013/07/20 15:14:38 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50143, Process: explorer.exe) 2013/07/20 15:14:38 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50149, Process: explorer.exe) 2013/07/20 15:14:46 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50152, Process: explorer.exe) 2013/07/20 15:14:46 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50153, Process: explorer.exe) 2013/07/20 15:14:46 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50154, Process: explorer.exe) 2013/07/20 15:14:54 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50155, Process: explorer.exe) 2013/07/20 15:14:54 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50156, Process: explorer.exe) 2013/07/20 15:14:54 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50157, Process: explorer.exe) 2013/07/20 15:15:02 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50173, Process: explorer.exe) 2013/07/20 15:15:02 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50175, Process: explorer.exe) 2013/07/20 15:15:10 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50223, Process: explorer.exe) 2013/07/20 15:15:10 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50222, Process: explorer.exe) 2013/07/20 15:15:26 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50301, Process: explorer.exe) 2013/07/20 15:15:26 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50302, Process: explorer.exe) 2013/07/20 15:15:34 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50333, Process: explorer.exe) 2013/07/20 15:15:42 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50335, Process: explorer.exe) 2013/07/20 15:15:50 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50337, Process: explorer.exe) 2013/07/20 15:15:58 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50345, Process: explorer.exe) 2013/07/20 15:15:58 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50348, Process: explorer.exe) 2013/07/20 15:16:06 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50349, Process: explorer.exe) 2013/07/20 15:16:06 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50352, Process: explorer.exe) 2013/07/20 15:16:14 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50356, Process: explorer.exe) 2013/07/20 15:16:30 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50371, Process: explorer.exe) 2013/07/20 15:16:38 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50374, Process: explorer.exe) 2013/07/20 15:16:46 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50378, Process: explorer.exe) 2013/07/20 15:16:54 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50387, Process: explorer.exe) 2013/07/20 15:17:02 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50409, Process: explorer.exe) 2013/07/20 15:17:18 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50415, Process: explorer.exe) 2013/07/20 15:17:26 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50416, Process: explorer.exe) 2013/07/20 15:19:06 -0400 MAIN (null) MESSAGE Starting protection 2013/07/20 15:19:06 -0400 MAIN (null) MESSAGE Protection started successfully 2013/07/20 15:19:06 -0400 MAIN (null) MESSAGE Starting IP protection 2013/07/20 15:19:08 -0400 MAIN (null) MESSAGE IP Protection started successfully 2013/07/20 15:25:53 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50865, Process: explorer.exe) 2013/07/20 15:25:54 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50867, Process: explorer.exe) 2013/07/20 15:25:54 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50869, Process: explorer.exe) 2013/07/20 15:26:02 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50905, Process: explorer.exe) 2013/07/20 15:26:02 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50906, Process: explorer.exe) 2013/07/20 15:26:02 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50907, Process: explorer.exe) 2013/07/20 15:26:10 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50913, Process: explorer.exe) 2013/07/20 15:26:10 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50914, Process: explorer.exe) 2013/07/20 15:26:10 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50915, Process: explorer.exe) 2013/07/20 15:26:18 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50918, Process: explorer.exe) 2013/07/20 15:26:18 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50919, Process: explorer.exe) 2013/07/20 15:26:18 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 50921, Process: explorer.exe) 2013/07/20 15:26:26 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 51022, Process: explorer.exe) 2013/07/20 15:26:26 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 51116, Process: explorer.exe) 2013/07/20 15:26:26 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 51117, Process: explorer.exe) 2013/07/20 15:26:34 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 51154, Process: explorer.exe) 2013/07/20 15:26:43 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 51156, Process: explorer.exe) 2013/07/20 15:26:43 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 51157, Process: explorer.exe) 2013/07/20 15:26:51 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 51175, Process: explorer.exe) 2013/07/20 15:26:51 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 51177, Process: explorer.exe) 2013/07/20 15:26:59 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 51335, Process: explorer.exe) 2013/07/20 15:26:59 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 51336, Process: explorer.exe) 2013/07/20 15:27:15 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 51393, Process: explorer.exe) 2013/07/20 15:27:15 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 51394, Process: explorer.exe) 2013/07/20 15:28:12 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 51876, Process: explorer.exe) 2013/07/20 15:28:12 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 51877, Process: explorer.exe) 2013/07/20 15:28:12 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 51878, Process: explorer.exe) 2013/07/20 15:28:20 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 51891, Process: explorer.exe) 2013/07/20 15:28:20 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 51892, Process: explorer.exe) 2013/07/20 15:28:20 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 51893, Process: explorer.exe) 2013/07/20 15:28:36 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 51918, Process: explorer.exe) 2013/07/20 15:28:36 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 51919, Process: explorer.exe) 2013/07/20 15:28:36 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 51920, Process: explorer.exe) 2013/07/20 15:28:44 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52100, Process: explorer.exe) 2013/07/20 15:28:44 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52102, Process: explorer.exe) 2013/07/20 15:28:44 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52103, Process: explorer.exe) 2013/07/20 15:28:44 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52115, Process: explorer.exe) 2013/07/20 15:28:52 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52133, Process: explorer.exe) 2013/07/20 15:28:52 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52134, Process: explorer.exe) 2013/07/20 15:28:52 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52135, Process: explorer.exe) 2013/07/20 15:29:00 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52141, Process: explorer.exe) 2013/07/20 15:29:00 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52143, Process: explorer.exe) 2013/07/20 15:29:00 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52148, Process: explorer.exe) 2013/07/20 15:29:00 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52149, Process: explorer.exe) 2013/07/20 15:29:00 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52150, Process: explorer.exe) 2013/07/20 15:29:08 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52152, Process: explorer.exe) 2013/07/20 15:29:08 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52153, Process: explorer.exe) 2013/07/20 15:29:16 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52156, Process: explorer.exe) 2013/07/20 15:29:24 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52160, Process: explorer.exe) 2013/07/20 15:29:33 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52208, Process: explorer.exe) 2013/07/20 15:29:49 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52254, Process: explorer.exe) 2013/07/20 15:30:13 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52390, Process: explorer.exe) 2013/07/20 15:30:21 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52415, Process: explorer.exe) 2013/07/20 15:30:29 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52507, Process: explorer.exe) 2013/07/20 15:30:37 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52593, Process: explorer.exe) 2013/07/20 15:30:53 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52718, Process: explorer.exe) 2013/07/20 15:31:01 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52789, Process: explorer.exe) 2013/07/20 15:31:09 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52831, Process: explorer.exe) 2013/07/20 15:31:17 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52852, Process: explorer.exe) 2013/07/20 15:31:34 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52858, Process: explorer.exe) 2013/07/20 15:31:42 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52871, Process: explorer.exe) 2013/07/20 15:31:50 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52893, Process: explorer.exe) 2013/07/20 15:31:50 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52894, Process: explorer.exe) 2013/07/20 15:31:50 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52899, Process: explorer.exe) 2013/07/20 15:31:58 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52902, Process: explorer.exe) 2013/07/20 15:31:58 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52903, Process: explorer.exe) 2013/07/20 15:31:58 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52906, Process: explorer.exe) 2013/07/20 15:32:06 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52922, Process: explorer.exe) 2013/07/20 15:32:06 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 52923, Process: explorer.exe) 2013/07/20 15:32:31 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 53425, Process: explorer.exe) 2013/07/20 15:32:39 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 53491, Process: explorer.exe) 2013/07/20 15:32:48 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 53526, Process: explorer.exe) 2013/07/20 15:33:12 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 53739, Process: explorer.exe) 2013/07/20 15:33:20 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54146, Process: explorer.exe) 2013/07/20 15:33:29 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54272, Process: explorer.exe) 2013/07/20 15:33:45 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54276, Process: explorer.exe) 2013/07/20 15:33:53 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54277, Process: explorer.exe) 2013/07/20 15:33:53 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54279, Process: explorer.exe) 2013/07/20 15:33:53 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54281, Process: explorer.exe) 2013/07/20 15:33:53 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54282, Process: explorer.exe) 2013/07/20 15:34:01 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54332, Process: explorer.exe) 2013/07/20 15:34:01 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54333, Process: explorer.exe) 2013/07/20 15:34:01 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54336, Process: explorer.exe) 2013/07/20 15:34:09 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54349, Process: explorer.exe) 2013/07/20 15:34:09 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54350, Process: explorer.exe) 2013/07/20 15:34:09 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54351, Process: explorer.exe) 2013/07/20 15:34:33 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54391, Process: explorer.exe) 2013/07/20 15:34:33 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54393, Process: explorer.exe) 2013/07/20 15:34:33 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54394, Process: explorer.exe) 2013/07/20 15:34:41 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54453, Process: explorer.exe) 2013/07/20 15:34:41 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54464, Process: explorer.exe) 2013/07/20 15:34:41 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54465, Process: explorer.exe) 2013/07/20 15:34:50 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54474, Process: explorer.exe) 2013/07/20 15:34:50 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54488, Process: explorer.exe) 2013/07/20 15:35:06 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54539, Process: explorer.exe) 2013/07/20 15:35:14 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54567, Process: explorer.exe) 2013/07/20 15:35:22 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54696, Process: explorer.exe) 2013/07/20 15:35:30 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54721, Process: explorer.exe) 2013/07/20 15:35:47 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54732, Process: explorer.exe) 2013/07/20 15:36:52 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54873, Process: explorer.exe) 2013/07/20 15:36:52 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54875, Process: explorer.exe) 2013/07/20 15:37:00 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54877, Process: explorer.exe) 2013/07/20 15:37:00 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54878, Process: explorer.exe) 2013/07/20 15:37:08 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54879, Process: explorer.exe) 2013/07/20 15:37:08 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54880, Process: explorer.exe) 2013/07/20 15:37:16 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54881, Process: explorer.exe) 2013/07/20 15:37:24 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54883, Process: explorer.exe) 2013/07/20 15:37:24 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54886, Process: explorer.exe) 2013/07/20 15:37:24 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54887, Process: explorer.exe) 2013/07/20 15:37:32 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54888, Process: explorer.exe) 2013/07/20 15:37:32 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54889, Process: explorer.exe) 2013/07/20 15:37:40 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54890, Process: explorer.exe) 2013/07/20 15:37:40 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54891, Process: explorer.exe) 2013/07/20 15:37:40 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54892, Process: explorer.exe) 2013/07/20 15:37:48 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54893, Process: explorer.exe) 2013/07/20 15:37:56 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54895, Process: explorer.exe) 2013/07/20 15:38:04 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 54896, Process: explorer.exe) 2013/07/20 15:39:25 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 55096, Process: explorer.exe) 2013/07/20 15:39:25 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 55098, Process: explorer.exe) 2013/07/20 15:39:33 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 55113, Process: explorer.exe) 2013/07/20 15:39:33 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 55115, Process: explorer.exe) 2013/07/20 15:39:33 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 55117, Process: explorer.exe) 2013/07/20 15:39:33 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 55118, Process: explorer.exe) 2013/07/20 15:39:41 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 55123, Process: explorer.exe) 2013/07/20 15:39:41 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 55124, Process: explorer.exe) 2013/07/20 15:39:41 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 55125, Process: explorer.exe) 2013/07/20 15:39:41 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 55126, Process: explorer.exe) 2013/07/20 15:39:49 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 55133, Process: explorer.exe) 2013/07/20 15:39:49 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 55134, Process: explorer.exe) 2013/07/20 15:39:49 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 55136, Process: explorer.exe) 2013/07/20 15:39:49 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 55137, Process: explorer.exe) 2013/07/20 15:40:05 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 55152, Process: explorer.exe) 2013/07/20 15:40:05 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 55151, Process: explorer.exe) 2013/07/20 15:40:13 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 55167, Process: explorer.exe) 2013/07/20 15:40:13 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 55168, Process: explorer.exe) 2013/07/20 15:41:26 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 55879, Process: explorer.exe) 2013/07/20 15:41:34 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 55902, Process: explorer.exe) 2013/07/20 15:41:34 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 55905, Process: explorer.exe) 2013/07/20 15:41:34 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 55911, Process: explorer.exe) 2013/07/20 15:41:42 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 56012, Process: explorer.exe) 2013/07/20 15:41:50 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 56025, Process: explorer.exe) 2013/07/20 15:41:50 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 56042, Process: explorer.exe) 2013/07/20 15:41:58 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 56179, Process: explorer.exe) 2013/07/20 15:41:58 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 56200, Process: explorer.exe) 2013/07/20 15:42:06 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 56308, Process: explorer.exe) 2013/07/20 15:42:06 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 56323, Process: explorer.exe) 2013/07/20 15:42:14 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 56467, Process: explorer.exe) 2013/07/20 15:42:14 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 56484, Process: explorer.exe) 2013/07/20 15:42:22 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 56644, Process: explorer.exe) 2013/07/20 15:42:22 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 56658, Process: explorer.exe) 2013/07/20 15:43:26 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 57621, Process: explorer.exe) 2013/07/20 15:43:26 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 57630, Process: explorer.exe) 2013/07/20 15:43:34 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 57803, Process: explorer.exe) 2013/07/20 15:43:34 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 57806, Process: explorer.exe) 2013/07/20 15:43:42 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 57956, Process: explorer.exe) 2013/07/20 15:43:51 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 57960, Process: explorer.exe) 2013/07/20 15:43:51 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 58014, Process: explorer.exe) 2013/07/20 15:43:59 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 58059, Process: explorer.exe) 2013/07/20 15:44:07 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 58094, Process: explorer.exe) 2013/07/20 15:44:07 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 58100, Process: explorer.exe) 2013/07/20 15:44:15 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 58123, Process: explorer.exe) 2013/07/20 15:44:15 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 58126, Process: explorer.exe) 2013/07/20 15:44:23 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 58200, Process: explorer.exe) 2013/07/20 15:44:31 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 58259, Process: explorer.exe) 2013/07/20 15:44:39 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 58321, Process: explorer.exe) 2013/07/20 15:44:39 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 58392, Process: explorer.exe) 2013/07/20 15:44:47 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 58409, Process: explorer.exe) 2013/07/20 15:44:55 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 58418, Process: explorer.exe) 2013/07/20 15:44:55 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 58432, Process: explorer.exe) 2013/07/20 15:45:03 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 58449, Process: explorer.exe) 2013/07/20 15:45:03 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 58493, Process: explorer.exe) 2013/07/20 15:45:11 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 58539, Process: explorer.exe) 2013/07/20 15:45:19 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 58540, Process: explorer.exe) 2013/07/20 15:45:19 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 58549, Process: explorer.exe) 2013/07/20 15:45:59 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 58706, Process: explorer.exe) 2013/07/20 15:45:59 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 58708, Process: explorer.exe) 2013/07/20 15:46:07 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 58828, Process: explorer.exe) 2013/07/20 15:46:07 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 58831, Process: explorer.exe) 2013/07/20 15:46:15 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 58983, Process: explorer.exe) 2013/07/20 15:46:15 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 58985, Process: explorer.exe) 2013/07/20 15:46:23 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 59067, Process: explorer.exe) 2013/07/20 15:46:39 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 59120, Process: explorer.exe) 2013/07/20 15:46:47 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 59124, Process: explorer.exe) 2013/07/20 15:48:56 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 60269, Process: explorer.exe) 2013/07/20 15:48:56 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 60270, Process: explorer.exe) 2013/07/20 15:49:04 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 60319, Process: explorer.exe) 2013/07/20 15:49:04 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 60320, Process: explorer.exe) 2013/07/20 15:49:20 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 60367, Process: explorer.exe) 2013/07/20 15:49:20 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 60368, Process: explorer.exe) 2013/07/20 15:49:28 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 60425, Process: explorer.exe) 2013/07/20 15:49:28 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 60426, Process: explorer.exe) 2013/07/20 15:49:36 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 60458, Process: explorer.exe) 2013/07/20 15:49:36 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 60459, Process: explorer.exe) 2013/07/20 15:49:44 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 60573, Process: explorer.exe) 2013/07/20 15:49:44 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 60574, Process: explorer.exe) 2013/07/20 15:49:52 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 60585, Process: explorer.exe) 2013/07/20 15:49:52 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 60587, Process: explorer.exe) 2013/07/20 15:50:00 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 60626, Process: explorer.exe) 2013/07/20 15:50:00 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 60627, Process: explorer.exe) 2013/07/20 15:50:09 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 60691, Process: explorer.exe) 2013/07/20 15:50:09 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 60693, Process: explorer.exe) 2013/07/20 15:50:17 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 60717, Process: explorer.exe) 2013/07/20 15:50:33 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 60731, Process: explorer.exe) 2013/07/20 15:50:41 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 60767, Process: explorer.exe) 2013/07/20 15:53:22 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 61631, Process: explorer.exe) 2013/07/20 15:53:30 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 61651, Process: explorer.exe) 2013/07/20 15:53:38 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 61668, Process: explorer.exe) 2013/07/20 15:53:46 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 61676, Process: explorer.exe) 2013/07/20 15:54:02 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 61704, Process: explorer.exe) 2013/07/20 15:54:10 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 61732, Process: explorer.exe) 2013/07/20 15:56:44 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 62399, Process: explorer.exe) 2013/07/20 15:56:52 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 62444, Process: explorer.exe) 2013/07/20 15:57:08 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 62470, Process: explorer.exe) 2013/07/20 15:57:16 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 62526, Process: explorer.exe) 2013/07/20 15:57:24 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 62618, Process: explorer.exe) 2013/07/20 15:57:32 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 62631, Process: explorer.exe) 2013/07/20 15:57:32 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 62685, Process: explorer.exe) 2013/07/20 15:57:40 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 62690, Process: explorer.exe) 2013/07/20 15:57:48 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 62696, Process: explorer.exe) 2013/07/20 15:58:04 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 62705, Process: explorer.exe) 2013/07/20 15:58:04 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 62707, Process: explorer.exe) 2013/07/20 15:58:04 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 62708, Process: explorer.exe) 2013/07/20 15:58:12 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 62715, Process: explorer.exe) 2013/07/20 15:58:12 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 62716, Process: explorer.exe) 2013/07/20 15:58:12 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 62717, Process: explorer.exe) 2013/07/20 15:58:20 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 62718, Process: explorer.exe) 2013/07/20 15:58:21 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 62719, Process: explorer.exe) 2013/07/20 15:58:21 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 62720, Process: explorer.exe) 2013/07/20 15:58:29 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 62721, Process: explorer.exe) 2013/07/20 15:58:29 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 62723, Process: explorer.exe) 2013/07/20 15:58:29 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 62724, Process: explorer.exe) 2013/07/20 15:58:45 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 62769, Process: explorer.exe) 2013/07/20 15:58:45 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 62770, Process: explorer.exe) 2013/07/20 15:58:45 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 62771, Process: explorer.exe) 2013/07/20 15:58:53 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 62845, Process: explorer.exe) 2013/07/20 15:58:53 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 62844, Process: explorer.exe) 2013/07/20 15:58:53 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 62846, Process: explorer.exe) 2013/07/20 15:59:41 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 63187, Process: explorer.exe) 2013/07/20 15:59:49 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 63387, Process: explorer.exe) 2013/07/20 15:59:57 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 63539, Process: explorer.exe) 2013/07/20 16:05:34 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 64795, Process: explorer.exe) 2013/07/20 16:05:50 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 64806, Process: explorer.exe) 2013/07/20 16:05:58 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 64811, Process: explorer.exe) 2013/07/20 16:06:06 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 64812, Process: explorer.exe) 2013/07/20 16:06:14 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 64875, Process: explorer.exe) 2013/07/20 16:06:22 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 64890, Process: explorer.exe) 2013/07/20 16:06:30 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 64930, Process: explorer.exe) 2013/07/20 16:06:38 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 64945, Process: explorer.exe) 2013/07/20 16:06:46 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 64955, Process: explorer.exe) 2013/07/20 16:07:02 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 64969, Process: explorer.exe) 2013/07/20 16:07:11 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 64971, Process: explorer.exe) 2013/07/20 16:07:19 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 64973, Process: explorer.exe) 2013/07/20 16:07:19 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 64974, Process: explorer.exe) 2013/07/20 16:07:35 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 65007, Process: explorer.exe) 2013/07/20 16:07:43 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 65010, Process: explorer.exe) 2013/07/20 16:07:51 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 65022, Process: explorer.exe) 2013/07/20 16:07:59 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 65038, Process: explorer.exe) 2013/07/20 16:08:15 -0400 MAIN Peter IP-BLOCK 95.211.194.79 (Type: outgoing, Port: 65050, Process: explorer.exe)
  7. All processes killed ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Peter\Downloads\cmd.bat deleted successfully. C:\Users\Peter\Downloads\cmd.txt deleted successfully. C:\$RECYCLE.BIN\S-1-5-21-1726822986-547998923-3148758179-1000\$R0C740E28 moved successfully. C:\$RECYCLE.BIN\S-1-5-21-1726822986-547998923-3148758179-1000\$REC903915 moved successfully. C:\$RECYCLE.BIN\S-1-5-21-1726822986-547998923-3148758179-1000\$RG459P9.exe moved successfully. C:\$RECYCLE.BIN\S-1-5-21-1726822986-547998923-3148758179-1000\$RUN3WPF.exe moved successfully. C:\FRST\Quarantine\$e0b61d80456309018e2f1a6e90bde171 folder moved successfully. C:\FRST\Quarantine folder moved successfully. C:\FRST\Logs folder moved successfully. C:\FRST\Hives\Users\00000002 folder moved successfully. C:\FRST\Hives\Users\00000001 folder moved successfully. C:\FRST\Hives\Users folder moved successfully. C:\FRST\Hives folder moved successfully. C:\FRST folder moved successfully. C:\TDSSKiller_Quarantine\02.08.2012_12.24.45\tdlfs0000 folder moved successfully. C:\TDSSKiller_Quarantine\02.08.2012_12.24.45 folder moved successfully. C:\TDSSKiller_Quarantine\02.08.2012_11.32.58\mbr0000\tdlfs0000 folder moved successfully. C:\TDSSKiller_Quarantine\02.08.2012_11.32.58\mbr0000\mbr0000 folder moved successfully. C:\TDSSKiller_Quarantine\02.08.2012_11.32.58\mbr0000 folder moved successfully. C:\TDSSKiller_Quarantine\02.08.2012_11.32.58 folder moved successfully. C:\TDSSKiller_Quarantine\01.08.2012_16.58.12\mbr0000\tdlfs0000 folder moved successfully. C:\TDSSKiller_Quarantine\01.08.2012_16.58.12\mbr0000\mbr0000 folder moved successfully. C:\TDSSKiller_Quarantine\01.08.2012_16.58.12\mbr0000 folder moved successfully. C:\TDSSKiller_Quarantine\01.08.2012_16.58.12 folder moved successfully. C:\TDSSKiller_Quarantine folder moved successfully. C:\Users\Peter\AppData\Local\Temp\abc.cfg moved successfully. C:\Users\Peter\AppData\Local\Temp\air3215.exe moved successfully. DllUnregisterServer procedure not found in C:\Users\Peter\AppData\Local\Temp\zjfwwijd\zjfwwijd.dll C:\Users\Peter\AppData\Local\Temp\zjfwwijd\zjfwwijd.dll moved successfully. DllUnregisterServer procedure not found in C:\Users\Peter\AppData\Local\Temp\ztnuse\ztnuse.dll C:\Users\Peter\AppData\Local\Temp\ztnuse\ztnuse.dll moved successfully. C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\7bd7fccb-7525923f moved successfully. C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\3e83c098-6ab9fc20 moved successfully. C:\Users\Peter\Downloads\cbsidlm-tr1_13-EaseUS_Disk_Copy_Home_Edition-ORG-10867157.exe moved successfully. C:\Users\Peter\Downloads\DTLite4451-0236.exe moved successfully. C:\Users\Peter\Downloads\iLividSetupV1.exe moved successfully. C:\Users\Peter\Downloads\setup (1).exe moved successfully. C:\Windows.old\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000cf moved successfully. C:\Windows.old\Users\Main\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\44d47de1-23e8ed4c moved successfully. C:\Windows.old\Users\Main\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-46647444 moved successfully. C:\Windows.old\Users\Main\AppData\Roaming\E61CEEB9D0CAA7ED9AAA12C1A819FC54\enemies-names.txt moved successfully. C:\Windows.old\Users\Main\AppData\Roaming\XFFF3ppnG5aQ6dK\AV Protection 2011v121.exe moved successfully. C:\Windows.old\Users\Main\Downloads\CrystalDiskInfo4_0_2a-en.exe moved successfully. C:\Windows.old\Users\Main\Downloads\GOMPLAYERENSETUP(2).EXE moved successfully. C:\Windows.old\Users\Main\Downloads\GOMPLAYERENSETUP.EXE moved successfully. C:\Windows.old\Users\Main\Downloads\KeyFinderInstaller.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56504 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Peter ->Temp folder emptied: 5932242505 bytes ->Temporary Internet Files folder emptied: 718470891 bytes ->Java cache emptied: 489032 bytes ->FireFox cache emptied: 101050841 bytes ->Flash cache emptied: 406316 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 356352 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 533257364 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 288414299 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42310724 bytes RecycleBin emptied: 20707205967 bytes Total Files Cleaned = 27,012.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 07202013_144344 Files moved on Reboot... C:\Users\Peter\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully. C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WI413VGC\follow_button.1372833608[1].htm moved successfully. C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WI413VGC\hub[1].htm moved successfully. C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GKHB9ZJ4\facebook_com[1].htm moved successfully. C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. C:\Users\Peter\AppData\Local\Mozilla\Firefox\Profiles\tzsdh8o0.default\startupCache\startupCache.4.little moved successfully. C:\Users\Peter\AppData\Local\Mozilla\Firefox\Profiles\tzsdh8o0.default\Cache\_CACHE_001_ moved successfully. C:\Users\Peter\AppData\Local\Mozilla\Firefox\Profiles\tzsdh8o0.default\Cache\_CACHE_002_ moved successfully. C:\Users\Peter\AppData\Local\Mozilla\Firefox\Profiles\tzsdh8o0.default\Cache\_CACHE_003_ moved successfully. C:\Users\Peter\AppData\Local\Mozilla\Firefox\Profiles\tzsdh8o0.default\Cache\_CACHE_MAP_ moved successfully. C:\Users\Peter\AppData\Local\Mozilla\Firefox\Profiles\tzsdh8o0.default\_CACHE_CLEAN_ moved successfully. Registry entries deleted on Reboot... Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.19.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 Peter :: MAIN [administrator] Protection: Enabled 7/20/2013 3:30:37 PM mbam-log-2013-07-20 (15-30-37).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 222173 Time elapsed: 5 minute(s), 54 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Results of screen317's Security Check version 0.99.70 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 22 Java 6 Update 31 Java version out of Date! Adobe Flash Player 11.7.700.224 Mozilla Firefox (22.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  8. Sorry for the delay, was away from my computer and Internet for several days. C:\$RECYCLE.BIN\S-1-5-21-1726822986-547998923-3148758179-1000\$R0C740E28 a variant of Win32/Kryptik.BETL trojan C:\$RECYCLE.BIN\S-1-5-21-1726822986-547998923-3148758179-1000\$REC903915 a variant of Win32/Kryptik.BETL trojan C:\$RECYCLE.BIN\S-1-5-21-1726822986-547998923-3148758179-1000\$RG459P9.exe a variant of Win32/GetNow.A application C:\$RECYCLE.BIN\S-1-5-21-1726822986-547998923-3148758179-1000\$RUN3WPF.exe a variant of Win32/GetNow.A application C:\FRST\Quarantine\bijkdn.dll Win32/TrojanDownloader.Tracur.V trojan C:\FRST\Quarantine\java.exe a variant of Win32/Kryptik.BFSK trojan C:\FRST\Quarantine\midefender a variant of Win32/Kryptik.BFSK trojan C:\FRST\Quarantine\midefender.exe a variant of Win32/Kryptik.BFSK trojan C:\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe a variant of Win32/SpeedingUpMyPC application C:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe a variant of Win32/Adware.SpeedingUpMyPC.C application C:\TDSSKiller_Quarantine\01.08.2012_16.58.12\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan C:\TDSSKiller_Quarantine\01.08.2012_16.58.12\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan C:\TDSSKiller_Quarantine\01.08.2012_16.58.12\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan C:\TDSSKiller_Quarantine\01.08.2012_16.58.12\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan C:\TDSSKiller_Quarantine\01.08.2012_16.58.12\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NH trojan C:\TDSSKiller_Quarantine\01.08.2012_16.58.12\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan C:\TDSSKiller_Quarantine\01.08.2012_16.58.12\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan C:\TDSSKiller_Quarantine\01.08.2012_16.58.12\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan C:\TDSSKiller_Quarantine\02.08.2012_11.32.58\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan C:\TDSSKiller_Quarantine\02.08.2012_11.32.58\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan C:\TDSSKiller_Quarantine\02.08.2012_11.32.58\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan C:\TDSSKiller_Quarantine\02.08.2012_11.32.58\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan C:\TDSSKiller_Quarantine\02.08.2012_11.32.58\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NH trojan C:\TDSSKiller_Quarantine\02.08.2012_11.32.58\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan C:\TDSSKiller_Quarantine\02.08.2012_11.32.58\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan C:\TDSSKiller_Quarantine\02.08.2012_11.32.58\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan C:\TDSSKiller_Quarantine\02.08.2012_12.24.45\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan C:\TDSSKiller_Quarantine\02.08.2012_12.24.45\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan C:\TDSSKiller_Quarantine\02.08.2012_12.24.45\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan C:\TDSSKiller_Quarantine\02.08.2012_12.24.45\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan C:\TDSSKiller_Quarantine\02.08.2012_12.24.45\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NH trojan C:\TDSSKiller_Quarantine\02.08.2012_12.24.45\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan C:\TDSSKiller_Quarantine\02.08.2012_12.24.45\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan C:\TDSSKiller_Quarantine\02.08.2012_12.24.45\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan C:\Users\Peter\AppData\Local\Temp\abc.cfg Win32/TrojanDownloader.Delf.RRJ trojan C:\Users\Peter\AppData\Local\Temp\air3215.exe multiple threats C:\Users\Peter\AppData\Local\Temp\zjfwwijd\zjfwwijd.dll Win32/TrojanDownloader.Tracur.V trojan C:\Users\Peter\AppData\Local\Temp\ztnuse\ztnuse.dll Win32/TrojanDownloader.Tracur.V trojan C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\7bd7fccb-7525923f Win32/PSW.Papras.CM trojan C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\3e83c098-6ab9fc20 Win32/PSW.Papras.CM trojan C:\Users\Peter\Downloads\cbsidlm-tr1_13-EaseUS_Disk_Copy_Home_Edition-ORG-10867157.exe Win32/DownloadAdmin.G application C:\Users\Peter\Downloads\DTLite4451-0236.exe Win32/OpenCandy application C:\Users\Peter\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application C:\Users\Peter\Downloads\setup (1).exe a variant of Win32/AirAdInstaller.A application C:\Windows.old\Program Files (x86)\InstallBrainService\InstallBrainService.exe a variant of Win32/InstallBrain application C:\Windows.old\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000cf Win32/OpenCandy application C:\Windows.old\Users\Main\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\44d47de1-23e8ed4c a variant of Win32/Kryptik.VTQ trojan C:\Windows.old\Users\Main\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-46647444 Java/TrojanDownloader.OpenStream.NCM trojan C:\Windows.old\Users\Main\AppData\Roaming\E61CEEB9D0CAA7ED9AAA12C1A819FC54\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application C:\Windows.old\Users\Main\AppData\Roaming\XFFF3ppnG5aQ6dK\AV Protection 2011v121.exe a variant of Win32/Kryptik.VTQ trojan C:\Windows.old\Users\Main\Downloads\CrystalDiskInfo4_0_2a-en.exe Win32/OpenCandy application C:\Windows.old\Users\Main\Downloads\GOMPLAYERENSETUP(2).EXE a variant of Win32/Bundled.Toolbar.Ask application C:\Windows.old\Users\Main\Downloads\GOMPLAYERENSETUP.EXE a variant of Win32/Bundled.Toolbar.Ask application C:\Windows.old\Users\Main\Downloads\KeyFinderInstaller.exe Win32/OpenCandy application Wow, that isn't good...
  9. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-07-2013 Ran by Peter at 2013-07-15 15:38:25 Run:1 Running from C:\AlienSwarm Boot Mode: Normal ============================================== HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Security => Value deleted successfully. C:\Users\Peter\AppData\Roaming\midefender.exe => Moved successfully. C:\Users\Peter\AppData\Roaming\midefender => Moved successfully. C:\Users\Peter\Desktop\Internet Security Pro.lnk => Moved successfully. ==== End of Fixlog ==== # AdwCleaner v2.305 - Logfile created 07/15/2013 at 15:43:10 # Updated 11/07/2013 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Peter - MAIN # Boot Mode : Normal # Running from : C:\AlienSwarm\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\extensions\staged ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registry is clean. -\\ Mozilla Firefox v22.0 (en-US) File : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\prefs.js [OK] File is clean. ************************* AdwCleaner[s3].txt - [764 octets] - [15/07/2013 15:43:10] ########## EOF - C:\AdwCleaner[s3].txt - [823 octets] ########## I erased the first two logs beforehand but it came up as 3 anyway This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 11/21/2011 at 13:17:04. Operating System: Windows 7 Professional Processes terminated by Rkill or while it was running: C:\Repair\eXplorer.exe Rkill completed on 11/21/2011 at 13:17:06. Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.15.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 Peter :: MAIN [administrator] Protection: Enabled 7/15/2013 4:08:21 PM mbam-log-2013-07-15 (16-08-21).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 249198 Time elapsed: 2 minute(s), 45 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Just rebooted my computer, doesn't seem to be anything wrong at the moment.
  10. Sorry for the triple posting but I just seem to have problems attaching a file. Addition.txt
  11. FARBAR Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2013 Ran by Peter (administrator) on 15-07-2013 07:37:50 Running from C:\AlienSwarm Windows 7 Professional Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (AMD) C:\Windows\system32\atieclxx.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7883296 2009-06-25] (Realtek Semiconductor) HKLM\...\Run: [skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-06-25] (Realtek Semiconductor Corp.) HKLM\...\Run: [seagate Scheduler2 Service] - "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [395152 2011-06-30] (Seagate) HKLM-x32\...\RunOnce: [1] - C:\AlienSwarm\New Folder\mbam-chameleon.exe /r /p [218184 2012-08-15] () HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess HKCU\...\Run: [steam] - "C:\Program Files (x86)\Steam\steam.exe" -silent [1672616 2013-07-09] (Valve Corporation) HKCU\...\Run: [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd) HKCU\...\Run: [PC Speed Maximizer] - {pf}\\PC Speed Maximizer\\SPMStarter.exe [x] HKCU\...\Run: [sPMTray] - {pf}\\PC Speed Maximizer\\SPMTray.exe [x] HKCU\...\Run: [skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19604072 2013-06-03] (Skype Technologies S.A.) HKCU\...\Run: [HydraVisionDesktopManager] - "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [380928 2009-04-29] (AMD) HKCU\...\Run: [internet Security] - C:\Users\Peter\AppData\Roaming\midefender.exe [845312 2013-07-13] (MindFusion Limited) HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] () HKLM-x32\...\Run: [DiscWizardMonitor.exe] - "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2638152 2011-06-30] (Seagate) HKLM-x32\...\Run: [startCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642304 2013-04-24] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [20992 2012-03-19] () Startup: C:\ProgramData\Start Menu\Programs\Startup\OpenVPN Client.lnk ShortcutTarget: OpenVPN Client.lnk -> C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe () Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9HP HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - %ProgramFiles(x86)%\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - {3A1405E9-6900-4da2-A6FF-859098571985} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD SearchScopes: HKCU - {3A1405E9-6900-4da2-A6FF-859098571985} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chrf-devicevm&type=STDVM BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: WinZip Courier BHO - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~2\WINZIP~1\wzwmcie.dll (WinZip Computing, S.L.) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: BHO Class - {DD92DE22-ED91-4560-B788-DEE2B26612E6} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\IEHelper.dll No File BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default FF NetworkProxy: "backup.ftp", "falkenstein.tunnelr.com" FF NetworkProxy: "backup.ftp_port", 0 FF NetworkProxy: "backup.socks", "falkenstein.tunnelr.com" FF NetworkProxy: "backup.socks_port", 0 FF NetworkProxy: "backup.ssl", "falkenstein.tunnelr.com" FF NetworkProxy: "backup.ssl_port", 0 FF NetworkProxy: "ftp", "falkenstein.tunnelr.com" FF NetworkProxy: "ftp_port", 53 FF NetworkProxy: "http", "falkenstein.tunnelr.com" FF NetworkProxy: "http_port", 53 FF NetworkProxy: "no_proxies_on", "10.0.10.197" FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "falkenstein.tunnelr.com" FF NetworkProxy: "socks_port", 53 FF NetworkProxy: "ssl", "falkenstein.tunnelr.com" FF NetworkProxy: "ssl_port", 53 FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @winzip.com/Winzip Courier - C:\Program Files (x86)\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Peter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF Extension: No Name - C:\Users\Peter\AppData\Roaming\Mozilla\Extensions\net.openvpn.client FF Extension: No Name - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\Extensions\staged FF Extension: EPUBReader - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} FF Extension: ChatZilla - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} FF Extension: DVD: Pluggable Protocol - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\Extensions\{DAC5CBDE-FFFA-ED03-AF43-8CAAE4187244} FF Extension: gmhashtmzn - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\Extensions\gmhashtmzn@gmhashtmzn.org.xpi FF Extension: No Name - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [{74c841e3-b59f-479e-8d7a-e26a942a87c8}] C:\Program Files (x86)\WinZip Courier\FFExt FF Extension: WinZip Courier - C:\Program Files (x86)\WinZip Courier\FFExt ==================== Services (Whitelisted) ================= R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2010-08-12] () R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-04-19] () S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe [68760 2008-09-05] (SiSoftware) ==================== Drivers (Whitelisted) ==================== R3 AN983X64; C:\Windows\System32\DRIVERS\AN983X64.sys [48128 2005-05-19] (Infineon Technologies AG) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-03-09] () R2 DlinkNdPt60; C:\Windows\System32\DRIVERS\DlinkNdPt60.sys [27648 2010-11-23] (D-Link ) S3 DLINKVLANPT; C:\Windows\System32\DRIVERS\DLINKVlan60.sys [24064 2010-11-23] (Windows ® Win 7 DDK provider) R3 DLKRT64; C:\Windows\System32\DRIVERS\DLKRT64.sys [346144 2010-11-23] (D-Link Corp. ) R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows ® Win 7 DDK provider) R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows ® Win 7 DDK provider) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-16] (DT Soft Ltd) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-03-09] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-05-20] (Duplex Secure Ltd.) R3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project) R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-04-28] (Acronis) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x] S3 gdrv; \??\C:\Windows\gdrv.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-15 07:35 - 2013-07-15 07:35 - 00602112 _____ (OldTimer Tools) C:\Users\Peter\Downloads\OTL.exe 2013-07-15 03:28 - 2013-07-15 03:28 - 00000005 _____ C:\Users\Peter\AppData\Roaming\mbam.context.scan 2013-07-15 01:51 - 2013-07-15 01:51 - 13399154 _____ C:\Users\Peter\Downloads\mbar-1.06.0.1004.zip 2013-07-15 01:51 - 2013-07-15 01:51 - 01440846 _____ C:\Users\Peter\Downloads\mbam-chameleon-1.62.1.1000.zip 2013-07-13 19:36 - 2013-07-14 07:27 - 00000000 ____D C:\FRST 2013-07-13 08:40 - 2013-07-13 08:40 - 00845312 _____ (MindFusion Limited) C:\Users\Peter\AppData\Roaming\midefender.exe 2013-07-13 08:40 - 2013-07-13 08:40 - 00845312 _____ (MindFusion Limited) C:\Users\Peter\AppData\Roaming\midefender 2013-07-13 08:40 - 2013-07-13 08:40 - 00000790 _____ C:\Users\Peter\Desktop\Internet Security Pro.lnk 2013-07-13 07:05 - 2013-07-14 07:27 - 00000000 ____D C:\Users\Peter\AppData\Roaming\D3dMainVdm 2013-07-12 03:26 - 2013-07-12 03:26 - 00021198 _____ C:\Users\Peter\Documents\wrestlingclinic.odt 2013-07-11 03:09 - 2013-06-11 19:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-11 03:09 - 2013-06-11 19:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-11 03:09 - 2013-06-11 19:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-11 03:09 - 2013-06-11 19:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-11 03:09 - 2013-06-11 19:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-11 03:09 - 2013-06-11 19:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-11 03:09 - 2013-06-11 19:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-11 03:09 - 2013-06-11 19:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-11 03:09 - 2013-06-11 19:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-11 03:09 - 2013-06-11 19:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-11 03:09 - 2013-06-11 19:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-11 03:09 - 2013-06-11 19:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-11 03:09 - 2013-06-11 19:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-11 03:09 - 2013-06-11 19:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-11 03:09 - 2013-06-11 19:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-11 03:09 - 2013-06-11 18:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-11 03:09 - 2013-06-11 18:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-07-11 03:09 - 2013-06-06 23:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-11 03:09 - 2013-06-06 22:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-11 03:08 - 2013-06-11 19:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-11 03:08 - 2013-06-11 19:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-11 03:08 - 2013-06-11 19:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-11 03:08 - 2013-06-11 19:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-11 03:08 - 2013-06-11 19:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-11 03:08 - 2013-06-11 19:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-11 03:08 - 2013-06-11 19:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-11 03:08 - 2013-06-11 19:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-11 03:08 - 2013-06-11 19:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-11 03:08 - 2013-06-11 19:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-11 03:08 - 2013-06-11 19:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-11 03:08 - 2013-06-11 19:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-10 21:52 - 2013-06-04 23:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-07-10 21:52 - 2013-06-04 02:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-07-10 21:52 - 2013-06-04 00:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-07-10 21:52 - 2013-05-06 02:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-10 21:52 - 2013-05-06 00:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-10 21:52 - 2013-04-09 19:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-07-10 21:52 - 2013-04-02 18:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-07-09 08:58 - 2013-07-09 08:58 - 00000000 ____D C:\Users\Peter\AppData\Local\Rocket Bear Games 2013-07-05 21:06 - 2013-07-05 21:06 - 00000000 ____D C:\Users\Peter\Documents\Hard Reset Extended 2013-07-05 08:18 - 2013-07-05 08:18 - 00000000 __SHD C:\found.001 2013-07-05 01:18 - 2013-07-05 02:01 - 00000000 ____D C:\Users\Peter\Documents\Bully Scholarship Edition 2013-07-03 15:08 - 2013-07-03 15:08 - 01432424 _____ ( ) C:\Users\Peter\Downloads\cpu-z_1.65-setup-en.exe 2013-07-03 15:08 - 2013-07-03 15:08 - 00000869 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk 2013-07-03 15:08 - 2013-07-03 15:08 - 00000000 ____D C:\Program Files\CPUID 2013-07-02 05:11 - 2013-07-02 05:11 - 00145741 _____ C:\Users\Peter\Desktop\CH01-Page002-Panel02.svg 2013-06-30 23:55 - 2013-06-30 23:55 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Rogue Legacy 2013-06-27 20:16 - 2013-06-27 20:16 - 00000000 ____D C:\Users\Peter\AppData\Roaming\.mono 2013-06-27 20:16 - 2013-06-27 20:16 - 00000000 ____D C:\Users\Peter\AppData\Local\UWebKit 2013-06-27 00:38 - 2013-07-03 07:46 - 00011776 ___SH C:\Users\Peter\Thumbs.db 2013-06-24 19:21 - 2013-06-24 19:22 - 00000000 ____D C:\Users\Peter\Documents\Alpha Protocol 2013-06-23 13:18 - 2013-06-23 13:18 - 07890865 _____ C:\Users\Peter\Downloads\ironseed-v1.20.0016-2013-03-17.zip 2013-06-21 20:42 - 2013-06-21 20:43 - 00016629 _____ C:\Users\Peter\Documents\Persuasionancompare.odt 2013-06-21 20:25 - 2013-06-21 20:25 - 00012790 _____ C:\Users\Peter\Documents\Persuasion.odt 2013-06-19 16:25 - 2013-06-19 16:25 - 00092718 _____ C:\Users\Peter\Downloads\Angelina Jolie stunt double sues News Corp over hacking _ Reuters.html 2013-06-19 16:23 - 2013-06-19 16:23 - 00000000 ____D C:\Users\Peter\AppData\Roaming\dvdcss 2013-06-18 13:55 - 2013-04-17 03:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-18 13:55 - 2013-04-17 02:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-06-18 03:12 - 2013-06-18 03:12 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-18 03:12 - 2013-06-18 03:12 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-06-18 03:12 - 2013-06-18 03:12 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2013-06-18 03:12 - 2013-06-18 03:12 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2013-06-18 03:12 - 2013-06-18 03:12 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2013-06-18 03:12 - 2013-06-18 03:12 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-06-18 03:12 - 2013-06-18 03:12 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-06-18 03:12 - 2013-06-18 03:12 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2013-06-18 03:12 - 2013-06-18 03:12 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-06-18 03:12 - 2013-06-18 03:12 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2013-06-18 03:12 - 2013-06-18 03:12 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-06-18 03:12 - 2013-06-18 03:12 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-18 03:12 - 2013-06-18 03:12 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2013-06-18 03:12 - 2013-06-18 03:12 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2013-06-18 03:12 - 2013-06-18 03:12 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-06-18 03:12 - 2013-06-18 03:12 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-06-18 03:12 - 2013-06-18 03:12 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2013-06-18 03:12 - 2013-06-18 03:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-06-18 03:12 - 2013-06-18 03:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2013-06-18 03:12 - 2013-06-18 03:12 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-06-18 03:11 - 2013-06-18 03:11 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-06-18 03:07 - 2013-06-18 03:14 - 00007985 _____ C:\Windows\IE10_main.log ==================== One Month Modified Files and Folders ======= 2013-07-15 07:37 - 2010-08-18 13:05 - 00000000 ____D C:\AlienSwarm 2013-07-15 07:35 - 2013-07-15 07:35 - 00602112 _____ (OldTimer Tools) C:\Users\Peter\Downloads\OTL.exe 2013-07-15 07:33 - 2012-08-01 18:59 - 01777839 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe 2013-07-15 07:32 - 2009-07-14 01:13 - 00793706 _____ C:\Windows\system32\PerfStringBackup.INI 2013-07-15 07:14 - 2009-07-14 00:45 - 00030224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-15 07:14 - 2009-07-14 00:45 - 00030224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-15 07:11 - 2011-12-06 22:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-15 07:10 - 2011-12-06 15:56 - 02089456 _____ C:\Windows\WindowsUpdate.log 2013-07-15 07:07 - 2012-02-17 17:10 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-15 07:07 - 2011-12-06 23:07 - 00000000 ____D C:\Program Files (x86)\Steam 2013-07-15 07:06 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-07-15 07:05 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-15 07:05 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-07-15 07:05 - 2009-07-14 00:51 - 00044325 _____ C:\Windows\setupact.log 2013-07-15 06:52 - 2012-02-17 17:10 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-15 03:28 - 2013-07-15 03:28 - 00000005 _____ C:\Users\Peter\AppData\Roaming\mbam.context.scan 2013-07-15 01:51 - 2013-07-15 01:51 - 13399154 _____ C:\Users\Peter\Downloads\mbar-1.06.0.1004.zip 2013-07-15 01:51 - 2013-07-15 01:51 - 01440846 _____ C:\Users\Peter\Downloads\mbam-chameleon-1.62.1.1000.zip 2013-07-14 07:27 - 2013-07-13 19:36 - 00000000 ____D C:\FRST 2013-07-14 07:27 - 2013-07-13 07:05 - 00000000 ____D C:\Users\Peter\AppData\Roaming\D3dMainVdm 2013-07-14 07:27 - 2011-12-06 17:34 - 00000000 ____D C:\Users\Peter\AppData\Local\ATI 2013-07-14 07:27 - 2011-12-06 16:57 - 00000000 ____D C:\Users\Peter 2013-07-14 07:20 - 2011-12-15 14:27 - 00206260 _____ C:\Windows\PFRO.log 2013-07-13 12:07 - 2012-09-14 21:56 - 00000000 ____D C:\Users\Peter\AppData\Roaming\BitTorrent 2013-07-13 08:40 - 2013-07-13 08:40 - 00845312 _____ (MindFusion Limited) C:\Users\Peter\AppData\Roaming\midefender.exe 2013-07-13 08:40 - 2013-07-13 08:40 - 00845312 _____ (MindFusion Limited) C:\Users\Peter\AppData\Roaming\midefender 2013-07-13 08:40 - 2013-07-13 08:40 - 00000790 _____ C:\Users\Peter\Desktop\Internet Security Pro.lnk 2013-07-13 08:10 - 2012-02-26 19:02 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Skype 2013-07-13 07:19 - 2012-10-19 08:49 - 00000000 ____D C:\Users\Peter\Downloads\New folder 2013-07-13 02:24 - 2013-01-13 02:40 - 00795136 ___SH C:\Users\Peter\Documents\Thumbs.db 2013-07-12 21:30 - 2011-12-06 23:59 - 00000000 ____D C:\Users\Peter\AppData\Roaming\mIRC 2013-07-12 20:47 - 2012-02-17 17:10 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-07-12 20:47 - 2012-02-17 17:10 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-07-12 03:26 - 2013-07-12 03:26 - 00021198 _____ C:\Users\Peter\Documents\wrestlingclinic.odt 2013-07-11 03:36 - 2009-07-14 00:45 - 00297104 _____ C:\Windows\system32\FNTCACHE.DAT 2013-07-11 03:35 - 2012-05-14 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-11 03:35 - 2012-05-14 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-07-11 03:33 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-11 03:10 - 2011-12-15 14:55 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-07-09 08:58 - 2013-07-09 08:58 - 00000000 ____D C:\Users\Peter\AppData\Local\Rocket Bear Games 2013-07-08 05:24 - 2013-03-19 01:12 - 00000000 ____D C:\Users\Peter\AppData\Local\{D5A81F0F-0D5B-46C1-B5D3-46D9957B044D} 2013-07-05 22:29 - 2012-06-19 02:38 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2013-07-05 22:29 - 2011-12-18 17:47 - 00000000 ____D C:\Users\Peter\Documents\My Games 2013-07-05 21:06 - 2013-07-05 21:06 - 00000000 ____D C:\Users\Peter\Documents\Hard Reset Extended 2013-07-05 08:18 - 2013-07-05 08:18 - 00000000 __SHD C:\found.001 2013-07-05 02:55 - 2012-04-25 20:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-07-05 02:01 - 2013-07-05 01:18 - 00000000 ____D C:\Users\Peter\Documents\Bully Scholarship Edition 2013-07-05 01:17 - 2011-12-07 13:29 - 00859756 _____ C:\Windows\DirectX.log 2013-07-03 15:15 - 2012-10-15 13:43 - 11624448 _____ C:\Users\Peter\AppData\Roaming\Sandra.mdb 2013-07-03 15:08 - 2013-07-03 15:08 - 01432424 _____ ( ) C:\Users\Peter\Downloads\cpu-z_1.65-setup-en.exe 2013-07-03 15:08 - 2013-07-03 15:08 - 00000869 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk 2013-07-03 15:08 - 2013-07-03 15:08 - 00000000 ____D C:\Program Files\CPUID 2013-07-03 07:46 - 2013-06-27 00:38 - 00011776 ___SH C:\Users\Peter\Thumbs.db 2013-07-02 20:30 - 2013-04-12 00:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-07-02 05:11 - 2013-07-02 05:11 - 00145741 _____ C:\Users\Peter\Desktop\CH01-Page002-Panel02.svg 2013-06-30 23:55 - 2013-06-30 23:55 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Rogue Legacy 2013-06-30 23:55 - 2012-06-25 20:59 - 00000000 ____D C:\Users\Peter\Documents\SavedGames 2013-06-27 20:16 - 2013-06-27 20:16 - 00000000 ____D C:\Users\Peter\AppData\Roaming\.mono 2013-06-27 20:16 - 2013-06-27 20:16 - 00000000 ____D C:\Users\Peter\AppData\Local\UWebKit 2013-06-27 13:48 - 2012-08-25 21:50 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-27 13:48 - 2011-12-07 00:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-27 10:50 - 2013-03-17 00:30 - 00000000 ____D C:\Users\Peter\Downloads\City of Heroes 2013-06-24 19:22 - 2013-06-24 19:21 - 00000000 ____D C:\Users\Peter\Documents\Alpha Protocol 2013-06-23 13:18 - 2013-06-23 13:18 - 07890865 _____ C:\Users\Peter\Downloads\ironseed-v1.20.0016-2013-03-17.zip 2013-06-21 20:43 - 2013-06-21 20:42 - 00016629 _____ C:\Users\Peter\Documents\Persuasionancompare.odt 2013-06-21 20:25 - 2013-06-21 20:25 - 00012790 _____ C:\Users\Peter\Documents\Persuasion.odt 2013-06-19 16:25 - 2013-06-19 16:25 - 00092718 _____ C:\Users\Peter\Downloads\Angelina Jolie stunt double sues News Corp over hacking _ Reuters.html 2013-06-19 16:23 - 2013-06-19 16:23 - 00000000 ____D C:\Users\Peter\AppData\Roaming\dvdcss 2013-06-19 03:56 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache 2013-06-18 08:09 - 2011-12-06 16:57 - 00001413 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-06-18 07:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK 2013-06-18 07:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR 2013-06-18 07:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\zh-HK 2013-06-18 07:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\tr-TR 2013-06-18 07:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-06-18 03:14 - 2013-06-18 03:07 - 00007985 _____ C:\Windows\IE10_main.log 2013-06-18 03:12 - 2013-06-18 03:12 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-06-18 03:12 - 2013-06-18 03:12 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-18 03:12 - 2013-06-18 03:12 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-06-18 03:12 - 2013-06-18 03:12 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2013-06-18 03:12 - 2013-06-18 03:12 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2013-06-18 03:12 - 2013-06-18 03:12 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2013-06-18 03:12 - 2013-06-18 03:12 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-06-18 03:12 - 2013-06-18 03:12 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-06-18 03:12 - 2013-06-18 03:12 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2013-06-18 03:12 - 2013-06-18 03:12 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-06-18 03:12 - 2013-06-18 03:12 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2013-06-18 03:12 - 2013-06-18 03:12 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-06-18 03:12 - 2013-06-18 03:12 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-18 03:12 - 2013-06-18 03:12 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2013-06-18 03:12 - 2013-06-18 03:12 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2013-06-18 03:12 - 2013-06-18 03:12 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-06-18 03:12 - 2013-06-18 03:12 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-06-18 03:12 - 2013-06-18 03:12 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-06-18 03:12 - 2013-06-18 03:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2013-06-18 03:12 - 2013-06-18 03:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-06-18 03:12 - 2013-06-18 03:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2013-06-18 03:12 - 2013-06-18 03:12 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-06-18 03:11 - 2013-06-18 03:11 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-06-18 03:11 - 2013-06-18 03:11 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-06-18 03:06 - 2012-06-25 20:58 - 00787430 _____ C:\Windows\SysWOW64\PerfStringBackup.INI ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-03 00:28 ==================== End Of Log ============================ OTL and Extra OTL Extras logfile created on: 7/15/2013 7:44:09 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\AlienSwarm 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 4.72 Gb Available Physical Memory | 59.01% Memory free 19.99 Gb Paging File | 16.40 Gb Available in Paging File | 82.07% Paging File free Paging file location(s): c:\pagefile.sys 12280 12280 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1863.02 Gb Total Space | 1072.09 Gb Free Space | 57.55% Space Free | Partition Type: NTFS Drive D: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 7.02 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Drive F: | 959.50 Mb Total Space | 956.73 Mb Free Space | 99.71% Space Free | Partition Type: FAT Computer Name: MAIN | User Name: Peter | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-1726822986-547998923-3148758179-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java 7 Update 4 (64-bit) "{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{65312278-952C-D46E-8297-4CAB93F5B2DF}" = AMD Media Foundation Decoders "{6809A67A-D099-48EA-9126-8567130CF377}" = AMD Accelerated Video Transcoding "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B69A7CBA-9139-7ACB-7564-4CD5D8C36E26}" = AMD Drag and Drop Transcoding "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BE93349C-0BD1-7063-DA1A-D26E0E41477B}" = ccc-utility64 "{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2012.SP5c "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CPUID CPU-Z_is1" = CPUID CPU-Z 1.65.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR 4.20 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{072A5217-8165-4AB7-8366-36CB3245DB60}" = OpenVPN Client "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1C72CC1B-C0F6-F698-0E23-0D705A86E224}" = CCC Help Finnish "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{36637D5B-1305-1ED8-EEC3-4C76A6655FCF}" = CCC Help Norwegian "{37542828-0F05-4BAA-BEB7-B633F27D3E7B}" = SlimDX SDK (September 2011) "{3795E3F4-CA46-EA65-4FD2-D861A2A12ECD}" = CCC Help Swedish "{3997DF5C-EF46-B135-D73B-C8BFE797105A}" = CCC Help Turkish "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer "{3C76DB65-E66A-DE04-4CE3-5DA42ED98685}" = CCC Help Chinese Standard "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service "{3DA3BCBA-191C-47FB-9710-2B2DD9A5C257}" = DGE-530T Ethernet Controller All-In-One Windows Driver "{3DC9D062-2C3E-7C31-504C-BF2751617224}" = CCC Help Portuguese "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3 "{3F5AED19-3C1C-6ED5-EAF0-CBE15BB3B8F1}" = Catalyst Control Center Localization All "{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5 "{4343080E-448E-4E2C-B27F-B91000028201}" = Dead Rising 2 "{4541091F-1F3D-4BA3-A5A3-F71000000100}" = Age of Empires III: Complete Collection "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{495EB8CB-A455-8033-EF42-65AEFFF4ED97}" = CCC Help Chinese Traditional "{4A22F96C-993D-3489-2CB1-37C61F29135C}" = CCC Help Korean "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5 "{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3 "{5612D4CE-C024-80F5-9F59-546B95F884B2}" = CCC Help Polish "{5662A630-98E4-2FDC-CE6A-73D21240DC52}" = CCC Help Hungarian "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility "{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade "{60982A88-95DF-E0B8-18C7-E7297C200623}" = Catalyst Control Center "{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX "{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68CE86BC-8CA1-4B4D-A1AC-50C95F8BBC8A}" = Dawn of Discovery - Gold Edition "{6A09EC92-016B-4032-8CF1-6840B20C254A}" = Dawn of Discovery - Gold Edition "{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73E1C443-5420-442D-B314-649AE103D08B}" = CCC Help Thai "{77864743-57AB-A566-67D6-12EF64165209}" = CCC Help German "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{79B1FF35-9EA8-48ED-98D6-19ABE004BE89}" = DefianceRuntimes "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84F49E05-683A-5544-263D-08E4814F196B}" = CCC Help Greek "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 "{8FB2A014-A0B0-42D8-8E18-9AFC6A6E2814}" = Seagate DiscWizard "{90579CE9-8FB6-88A3-09ED-68F30E763BBC}" = CCC Help Japanese "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9927F5EF-AAB0-E471-1DBF-3940E9477D23}" = CCC Help Spanish "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AB7A4789-7A60-8D6C-96F4-4D21702EC7BD}" = CCC Help Czech "{ABD4AF09-45DC-F830-0DF0-378C354ED351}" = CCC Help English "{AEB730BE-17B3-2FA0-9D64-78CD3939C60A}" = CCC Help Dutch "{B0FC3035-362A-4554-A1C9-ACF9F9514274}" = Diagnostics "{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3 "{B961AE86-6165-0571-CEA6-8C7B88BE31EE}" = HydraVision "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C715FF52-CBA8-780F-EFD8-5DF5525DBF74}" = Catalyst Control Center Graphics Previews Common "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD95F661-A5C4-11AF-B2CC-ABCD21A325B8}" = WinZip Courier "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF6C9984-8F22-00D5-BA0A-F1330035A80E}" = CCC Help Russian "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6477FB5-3F2F-A7C9-38F7-2FD0E79722B5}" = CCC Help Italian "{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh "{D7768225-15B9-F34E-82BD-883CEBE30132}" = CCC Help French "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8511A0F-D91D-4E3D-A59C-3CA8FB8EAFE8}" = MechWarrior Online "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE5683A6-BA08-6417-4F85-96F787B1614E}" = CCC Help Danish "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AIM_7" = AIM 7 "Android SDK Tools" = Android SDK Tools "Belarc Advisor" = Belarc Advisor 8.3 "Black Market_is1" = Black Market version 1.0 "DAEMON Tools Lite" = DAEMON Tools Lite "Darkstar One_is1" = Darkstar One "DFO" = DFOLauncher "DokanLibrary" = Dokan Library 0.6.0 "EaseUS Data Recovery Wizard 5.8.5_is1" = EaseUS Data Recovery Wizard 5.8.5 "GameFly" = GameFly "GFWL_{4541091F-1F3D-4BA3-A5A3-F71000000100}" = Age of Empires III: Complete Collection "http://pso2.jp/appid/charactercreator_is1" = PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版 "Independence War Deluxe_is1" = Independence War Deluxe "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "On the Rain-Slick Precipice of Darkness, Episode Two" = On the Rain-Slick Precipice of Darkness, Episode Two "OpenAL" = OpenAL "Origin" = Origin "PC Speed Maximizer_is1" = PC Speed Maximizer v3.0 "Pidgin" = Pidgin "PunkBusterSvc" = PunkBuster Services "Rockstar Games Social Club" = Rockstar Games Social Club "RPG Maker 2000 ShaqFu" = RPG Maker 2000 - Shaq Fu...The Chosen "RTP 1.32 Add-On for RM2k" = RTP 1.32 Add-On for RM2k "RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts) "SecondLifeViewer" = SecondLifeViewer (remove only) "Star Trek Online" = Star Trek Online "Starsector" = Starsector by Fractal Softworks LLC "Steam App 107100" = Bastion "Steam App 108210" = Memoir '44 Online "Steam App 113020" = Monaco "Steam App 113400" = APB Reloaded "Steam App 12200" = Bully: Scholarship Edition "Steam App 12330" = DarkStar One "Steam App 1250" = Killing Floor "Steam App 13510" = Tom Clancy's Ghost Recon: Advanced Warfighter 2 "Steam App 18000" = On the Rain-Slick Precipice of Darkness, Episode One "Steam App 18020" = On the Rain-Slick Precipice of Darkness, Episode Two "Steam App 18500" = Defense Grid: The Awakening "Steam App 200390" = Oil Rush "Steam App 200410" = SOL: Exodus "Steam App 200670" = Disciples III: Resurrection "Steam App 200710" = Torchlight II "Steam App 200960" = Geneforge 1 "Steam App 201280" = Deus Ex: Human Revolution - The Missing Link "Steam App 201790" = Orcs Must Die! 2 "Steam App 202170" = Sleeping Dogs™ "Steam App 203510" = Fortune Summoners: Secret of the Elemental Stone "Steam App 203770" = Crusader Kings II "Steam App 204100" = Max Payne 3 "Steam App 204450" = Call of Juarez Gunslinger "Steam App 204530" = Infested Planet "Steam App 204630" = Retro City Rampage "Steam App 205530" = Gratuitous Tank Battles "Steam App 206190" = Gunpoint "Steam App 206500" = AirMech "Steam App 207150" = Stellar Impact "Steam App 207170" = Legend of Grimrock "Steam App 207320" = Ys: The Oath in Felghana "Steam App 207350" = Ys Origin "Steam App 208520" = Omerta - City of Gangsters "Steam App 209080" = Guns of Icarus Online "Steam App 210770" = Sanctum 2 "Steam App 211420" = Dark Souls: Prepare to Die Edition "Steam App 212010" = Galaxy on Fire 2™ Full HD "Steam App 212070" = Star Conflict "Steam App 212680" = FTL: Faster Than Light "Steam App 213030" = Penny Arcade's On the Rain-Slick Precipice of Darkness 3 "Steam App 215510" = Rocketbirds: Hardboiled Chicken "Steam App 218020" = Nethergate: Resurrection "Steam App 220820" = Zombie Driver HD "Steam App 222980" = Dead Pixels "Steam App 223430" = Miner Wars 2081 "Steam App 223710" = Cry of Fear "Steam App 223810" = Ys I "Steam App 223870" = Ys II "Steam App 224600" = Defiance "Steam App 22610" = Alien Breed: Impact "Steam App 226320" = Marvel Heroes "Steam App 22650" = Alien Breed 2: Assault "Steam App 22670" = Alien Breed 3: Descent "Steam App 226740" = Monster Loves You! "Steam App 227220" = Sang-Froid - Tales of Werewolves "Steam App 227580" = 10,000,000 "Steam App 2280" = The Ultimate DOOM "Steam App 228200" = Company of Heroes (New Steam Version) "Steam App 230410" = Warframe "Steam App 231430" = Company of Heroes 2 – OPEN BETA "Steam App 233270" = Far Cry® 3 Blood Dragon "Steam App 233390" = Cart Life "Steam App 233740" = Organ Trail: Director's Cut "Steam App 233860" = Kenshi "Steam App 233980" = Unepic "Steam App 234190" = Receiver "Steam App 234310" = March of War "Steam App 234710" = Poker Night 2 "Steam App 236370" = Interstellar Marines "Steam App 236730" = Anomaly 2 "Steam App 237430" = Expeditions: Conquistador "Steam App 237570" = Penny Arcade's On the Rain-Slick Precipice of Darkness 4 "Steam App 238210" = System Shock 2 "Steam App 241600" = Rogue Legacy "Steam App 24200" = DC Universe Online "Steam App 24240" = PAYDAY: The Heist "Steam App 27810" = GridRunner Revolution "Steam App 28050" = Deus Ex: Human Revolution "Steam App 31280" = Poker Night at the Inventory "Steam App 33670" = Disciples III: Renaissance "Steam App 34010" = Alpha Protocol "Steam App 34330" = Total War: SHOGUN 2 "Steam App 3470" = Bookworm Adventures Deluxe "Steam App 3590" = Plants vs. Zombies: Game of the Year "Steam App 3630" = BookWorm Adventures Volume 2 "Steam App 3920" = Sid Meier's Pirates! "Steam App 40400" = AI War: Fleet Command "Steam App 42910" = Magicka "Steam App 440" = Team Fortress 2 "Steam App 46260" = Star Wolves 3: Civil War "Steam App 48190" = Assassin's Creed Brotherhood "Steam App 48240" = Anno 2070 "Steam App 4920" = Natural Selection 2 "Steam App 49520" = Borderlands 2 "Steam App 50300" = Spec Ops: The Line "Steam App 55230" = Saints Row: The Third "Steam App 61310" = Fractal "Steam App 61500" = Age of Wonders "Steam App 61510" = Age of Wonders 2 "Steam App 61520" = Age of Wonders: Shadow Magic "Steam App 61530" = Age of Wonders: Trilogy Soundtrack "Steam App 620" = Portal 2 "Steam App 6200" = Ghost Master "Steam App 63380" = Sniper Elite V2 "Steam App 6420" = Nexus: The Jupiter Incident "Steam App 65800" = Dungeon Defenders "Steam App 70120" = Hacker Evolution Duality "Steam App 70420" = Chantelise "Steam App 8930" = Sid Meier's Civilization V "Steam App 91310" = Dead Island "Steam App 9200" = RAGE "Steam App 9480" = Saints Row 2 "Steam App 98400" = Hard Reset "Steam App 98800" = Dungeons of Dredmor "Steam App 99300" = Renegade Ops "Stellar Impact" = Stellar Impact "SumatraPDF" = SumatraPDF "TechPowerUp GPU-Z" = TechPowerUp GPU-Z "Uplay" = Uplay "VLC media player" = VLC media player 1.1.11 "WinLiveSuite" = Windows Live Essentials "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1726822986-547998923-3148758179-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{74d11f91-05cc-44f6-8e49-94fe7f33c79b}" = MechWarrior Online "InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist "NAM Hotfix Package" = NAM Hotfix Package 301 (13 April 2012) "Network Addon Mod" = Network Addon Mod Version 30 with Essentials r132 "SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 Beta" = gamelauncher-code4344-beta "UnityWebPlayer" = Unity Web Player "Wurm Online 3.1.4" = Wurm Online 3.1.4 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 7/12/2013 12:17:09 PM | Computer Name = Amy-PC | Source = Application Hang | ID = 1002 Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: a08 Start Time: 01ce7e141200ba4d Termination Time: 0 Application Path: C:\Windows\Explorer.EXE Report Id: 78bb0697-eb0e-11e2-babb-1c7ee523f3ba Error - 7/12/2013 1:11:31 PM | Computer Name = Amy-PC | Source = Application Hang | ID = 1002 Description = The program IEXPLORE.EXE version 10.0.9200.16635 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1f10 Start Time: 01ce7edec862c61b Termination Time: 72 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: Error - 7/12/2013 11:36:36 PM | Computer Name = Amy-PC | Source = Application Error | ID = 1000 Description = Faulting application name: Skype.exe, version: 6.5.73.158, time stamp: 0x51acb7bc Faulting module name: Skype.exe, version: 6.5.73.158, time stamp: 0x51acb7bc Exception code: 0x40000015 Fault offset: 0x00c5121e Faulting process id: 0x9cc Faulting application start time: 0x01ce7e1412fd0c2a Faulting application path: C:\Program Files (x86)\Skype\Phone\Skype.exe Faulting module path: C:\Program Files (x86)\Skype\Phone\Skype.exe Report Id: 6b33264c-eb6d-11e2-babb-1c7ee523f3ba Error - 7/12/2013 11:45:18 PM | Computer Name = Amy-PC | Source = Application Hang | ID = 1002 Description = The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 4828 Start Time: 01ce7f1b4233c016 Termination Time: 123 Application Path: C:\Windows\explorer.exe Report Id: 9db16e7c-eb6e-11e2-babb-1c7ee523f3ba Error - 7/13/2013 1:20:43 AM | Computer Name = Amy-PC | Source = Application Error | ID = 1000 Description = Faulting application name: plugin-container.exe, version: 22.0.0.4917, time stamp: 0x51c06ab5 Faulting module name: mozalloc.dll, version: 22.0.0.4917, time stamp: 0x51c05025 Exception code: 0x80000003 Fault offset: 0x00001988 Faulting process id: 0x1570 Faulting application start time: 0x01ce7ee04d247516 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll Report Id: f68b76bc-eb7b-11e2-babb-1c7ee523f3ba Error - 7/13/2013 5:08:54 AM | Computer Name = Amy-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 7/13/2013 6:59:02 AM | Computer Name = Amy-PC | Source = Application Error | ID = 1000 Description = Faulting application name: kdbsync.exe, version: 0.0.0.0, time stamp: 0x4f67a718 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x814 Faulting application start time: 0x01ce7fb7f34a35bc Faulting application path: C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe Faulting module path: unknown Report Id: 39fabd64-ebab-11e2-91b9-1c7ee523f3ba Error - 7/13/2013 9:19:45 AM | Computer Name = Amy-PC | Source = Application Error | ID = 1000 Description = Faulting application name: kdbsync.exe, version: 0.0.0.0, time stamp: 0x4f67a718 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xce0 Faulting application start time: 0x01ce7fcb9dd5a040 Faulting application path: C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe Faulting module path: unknown Report Id: e2393a19-ebbe-11e2-aa9c-1c7ee523f3ba Error - 7/13/2013 12:21:48 PM | Computer Name = MAIN | Source = Application Error | ID = 1000 Description = Faulting application name: kdbsync.exe, version: 0.0.0.0, time stamp: 0x4f67a718 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x984 Faulting application start time: 0x01ce7fe5102e641d Faulting application path: C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe Faulting module path: unknown Report Id: 50da353c-ebd8-11e2-821a-1c7ee523f3ba Error - 7/15/2013 2:32:08 AM | Computer Name = MAIN | Source = System Restore | ID = 8193 Description = [ System Events ] Error - 11/21/2012 5:20:18 AM | Computer Name = Peter-PC | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\DR0, has a bad block. Error - 11/21/2012 5:25:57 AM | Computer Name = Peter-PC | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\DR0, has a bad block. Error - 11/21/2012 5:25:59 AM | Computer Name = Peter-PC | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\DR0, has a bad block. Error - 11/21/2012 2:50:22 PM | Computer Name = Peter-PC | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\DR0, has a bad block. Error - 11/21/2012 2:50:25 PM | Computer Name = Peter-PC | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\DR0, has a bad block. Error - 11/21/2012 2:59:58 PM | Computer Name = Peter-PC | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\DR0, has a bad block. Error - 11/21/2012 3:00:00 PM | Computer Name = Peter-PC | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\DR0, has a bad block. Error - 11/22/2012 11:02:41 AM | Computer Name = Peter-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 6:11:15 AM on ?11/?22/?2012 was unexpected. Error - 11/23/2012 7:01:23 AM | Computer Name = Peter-PC | Source = volsnap | ID = 393252 Description = The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error - 11/23/2012 1:54:38 PM | Computer Name = Peter-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 9:42:26 AM on ?11/?23/?2012 was unexpected. < End of report >
  12. I overwrote the first run by mistake when saving it on my USB stick. Should I start the process over again?
  13. Putting the two logs in order here. FIXLOG Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-07-2013 01 Ran by Peter at 2013-07-14 07:36:17 Run:2 Running from C:\AlienSwarm Boot Mode: Safe Mode (minimal) ============================================== HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\{81A10E78-06BC-41A3-A54E-55A89F467622} => Value not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ATI => Value not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\D3dMainVdm => Value not found. HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key not found. "C:\Users\Peter\AppData\Local\{D5A81F0F-0D5B-46C1-B5D3-46D9957B044D}\{81A10E78-06BC-41A3-A54E-55A89F467622}\bijkdn.dll" => File/Directory not found. "C:\Users\Peter\AppData\Local\ATI\airaivnb.dll" => File/Directory not found. "C:\Users\Peter\AppData\Roaming\D3dMainVdm\D3dMainVdm.dll" => File/Directory not found. "C:\$Recycle.Bin\S-1-5-21-1726822986-547998923-3148758179-1000\$e0b61d80456309018e2f1a6e90bde171" => File/Directory not found. "C:\$Recycle.Bin\S-1-5-18\$e0b61d80456309018e2f1a6e90bde171" => File/Directory not found. "C:\Users\Peter\java.exe" => File/Directory not found. "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started. "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed. ==== End of Fixlog ==== ADwCleaner # AdwCleaner v2.305 - Logfile created 07/14/2013 at 07:37:13 # Updated 11/07/2013 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Peter - MAIN # Boot Mode : Safe mode # Running from : C:\AlienSwarm\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registry is clean. -\\ Mozilla Firefox v22.0 (en-US) File : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\prefs.js [OK] File is clean. ************************* AdwCleaner[s1].txt - [7619 octets] - [14/07/2013 07:28:47] AdwCleaner[s2].txt - [718 octets] - [14/07/2013 07:37:13] ########## EOF - C:\AdwCleaner[s2].txt - [777 octets] ########## I ran it twice because the first time when I ran AdwCleaners, I started windows 7 in regular mode by mistake so I repeated the instructions from the top. MBAM Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.12.05 Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking) Internet Explorer 10.0.9200.16635 Peter :: MAIN [administrator] Protection: Disabled 7/14/2013 8:23:06 AM mbam-log-2013-07-14 (08-23-06).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 1160771 Time elapsed: 3 hour(s), 25 minute(s), 28 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  14. Just noticed I forgot the attachment. Here is the second part Addition.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.