Jump to content

christo123

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Ok, I deleted everything, though Securitycheck.exe still seems to be there. I had trouble trying to delete Combofix as well but I think OTC got it.
  2. But my problem still exists. I still every few minutes get a "Internet Explorer Has stopped working" window and it freezes and reopens all tabs/windows. My toolbar is still flawed and all these problems 1st arose when those 3 things mysteriously got quarantined. And what about that 3rd quarantined item?
  3. MBAM log: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.30.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 cdav1313 :: CDAV1313-PC [administrator] 9/30/2012 4:54:47 PM mbam-log-2012-09-30 (16-54-47).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 209022 Time elapsed: 4 minute(s), 11 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  4. Extras.Txt: OTL Extras logfile created on: 9/30/2012 4:24:42 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\cdav1313\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.49 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 74.71% Memory free 6.98 Gb Paging File | 5.65 Gb Available in Paging File | 80.95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 446.13 Gb Total Space | 401.73 Gb Free Space | 90.05% Space Free | Partition Type: NTFS Drive E: | 2794.51 Gb Total Space | 1996.51 Gb Free Space | 71.44% Space Free | Partition Type: NTFS Drive H: | 465.75 Gb Total Space | 18.00 Gb Free Space | 3.86% Space Free | Partition Type: NTFS Computer Name: CDAV1313-PC | User Name: cdav1313 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07020884-B671-4473-A33B-91BA3614C1AD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{07217471-5D8D-43F8-A3EC-9BC9301638E7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{08488F82-FD03-40F7-A150-5935F2B4BA0D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0AD4294E-60F3-4F96-BA43-EA6E64A90E1C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{1E95EF4D-F94E-4390-8702-6A53A5A62949}" = lport=139 | protocol=6 | dir=in | app=system | "{278DEDD5-1715-40B0-9A5C-758077363131}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{2C8637F0-C819-4D67-B873-5D4F2C949F14}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2EA2A314-F20B-4113-A768-0282D8DD83D2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{3CA31E3B-BAA6-4E30-8551-4CB01353F072}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{41671224-B3C9-422E-ABA6-634CD6A4AF39}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{52CDBEE3-24D9-45D3-8930-41306352557C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5480016D-2F0F-4CAD-BC79-5699D6CE89A9}" = lport=138 | protocol=17 | dir=in | app=system | "{80846B12-FE46-46E9-A164-35D438A202D1}" = rport=445 | protocol=6 | dir=out | app=system | "{8CC337B7-990E-473F-8A7A-A98DBF167803}" = lport=445 | protocol=6 | dir=in | app=system | "{95377C9C-4B6A-4306-8902-FBA1B35DCFC1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9E3623D3-79A7-419C-BC0D-05D4C765BDC3}" = lport=137 | protocol=17 | dir=in | app=system | "{A95F2309-9101-4651-902E-41509D8B9453}" = lport=10243 | protocol=6 | dir=in | app=system | "{AB6D1B80-FED1-41F6-B8BF-9D71A533B26E}" = rport=138 | protocol=17 | dir=out | app=system | "{B7F92451-40F6-4C81-B110-F385A06D2390}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CFB77827-D86C-461B-98B7-CF21948B6E17}" = rport=139 | protocol=6 | dir=out | app=system | "{D576A9F3-4042-4568-910C-55D3CCE36BFA}" = rport=137 | protocol=17 | dir=out | app=system | "{EB252BE3-BA05-44B2-9A24-E5BA2042F417}" = rport=10243 | protocol=6 | dir=out | app=system | "{F244E626-4E0B-4143-971E-6707981E1DDD}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{087D6CB1-4AE1-4BAE-8F62-5114158EE089}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0D68B088-BA46-41C0-B678-E3328200F10E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{1255CA61-1FFD-404D-95DB-EACE5A63CA10}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{16B1ADB4-CA97-4700-AA4B-DABB2819A916}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{20361E3A-4B2E-417E-899C-2109A6964566}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{20B63166-0FFB-45D9-A9BF-A29E65546663}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{2277AE47-1F35-46B1-835A-EBD763EEE813}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2F58959A-435C-4862-9070-807CD6B406B1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{34E17318-4A16-47F8-8FE2-F34E5EFF9D02}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{34FBCDA5-C81B-44CC-ABD3-F32C55B9B51F}" = protocol=58 | dir=in | app=system | "{37C1F83D-3D4F-4021-93AF-E804F9D4BC99}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{43828434-2BCD-43B8-BF74-8DE111C52AAF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{52D4379C-9690-478D-8E65-EE17CF1761C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5B3FFC57-8A8F-44B5-A2C6-F75821E18281}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{605F047D-5F78-4820-B21D-4B1358EB611A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{6254B8F5-40FA-432C-AD77-0B2B12F77C0F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6FBF3A3C-AE47-4DD8-97E0-5030AA4E1AC9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{7A8EEF22-1190-4A13-AA62-E2C6D726153B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{9173EC5D-35B4-488E-B16B-E94CD595D884}" = protocol=6 | dir=out | app=system | "{97915310-643E-43EE-B22B-186F7CC96E88}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{A8318632-0FD9-4005-9790-F4D2540FDF7D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{AAAB592E-C16A-41B7-B7B2-44E0F44817EC}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{AC1A196C-ABD2-47B7-975E-68FE73B8302D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AE183F56-B051-40F6-952B-A039A6353A51}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{BB699A11-A85F-4506-9014-09BF507FF79A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C89A80D4-9547-4305-AC03-090B56A1D57E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CB4CC0F5-1260-4A4D-8BE8-A296335625A2}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{D270E208-5F57-4421-BECA-9DE3D319C855}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D7A0D108-9495-45B3-9C0F-4E295C7A37A4}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{F29739D5-7050-410C-A171-1A17272FCAE7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{F39F8AF2-9B86-4BA6-9882-C825AE11A044}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FE36A0A1-4268-4172-86CF-432B0CD83DCF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{36DECD8B-3527-185E-02B2-707A4E49F167}" = McAfee Online Backup "{40D63515-FF59-9430-BFF0-BF2D26A6AB76}" = ATI AVIVO64 Codecs "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4EEAE843-530C-05DA-DE42-ED6DF19B2F7B}" = AMD Media Foundation Decoders "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A63555F3-DDAE-D6B9-4021-096C29A38EE6}" = AMD Drag and Drop Transcoding "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{AE618CAE-B14A-9877-D2E2-5A4556A1B508}" = ccc-utility64 "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F7F1A2DA-481A-1B41-8959-4B224C6B20B6}" = ATI Catalyst Install Manager "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup "{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}" = Evernote v. 4.5.1 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2E8F3D27-6BB1-61F6-63B5-353C196A1A89}" = CCC Help Czech "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3C564B1C-9A46-1CBA-7E91-0E31562E99E8}" = CCC Help Italian "{3D7CA1C7-8E89-2D63-FAE8-29B308EE5E0A}" = CCC Help Portuguese "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{40C33F45-E45B-F8C5-E8B5-0AB19B254683}" = AMD VISION Engine Control Center "{42921D90-1419-50A1-9178-2AB5FDA7A6ED}" = CCC Help Korean "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{59548157-0904-C399-B97F-177DA6FA9625}" = CCC Help Hungarian "{61E4B8A6-8EAB-BE0A-0259-8C86CD118C4E}" = CCC Help Japanese "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A837420-0195-4921-5590-C911A30EF872}" = CCC Help Finnish "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-emachines" = WildTangent Games App (eMachines Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8D2D742A-59DE-DCFD-6177-50564A4538DB}" = Catalyst Control Center InstallProxy "{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}" = Fooz Kids Platform "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{983A660B-E298-0421-19B5-45897FC8B6E9}" = CCC Help Dutch "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE36BA3-1FA4-0D64-44D2-C787C4CEDE85}" = CCC Help Greek "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A45EA225-8303-611C-D0FA-A1794E938CA5}" = CCC Help English "{A4E908E5-EE02-843C-9D01-9EA69410B3AB}" = Fooz Kids "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A88E1685-1986-4A86-8E88-5FE1E727D026}" = RealDownloader "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI "{ACD9C758-45E9-48F9-89B1-14761D288014}" = CCC Help Russian "{B03954CC-E130-4E57-BC83-869978685902}" = LG United Mobile Drivers "{B659C147-F295-8B3E-33B6-A95E319B428A}" = CCC Help Chinese Traditional "{BAB9E22B-A2C8-5738-BB10-4881A1AA45EC}" = CCC Help Spanish "{BE816F03-DFA8-01E2-FE19-99A9DCD8A460}" = CCC Help Swedish "{C1325A6D-E585-3B9E-6262-AE805FF54948}" = Catalyst Control Center Localization All "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C7888DE5-689C-C8D1-3CF5-70180272083F}" = CCC Help German "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CB4A1B25-37AF-4050-AFD9-837FBADF7CD7}" = Catalyst Control Center - Branding "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DF19A8EB-9429-1844-16F7-91A649588C99}" = CCC Help Turkish "{DFA1C724-02CB-24C3-4283-9C63100C5234}" = CCC Help Chinese Standard "{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E24D1CB0-0ECB-0839-778F-C4237F105D68}" = CCC Help Norwegian "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater "{EF35E6F2-848E-A56A-1080-25861DA79D49}" = CCC Help Danish "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F5B26951-AE15-F68E-89B0-CE89C7B2F9EA}" = CCC Help Thai "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{FB66215D-0761-EDC1-1446-E1E5286F5A33}" = CCC Help French "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE14010A-0AFF-88E8-B273-B878D8558195}" = CCC Help Polish "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "BN_DesktopReader" = NOOK for PC "com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader "eMachines Registration" = eMachines Registration "eMachines Screensaver" = eMachines ScreenSaver "eMachines Welcome Center" = Welcome Center "ERUNT_is1" = ERUNT 1.1j "ESET Online Scanner" = ESET Online Scanner v3 "FoozKids" = Fooz Kids "Hotkey Utility" = Hotkey Utility "Identity Card" = Identity Card "InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400 "MSC" = McAfee Internet Security "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "SolveigMM AVI Trimmer 2.0.1204.27" = SolveigMM AVI Trimmer "WildTangent emachines Master Uninstall" = eMachines Games "WinLiveSuite" = Windows Live Essentials "WTA-002781fd-bcba-4892-b9cd-42f5ec0eaa62" = Final Drive: Nitro "WTA-07b35df1-23d6-4993-938a-ded40b164203" = Jewel Match 3 "WTA-2ae1e4a1-1a74-4b95-aa2e-bd1d1b4ee6b0" = Mystery of Mortlake Mansion "WTA-3a716b28-e8a2-4cf3-883a-a3b8caeb2a75" = Build-a-lot 4 - Power Source "WTA-4a7a1f8b-95ef-4b1c-b7f3-8e6121735af5" = Governor of Poker 2 Premium Edition "WTA-5ad9af41-4bb6-43c2-b7b7-e89d08bda186" = Penguins! "WTA-5c2e059b-617b-4fed-82b6-4fc634d1aefa" = Agatha Christie - Death on the Nile "WTA-79d63b1a-26dc-4afa-bedf-5a9f56b1c6d7" = Virtual Villagers 5 - New Believers "WTA-9bfbe13d-2761-454a-9fcd-fe12eb3e3eef" = Torchlight "WTA-a63d6f7f-3614-4ae3-8ad4-fc2b996cbd7e" = Polar Bowler "WTA-b2c12114-0d47-4098-9eeb-dea1d02a1a75" = Plants vs. Zombies - Game of the Year "WTA-ca657c69-8bfb-489b-a19f-807c4bf073cb" = Chronicles of Albian "WTA-d5450cc6-46c2-4a19-b61f-ab408f55b4a3" = Cradle of Rome 2 "WTA-db8a00c1-c07d-49f9-907f-85392ba2e198" = Dora's World Adventure "WTA-deb3040b-c90c-4e4c-aaad-ca5864fa08ea" = Bejeweled 2 Deluxe "WTA-e53f302b-7388-4065-8d00-7fa84715f49f" = Zuma's Revenge "WTA-eccd2bc6-2552-4459-9ffd-b1e54b6d3350" = Polar Golfer "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Mail" = Yahoo! Internet Mail "Yahoo! Mail Advisor" = Yahoo! Mail Advisor "Yahoo! Software Update" = Yahoo! Software Update "YInstHelper" = Yahoo! Install Manager ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for cdav1313 "ActiveTouchMeetingClient" = Cisco WebEx Meetings "SOE-Free Realms" = Free Realms "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 9/13/2012 6:26:20 AM | Computer Name = cdav1313-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16448 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 15a8 Start Time: 01cd919882da731b Termination Time: 100 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 9/13/2012 6:35:28 AM | Computer Name = cdav1313-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Windows\Installer\{A88E1685-1986-4A86-8E88-5FE1E727D026}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 9/13/2012 6:38:34 AM | Computer Name = cdav1313-PC | Source = WinMgmt | ID = 10 Description = Error - 9/13/2012 6:39:37 AM | Computer Name = cdav1313-PC | Source = VSS | ID = 8194 Description = Error - 9/14/2012 1:13:55 AM | Computer Name = cdav1313-PC | Source = Application Error | ID = 1000 Description = Faulting application name: HotkeyUtility.exe, version: 2.5.3505.0, time stamp: 0x4e434f79 Faulting module name: HotkeyUtility.exe, version: 2.5.3505.0, time stamp: 0x4e434f79 Exception code: 0xc0000417 Fault offset: 0x0002ad0d Faulting process id: 0xee4 Faulting application start time: 0x01cd919bc59c904c Faulting application path: C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe Faulting module path: C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe Report Id: fa93f10a-fe2a-11e1-b1f1-c89cdcab3d8b Error - 9/14/2012 1:55:56 AM | Computer Name = cdav1313-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Windows\Installer\{A88E1685-1986-4A86-8E88-5FE1E727D026}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 9/14/2012 6:05:56 AM | Computer Name = cdav1313-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Windows\Installer\{A88E1685-1986-4A86-8E88-5FE1E727D026}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 9/14/2012 5:20:27 PM | Computer Name = cdav1313-PC | Source = Application Error | ID = 1000 Description = Faulting application name: DVDMaker.exe, version: 6.1.7600.16385, time stamp: 0x4a5bd0ca Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process id: 0x1240 Faulting application start time: 0x01cd9260897d96ea Faulting application path: C:\Program Files\DVD Maker\DVDMaker.exe Faulting module path: unknown Report Id: 005ad848-feb2-11e1-b1f1-c89cdcab3d8b Error - 9/14/2012 5:20:35 PM | Computer Name = cdav1313-PC | Source = Application Error | ID = 1000 Description = Faulting application name: DVDMaker.exe, version: 6.1.7600.16385, time stamp: 0x4a5bd0ca Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc000041d Fault offset: 0x0000000000000000 Faulting process id: 0x1240 Faulting application start time: 0x01cd9260897d96ea Faulting application path: C:\Program Files\DVD Maker\DVDMaker.exe Faulting module path: unknown Report Id: 055dddfb-feb2-11e1-b1f1-c89cdcab3d8b Error - 9/15/2012 8:55:40 AM | Computer Name = cdav1313-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Windows\Installer\{A88E1685-1986-4A86-8E88-5FE1E727D026}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. [ Media Center Events ] Error - 7/19/2012 9:27:19 PM | Computer Name = cdav1313-PC | Source = MCUpdate | ID = 0 Description = 9:27:19 PM - Error connecting to the internet. 9:27:19 PM - Unable to contact server.. Error - 7/19/2012 9:27:54 PM | Computer Name = cdav1313-PC | Source = MCUpdate | ID = 0 Description = 9:27:48 PM - Error connecting to the internet. 9:27:48 PM - Unable to contact server.. Error - 7/19/2012 10:28:39 PM | Computer Name = cdav1313-PC | Source = MCUpdate | ID = 0 Description = 10:28:39 PM - Error connecting to the internet. 10:28:39 PM - Unable to contact server.. Error - 7/30/2012 8:22:05 PM | Computer Name = cdav1313-PC | Source = MCUpdate | ID = 0 Description = 8:22:05 PM - Error connecting to the internet. 8:22:05 PM - Unable to contact server.. Error - 8/8/2012 9:53:24 AM | Computer Name = cdav1313-PC | Source = MCUpdate | ID = 0 Description = 9:53:19 AM - Error connecting to the internet. 9:53:19 AM - Unable to contact server.. Error - 8/8/2012 10:58:53 AM | Computer Name = cdav1313-PC | Source = MCUpdate | ID = 0 Description = 10:58:50 AM - Error connecting to the internet. 10:58:50 AM - Unable to contact server.. Error - 8/8/2012 11:59:37 AM | Computer Name = cdav1313-PC | Source = MCUpdate | ID = 0 Description = 11:59:35 AM - Error connecting to the internet. 11:59:35 AM - Unable to contact server.. Error - 8/8/2012 1:00:23 PM | Computer Name = cdav1313-PC | Source = MCUpdate | ID = 0 Description = 1:00:20 PM - Error connecting to the internet. 1:00:20 PM - Unable to contact server.. Error - 8/18/2012 9:20:50 AM | Computer Name = cdav1313-PC | Source = MCUpdate | ID = 0 Description = 9:20:42 AM - Error connecting to the internet. 9:20:42 AM - Unable to contact server.. Error - 8/18/2012 10:21:54 AM | Computer Name = cdav1313-PC | Source = MCUpdate | ID = 0 Description = 10:21:47 AM - Error connecting to the internet. 10:21:47 AM - Unable to contact server.. [ System Events ] Error - 9/28/2012 9:22:34 PM | Computer Name = cdav1313-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 9:21:00 PM on ?9/?28/?2012 was unexpected. Error - 9/28/2012 9:23:16 PM | Computer Name = cdav1313-PC | Source = WMPNetworkSvc | ID = 866300 Description = Error - 9/29/2012 4:45:08 PM | Computer Name = cdav1313-PC | Source = Application Popup | ID = 1060 Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 9/29/2012 4:47:07 PM | Computer Name = cdav1313-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 9/29/2012 4:54:20 PM | Computer Name = cdav1313-PC | Source = DCOM | ID = 10010 Description = Error - 9/29/2012 5:09:47 PM | Computer Name = cdav1313-PC | Source = DCOM | ID = 10010 Description = Error - 9/29/2012 10:09:29 PM | Computer Name = cdav1313-PC | Source = DCOM | ID = 10010 Description = Error - 9/29/2012 10:09:29 PM | Computer Name = cdav1313-PC | Source = DCOM | ID = 10010 Description = Error - 9/30/2012 10:58:25 AM | Computer Name = cdav1313-PC | Source = DCOM | ID = 10010 Description = Error - 9/30/2012 2:03:02 PM | Computer Name = cdav1313-PC | Source = DCOM | ID = 10010 Description = < End of report >
  5. OTL.txt (Part 2): < MD5 for: COMCTL32.DLL > [2010/11/20 23:24:32 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=14DFDEAF4E589ED3F1FF187A86B9408C -- C:\Windows\ERDNT\cache64\comctl32.dll [2010/11/20 23:24:32 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=14DFDEAF4E589ED3F1FF187A86B9408C -- C:\Windows\SysNative\comctl32.dll [2010/11/20 23:24:08 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=14DFDEAF4E589ED3F1FF187A86B9408C -- C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll [2010/11/20 23:24:32 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=14DFDEAF4E589ED3F1FF187A86B9408C -- C:\Windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_97c2246fee970dbb\comctl32.dll [2010/11/20 23:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) MD5=352B3DC62A0D259A82A052238425C872 -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll [2010/11/20 23:23:51 | 002,030,080 | ---- | M] (Microsoft Corporation) MD5=7FA8FDC2C2A27817FD0F624E78D3B50C -- C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll [2010/11/20 23:23:56 | 000,530,432 | ---- | M] (Microsoft Corporation) MD5=BDAC1AA64495D0F7E1FF810EBBF1F018 -- C:\Windows\ERDNT\cache86\comctl32.dll [2010/11/20 23:23:56 | 000,530,432 | ---- | M] (Microsoft Corporation) MD5=BDAC1AA64495D0F7E1FF810EBBF1F018 -- C:\Windows\SysWOW64\comctl32.dll [2010/11/20 23:24:09 | 000,530,432 | ---- | M] (Microsoft Corporation) MD5=BDAC1AA64495D0F7E1FF810EBBF1F018 -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll [2010/11/20 23:23:56 | 000,530,432 | ---- | M] (Microsoft Corporation) MD5=BDAC1AA64495D0F7E1FF810EBBF1F018 -- C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_3ba388ec36399c85\comctl32.dll < MD5 for: COMCTL32.DLL.MUI > [2009/07/13 21:17:45 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=00C093BECABAEBCF8AF71968720F8E0D -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_th-th_9a95bfc47d1c7826\comctl32.dll.mui [2009/07/13 21:17:54 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=02326B2B45E9A79E27C27545C3169A39 -- C:\Windows\SysNative\da-DK\comctl32.dll.mui [2009/07/13 21:17:54 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=02326B2B45E9A79E27C27545C3169A39 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_da-dk_1439d69c93eb335d\comctl32.dll.mui [2009/07/13 21:17:54 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=02326B2B45E9A79E27C27545C3169A39 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_18a24a3dbedfab6e\comctl32.dll.mui [2009/07/13 21:17:50 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=06DE7EC7F44876CD19DCA8F0A1B9C8C1 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_es-es_103af8cc43d0a688\comctl32.dll.mui [2009/07/13 21:17:52 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=0DE27924408BE297A97B985805C52C68 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_hu-hu_fa62ef131b028c06\comctl32.dll.mui [2009/07/13 21:17:48 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=0E823E0CC33119E846EB19A49A7D540C -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_fi-fi_af55fd7938ea98b2\comctl32.dll.mui [2009/07/13 20:55:30 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=126261ECF493CFD866CB107C24232B41 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_nb-no_12e978dfe001d01b\comctl32.dll.mui [2009/07/13 20:55:22 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=148C89424D7C9CA1E695B11DA73BC911 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_it-it_e4c79be92250cb6e\comctl32.dll.mui [2009/07/13 20:55:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=1791BA30CC5EC66CBA07DD7BA0778E94 -- C:\Windows\SysWOW64\de-DE\comctl32.dll.mui [2009/07/13 20:55:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=1791BA30CC5EC66CBA07DD7BA0778E94 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_de-de_5912a2afaa3db0fd\comctl32.dll.mui [2009/07/13 20:55:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=1791BA30CC5EC66CBA07DD7BA0778E94 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b9af43f608588ed2\comctl32.dll.mui [2009/07/13 21:17:47 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=17E6053B914C64049B0BFAD5CA7770DB -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_da-dk_6a5330b352f55484\comctl32.dll.mui [2009/07/13 21:17:53 | 000,009,216 | ---- | M] (Microsoft Corporation) MD5=1A36BA3794422453EDC8FDEFC0512F3A -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-tw_73f243ac283c6b65\comctl32.dll.mui [2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=1A770B5643196FC22BDAA429329E217D -- C:\Windows\SysNative\pt-PT\comctl32.dll.mui [2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=1A770B5643196FC22BDAA429329E217D -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-pt_bcd447c1f0c30137\comctl32.dll.mui [2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=1A770B5643196FC22BDAA429329E217D -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_pt-pt_c13cbb631bb77948\comctl32.dll.mui [2009/07/13 20:55:19 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=1BF1D03FD41E9FCCC5B4796F18DD72E1 -- C:\Windows\SysWOW64\sk-SK\comctl32.dll.mui [2009/07/13 20:55:19 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=1BF1D03FD41E9FCCC5B4796F18DD72E1 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_sk-sk_ea3f9509df3aaa93\comctl32.dll.mui [2009/07/13 20:55:19 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=1BF1D03FD41E9FCCC5B4796F18DD72E1 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_4adc36503d558868\comctl32.dll.mui [2009/07/13 21:17:54 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=1DB9C2802ACB17FC39602FDA10333975 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_hr-hr_f92ec94d1bc52a9e\comctl32.dll.mui [2009/07/13 21:17:49 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=20F452AEF05E26275E18415E06CE00BA -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pl-pl_0fb7e7c8b1d41e9e\comctl32.dll.mui [2009/07/13 20:55:28 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=2152D4D1008B3B709167CCD1F291AA09 -- C:\Windows\SysWOW64\th-TH\comctl32.dll.mui [2009/07/13 20:55:28 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=2152D4D1008B3B709167CCD1F291AA09 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_th-th_8c299c84d28e8005\comctl32.dll.mui [2009/07/13 20:55:28 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=2152D4D1008B3B709167CCD1F291AA09 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_th-th_ecc63dcb30a95dda\comctl32.dll.mui [2009/07/13 21:17:49 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=227DD89056EDB6C22978E7109E7D5E97 -- C:\Windows\SysNative\uk-UA\comctl32.dll.mui [2009/07/13 21:17:49 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=227DD89056EDB6C22978E7109E7D5E97 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_uk-ua_e45f70e8b2bac1fb\comctl32.dll.mui [2009/07/13 21:17:49 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=227DD89056EDB6C22978E7109E7D5E97 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_uk-ua_e8c7e489ddaf3a0c\comctl32.dll.mui [2009/07/13 20:55:35 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=231BCB21B5AD8DE7523C972A5054379A -- C:\Windows\SysWOW64\ro-RO\comctl32.dll.mui [2009/07/13 20:55:35 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=231BCB21B5AD8DE7523C972A5054379A -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_ro-ro_48bc44d0eba5f599\comctl32.dll.mui [2009/07/13 20:55:35 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=231BCB21B5AD8DE7523C972A5054379A -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ro-ro_a958e61749c0d36e\comctl32.dll.mui [2009/07/13 21:17:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=24C1D1F456E6BEEF6E0F9FF7C39390D4 -- C:\Windows\SysNative\et-EE\comctl32.dll.mui [2009/07/13 21:17:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=24C1D1F456E6BEEF6E0F9FF7C39390D4 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_et-ee_b3e16a4588cc61f0\comctl32.dll.mui [2009/07/13 21:17:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=24C1D1F456E6BEEF6E0F9FF7C39390D4 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_et-ee_b849dde6b3c0da01\comctl32.dll.mui [2009/07/13 21:17:42 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=280E69964DB80C3965DD98953D433336 -- C:\Windows\SysNative\fi-FI\comctl32.dll.mui [2009/07/13 21:17:42 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=280E69964DB80C3965DD98953D433336 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_fi-fi_593ca36279e0778b\comctl32.dll.mui [2009/07/13 21:17:42 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=280E69964DB80C3965DD98953D433336 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_fi-fi_5da51703a4d4ef9c\comctl32.dll.mui [2009/07/13 20:55:28 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=28C91B76B5DBA5E0CCDA3DA9387CC3FA -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_sv-se_3d38d4e8a053e3eb\comctl32.dll.mui [2009/07/13 20:55:40 | 000,010,752 | ---- | M] (Microsoft Corporation) MD5=2A7FB521CD719314F7C0EA5B92F506E2 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_he-il_3ebf4d44318de6de\comctl32.dll.mui [2009/07/13 21:17:53 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=2B3E326190D79BD5D92321DD5BDC9D49 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_el-gr_1014f38243e111ac\comctl32.dll.mui [2009/07/13 21:17:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D1FE2ED91B26829E2FF1F48A6C8D226 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ja-jp_3f3fe41f00efb443\comctl32.dll.mui [2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=3069E7E9A89B320438B5D6C2D6147D10 -- C:\Windows\SysNative\el-GR\comctl32.dll.mui [2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=3069E7E9A89B320438B5D6C2D6147D10 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_el-gr_b9fb996b84d6f085\comctl32.dll.mui [2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=3069E7E9A89B320438B5D6C2D6147D10 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_el-gr_be640d0cafcb6896\comctl32.dll.mui [2009/07/13 21:17:46 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=329A3178B7F9143E975504C23DE0F506 -- C:\Windows\SysNative\fr-FR\comctl32.dll.mui [2009/07/13 21:17:46 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=329A3178B7F9143E975504C23DE0F506 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_fr-fr_5cd914b477989bc3\comctl32.dll.mui [2009/07/13 21:17:46 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=329A3178B7F9143E975504C23DE0F506 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_61418855a28d13d4\comctl32.dll.mui [2009/07/13 21:17:52 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=3427FC3DCB613A950F782014C0072833 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_nb-no_cb3c4208cb85a715\comctl32.dll.mui [2009/07/13 20:55:23 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=389E55B573CE7CC94B58680A18377FD2 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_de-de_af2bfcc66947d224\comctl32.dll.mui [2009/07/13 20:55:36 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=39D6131FE052A1F29C777D335B2961E7 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ro-ro_9ed59ee7aab016c0\comctl32.dll.mui [2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=3CBF2260F75E6788EDC863B9158513D7 -- C:\Windows\SysNative\it-IT\comctl32.dll.mui [2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=3CBF2260F75E6788EDC863B9158513D7 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_it-it_47010afb4eca8141\comctl32.dll.mui [2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=3CBF2260F75E6788EDC863B9158513D7 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4b697e9c79bef952\comctl32.dll.mui [2009/07/13 20:55:19 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=3D216A3E9C7BDE5696E74B1E4ACFB14D -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_uk-ua_822601d686410c28\comctl32.dll.mui [2009/07/13 21:17:57 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=3E6A8251724F896845240ECD05771AC2 -- C:\Windows\SysNative\zh-HK\comctl32.dll.mui [2009/07/13 21:17:57 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=3E6A8251724F896845240ECD05771AC2 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_zh-hk_1887a4cd6c9ce05e\comctl32.dll.mui [2009/07/13 21:17:57 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=3E6A8251724F896845240ECD05771AC2 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_zh-hk_1cf0186e9791586f\comctl32.dll.mui [2009/07/13 21:17:40 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=3F59D28D682A66367B628B6705E77792 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ro-ro_572868109633edba\comctl32.dll.mui [2009/07/13 21:17:42 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=406F5DEB4A4731530D5F38B84BD45B9C -- C:\Windows\SysNative\ko-KR\comctl32.dll.mui [2009/07/13 21:17:42 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=406F5DEB4A4731530D5F38B84BD45B9C -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_ko-kr_8c9066bd34565a32\comctl32.dll.mui [2009/07/13 21:17:42 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=406F5DEB4A4731530D5F38B84BD45B9C -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_90f8da5e5f4ad243\comctl32.dll.mui [2009/07/13 21:17:54 | 000,009,216 | ---- | M] (Microsoft Corporation) MD5=4096D69C291FFE8410FC74B73345A1D4 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-cn_6ff606562acb8ef5\comctl32.dll.mui [2009/07/13 20:55:29 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=4119B61CA4C5D2BA7125E96F4728D542 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ru-ru_a13dea73a92ad990\comctl32.dll.mui [2009/07/13 21:17:51 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=422110049D668EE559AB1D0BBC49E1D2 -- C:\Windows\SysNative\hr-HR\comctl32.dll.mui [2009/07/13 21:17:51 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=422110049D668EE559AB1D0BBC49E1D2 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_hr-hr_a3156f365cbb0977\comctl32.dll.mui [2009/07/13 21:17:51 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=422110049D668EE559AB1D0BBC49E1D2 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_a77de2d787af8188\comctl32.dll.mui [2009/07/13 20:55:25 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=43E43E18CBE47225647C7987559D90A3 -- C:\Windows\SysWOW64\zh-TW\comctl32.dll.mui [2009/07/13 20:55:25 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=43E43E18CBE47225647C7987559D90A3 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_zh-tw_6586206c7dae7344\comctl32.dll.mui [2009/07/13 20:55:25 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=43E43E18CBE47225647C7987559D90A3 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_zh-tw_c622c1b2dbc95119\comctl32.dll.mui [2009/07/13 20:55:20 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=45F542884C82CE1A60AD12E804ACC010 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_nl-nl_1128c41de12dd9f0\comctl32.dll.mui [2009/07/13 21:17:55 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=46A136DFFFFD4FE092C2F0D8084F593F -- C:\Windows\SysNative\zh-TW\comctl32.dll.mui [2009/07/13 21:17:55 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=46A136DFFFFD4FE092C2F0D8084F593F -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_zh-tw_1dd8e99569324a3e\comctl32.dll.mui [2009/07/13 21:17:55 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=46A136DFFFFD4FE092C2F0D8084F593F -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_zh-tw_22415d369426c24f\comctl32.dll.mui [2009/07/13 20:55:31 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=46F24ECF0F753EABECCF67ED4CB11F23 -- C:\Windows\SysWOW64\bg-BG\comctl32.dll.mui [2009/07/13 20:55:31 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=46F24ECF0F753EABECCF67ED4CB11F23 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_bg-bg_13a3b6b1c4998439\comctl32.dll.mui [2009/07/13 20:55:31 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=46F24ECF0F753EABECCF67ED4CB11F23 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_bg-bg_744057f822b4620e\comctl32.dll.mui [2009/07/13 21:17:57 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=4B4302023AA2FD183DDC90D149F4F7E1 -- C:\Windows\SysNative\zh-CN\comctl32.dll.mui [2009/07/13 21:17:57 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=4B4302023AA2FD183DDC90D149F4F7E1 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_zh-cn_19dcac3f6bc16dce\comctl32.dll.mui [2009/07/13 21:17:57 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=4B4302023AA2FD183DDC90D149F4F7E1 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_zh-cn_1e451fe096b5e5df\comctl32.dll.mui [2009/07/13 20:55:22 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=4E07E827D1B6CFEC7BA81232E3EC9F99 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88\comctl32.dll.mui [2009/07/13 21:17:41 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=4F30080012197F9357365C4D9279FEA0 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_120bd26cb05db282\comctl32.dll.mui [2009/07/13 21:17:49 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=4FBC97D4B28295E1E64B536B53137951 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_cs-cz_cd19508c5caf5885\comctl32.dll.mui [2009/07/13 21:17:49 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=53BC29917CDBB1C4646C69B72A7E105B -- C:\Windows\SysNative\cs-CZ\comctl32.dll.mui [2009/07/13 21:17:49 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=53BC29917CDBB1C4646C69B72A7E105B -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_cs-cz_76fff6759da5375e\comctl32.dll.mui [2009/07/13 21:17:49 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=53BC29917CDBB1C4646C69B72A7E105B -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_7b686a16c899af6f\comctl32.dll.mui [2009/07/13 20:55:21 | 000,009,216 | ---- | M] (Microsoft Corporation) MD5=53CF3BC8F04737F5397209D8F81A2E95 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-hk_b64e35bb40232a8b\comctl32.dll.mui [2009/07/13 20:55:33 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=57EEB9F92BC92F3AC69E31699188848F -- C:\Windows\SysWOW64\sr-Latn-CS\comctl32.dll.mui [2009/07/13 20:55:33 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=57EEB9F92BC92F3AC69E31699188848F -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_sr-..-cs_88db3354592d20be\comctl32.dll.mui [2009/07/13 20:55:33 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=57EEB9F92BC92F3AC69E31699188848F -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sr-..-cs_e977d49ab747fe93\comctl32.dll.mui [2009/07/13 20:55:22 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=59DE495ED0266E645EB3DE2201EB2304 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_fi-fi_f70334504d66c1b8\comctl32.dll.mui [2009/07/13 20:55:38 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=5A71769E05A9E85116F6F0ABE9CA4233 -- C:\Windows\SysWOW64\ar-SA\comctl32.dll.mui [2009/07/13 20:55:38 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=5A71769E05A9E85116F6F0ABE9CA4233 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_ar-sa_6d63d528d41932e2\comctl32.dll.mui [2009/07/13 20:55:38 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=5A71769E05A9E85116F6F0ABE9CA4233 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_ce00766f323410b7\comctl32.dll.mui [2009/07/13 21:17:50 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=5A863C8014A63216114DE516B6D4A087 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_uk-ua_3a78caff71c4e322\comctl32.dll.mui [2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=5AB44B6AA114A8601EC936C99B0C7C82 -- C:\Windows\SysNative\de-DE\comctl32.dll.mui [2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=5AB44B6AA114A8601EC936C99B0C7C82 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_de-de_11656bd895c187f7\comctl32.dll.mui [2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=5AB44B6AA114A8601EC936C99B0C7C82 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_de-de_15cddf79c0b60008\comctl32.dll.mui [2009/07/13 20:55:33 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=5EE30F189078EBC63F81679324FBF63B -- C:\Windows\SysWOW64\hr-HR\comctl32.dll.mui [2009/07/13 20:55:33 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=5EE30F189078EBC63F81679324FBF63B -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_hr-hr_eac2a60d7137327d\comctl32.dll.mui [2009/07/13 20:55:33 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=5EE30F189078EBC63F81679324FBF63B -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_4b5f4753cf521052\comctl32.dll.mui [2009/07/13 20:55:39 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=604EFBAF84C4508094ED1BB7073C87D7 -- C:\Windows\SysWOW64\ru-RU\comctl32.dll.mui [2009/07/13 20:55:39 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=604EFBAF84C4508094ED1BB7073C87D7 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_ru-ru_4b24905cea20b869\comctl32.dll.mui [2009/07/13 20:55:39 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=604EFBAF84C4508094ED1BB7073C87D7 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_abc131a3483b963e\comctl32.dll.mui [2009/07/13 20:55:20 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=6163DD90F8A1DC77DB6EF20A82E0655C -- C:\Windows\SysWOW64\el-GR\comctl32.dll.mui [2009/07/13 20:55:20 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=6163DD90F8A1DC77DB6EF20A82E0655C -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_el-gr_01a8d0429953198b\comctl32.dll.mui [2009/07/13 20:55:20 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=6163DD90F8A1DC77DB6EF20A82E0655C -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_el-gr_62457188f76df760\comctl32.dll.mui [2009/07/13 20:55:34 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=616DCB1C3D2F39206F4B5FCB1E8AE6E0 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_lv-lv_ceef922ff982b0ec\comctl32.dll.mui [2009/07/13 20:55:24 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=62CEDB4DE7FA47284093E0DBDED963FD -- C:\Windows\SysWOW64\lt-LT\comctl32.dll.mui [2009/07/13 20:55:24 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=62CEDB4DE7FA47284093E0DBDED963FD -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_lt-lt_7808c9953afa4ed5\comctl32.dll.mui [2009/07/13 20:55:24 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=62CEDB4DE7FA47284093E0DBDED963FD -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_lt-lt_d8a56adb99152caa\comctl32.dll.mui [2009/07/13 20:55:35 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=63CF5A2552BDE2BCF4AF0BFC079AD895 -- C:\Windows\SysWOW64\nl-NL\comctl32.dll.mui [2009/07/13 20:55:35 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=63CF5A2552BDE2BCF4AF0BFC079AD895 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_nl-nl_bb0f6a072223b8c9\comctl32.dll.mui [2009/07/13 20:55:35 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=63CF5A2552BDE2BCF4AF0BFC079AD895 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_nl-nl_1bac0b4d803e969e\comctl32.dll.mui [2009/07/13 21:17:43 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=67C54A4E6962147E0B7AE8AAE0D174D4 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-pt_12eda1d8afcd225e\comctl32.dll.mui [2009/07/13 20:55:27 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=6872A82D4FACD4F5151092F6ED9E9F76 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-pt_5a9ad8afc4494b64\comctl32.dll.mui [2009/07/13 21:17:53 | 000,009,216 | ---- | M] (Microsoft Corporation) MD5=6B6A98F69E1A3203FAEBC3B75C2E2126 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ko-kr_e2a9c0d3f3607b59\comctl32.dll.mui [2009/07/13 20:55:37 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=6C24FA0C70456773759DD29ADCF9E206 -- C:\Windows\SysWOW64\ko-KR\comctl32.dll.mui [2009/07/13 20:55:37 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=6C24FA0C70456773759DD29ADCF9E206 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_ko-kr_d43d9d9448d28338\comctl32.dll.mui [2009/07/13 20:55:37 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=6C24FA0C70456773759DD29ADCF9E206 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_34da3edaa6ed610d\comctl32.dll.mui [2009/07/13 20:55:24 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=6C7187775A7FB39DD73C63B2137ED8DE -- C:\Windows\SysWOW64\et-EE\comctl32.dll.mui [2009/07/13 20:55:24 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=6C7187775A7FB39DD73C63B2137ED8DE -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_et-ee_fb8ea11c9d488af6\comctl32.dll.mui [2009/07/13 20:55:24 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=6C7187775A7FB39DD73C63B2137ED8DE -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_et-ee_5c2b4262fb6368cb\comctl32.dll.mui [2009/07/13 21:17:42 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=6D1B9F0BFF4CAA705DFEF8D7F3431308 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ar-sa_7bcff8687ea72b03\comctl32.dll.mui [2009/07/13 20:55:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=6D4D7B7237E32708737091C42137A467 -- C:\Windows\SysWOW64\pt-BR\comctl32.dll.mui [2009/07/13 20:55:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=6D4D7B7237E32708737091C42137A467 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61\comctl32.dll.mui [2009/07/13 20:55:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=6D4D7B7237E32708737091C42137A467 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_643c507363ea9836\comctl32.dll.mui [2009/07/13 21:17:45 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=6E99E65FD70A97C389B1F1ED39C41963 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_it-it_9d1a65120dd4a268\comctl32.dll.mui [2009/07/13 20:55:38 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=70F479AFBDE3D69946B8D1362046091A -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_es-es_57e82fa3584ccf8e\comctl32.dll.mui [2009/07/13 21:17:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=712D62AC33B2D6BC306827AF89E23BBD -- C:\Windows\SysNative\ro-RO\comctl32.dll.mui [2009/07/13 21:17:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=712D62AC33B2D6BC306827AF89E23BBD -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_ro-ro_010f0df9d729cc93\comctl32.dll.mui [2009/07/13 21:17:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=712D62AC33B2D6BC306827AF89E23BBD -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ro-ro_0577819b021e44a4\comctl32.dll.mui [2009/07/13 20:55:39 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=752E659772D0967526A3D521D78A15CB -- C:\Windows\SysWOW64\nb-NO\comctl32.dll.mui [2009/07/13 20:55:39 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=752E659772D0967526A3D521D78A15CB -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_nb-no_bcd01ec920f7aef4\comctl32.dll.mui [2009/07/13 20:55:39 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=752E659772D0967526A3D521D78A15CB -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_nb-no_1d6cc00f7f128cc9\comctl32.dll.mui [2009/07/13 21:17:48 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=76276B06401C80009BA12915C7BBAEDD -- C:\Windows\SysNative\lv-LV\comctl32.dll.mui [2009/07/13 21:17:48 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=76276B06401C80009BA12915C7BBAEDD -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_lv-lv_3129014225fc66bf\comctl32.dll.mui [2009/07/13 21:17:48 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=76276B06401C80009BA12915C7BBAEDD -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_lv-lv_359174e350f0ded0\comctl32.dll.mui [2009/07/13 21:17:42 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=77931AA86B6A9282121962F5EF3D80BE -- C:\Windows\SysNative\lt-LT\comctl32.dll.mui [2009/07/13 21:17:42 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=77931AA86B6A9282121962F5EF3D80BE -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_lt-lt_305b92be267e25cf\comctl32.dll.mui [2009/07/13 21:17:42 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=77931AA86B6A9282121962F5EF3D80BE -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_lt-lt_34c4065f51729de0\comctl32.dll.mui [2009/07/13 20:55:30 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F86AFBB49CE327FD5E40C475F569196 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_tr-tr_e6461f2f8f0fe5dc\comctl32.dll.mui [2009/07/13 21:17:47 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=7FC83ED9C9B1F441AAC5DF7C1BCB69BE -- C:\Windows\SysNative\th-TH\comctl32.dll.mui [2009/07/13 21:17:47 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=7FC83ED9C9B1F441AAC5DF7C1BCB69BE -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_th-th_447c65adbe1256ff\comctl32.dll.mui [2009/07/13 21:17:47 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=7FC83ED9C9B1F441AAC5DF7C1BCB69BE -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_th-th_48e4d94ee906cf10\comctl32.dll.mui [2009/07/13 21:17:51 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=827719C879C344B0817F7144485BDFE0 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_sr-..-cs_9747569403bb18df\comctl32.dll.mui [2009/07/13 21:17:53 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=83A9AA0DE014FF527528C0448305E8CB -- C:\Windows\SysNative\sk-SK\comctl32.dll.mui [2009/07/13 21:17:53 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=83A9AA0DE014FF527528C0448305E8CB -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_sk-sk_a2925e32cabe818d\comctl32.dll.mui [2009/07/13 21:17:53 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=83A9AA0DE014FF527528C0448305E8CB -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_a6fad1d3f5b2f99e\comctl32.dll.mui [2009/07/13 21:17:54 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=8707D17644688778FDFFE5C4A769C5E0 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_fr-fr_b2f26ecb36a2bcea\comctl32.dll.mui [2009/07/13 20:55:32 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=87CD27B1F1F408939E15AB4D832A221A -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ja-jp_86ed1af6156bdd49\comctl32.dll.mui [2009/07/13 21:17:44 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=87E5117D11667B8BA763C61F2647B9F6 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\comctl32.dll.mui [2009/07/13 20:55:33 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=87E5117D11667B8BA763C61F2647B9F6 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_581cd2bf5825dde9\comctl32.dll.mui [2009/07/13 20:55:21 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8835CD0F5904C9A4C7B8BFECDC336FE0 -- C:\Windows\SysWOW64\es-ES\comctl32.dll.mui [2009/07/13 20:55:21 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8835CD0F5904C9A4C7B8BFECDC336FE0 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_es-es_01ced58c9942ae67\comctl32.dll.mui [2009/07/13 20:55:21 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8835CD0F5904C9A4C7B8BFECDC336FE0 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_es-es_626b76d2f75d8c3c\comctl32.dll.mui [2009/07/13 20:55:20 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8883D1401A2AC8038A5E6CC3BD31C9C3 -- C:\Windows\SysWOW64\it-IT\comctl32.dll.mui [2009/07/13 20:55:20 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8883D1401A2AC8038A5E6CC3BD31C9C3 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_it-it_8eae41d26346aa47\comctl32.dll.mui [2009/07/13 20:55:20 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8883D1401A2AC8038A5E6CC3BD31C9C3 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ef4ae318c161881c\comctl32.dll.mui [2009/07/13 20:55:26 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=898DA9268D895E36A8ACFF64A50F1BF4 -- C:\Windows\SysWOW64\sl-SI\comctl32.dll.mui [2009/07/13 20:55:26 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=898DA9268D895E36A8ACFF64A50F1BF4 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_sl-si_e951b6c1dfd4bd76\comctl32.dll.mui [2009/07/13 20:55:26 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=898DA9268D895E36A8ACFF64A50F1BF4 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sl-si_49ee58083def9b4b\comctl32.dll.mui [2009/07/13 20:55:26 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8A20F45D656DDEA3241AA2E5114F5A90 -- C:\Windows\SysWOW64\cs-CZ\comctl32.dll.mui [2009/07/13 20:55:26 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8A20F45D656DDEA3241AA2E5114F5A90 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_cs-cz_bead2d4cb2216064\comctl32.dll.mui [2009/07/13 20:55:26 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8A20F45D656DDEA3241AA2E5114F5A90 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_1f49ce93103c3e39\comctl32.dll.mui [2009/07/13 21:17:41 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8A2E1E98C1D4B30016BEDCBD31A98AB3 -- C:\Windows\SysNative\tr-TR\comctl32.dll.mui [2009/07/13 21:17:41 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8A2E1E98C1D4B30016BEDCBD31A98AB3 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_tr-tr_487f8e41bb899baf\comctl32.dll.mui [2009/07/13 21:17:41 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8A2E1E98C1D4B30016BEDCBD31A98AB3 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_tr-tr_4ce801e2e67e13c0\comctl32.dll.mui [2009/07/13 21:17:42 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8A652B5BD20BB7EC67826264B2E70EC7 -- C:\Windows\SysNative\sl-SI\comctl32.dll.mui [2009/07/13 21:17:42 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8A652B5BD20BB7EC67826264B2E70EC7 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_sl-si_a1a47feacb589470\comctl32.dll.mui [2009/07/13 21:17:42 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8A652B5BD20BB7EC67826264B2E70EC7 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sl-si_a60cf38bf64d0c81\comctl32.dll.mui [2009/07/13 21:17:56 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=8C67F14F9205F77ABEC3029F007E92C9 -- C:\Windows\SysNative\he-IL\comctl32.dll.mui [2009/07/13 21:17:56 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=8C67F14F9205F77ABEC3029F007E92C9 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_he-il_a0f8bc565e079cb1\comctl32.dll.mui [2009/07/13 21:17:56 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=8C67F14F9205F77ABEC3029F007E92C9 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_he-il_a5612ff788fc14c2\comctl32.dll.mui [2009/07/13 21:17:50 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=8F05BDA9B878C1625115B3048F40BF8E -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_sl-si_f7bdda018a62b597\comctl32.dll.mui [2009/07/13 20:55:33 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=9105D57924AC29D89D01D989F8A988E0 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_sk-sk_4058ef209e44cbba\comctl32.dll.mui [2009/07/13 20:55:23 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=919482123FBC4F2CA352FFA22238F379 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_sl-si_3f6b10d89edede9d\comctl32.dll.mui [2009/07/13 21:17:46 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=9814A52ED2BBD217983909F6BF6F8EE9 -- C:\Windows\SysNative\ar-SA\comctl32.dll.mui [2009/07/13 21:17:46 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=9814A52ED2BBD217983909F6BF6F8EE9 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_ar-sa_25b69e51bf9d09dc\comctl32.dll.mui [2009/07/13 21:17:46 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=9814A52ED2BBD217983909F6BF6F8EE9 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_2a1f11f2ea9181ed\comctl32.dll.mui [2009/07/13 20:55:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=9E47B8D8243269CB37A3321BD75AD0C8 -- C:\Windows\SysWOW64\da-DK\comctl32.dll.mui [2009/07/13 20:55:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=9E47B8D8243269CB37A3321BD75AD0C8 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_da-dk_5be70d73a8675c63\comctl32.dll.mui [2009/07/13 20:55:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=9E47B8D8243269CB37A3321BD75AD0C8 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_bc83aeba06823a38\comctl32.dll.mui [2009/07/13 20:55:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=9E4D90E78334C8D8D1C41B61E001E071 -- C:\Windows\SysWOW64\pl-PL\comctl32.dll.mui [2009/07/13 20:55:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=9E4D90E78334C8D8D1C41B61E001E071 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pl-pl_014bc4890746267d\comctl32.dll.mui [2009/07/13 20:55:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=9E4D90E78334C8D8D1C41B61E001E071 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_61e865cf65610452\comctl32.dll.mui [2009/07/13 20:55:22 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=A651A39659D9E5E3597B6EF79740DCA4 -- C:\Windows\SysWOW64\fr-FR\comctl32.dll.mui [2009/07/13 20:55:22 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=A651A39659D9E5E3597B6EF79740DCA4 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_fr-fr_a4864b8b8c14c4c9\comctl32.dll.mui [2009/07/13 20:55:22 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=A651A39659D9E5E3597B6EF79740DCA4 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0522ecd1ea2fa29e\comctl32.dll.mui [2009/07/13 21:17:53 | 000,010,752 | ---- | M] (Microsoft Corporation) MD5=A9AA2C8A7D708469BEAC36AD4463BCC3 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_he-il_f712166d1d11bdd8\comctl32.dll.mui [2009/07/13 20:55:36 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=AA019C97CC28D66AD5D04AAA644D8B13 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_bg-bg_69bd10c883a3a560\comctl32.dll.mui [2009/07/13 21:17:47 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=AAC972B3A8BDF093AE5442B9BEB7082F -- C:\Windows\SysNative\hu-HU\comctl32.dll.mui [2009/07/13 21:17:47 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=AAC972B3A8BDF093AE5442B9BEB7082F -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_hu-hu_a44994fc5bf86adf\comctl32.dll.mui [2009/07/13 21:17:47 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=AAC972B3A8BDF093AE5442B9BEB7082F -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_a8b2089d86ece2f0\comctl32.dll.mui [2009/07/13 20:55:29 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=ACA1A246151E772D458ABD93B998CA2E -- C:\Windows\SysWOW64\zh-CN\comctl32.dll.mui [2009/07/13 20:55:29 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=ACA1A246151E772D458ABD93B998CA2E -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_zh-cn_6189e316803d96d4\comctl32.dll.mui [2009/07/13 20:55:29 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=ACA1A246151E772D458ABD93B998CA2E -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_zh-cn_c226845cde5874a9\comctl32.dll.mui [2009/07/13 20:55:29 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=B2A08F880966BA15BEFB4FEF409F7231 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_fr-fr_fa9fa5a24b1ee5f0\comctl32.dll.mui [2009/07/13 20:55:22 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=B531F91B96DE681BF1B0D6AC5A185C7D -- C:\Windows\SysWOW64\zh-HK\comctl32.dll.mui [2009/07/13 20:55:22 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=B531F91B96DE681BF1B0D6AC5A185C7D -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_zh-hk_6034dba481190964\comctl32.dll.mui [2009/07/13 20:55:22 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=B531F91B96DE681BF1B0D6AC5A185C7D -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_zh-hk_c0d17ceadf33e739\comctl32.dll.mui [2009/07/13 21:17:52 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=B5473FE4EC2A9876AD1AD9F3B44D4985 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_bg-bg_220fd9f16f277c5a\comctl32.dll.mui [2009/07/13 21:17:55 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=B764B551D9E479B2FBFBE98201F0E088 -- C:\Windows\SysNative\sv-SE\comctl32.dll.mui [2009/07/13 21:17:55 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=B764B551D9E479B2FBFBE98201F0E088 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_sv-se_9f7243facccd99be\comctl32.dll.mui [2009/07/13 21:17:55 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=B764B551D9E479B2FBFBE98201F0E088 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_a3dab79bf7c211cf\comctl32.dll.mui [2009/07/13 20:55:34 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=B8F0F39E100DAD8EC7D14F7509D70AC4 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_da-dk_b200678a67717d8a\comctl32.dll.mui [2009/07/13 20:55:24 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=B9A57EBCA828CF2DC2B4EAFD1AA562A2 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_hr-hr_40dc0024304153a4\comctl32.dll.mui [2009/07/13 20:55:19 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=BD2101D558D2AA5529FB57C94E0C6DD7 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_hu-hu_421025ea2f7eb50c\comctl32.dll.mui [2009/07/13 21:17:41 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=BF3D86C247C16A98A0EEF699A5F0A439 -- C:\Windows\SysNative\ja-JP\comctl32.dll.mui [2009/07/13 21:17:41 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=BF3D86C247C16A98A0EEF699A5F0A439 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_ja-jp_e9268a0841e5931c\comctl32.dll.mui [2009/07/13 21:17:41 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=BF3D86C247C16A98A0EEF699A5F0A439 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ed8efda96cda0b2d\comctl32.dll.mui [2009/07/13 20:55:23 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=C0F8AE31A375339397BC18227BDF4C94 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_sr-..-cs_def48d6b183741e5\comctl32.dll.mui [2009/07/13 20:55:33 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=C13C584DDA2339846B1B5AEB276D9AA3 -- C:\Windows\SysWOW64\en-US\comctl32.dll.mui [2009/07/13 20:55:33 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=C13C584DDA2339846B1B5AEB276D9AA3 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_en-us_020378a8991bbcc2\comctl32.dll.mui [2009/07/13 20:55:33 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=C13C584DDA2339846B1B5AEB276D9AA3 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_en-us_62a019eef7369a97\comctl32.dll.mui [2009/07/13 20:55:26 | 000,009,216 | ---- | M] (Microsoft Corporation) MD5=C14CB7445E742B53168E49E988967218 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ko-kr_2a56f7ab07dca45f\comctl32.dll.mui [2009/07/13 20:55:23 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=C15DA922E7FB2539C2C64B027177BC24 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_cs-cz_14c68763712b818b\comctl32.dll.mui [2009/07/13 21:17:56 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=C1D099FAAC5E6E59D29A88672433A544 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ru-ru_5990b39c94aeb08a\comctl32.dll.mui [2009/07/13 21:17:55 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=C39CDB0338DE3CBCFE5ED2DB47DA8F8B -- C:\Windows\SysNative\en-US\comctl32.dll.mui [2009/07/13 21:17:55 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=C39CDB0338DE3CBCFE5ED2DB47DA8F8B -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_en-us_ba5641d1849f93bc\comctl32.dll.mui [2009/07/13 21:17:55 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=C39CDB0338DE3CBCFE5ED2DB47DA8F8B -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bebeb572af940bcd\comctl32.dll.mui [2009/07/13 20:55:32 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=C4BBBDBC6021452AA8986AA286B547B3 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_lt-lt_ce2223abfa046ffc\comctl32.dll.mui [2009/07/13 20:55:24 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=C83FD25A2501DB51D5D580DE2B914460 -- C:\Windows\SysWOW64\hu-HU\comctl32.dll.mui [2009/07/13 20:55:24 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=C83FD25A2501DB51D5D580DE2B914460 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_hu-hu_ebf6cbd3707493e5\comctl32.dll.mui [2009/07/13 20:55:24 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=C83FD25A2501DB51D5D580DE2B914460 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_4c936d19ce8f71ba\comctl32.dll.mui [2009/07/13 21:17:42 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=CAAA998726C4051372C571BF6CB72B79 -- C:\Windows\SysNative\nl-NL\comctl32.dll.mui [2009/07/13 21:17:42 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=CAAA998726C4051372C571BF6CB72B79 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_nl-nl_736233300da78fc3\comctl32.dll.mui [2009/07/13 21:17:42 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=CAAA998726C4051372C571BF6CB72B79 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_nl-nl_77caa6d1389c07d4\comctl32.dll.mui [2009/07/13 20:55:19 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=CDD1A11AC162F252DB06EB63B0ABBD8A -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pl-pl_57651e9fc65047a4\comctl32.dll.mui [2009/07/13 20:55:33 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=D0854FD24B2210E17EEC048323E907C9 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_et-ee_51a7fb335c52ac1d\comctl32.dll.mui [2009/07/13 21:17:46 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=D2066FE305AD9788F7EAAF47CE9FF1B8 -- C:\Windows\SysNative\es-ES\comctl32.dll.mui [2009/07/13 21:17:46 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=D2066FE305AD9788F7EAAF47CE9FF1B8 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_es-es_ba219eb584c68561\comctl32.dll.mui [2009/07/13 21:17:46 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=D2066FE305AD9788F7EAAF47CE9FF1B8 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_es-es_be8a1256afbafd72\comctl32.dll.mui [2009/07/13 20:55:23 | 000,009,216 | ---- | M] (Microsoft Corporation) MD5=D505AA097F000F34FFF676E5BA7F04C9 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-tw_bb9f7a833cb8946b\comctl32.dll.mui [2009/07/13 20:55:20 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=D5F2B66ABF861403D1A4C41DF5292817 -- C:\Windows\SysWOW64\fi-FI\comctl32.dll.mui [2009/07/13 20:55:20 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=D5F2B66ABF861403D1A4C41DF5292817 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_fi-fi_a0e9da398e5ca091\comctl32.dll.mui [2009/07/13 20:55:20 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=D5F2B66ABF861403D1A4C41DF5292817 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_fi-fi_01867b7fec777e66\comctl32.dll.mui [2009/07/13 21:17:40 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=D74E796963404EDD28FD11F2793B654E -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_sk-sk_f8abb84989c8a2b4\comctl32.dll.mui [2009/07/13 21:17:47 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=D91EF2CC8BAFDE5FF720602C9748261E -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_de-de_677ec5ef54cba91e\comctl32.dll.mui [2009/07/13 21:17:46 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=DCBFC3D8DE7C05CADACB17ADDADCE1F2 -- C:\Windows\SysNative\sr-Latn-CS\comctl32.dll.mui [2009/07/13 21:17:46 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=DCBFC3D8DE7C05CADACB17ADDADCE1F2 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_sr-..-cs_412dfc7d44b0f7b8\comctl32.dll.mui [2009/07/13 21:17:46 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=DCBFC3D8DE7C05CADACB17ADDADCE1F2 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sr-..-cs_4596701e6fa56fc9\comctl32.dll.mui [2009/07/13 21:17:56 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=DEB9025EE59B31764A7824E68B1FF84B -- C:\Windows\SysNative\ru-RU\comctl32.dll.mui [2009/07/13 21:17:56 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=DEB9025EE59B31764A7824E68B1FF84B -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_ru-ru_03775985d5a48f63\comctl32.dll.mui [2009/07/13 21:17:56 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=DEB9025EE59B31764A7824E68B1FF84B -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_07dfcd2700990774\comctl32.dll.mui [2009/07/13 20:55:32 | 000,009,216 | ---- | M] (Microsoft Corporation) MD5=DF699213BA232CBAD1FC40C020AA66BA -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-cn_b7a33d2d3f47b7fb\comctl32.dll.mui [2009/07/13 20:55:30 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E15CADEDC60E64CBEC8A47B8178DF783 -- C:\Windows\SysWOW64\uk-UA\comctl32.dll.mui [2009/07/13 20:55:30 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E15CADEDC60E64CBEC8A47B8178DF783 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_uk-ua_2c0ca7bfc736eb01\comctl32.dll.mui [2009/07/13 20:55:30 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E15CADEDC60E64CBEC8A47B8178DF783 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_uk-ua_8ca949062551c8d6\comctl32.dll.mui [2009/07/13 21:17:48 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=E1D1B4850D910AF4409BD03A38F4AE4D -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_sv-se_f58b9e118bd7bae5\comctl32.dll.mui [2009/07/13 20:55:37 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E35AE0DEF052BB6F9990807DE2266F77 -- C:\Windows\SysWOW64\sv-SE\comctl32.dll.mui [2009/07/13 20:55:37 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E35AE0DEF052BB6F9990807DE2266F77 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_sv-se_e71f7ad1e149c2c4\comctl32.dll.mui [2009/07/13 20:55:37 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E35AE0DEF052BB6F9990807DE2266F77 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_47bc1c183f64a099\comctl32.dll.mui [2009/07/13 21:17:44 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E3E14A803DA495DBB75B0696B619664F -- C:\Windows\SysNative\nb-NO\comctl32.dll.mui [2009/07/13 21:17:44 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E3E14A803DA495DBB75B0696B619664F -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_nb-no_7522e7f20c7b85ee\comctl32.dll.mui [2009/07/13 21:17:44 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E3E14A803DA495DBB75B0696B619664F -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_nb-no_798b5b93376ffdff\comctl32.dll.mui [2009/07/13 20:55:31 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E58A29AE01BC5E9613042E530EC63F60 -- C:\Windows\SysWOW64\pt-PT\comctl32.dll.mui [2009/07/13 20:55:31 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E58A29AE01BC5E9613042E530EC63F60 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-pt_04817e99053f2a3d\comctl32.dll.mui [2009/07/13 20:55:31 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E58A29AE01BC5E9613042E530EC63F60 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_pt-pt_651e1fdf635a0812\comctl32.dll.mui [2009/07/13 21:17:49 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=E5EBFED216B5F0C9858EA24E73D3DF8C -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_nl-nl_c97b8d46ccb1b0ea\comctl32.dll.mui [2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E66275134F843F540E8B060DC2DB5AEF -- C:\Windows\SysNative\pt-BR\comctl32.dll.mui [2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E66275134F843F540E8B060DC2DB5AEF -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_bbf27855f153915b\comctl32.dll.mui [2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E66275134F843F540E8B060DC2DB5AEF -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c05aebf71c48096c\comctl32.dll.mui [2009/07/13 20:55:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E7921F0C5AEE24A12707EAC3926AFD11 -- C:\Windows\SysWOW64\lv-LV\comctl32.dll.mui [2009/07/13 20:55:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E7921F0C5AEE24A12707EAC3926AFD11 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_lv-lv_78d638193a788fc5\comctl32.dll.mui [2009/07/13 20:55:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E7921F0C5AEE24A12707EAC3926AFD11 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_lv-lv_d972d95f98936d9a\comctl32.dll.mui [2009/07/13 21:17:45 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E7DC62C8D64E9CB3BE85C51D414AEB9C -- C:\Windows\SysNative\bg-BG\comctl32.dll.mui [2009/07/13 21:17:45 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E7DC62C8D64E9CB3BE85C51D414AEB9C -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_bg-bg_cbf67fdab01d5b33\comctl32.dll.mui [2009/07/13 21:17:45 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E7DC62C8D64E9CB3BE85C51D414AEB9C -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_bg-bg_d05ef37bdb11d344\comctl32.dll.mui [2009/07/13 21:17:45 | 000,009,216 | ---- | M] (Microsoft Corporation) MD5=E9702953F9BB2CB83A7A95022146DA80 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-hk_6ea0fee42ba70185\comctl32.dll.mui [2009/07/13 20:55:31 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=EAA53E34D65B6B636808DD59C3A14ACC -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_th-th_e242f69b9198a12c\comctl32.dll.mui [2009/07/13 21:17:46 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=EB24B863CF6B3DC103D6C670359250C8 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_et-ee_09fac45c47d68317\comctl32.dll.mui [2009/07/13 21:17:51 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=EC2426EEF6071903E22106E9ECA6F678 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_tr-tr_9e98e8587a93bcd6\comctl32.dll.mui [2009/07/13 20:55:31 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=EC2DD6D3934731674F8CEF749B699198 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ar-sa_c37d2f3f93235409\comctl32.dll.mui [2009/07/13 20:55:32 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=EEB3B0978CB733501B7652B6F408B847 -- C:\Windows\SysWOW64\he-IL\comctl32.dll.mui [2009/07/13 20:55:32 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=EEB3B0978CB733501B7652B6F408B847 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_he-il_e8a5f32d7283c5b7\comctl32.dll.mui [2009/07/13 20:55:32 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=EEB3B0978CB733501B7652B6F408B847 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_he-il_49429473d09ea38c\comctl32.dll.mui [2009/07/13 20:55:31 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=F1498C2041185E84E7BACB5BD07053B9 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_el-gr_57c22a59585d3ab2\comctl32.dll.mui [2009/07/13 21:17:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=F7187586D312E9D8A6A372CB7C623D54 -- C:\Windows\SysNative\pl-PL\comctl32.dll.mui [2009/07/13 21:17:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=F7187586D312E9D8A6A372CB7C623D54 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pl-pl_b99e8db1f2c9fd77\comctl32.dll.mui [2009/07/13 21:17:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=F7187586D312E9D8A6A372CB7C623D54 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_be0701531dbe7588\comctl32.dll.mui [2009/07/13 21:17:41 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=FA7075BF402CF68A1E21CB9DE011CEC1 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_lt-lt_8674ecd4e58846f6\comctl32.dll.mui [2009/07/13 20:55:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=FC6E1D9ABD1401C69A78509EE7A19FBB -- C:\Windows\SysWOW64\tr-TR\comctl32.dll.mui [2009/07/13 20:55:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=FC6E1D9ABD1401C69A78509EE7A19FBB -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_tr-tr_902cc518d005c4b5\comctl32.dll.mui [2009/07/13 20:55:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=FC6E1D9ABD1401C69A78509EE7A19FBB -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_tr-tr_f0c9665f2e20a28a\comctl32.dll.mui [2009/07/13 20:55:34 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FD7345F5F0452E30A3EDE90B22CE2A4D -- C:\Windows\SysWOW64\ja-JP\comctl32.dll.mui [2009/07/13 20:55:34 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FD7345F5F0452E30A3EDE90B22CE2A4D -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_ja-jp_30d3c0df5661bc22\comctl32.dll.mui [2009/07/13 20:55:34 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FD7345F5F0452E30A3EDE90B22CE2A4D -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_91706225b47c99f7\comctl32.dll.mui [2009/07/13 21:17:44 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=FF3075142C76E05DBBFAC42F83824156 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_lv-lv_87425b58e50687e6\comctl32.dll.mui < MD5 for: EXPLORER.EXE > [2011/07/14 01:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011/07/14 01:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe [2011/07/14 01:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/07/14 01:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/07/14 01:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011/07/14 01:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/07/14 01:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: QMGR.DLL > [2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\ERDNT\cache64\qmgr.dll [2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll [2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll < MD5 for: SERVICES > [2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services < MD5 for: SERVICES.ASFX > [2012/04/04 01:54:08 | 000,002,637 | ---- | M] () MD5=016DFC4F3F133AE19338EECD1924886A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ro_RO\Services\Services.asfx [2012/04/04 01:54:08 | 000,002,970 | ---- | M] () MD5=05A68D76420994EF8DF33184BFA98E04 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\uk_UA\Services\Services.asfx [2012/04/04 01:54:04 | 000,002,555 | ---- | M] () MD5=272301585AC133486E70228DA27659AC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_TW\Services\Services.asfx [2012/04/04 01:54:02 | 000,002,562 | ---- | M] () MD5=27CE9BD3209B549BB776B8C877455A91 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nb_NO\Services\Services.asfx [2012/04/04 01:54:02 | 000,002,632 | ---- | M] () MD5=2998A4AE8D0EF5122CCB985CF7E9D9D3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ko_KR\Services\Services.asfx [2012/04/04 01:54:02 | 000,002,545 | ---- | M] () MD5=2EEC9DDBD0B4EE5F65532322C383938A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_CN\Services\Services.asfx [2012/04/04 01:54:04 | 000,002,629 | ---- | M] () MD5=3A0082D76426A87FB4937D426C491C10 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\cs_CZ\Services\Services.asfx [2012/04/04 01:54:04 | 000,002,590 | ---- | M] () MD5=448953BD0CF26CE03D9E7CC1A7B278BC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\tr_TR\Services\Services.asfx [2012/04/04 01:53:58 | 000,002,605 | ---- | M] () MD5=5A2C5D0DA3EAAB2AA77F16947D0E14FF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\it_IT\Services\Services.asfx [2012/04/04 01:54:04 | 000,002,679 | ---- | M] () MD5=5DD2704563A6A79C466E44CD966B2655 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hu_HU\Services\Services.asfx [2012/04/04 01:53:56 | 000,002,711 | ---- | M] () MD5=6B0E7B068BD530B8FCEBC04CC8844AA9 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ja_JP\Services\Services.asfx [2012/04/04 01:54:08 | 000,002,582 | ---- | M] () MD5=797FC263D59784AD1498560C34FA7DA1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sl_SI\Services\Services.asfx [2012/04/04 01:53:56 | 000,002,626 | ---- | M] () MD5=8073B18DC740B965256CE0957E363AC5 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fr_FR\Services\Services.asfx [2012/04/04 01:54:02 | 000,002,634 | ---- | M] () MD5=912DD5C0C7C8D7572AD598414D56E24A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pt_BR\Services\Services.asfx [2012/04/04 01:53:56 | 000,002,655 | ---- | M] () MD5=ABFBB9D0398492D849690C344C1316BB -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_DE\Services\Services.asfx [2012/04/04 01:54:08 | 000,002,638 | ---- | M] () MD5=C2C37202B0E55877A64ADDBDE738284E -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sk_SK\Services\Services.asfx [2012/04/04 01:54:04 | 000,002,589 | ---- | M] () MD5=C313AD3602D4965A1918E86B9F3E84CF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pl_PL\Services\Services.asfx [2012/04/04 01:54:10 | 000,002,609 | ---- | M] () MD5=C7FA88C21103C70826F274A0E865AEDF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ca_ES\Services\Services.asfx [2012/04/04 01:54:10 | 000,002,576 | ---- | M] () MD5=D27D52045EB6A2EE031F7D2EA0349BC3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\eu_ES\Services\Services.asfx [2012/04/04 01:54:02 | 000,002,560 | ---- | M] () MD5=D5642B1BFE0A70231D14C11D3D3FD60D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\da_DK\Services\Services.asfx [2012/04/04 01:54:08 | 000,002,588 | ---- | M] () MD5=DB216743CDE75637621E2FD39431BBD4 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hr_HR\Services\Services.asfx [2012/04/04 01:53:58 | 000,002,620 | ---- | M] () MD5=DCF7A8843832327386B81ABD189AC236 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\es_ES\Services\Services.asfx [2012/04/04 01:54:04 | 000,002,997 | ---- | M] () MD5=DD3F4DAF426555D8D85FF4D7C5A04F37 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ru_RU\Services\Services.asfx [2010/11/16 00:02:32 | 000,000,228 | R--- | M] () MD5=E09422BE0C7636A7B63A1527C4C1372D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx [2012/04/04 01:54:02 | 000,002,599 | ---- | M] () MD5=F09D769A94767C3C7E7015A5C6C99A39 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fi_FI\Services\Services.asfx [2012/04/04 01:53:58 | 000,002,628 | ---- | M] () MD5=F844D742DB53C7D671BF7ED6517414D1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nl_NL\Services\Services.asfx [2012/04/04 01:53:58 | 000,002,582 | ---- | M] () MD5=FED4BDA3B6A9EB9DB59C254D8C987495 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sv_SE\Services\Services.asfx < MD5 for: SERVICES.ASFX1 > [2010/11/16 00:02:32 | 000,000,228 | R--- | M] () MD5=A7B7A4CC1A717292474115CD3A4AC121 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx1 < MD5 for: SERVICES.ASFX10 > [2010/11/16 00:02:34 | 000,000,233 | R--- | M] () MD5=3382FAB54FC906B0E40269D903A8D690 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx10 < MD5 for: SERVICES.ASFX11 > [2010/11/16 00:02:26 | 000,000,227 | R--- | M] () MD5=F36865AB3B9813962B7EDBE66FA1C28A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx11 < MD5 for: SERVICES.ASFX12 > [2010/11/16 00:02:30 | 000,000,225 | R--- | M] () MD5=9287C7268CC0F37F1DDE18CEBB128685 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx12 < MD5 for: SERVICES.ASFX13 > [2010/11/16 00:02:30 | 000,000,228 | R--- | M] () MD5=95326C46AC2654AFF5C8543DFE22CCB3 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx13 < MD5 for: SERVICES.ASFX14 > [2010/11/16 00:02:26 | 000,000,228 | R--- | M] () MD5=14DA84ECAF57B5ADA36B9093FF04CF32 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx14 < MD5 for: SERVICES.ASFX15 > [2010/11/16 00:02:26 | 000,000,231 | R--- | M] () MD5=CF94F061685A38BABE0BBD463191EDE7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx15 < MD5 for: SERVICES.ASFX16 > [2010/11/16 00:02:34 | 000,000,232 | R--- | M] () MD5=B6E63D87C73CED2D6B433C542C5C3965 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx16 < MD5 for: SERVICES.ASFX17 > [2010/11/16 00:02:34 | 000,000,230 | R--- | M] () MD5=545E97C4F4CEA743A8D86B685EE2EDBB -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx17 < MD5 for: SERVICES.ASFX18 > [2010/11/16 00:02:24 | 000,000,230 | R--- | M] () MD5=2577B66F38E0DEA25F328DA4A0FED322 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx18 < MD5 for: SERVICES.ASFX19 > [2010/11/16 00:02:26 | 000,000,225 | R--- | M] () MD5=0A27F1D6595A69800A43CDE155B1E4A0 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx19 < MD5 for: SERVICES.ASFX2 > [2010/11/16 00:02:36 | 000,000,264 | R--- | M] () MD5=0652D24D4E2799851A6DF1705E2BFFDA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx2 < MD5 for: SERVICES.ASFX20 > [2010/11/16 00:02:38 | 000,000,231 | R--- | M] () MD5=C85F2519DC6AECF93F67AA613A320136 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx20 < MD5 for: SERVICES.ASFX21 > [2010/11/16 00:02:26 | 000,000,231 | R--- | M] () MD5=8C95C0528EA7049A1DFC7A7342461D75 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx21 < MD5 for: SERVICES.ASFX22 > [2010/11/16 00:02:24 | 000,000,231 | R--- | M] () MD5=9F2731666F5771CC5C1E4EEDC8FB8607 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx22 < MD5 for: SERVICES.ASFX23 > [2010/11/16 00:02:26 | 000,000,225 | R--- | M] () MD5=0E89BE53F56B22390CF61584B649CE01 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx23 < MD5 for: SERVICES.ASFX24 > [2010/11/16 00:02:32 | 000,000,229 | R--- | M] () MD5=E57594DB9B9D78AB4B53D34CAFEB8497 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx24 < MD5 for: SERVICES.ASFX25 > [2010/11/16 00:02:36 | 000,000,232 | R--- | M] () MD5=611CB9CC21D2DDAD711690671F70EF39 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx25 < MD5 for: SERVICES.ASFX3 > [2010/11/16 00:02:34 | 000,000,229 | R--- | M] () MD5=F9824728970AC8199BABDC9CBA5E038C -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx3 < MD5 for: SERVICES.ASFX4 > [2010/11/16 00:02:26 | 000,000,226 | R--- | M] () MD5=55EA57D90AE22BDF0132597EF0D7C9C7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx4 < MD5 for: SERVICES.ASFX5 > [2010/11/16 00:02:34 | 000,000,233 | R--- | M] () MD5=846C265B751189E88B74F0155DB6B828 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx5 < MD5 for: SERVICES.ASFX6 > [2010/11/16 00:02:36 | 000,000,231 | R--- | M] () MD5=89BD37C4118540FD5AA8CDD0C24D6C0A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx6 < MD5 for: SERVICES.ASFX7 > [2010/11/16 00:02:34 | 000,000,245 | R--- | M] () MD5=0B82FAB8FF5F988C5311DF1144A7D740 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx7 < MD5 for: SERVICES.ASFX8 > [2010/11/16 00:02:34 | 000,000,231 | R--- | M] () MD5=5226417D3C8206000A8983BDC1243075 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx8 < MD5 for: SERVICES.ASFX9 > [2010/11/16 00:02:30 | 000,000,234 | R--- | M] () MD5=EBD8D036504F2935675F5F432F076DBA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx9 < MD5 for: SERVICES.CFG > [2012/07/27 16:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg [2010/11/16 00:02:22 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.cfg < MD5 for: SERVICES.EXE > [2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe [2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe [2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe < MD5 for: SERVICES.EXE.MUI > [2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui [2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui < MD5 for: SERVICES.JS > [2011/06/13 16:29:02 | 000,018,691 | ---- | M] () MD5=A29A268BD513B6BC07270653DD48774C -- C:\Program Files (x86)\Barnes & Noble\BNDesktopReader\HTML\js\services.js < MD5 for: SERVICES.LNK > [2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk [2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk < MD5 for: SERVICES.MOF > [2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof [2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof < MD5 for: SERVICES.MSC > [2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc [2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc [2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc [2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc [2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc [2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc [2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc [2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc < MD5 for: SERVICES.PTXML > [2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml [2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml < MD5 for: SVCHOST.EXE > [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe < MD5 for: USERINIT.EXE > [2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe [2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe [2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe [2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < c:|conduit;true;true;true; /FP > [2012/06/24 14:45:56 | 000,000,000 | ---D | M] -- c:\Program Files (x86)\Conduit [2012/06/24 14:45:56 | 000,000,000 | ---D | M] -- c:\Program Files (x86)\Conduit\Community Alerts [2012/09/29 09:43:20 | 000,000,000 | ---D | M] -- c:\Users\cdav1313\AppData\Local\Conduit [2012/06/24 14:45:56 | 000,000,000 | ---D | M] -- c:\Users\cdav1313\AppData\LocalLow\Conduit [2012/06/24 15:03:43 | 000,000,000 | ---D | M] -- c:\Users\cdav1313\AppData\LocalLow\Conduit\Community Alerts < c:|Fun4IM;true;true;true; /FP > < c:|Bandoo;true;true;true; /FP > < c:|Searchn;true;true;true; /FP > < c:|Searchq;true;true;true; /FP > < c:|datamngr;true;true;true; /FP > < c:|iLivid;true;true;true; /FP > < c:|whitesmoke;true;true;true; /FP > < c:|services.ex;true;true;true; /FP > < %USERPROFILE%\\..|smtmp;true;true;true /FP > < %systemroot%\\*. /mp /s > < End of report >
  6. OTL.txt: (Part 1) OTL logfile created on: 9/30/2012 4:24:42 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\cdav1313\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.49 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 74.71% Memory free 6.98 Gb Paging File | 5.65 Gb Available in Paging File | 80.95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 446.13 Gb Total Space | 401.73 Gb Free Space | 90.05% Space Free | Partition Type: NTFS Drive E: | 2794.51 Gb Total Space | 1996.51 Gb Free Space | 71.44% Space Free | Partition Type: NTFS Drive H: | 465.75 Gb Total Space | 18.00 Gb Free Space | 3.86% Space Free | Partition Type: NTFS Computer Name: CDAV1313-PC | User Name: cdav1313 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/09/30 16:22:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\cdav1313\Desktop\OTL.exe PRC - [2012/09/13 00:54:58 | 000,396,416 | ---- | M] (LG Electronics) -- C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe PRC - [2012/08/09 13:02:26 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/02/06 20:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/08/10 23:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe PRC - [2011/05/29 22:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe PRC - [2010/05/04 15:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2009/05/08 06:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe ========== Modules (No Company Name) ========== MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/08/10 23:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe MOD - [2011/08/10 23:57:22 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyHook.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/08/23 11:57:48 | 000,502,064 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV:64bit: - [2012/05/25 17:13:54 | 000,162,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2012/05/25 16:59:02 | 000,210,616 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2012/05/25 16:58:32 | 000,199,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2012/02/06 20:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Live Updater Service) SRV:64bit: - [2011/05/24 10:03:40 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/09/30 10:42:49 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/08/09 13:02:26 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/01/13 11:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service) SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/05/29 22:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe -- (GREGService) SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/09/20 03:27:20 | 000,207,672 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe -- (MOBK755backup) SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010/05/04 15:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk) DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2011/12/15 13:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/07/14 01:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/07/14 01:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/06/06 05:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011/05/24 11:26:58 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/05/24 09:25:44 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/05/16 10:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/02/14 02:42:36 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag) DRV:64bit: - [2011/02/14 02:42:30 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem) DRV:64bit: - [2011/02/14 02:42:28 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus) DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/09/20 03:27:12 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK755.sys -- (MOBK755Filter) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://emachines.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://emachines.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/p/2.html IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {E2552AB6-3D90-4879-A1A7-1CA2141A750F} IE - HKCU\..\SearchScopes\{E2552AB6-3D90-4879-A1A7-1CA2141A750F}: "URL" = http://www.google.co...{outputEncoding?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.2.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.2.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\cdav1313\AppData\Local\Roblox\Versions\version-5e3e8a498c5b4d63\\NPRobloxProxy.dll () FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\cdav1313\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll () FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\cdav1313\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/06/24 16:40:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/06/27 06:17:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B1FC07E1-E05B-4567-8891-E63FBE545BA8}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/08/30 21:09:30 | 000,000,000 | ---D | M] [2012/06/24 14:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cdav1313\AppData\Roaming\Mozilla\Firefox\extensions [2012/06/24 14:45:59 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\cdav1313\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} O1 HOSTS File: ([2012/09/29 16:47:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [bYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.) O4 - Startup: C:\Users\cdav1313\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://nainfor.webe...ex/ieatgpc1.cab (GpcContainer Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE60ABF8-A607-432C-A229-1CCA1AF805B3}: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: hitmanpro36 - Reg Error: Value error. SafeBootMin:64bit: hitmanpro36.sys - Reg Error: Value error. SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootMin:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: hitmanpro36 - Reg Error: Value error. SafeBootMin: hitmanpro36.sys - Reg Error: Value error. SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: hitmanpro36 - Reg Error: Value error. SafeBootNet:64bit: hitmanpro36.sys - Reg Error: Value error. SafeBootNet:64bit: McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootNet:64bit: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootNet:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SafeBootNet:64bit: mfefirek - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) SafeBootNet:64bit: mfefirek.sys - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) SafeBootNet:64bit: mfevtp - C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: hitmanpro36 - Reg Error: Value error. SafeBootNet: hitmanpro36.sys - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error. ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error. ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error. ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error. ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error. ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) ========== Files/Folders - Created Within 30 Days ========== [2012/09/30 16:21:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\cdav1313\Desktop\OTL.exe [2012/09/30 16:21:26 | 001,537,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NLSData0000.dll [2012/09/30 14:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012/09/30 14:07:12 | 000,000,000 | ---D | C] -- C:\Users\cdav1313\AppData\Roaming\Yahoo! [2012/09/30 14:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion [2012/09/30 10:42:49 | 000,696,240 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/09/30 10:42:48 | 000,073,136 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/09/30 08:54:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro [2012/09/30 08:54:12 | 000,000,000 | ---D | C] -- C:\rsit [2012/09/30 08:52:04 | 000,693,265 | ---- | C] (Farbar) -- C:\Users\cdav1313\Desktop\FSS.exe [2012/09/29 18:22:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/09/29 17:23:58 | 000,000,000 | ---D | C] -- C:\Users\cdav1313\AppData\Local\{51C60E90-B46A-44DA-8D70-D41B25171B38} [2012/09/29 16:57:39 | 000,000,000 | ---D | C] -- C:\e [2012/09/29 16:57:31 | 000,000,000 | ---D | C] -- C:\Data [2012/09/29 16:55:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/09/29 15:23:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/09/29 15:23:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/09/29 15:23:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/09/29 15:22:07 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/09/29 15:18:36 | 004,757,745 | R--- | C] (Swearware) -- C:\Users\cdav1313\Desktop\ComboFix.exe [2012/09/29 15:13:52 | 001,678,240 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\cdav1313\Desktop\rkill.com [2012/09/29 15:12:37 | 000,000,000 | ---D | C] -- C:\Users\cdav1313\Desktop\rkill [2012/09/29 13:21:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\cdav1313\Desktop\aswMBR.exe [2012/09/29 13:18:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/09/29 13:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2012/09/29 13:17:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2012/09/27 22:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2012/09/27 22:17:45 | 000,000,000 | ---D | C] -- C:\MGtools [2012/09/27 22:15:50 | 008,864,168 | ---- | C] (SurfRight B.V.) -- C:\Users\cdav1313\Desktop\HitmanPro36_x64.exe [2012/09/27 22:15:20 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2012/09/27 22:14:21 | 007,758,424 | ---- | C] (SurfRight B.V.) -- C:\Users\cdav1313\Desktop\HitmanPro36.exe [2012/09/27 22:13:32 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\cdav1313\Desktop\tdsskiller.exe [2012/09/27 22:09:56 | 000,000,000 | ---D | C] -- C:\Users\cdav1313\Desktop\RK_Quarantine [2012/09/27 22:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/09/26 07:48:19 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012/09/24 20:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\This [2012/09/22 03:01:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/09/22 03:01:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/09/22 03:01:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/09/22 03:01:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/09/22 03:01:01 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/09/22 03:01:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/09/22 03:01:01 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/09/22 03:01:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/09/22 03:01:00 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/09/22 03:01:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/09/22 03:00:59 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/09/22 03:00:59 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/09/22 03:00:57 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/09/22 03:00:56 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/09/22 03:00:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/09/15 14:15:30 | 000,000,000 | ---D | C] -- C:\Users\cdav1313\AppData\Local\Unity [2012/09/15 09:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/09/15 09:02:52 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2012/09/15 09:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/09/15 09:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/09/15 09:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012/09/15 09:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012/09/12 00:05:00 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2012/09/12 00:04:56 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012/09/12 00:04:50 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012/09/12 00:04:50 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012/09/10 17:36:54 | 000,000,000 | ---D | C] -- C:\Users\cdav1313\Desktop\PF [2012/09/10 17:24:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solveig Multimedia [2012/09/10 17:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Solveig Multimedia [2012/09/10 17:24:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Solveig Multimedia [2012/09/10 17:16:45 | 000,000,000 | ---D | C] -- C:\Users\cdav1313\AppData\Local\{A62E461C-E13F-49B6-84C9-DFE2616EEF1B} [2012/09/08 13:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications [2012/09/08 11:11:11 | 000,000,000 | R--D | C] -- C:\MSOCache [2012/09/08 11:01:28 | 000,000,000 | ---D | C] -- C:\Users\cdav1313\AppData\Local\SoftGrid Client [2012/09/08 11:01:24 | 000,000,000 | ---D | C] -- C:\Users\cdav1313\AppData\Roaming\SoftGrid Client [2012/09/08 11:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English) [2012/09/05 03:02:24 | 000,000,000 | ---D | C] -- C:\Users\cdav1313\AppData\Roaming\Skype [2012/09/03 17:35:40 | 000,000,000 | ---D | C] -- C:\Users\cdav1313\AppData\Local\{648AE64E-A12B-4918-9885-F1B165C41649} ========== Files - Modified Within 30 Days ========== [2012/09/30 16:22:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\cdav1313\Desktop\OTL.exe [2012/09/30 16:21:26 | 001,537,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\NLSData0000.dll [2012/09/30 16:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/09/30 14:12:00 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/30 14:12:00 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/30 14:09:15 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/09/30 14:09:15 | 000,624,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/09/30 14:09:15 | 000,106,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/09/30 14:08:35 | 000,001,837 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk [2012/09/30 14:04:52 | 000,000,065 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini [2012/09/30 14:04:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/09/30 14:03:59 | 2812,485,632 | -HS- | M] () -- C:\hiberfil.sys [2012/09/30 10:42:49 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/09/30 10:42:48 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/09/30 09:00:02 | 000,881,724 | ---- | M] () -- C:\Users\cdav1313\Desktop\SecurityCheck.exe [2012/09/30 08:54:06 | 000,781,383 | ---- | M] () -- C:\Users\cdav1313\Desktop\RSIT.exe [2012/09/30 08:52:17 | 000,693,265 | ---- | M] (Farbar) -- C:\Users\cdav1313\Desktop\FSS.exe [2012/09/29 17:24:12 | 000,083,508 | ---- | M] () -- C:\Users\cdav1313\Desktop\2261683.jpg [2012/09/29 17:23:38 | 000,000,996 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/09/29 16:57:45 | 000,000,380 | ---- | M] () -- C:\edu.bmp [2012/09/29 16:57:45 | 000,000,304 | ---- | M] () -- C:\dir.bmp [2012/09/29 16:57:45 | 000,000,284 | ---- | M] () -- C:\srch_map_1.gif [2012/09/29 16:57:45 | 000,000,279 | ---- | M] () -- C:\hj_1.gif [2012/09/29 16:57:45 | 000,000,277 | ---- | M] () -- C:\mov_1.gif [2012/09/29 16:57:45 | 000,000,274 | ---- | M] () -- C:\trav_1.gif [2012/09/29 16:57:45 | 000,000,273 | ---- | M] () -- C:\srch_stk_1.gif [2012/09/29 16:57:45 | 000,000,268 | ---- | M] () -- C:\ab_1.gif [2012/09/29 16:57:45 | 000,000,240 | ---- | M] () -- C:\srch_site_1.gif [2012/09/29 16:57:45 | 000,000,138 | ---- | M] () -- C:\flk2.gif [2012/09/29 16:57:45 | 000,000,121 | ---- | M] () -- C:\srch_nws_1.gif [2012/09/29 16:57:45 | 000,000,113 | ---- | M] () -- C:\srch_aud_1.gif [2012/09/29 16:57:45 | 000,000,103 | ---- | M] () -- C:\del_1.gif [2012/09/29 16:57:44 | 000,000,265 | ---- | M] () -- C:\srch_ans_1.gif [2012/09/29 16:57:44 | 000,000,131 | ---- | M] () -- C:\srch_loc_1.gif [2012/09/29 16:57:44 | 000,000,123 | ---- | M] () -- C:\srch_sh_1.gif [2012/09/29 16:57:43 | 000,000,235 | ---- | M] () -- C:\srch_1.gif [2012/09/29 16:57:43 | 000,000,112 | ---- | M] () -- C:\srch_vid_1.gif [2012/09/29 16:57:43 | 000,000,112 | ---- | M] () -- C:\srch_img_1.gif [2012/09/29 16:47:03 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/09/29 15:18:37 | 004,757,745 | R--- | M] (Swearware) -- C:\Users\cdav1313\Desktop\ComboFix.exe [2012/09/29 15:13:52 | 001,678,240 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\cdav1313\Desktop\rkill.com [2012/09/29 14:45:46 | 001,412,096 | ---- | M] () -- C:\Users\cdav1313\Desktop\RogueKiller.exe [2012/09/29 14:39:56 | 000,000,512 | ---- | M] () -- C:\Users\cdav1313\Desktop\MBR.dat [2012/09/29 13:22:03 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\cdav1313\Desktop\aswMBR.exe [2012/09/29 13:17:30 | 000,001,113 | ---- | M] () -- C:\Users\cdav1313\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2012/09/29 13:17:13 | 000,000,933 | ---- | M] () -- C:\Users\cdav1313\Desktop\NTREGOPT.lnk [2012/09/29 13:17:13 | 000,000,914 | ---- | M] () -- C:\Users\cdav1313\Desktop\ERUNT.lnk [2012/09/27 22:17:45 | 001,670,974 | ---- | M] () -- C:\Users\cdav1313\Desktop\MGtools.exe [2012/09/27 22:17:05 | 008,864,168 | ---- | M] (SurfRight B.V.) -- C:\Users\cdav1313\Desktop\HitmanPro36_x64.exe [2012/09/27 22:15:15 | 007,758,424 | ---- | M] (SurfRight B.V.) -- C:\Users\cdav1313\Desktop\HitmanPro36.exe [2012/09/27 22:13:36 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\cdav1313\Desktop\tdsskiller.exe [2012/09/24 20:16:18 | 000,000,519 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/24 20:08:12 | 000,000,047 | ---- | M] () -- C:\Users\cdav1313\AppData\Roaming\mbam.context.scan [2012/09/23 17:34:57 | 000,001,181 | ---- | M] () -- C:\Users\cdav1313\Desktop\ROBLOX Studio 2.0 Beta.lnk [2012/09/23 17:34:56 | 000,001,161 | ---- | M] () -- C:\Users\cdav1313\Desktop\ROBLOX Studio.lnk [2012/09/23 17:34:55 | 000,001,362 | ---- | M] () -- C:\Users\cdav1313\Desktop\ROBLOX Player.lnk [2012/09/21 01:54:15 | 000,294,431 | ---- | M] () -- C:\Users\cdav1313\Desktop\front.jpeg [2012/09/15 09:03:06 | 000,001,792 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/09/10 17:24:38 | 000,001,210 | ---- | M] () -- C:\Users\cdav1313\Desktop\SolveigMM AVI Trimmer + MKV.lnk [2012/09/09 22:08:50 | 000,113,576 | ---- | M] () -- C:\Users\cdav1313\Desktop\Draft Report Card.jpg [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012/09/30 10:42:50 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/09/30 08:59:59 | 000,881,724 | ---- | C] () -- C:\Users\cdav1313\Desktop\SecurityCheck.exe [2012/09/30 08:53:50 | 000,781,383 | ---- | C] () -- C:\Users\cdav1313\Desktop\RSIT.exe [2012/09/29 17:23:32 | 000,083,508 | ---- | C] () -- C:\Users\cdav1313\Desktop\2261683.jpg [2012/09/29 16:57:45 | 000,000,380 | ---- | C] () -- C:\edu.bmp [2012/09/29 16:57:45 | 000,000,304 | ---- | C] () -- C:\dir.bmp [2012/09/29 16:57:45 | 000,000,284 | ---- | C] () -- C:\srch_map_1.gif [2012/09/29 16:57:45 | 000,000,279 | ---- | C] () -- C:\hj_1.gif [2012/09/29 16:57:45 | 000,000,277 | ---- | C] () -- C:\mov_1.gif [2012/09/29 16:57:45 | 000,000,274 | ---- | C] () -- C:\trav_1.gif [2012/09/29 16:57:45 | 000,000,273 | ---- | C] () -- C:\srch_stk_1.gif [2012/09/29 16:57:45 | 000,000,268 | ---- | C] () -- C:\ab_1.gif [2012/09/29 16:57:45 | 000,000,240 | ---- | C] () -- C:\srch_site_1.gif [2012/09/29 16:57:45 | 000,000,138 | ---- | C] () -- C:\flk2.gif [2012/09/29 16:57:45 | 000,000,121 | ---- | C] () -- C:\srch_nws_1.gif [2012/09/29 16:57:45 | 000,000,113 | ---- | C] () -- C:\srch_aud_1.gif [2012/09/29 16:57:45 | 000,000,103 | ---- | C] () -- C:\del_1.gif [2012/09/29 16:57:44 | 000,000,265 | ---- | C] () -- C:\srch_ans_1.gif [2012/09/29 16:57:44 | 000,000,131 | ---- | C] () -- C:\srch_loc_1.gif [2012/09/29 16:57:44 | 000,000,123 | ---- | C] () -- C:\srch_sh_1.gif [2012/09/29 16:57:43 | 000,000,235 | ---- | C] () -- C:\srch_1.gif [2012/09/29 16:57:43 | 000,000,112 | ---- | C] () -- C:\srch_vid_1.gif [2012/09/29 16:57:43 | 000,000,112 | ---- | C] () -- C:\srch_img_1.gif [2012/09/29 15:23:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/09/29 15:23:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/09/29 15:23:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/09/29 15:23:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/09/29 15:23:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/09/29 14:45:41 | 001,412,096 | ---- | C] () -- C:\Users\cdav1313\Desktop\RogueKiller.exe [2012/09/29 14:39:56 | 000,000,512 | ---- | C] () -- C:\Users\cdav1313\Desktop\MBR.dat [2012/09/29 13:17:30 | 000,001,113 | ---- | C] () -- C:\Users\cdav1313\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2012/09/29 13:17:13 | 000,000,933 | ---- | C] () -- C:\Users\cdav1313\Desktop\NTREGOPT.lnk [2012/09/29 13:17:13 | 000,000,914 | ---- | C] () -- C:\Users\cdav1313\Desktop\ERUNT.lnk [2012/09/27 22:17:38 | 001,670,974 | ---- | C] () -- C:\Users\cdav1313\Desktop\MGtools.exe [2012/09/27 22:04:32 | 000,000,996 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/09/24 20:16:18 | 000,000,519 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/24 20:08:12 | 000,000,047 | ---- | C] () -- C:\Users\cdav1313\AppData\Roaming\mbam.context.scan [2012/09/21 18:13:52 | 000,294,431 | ---- | C] () -- C:\Users\cdav1313\Desktop\front.jpeg [2012/09/15 09:03:06 | 000,001,792 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/09/10 17:24:38 | 000,001,210 | ---- | C] () -- C:\Users\cdav1313\Desktop\SolveigMM AVI Trimmer + MKV.lnk [2012/09/09 22:08:49 | 000,113,576 | ---- | C] () -- C:\Users\cdav1313\Desktop\Draft Report Card.jpg [2012/09/02 23:11:41 | 000,001,181 | ---- | C] () -- C:\Users\cdav1313\Desktop\ROBLOX Studio 2.0 Beta.lnk [2012/09/02 23:11:40 | 000,001,161 | ---- | C] () -- C:\Users\cdav1313\Desktop\ROBLOX Studio.lnk [2012/09/02 23:11:39 | 000,001,362 | ---- | C] () -- C:\Users\cdav1313\Desktop\ROBLOX Player.lnk [2012/08/28 18:37:19 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/07/21 16:02:50 | 000,000,065 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2012/06/24 13:11:13 | 000,000,441 | ---- | C] () -- C:\Windows\wininit.ini [2012/04/15 04:51:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/12/12 23:10:13 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/05/25 01:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll ========== ZeroAccess Check ========== [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Custom Scans ========== < %ALLUSERSPROFILE%\\Application Data\\*. > < %ALLUSERSPROFILE%\\Application Data\\*.exe /s > < %ALLUSERSPROFILE%\\Application Data\\*.dll /s > < %APPDATA%\\*. > [2012/07/03 17:34:45 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\Adobe [2012/06/24 17:10:16 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\Apple Computer [2012/06/24 12:19:42 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\Identities [2012/04/15 04:58:40 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\Macromedia [2012/06/24 12:53:24 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\Malwarebytes [2010/11/21 03:16:41 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\Media Center Programs [2012/09/08 11:02:17 | 000,000,000 | --SD | M] -- C:\Users\cdav1313\AppData\Roaming\\Microsoft [2012/06/24 14:45:59 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\Mozilla [2012/06/24 12:20:03 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\OEM [2012/08/30 21:09:58 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\Real [2012/08/30 21:09:06 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\RealNetworks [2012/09/05 06:02:12 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\Skype [2012/09/10 08:54:34 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\SoftGrid Client [2012/09/08 11:02:04 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\TP [2012/09/26 17:17:43 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\uTorrent [2012/06/25 07:10:06 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\WildTangent [2012/06/24 22:29:23 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\WinRAR [2012/09/30 14:07:12 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\Yahoo! < %APPDATA%\\*.exe /s > [2012/04/15 04:58:30 | 000,053,632 | ---- | M] () -- C:\Users\cdav1313\AppData\Roaming\\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010/10/01 02:08:59 | 000,044,544 | R--- | M] () -- C:\Users\cdav1313\AppData\Roaming\\Microsoft\Windows\Templates\H\TL_Bootstrap.exe [2012/08/25 09:09:14 | 001,343,488 | ---- | M] () -- C:\Users\cdav1313\AppData\Roaming\\Microsoft\Windows\Templates\TLPC\TL_PC.exe < %SYSTEMDRIVE%\\*.exe >
  7. Sorry, I've been working outside and am about to leave for awhile. I will download and do all the scans you asked for in a few hours. I just wanted to say real quick before I go that I think that the malwarebytes in my quarantine was in fact my actual malewarebytes program. That was the location it was in, and after the mysterious quarantine of those 3 items, I could not open malwarebytes and therefore had to redownload it anew in a new location as I stated in my original posting. Though with the new one, I no longer need the old one I will delete it, I just wanted you to be aware of that. I will do the OTL scan and malewarebytes scan in a few hours after I return home and will post the logs then. Thank you.
  8. 3 things in my quarantine: Trojan.Keylogger is the "Vendor" and it lists the "Item" as C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\comctl32.dll.nui The next item quarantined has a "Vendor" called Trojan.Goldun and the "Item" is my malwarebytes (E:\zStuff\Malewarebytes'Anti-Maleware\mbam.exe) The third thing is "Vendor" Trojan.Banker and the "Item" C:\Windows\System32\NLSData0000.dll
  9. I uninstalled Flash & Java. Its still not running right. I was using the Yahoo toolbar problem as a guide because that started acting up the same time everything else happened. Internet Explorer still every now and then will freeze up and a box will open sayingsomething about IE not working or responding or something and it reopens it all (it does this several times an hour and never used to). And what about my quarantined items from my 1st post. Malewarebytes quarantined itself by itself (and that was the start of my IE & Yahoo toolbar problems). And I don't know what the other 2 things are. Should I delete them out of my quarantine? Restore them? One of them calls itself a "Keylogger" which worries me. And its the end of the month and I have to start paying bills but I'm afraid to go to my bank's website and type a password.
  10. FSS: Farbar Service Scanner Version: 19-09-2012 Ran by cdav1313 (administrator) on 30-09-2012 at 08:52:41 Running from "C:\Users\cdav1313\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** RSIT Info: info.txt logfile of random's system information tool 1.09 2012-09-30 08:54:44 ======Uninstall list====== -->"C:\Program Files (x86)\eMachines Games\Game Explorer Categories - main\Uninstall.exe" -->C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{FDB3B167-F4FA-461D-976F-286304A57B2A} Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe -maintain activex Adobe Reader X (10.1.4) MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-AA0000000001} Agatha Christie - Death on the Nile-->"C:\Program Files (x86)\eMachines Games\Agatha Christie - Death on the Nile\uninstall\uninstaller.exe" Apple Application Support-->MsiExec.exe /I{63EC2120-1742-4625-AA47-C6A8AEC9C64C} Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} Bejeweled 2 Deluxe-->"C:\Program Files (x86)\eMachines Games\Bejeweled 2 Deluxe\uninstall\uninstaller.exe" Build-a-lot 4 - Power Source-->"C:\Program Files (x86)\eMachines Games\Build-a-lot 4 - Power Source\uninstall\uninstaller.exe" Catalyst Control Center - Branding-->MsiExec.exe /I{CB4A1B25-37AF-4050-AFD9-837FBADF7CD7} Chronicles of Albian-->"C:\Program Files (x86)\eMachines Games\Chronicles of Albian\uninstall\uninstaller.exe" Contrôle ActiveX Windows Live Mesh pour connexions à distance-->MsiExec.exe /I{55D003F4-9599-44BF-BA9E-95D060730DD3} Cradle of Rome 2-->"C:\Program Files (x86)\eMachines Games\Cradle of Rome 2\uninstall\uninstaller.exe" D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} Dora's World Adventure-->"C:\Program Files (x86)\eMachines Games\Doras World Adventure\uninstall\uninstaller.exe" eBay Worldwide-->MsiExec.exe /I{D3E5A972-9A15-427D-AE78-8181A5FD943C} eMachines Games-->"C:\Program Files (x86)\eMachines Games\Uninstall.exe" eMachines Recovery Management-->"C:\Program Files (x86)\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x409 -removeonly eMachines Registration-->C:\Program Files (x86)\eMachines\Registration\Uninstall.exe eMachines ScreenSaver-->C:\Program Files (x86)\eMachines\Screensaver\Uninstall.exe eMachines Updater-->"C:\Program Files (x86)\InstallShield Installation Information\{EE171732-BEB4-4576-887D-CB62727F01CA}\setup.exe" -runfromtemp -l0x409 -removeonly ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe" ESET Online Scanner v3-->C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe Etron USB3.0 Host Controller-->"C:\Program Files (x86)\InstallShield Installation Information\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}\setup.exe" -runfromtemp -l0x0409 -removeonly Etron USB3.0 Host Controller-->MsiExec.exe /I{DFBB738C-71D8-4DC5-B8D2-D65C37680E27} Evernote v. 4.5.1-->MsiExec.exe /X{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE} Final Drive: Nitro-->"C:\Program Files (x86)\eMachines Games\Final Drive Nitro\uninstall\uninstaller.exe" Fooz Kids Platform-->"C:\Program Files (x86)\InstallShield Installation Information\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}\setup.exe" -runfromtemp -l0x0409 -removeonly Fooz Kids-->msiexec /qb /x {A4E908E5-EE02-843C-9D01-9EA69410B3AB} Fooz Kids-->MsiExec.exe /I{A4E908E5-EE02-843C-9D01-9EA69410B3AB} Galerie de photos Windows Live-->MsiExec.exe /X{488F0347-C4A7-4374-91A7-30818BEDA710} Governor of Poker 2 Premium Edition-->"C:\Program Files (x86)\eMachines Games\Governor of Poker 2 Premium Edition\uninstall\uninstaller.exe" Hotkey Utility-->C:\Program Files (x86)\eMachines\Hotkey Utility\Uninstall.exe Identity Card-->C:\Program Files (x86)\eMachines\Identity Card\Uninstall.exe Java 2 Runtime Environment, SE v1.4.1-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{CD0159C9-17FB-11D6-A76A-00B0D079AF64}\setup.exe" Anytext Jewel Match 3-->"C:\Program Files (x86)\eMachines Games\Jewel Match 3\uninstall\uninstaller.exe" Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} LG United Mobile Drivers-->MsiExec.exe /X{B03954CC-E130-4E57-BC83-869978685902} Malwarebytes Anti-Malware version 1.65.0.1400-->"E:\This\unins000.exe" McAfee Internet Security-->C:\Program Files\McAfee\MSC\mcuihost.exe /body:misp://MSCJsRes.dll::uninstall.html /id:uninstall McAfee Online Backup-->C:\Program Files (x86)\McAfeeMOBK\MozyUninstaller.exe Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E} Microsoft Office 2010-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE} Microsoft Office Click-to-Run 2010-->"C:\PROGRA~2\COMMON~1\MICROS~1\VIRTUA~1\CVHBS.EXE" /removeall Microsoft Office Starter 2010 - English-->C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvhbs.exe /uninstall {90140011-0066-0409-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9} MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Mystery of Mortlake Mansion-->"C:\Program Files (x86)\eMachines Games\Mystery of Mortlake Mansion\uninstall\uninstaller.exe" Nero Control Center 10-->MsiExec.exe /X{6DFB899F-17A2-48F0-A533-ED8D6866CF38} Nero ControlCenter 10 Help (CHM)-->MsiExec.exe /X{523B2B1B-D8DB-4B41-90FF-C4D799E2758A} Nero Core Components 10-->MsiExec.exe /X{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F} Nero DiscSpeed 10 Help (CHM)-->MsiExec.exe /X{C18A0418-442A-4186-AF98-D08F5054A2FC} Nero DiscSpeed 10-->MsiExec.exe /X{34490F4E-48D0-492E-8249-B48BECF0537C} Nero Express 10 Help (CHM)-->MsiExec.exe /X{33643918-7957-4839-92C7-EA96CB621A98} Nero Express 10-->MsiExec.exe /X{70550193-1C22-445C-8FA4-564E155DB1A7} Nero Multimedia Suite 10 Essentials-->MsiExec.exe /I{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86} Nero StartSmart 10 Help (CHM)-->MsiExec.exe /X{F6117F9C-ADB5-4590-9BE4-12C7BEC28702} Nero StartSmart 10-->MsiExec.exe /X{F61D489E-6C44-49AC-AD02-7DA8ACA73A65} Nero Update-->MsiExec.exe /X{65BB0407-4CC8-4DC7-952E-3EEFDF05602A} NOOK for PC-->"C:\Program Files (x86)\Barnes & Noble\BNDesktopReader\uninstall.exe" Norton Online Backup-->MsiExec.exe /X{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC} Penguins!-->"C:\Program Files (x86)\eMachines Games\Penguins!\uninstall\uninstaller.exe" Plants vs. Zombies - Game of the Year-->"C:\Program Files (x86)\eMachines Games\Plants vs Zombies - Game of the Year\uninstall\uninstaller.exe" Polar Bowler-->"C:\Program Files (x86)\eMachines Games\Polar Bowler\uninstall\uninstaller.exe" Polar Golfer-->"C:\Program Files (x86)\eMachines Games\Polar Golfer\uninstall\uninstaller.exe" RealDownloader-->MsiExec.exe /X{A88E1685-1986-4A86-8E88-5FE1E727D026} Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client SolveigMM AVI Trimmer-->"C:\Program Files (x86)\Solveig Multimedia\SolveigMM AVI Trimmer\Uninstall.exe" "C:\Program Files (x86)\Solveig Multimedia\SolveigMM AVI Trimmer\install.log" -u Times Reader-->msiexec /qb /x {491ADA37-04EE-2ECE-9F86-DDC0106047AC} Times Reader-->MsiExec.exe /I{491ADA37-04EE-2ECE-9F86-DDC0106047AC} Torchlight-->"C:\Program Files (x86)\eMachines Games\Torchlight\uninstall\uninstaller.exe" Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client Update Installer for WildTangent Games App-->"C:\Program Files (x86)\WildTangent Games\App\Uninstall.exe" Virtual Villagers 5 - New Believers-->"C:\Program Files (x86)\eMachines Games\Virtual Villagers 5 - New Believers\uninstall\uninstaller.exe" Welcome Center-->C:\Program Files (x86)\eMachines\Welcome Center\Uninstall.exe WildTangent Games App (eMachines Games)-->"C:\Program Files (x86)\WildTangent Games\Touchpoints\emachines\Uninstall.exe" Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066} Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33} Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917} Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30} Windows Live Mail-->MsiExec.exe /I{9FAE6E8D-E686-49F5-A574-0A58DFD9580C} Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923} Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441} Windows Live Mesh-->MsiExec.exe /I{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5} Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649} Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48} Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24} Windows Live Messenger-->MsiExec.exe /X{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A} Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11} Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08} Windows Live Movie Maker-->MsiExec.exe /X{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3} Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38} Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3} Windows Live Photo Common-->MsiExec.exe /X{C893D8C0-1BA0-4517-B11C-E89B65E72F70} Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002} Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1} Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7} Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F} Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F} Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4} Windows Live UX Platform Language Pack-->MsiExec.exe /I{05E379CC-F626-4E7D-8354-463865B303BF} Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4} Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} Windows Live Writer Resources-->MsiExec.exe /X{62687B11-58B5-4A18-9BC3-9DF4CE03F194} Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467} Windows Live Writer-->MsiExec.exe /X{3B9A92DA-6374-4872-B646-253F18624D5F} Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04} Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF} Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E} Windows Live-->MsiExec.exe /I{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5} Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~2\Yahoo!\Common\YINSTH~1.DLL Yahoo! Internet Mail-->C:\Windows\system32\regsvr32 /u /s C:\PROGRA~2\Yahoo!\Common\YMMAPI.dll Yahoo! Mail Advisor-->C:\PROGRA~2\Yahoo!\Common\UNINST~1.EXE Yahoo! Software Update-->C:\PROGRA~2\Yahoo!\SOFTWA~1\UNINST~1.EXE Yahoo! Toolbar-->C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE Zuma's Revenge-->"C:\Program Files (x86)\eMachines Games\Zumas Revenge\uninstall\uninstaller.exe" ======System event log====== Computer Name: cdav1313-PC Event Code: 1014 Message: Name resolution for the name us.mcafee.com timed out after none of the configured DNS servers responded. Record Number: 399475 Source Name: Microsoft-Windows-DNS-Client Time Written: 20120913035221.065938-000 Event Type: Warning User: NT AUTHORITY\NETWORK SERVICE Computer Name: cdav1313-PC Event Code: 1014 Message: Name resolution for the name cheetah.vizu.com timed out after none of the configured DNS servers responded. Record Number: 398742 Source Name: Microsoft-Windows-DNS-Client Time Written: 20120912234306.104442-000 Event Type: Warning User: NT AUTHORITY\NETWORK SERVICE Computer Name: cdav1313-PC Event Code: 1014 Message: Name resolution for the name r.turn.com timed out after none of the configured DNS servers responded. Record Number: 398279 Source Name: Microsoft-Windows-DNS-Client Time Written: 20120912212605.786351-000 Event Type: Warning User: NT AUTHORITY\NETWORK SERVICE Computer Name: cdav1313-PC Event Code: 1014 Message: Name resolution for the name us.mcafee.com timed out after none of the configured DNS servers responded. Record Number: 397251 Source Name: Microsoft-Windows-DNS-Client Time Written: 20120912142456.016396-000 Event Type: Warning User: NT AUTHORITY\NETWORK SERVICE Computer Name: cdav1313-PC Event Code: 1014 Message: Name resolution for the name us.mcafee.com timed out after none of the configured DNS servers responded. Record Number: 397250 Source Name: Microsoft-Windows-DNS-Client Time Written: 20120912142322.541033-000 Event Type: Warning User: NT AUTHORITY\NETWORK SERVICE =====Application event log===== Computer Name: cdav1313-PC Event Code: 1530 Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-771940188-3420538874-2173256766-1000: Process 492 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-771940188-3420538874-2173256766-1000 Record Number: 1442 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20120624170337.440323-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: cdav1313-PC Event Code: 4107 Message: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Record Number: 1415 Source Name: Microsoft-Windows-CAPI2 Time Written: 20120624163431.106788-000 Event Type: Error User: Computer Name: cdav1313-PC Event Code: 1008 Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. Record Number: 1372 Source Name: Microsoft-Windows-Search Time Written: 20120624161650.000000-000 Event Type: Warning User: Computer Name: cdav1313-PC Event Code: 10 Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Record Number: 1369 Source Name: Microsoft-Windows-WMI Time Written: 20120624151652.000000-000 Event Type: Error User: Computer Name: WIN-VC7ONHVJIDI Event Code: 6001 Message: The winlogon notification subscriber <GPClient> failed a notification event. Record Number: 1360 Source Name: Microsoft-Windows-Winlogon Time Written: 20120415091749.000000-000 Event Type: Warning User: =====Security event log===== Computer Name: WIN-VC7ONHVJIDI Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-VC7ONHVJIDI$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 769 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120415091715.763713-000 Event Type: Audit Success User: Computer Name: WIN-VC7ONHVJIDI Event Code: 4672 Message: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 768 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120415091714.281710-000 Event Type: Audit Success User: Computer Name: WIN-VC7ONHVJIDI Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-VC7ONHVJIDI$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 767 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120415091714.281710-000 Event Type: Audit Success User: Computer Name: WIN-VC7ONHVJIDI Event Code: 4738 Message: A user account was changed. Subject: Security ID: S-1-5-21-771940188-3420538874-2173256766-500 Account Name: Administrator Account Domain: WIN-VC7ONHVJIDI Logon ID: 0x39d4b Target Account: Security ID: S-1-5-21-771940188-3420538874-2173256766-500 Account Name: Administrator Account Domain: WIN-VC7ONHVJIDI Changed Attributes: SAM Account Name: - Display Name: - User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: 0x211 New UAC Value: 0x211 User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: - Record Number: 766 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120415091712.253707-000 Event Type: Audit Success User: Computer Name: WIN-VC7ONHVJIDI Event Code: 1102 Message: The audit log was cleared. Subject: Security ID: S-1-5-21-771940188-3420538874-2173256766-500 Account Name: Administrator Domain Name: WIN-VC7ONHVJIDI Logon ID: 0x39d4b Record Number: 765 Source Name: Microsoft-Windows-Eventlog Time Written: 20120415091708.197699-000 Event Type: Audit Success User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=2 "PROCESSOR_LEVEL"=20 "PROCESSOR_IDENTIFIER"=AMD64 Family 20 Model 1 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=0100 "windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log "windows_tracing_flags"=3 "AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\ "asl.log"=Destination=file -----------------EOF----------------- RSIT Log: Logfile of random's system information tool 1.09 (written by random/random) Run by cdav1313 at 2012-09-30 08:54:12 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 413 GB (90%) free of 457 GB Total RAM: 3576 MB (50% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:54:39 AM, on 9/30/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe C:\Program Files (x86)\iTunes\iTunes.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\cdav1313\Desktop\FSS.exe C:\Windows\SysWOW64\notepad.exe C:\Users\cdav1313\Desktop\RSIT.exe C:\Program Files (x86)\trend micro\cdav1313.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://emachines.msn.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120624164037.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [bYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\j2re1.4.1\bin\npjpi141.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\j2re1.4.1\bin\npjpi141.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.clonewarsadventures.com O15 - Trusted Zone: *.freerealms.com O15 - Trusted Zone: *.soe.com O15 - Trusted Zone: *.sony.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1) - http://javadl-esd.su...indows-i586.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://nainfor.webe...ex/ieatgpc1.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: McAfee Online Backup Service (MOBK755backup) - McAfee, Inc. - C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 12516 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll [2012-06-11 1524056] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealNetworks Download and Record Plugin for Internet Explorer - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-08-09 508656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120624164037.dll [2012-05-25 79776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2012-02-17 281600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll [2012-06-11 1524056] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2012-02-17 281600] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Norton Online Backup"=C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-01 1155928] "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-05-25 336384] "Hotkey Utility"=C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [2011-08-10 627304] "APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-08-27 59280] "mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2012-03-21 1675160] "YMailAdvisor"=C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe [2009-05-08 174424] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008] "BYR_AGENT"=C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe [2012-09-13 396416] "iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-09-09 421776] C:\Users\cdav1313\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup ERUNT AutoBackup.lnk - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro36] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro36.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm "vidc.cvid"=iccvid.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "msacm.siren"=sirenacm.dll ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 month====== 2012-09-30 08:54:12 ----D---- C:\rsit 2012-09-30 08:54:12 ----D---- C:\Program Files (x86)\trend micro 2012-09-29 18:22:21 ----D---- C:\Program Files (x86)\ESET 2012-09-29 16:57:39 ----D---- C:\e 2012-09-29 16:57:31 ----D---- C:\Data 2012-09-29 16:55:42 ----SHD---- C:\$RECYCLE.BIN 2012-09-29 16:51:44 ----A---- C:\ComboFix.txt 2012-09-29 15:23:36 ----A---- C:\Windows\zip.exe 2012-09-29 15:23:36 ----A---- C:\Windows\SWSC.exe 2012-09-29 15:23:36 ----A---- C:\Windows\SWREG.exe 2012-09-29 15:23:36 ----A---- C:\Windows\sed.exe 2012-09-29 15:23:36 ----A---- C:\Windows\PEV.exe 2012-09-29 15:23:36 ----A---- C:\Windows\NIRCMD.exe 2012-09-29 15:23:36 ----A---- C:\Windows\MBR.exe 2012-09-29 15:23:36 ----A---- C:\Windows\grep.exe 2012-09-29 15:22:07 ----D---- C:\Qoobox 2012-09-29 13:18:08 ----D---- C:\Windows\ERDNT 2012-09-29 13:17:09 ----D---- C:\Program Files (x86)\ERUNT 2012-09-27 22:17:45 ----D---- C:\MGtools 2012-09-27 22:15:20 ----D---- C:\ProgramData\HitmanPro 2012-09-27 22:13:41 ----A---- C:\TDSSKiller.2.8.10.0_27.09.2012_22.13.41_log.txt 2012-09-27 22:11:24 ----A---- C:\TDSSKiller.2.8.10.0_27.09.2012_22.11.24_log.txt 2012-09-22 03:01:03 ----A---- C:\Windows\SysWOW64\mshtmled.dll 2012-09-22 03:01:02 ----A---- C:\Windows\SysWOW64\vbscript.dll 2012-09-22 03:01:02 ----A---- C:\Windows\SysWOW64\ieui.dll 2012-09-22 03:01:01 ----A---- C:\Windows\SysWOW64\url.dll 2012-09-22 03:01:01 ----A---- C:\Windows\SysWOW64\ieUnatt.exe 2012-09-22 03:01:00 ----A---- C:\Windows\SysWOW64\urlmon.dll 2012-09-22 03:00:59 ----A---- C:\Windows\SysWOW64\msfeeds.dll 2012-09-22 03:00:58 ----A---- C:\Windows\SysWOW64\wininet.dll 2012-09-22 03:00:57 ----A---- C:\Windows\SysWOW64\jscript9.dll 2012-09-22 03:00:57 ----A---- C:\Windows\SysWOW64\jscript.dll 2012-09-22 03:00:55 ----A---- C:\Windows\SysWOW64\jsproxy.dll 2012-09-22 03:00:55 ----A---- C:\Windows\SysWOW64\iertutil.dll 2012-09-22 03:00:52 ----A---- C:\Windows\SysWOW64\mshtml.dll 2012-09-22 03:00:47 ----A---- C:\Windows\SysWOW64\ieframe.dll 2012-09-16 16:30:11 ----A---- C:\log.txt 2012-09-15 09:00:53 ----D---- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-09-15 09:00:53 ----D---- C:\Program Files (x86)\iTunes 2012-09-15 08:49:50 ----D---- C:\Config.Msi 2012-09-12 00:04:56 ----A---- C:\Windows\SysWOW64\d3d10level9.dll 2012-09-10 17:24:25 ----D---- C:\Program Files (x86)\Common Files\Solveig Multimedia 2012-09-10 17:24:24 ----D---- C:\Program Files (x86)\Solveig Multimedia 2012-09-08 13:12:35 ----D---- C:\ProgramData\VirtualizedApplications 2012-09-08 11:11:11 ----RD---- C:\MSOCache 2012-09-08 11:01:24 ----D---- C:\Users\cdav1313\AppData\Roaming\SoftGrid Client 2012-09-05 03:02:24 ----D---- C:\Users\cdav1313\AppData\Roaming\Skype ======List of files/folders modified in the last 1 month====== 2012-09-30 08:54:15 ----D---- C:\Windows\Temp 2012-09-30 08:54:12 ----RD---- C:\Program Files (x86) 2012-09-29 22:16:05 ----D---- C:\Windows\System32 2012-09-29 22:16:05 ----D---- C:\Windows\inf 2012-09-29 22:11:30 ----A---- C:\Windows\SysWOW64\lgAxconfig.ini 2012-09-29 18:22:23 ----D---- C:\Windows\Downloaded Program Files 2012-09-29 16:55:16 ----D---- C:\Windows 2012-09-29 16:47:20 ----A---- C:\Windows\system.ini 2012-09-29 16:32:51 ----D---- C:\Windows\SysWOW64\drivers 2012-09-29 16:32:51 ----D---- C:\Windows\SysWOW64 2012-09-29 16:32:51 ----D---- C:\Windows\AppPatch 2012-09-29 16:32:45 ----D---- C:\Program Files (x86)\Common Files 2012-09-29 15:24:07 ----SHD---- C:\System Volume Information 2012-09-29 15:21:45 ----D---- C:\Windows\Prefetch 2012-09-28 00:21:45 ----D---- C:\Windows\rescache 2012-09-27 22:47:00 ----RD---- C:\Program Files 2012-09-27 22:15:20 ----D---- C:\ProgramData 2012-09-27 22:14:52 ----D---- C:\Windows\Panther 2012-09-27 22:14:49 ----D---- C:\Windows\Minidump 2012-09-27 22:14:49 ----D---- C:\Windows\Logs 2012-09-27 22:14:49 ----D---- C:\Windows\debug 2012-09-27 03:01:20 ----D---- C:\Windows\winsxs 2012-09-26 17:17:43 ----D---- C:\Users\cdav1313\AppData\Roaming\uTorrent 2012-09-22 03:17:41 ----D---- C:\Windows\SysWOW64\migration 2012-09-22 03:17:41 ----D---- C:\Program Files (x86)\Internet Explorer 2012-09-15 09:04:55 ----SHD---- C:\Windows\Installer 2012-09-15 09:00:54 ----D---- C:\Program Files (x86)\Common Files\Apple 2012-09-11 18:03:29 ----D---- C:\ProgramData\Adobe 2012-09-11 18:01:18 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-09-08 11:02:17 ----SD---- C:\Users\cdav1313\AppData\Roaming\Microsoft 2012-09-08 11:02:04 ----D---- C:\Users\cdav1313\AppData\Roaming\TP 2012-09-08 11:00:57 ----SD---- C:\ProgramData\Microsoft 2012-09-05 06:02:19 ----D---- C:\ProgramData\Skype ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [] R0 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [] R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R1 mfenlfk;McAfee NDIS Light Filter; C:\Windows\system32\DRIVERS\mfenlfk.sys [] R1 MOBK755Filter;MOBK755Filter; C:\Windows\system32\DRIVERS\MOBK755.sys [] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [] R3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [] R3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [] R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [] R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [] R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [] R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [] R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [] R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [] R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [] S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 mfeavfk01;McAfee Inc.; C:\Windows\SysWOW64\drivers\mfeavfk01.sys [] S3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys [] S3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [] S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [] S3 usbbus;LGE CDMA Composite USB Device; C:\Windows\system32\DRIVERS\lgx64bus.sys [] S3 UsbDiag;LGE CDMA USB Serial Port; C:\Windows\system32\DRIVERS\lgx64diag.sys [] S3 USBModem;LGE CDMA USB Modem; C:\Windows\system32\DRIVERS\lgx64modem.sys [] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184] R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] R2 GREGService;GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2011-05-29 36456] R2 Live Updater Service;Live Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2012-02-06 255376] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-01-13 103440] R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] R2 McShield;McAfee McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2012-05-25 199304] R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616] R2 mfevtp;McAfee Validation Trust Protection Service; C:\Windows\system32\mfevtps.exe [] R2 MOBK755backup;McAfee Online Backup Service; C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe [2010-09-20 207672] R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080] R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-01 2804568] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-08-09 38608] R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096] R2 YahooAUService;Yahoo! Updater; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-09-09 936848] R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-11 250568] S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2012-08-23 502064] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] -----------------EOF----------------- Security Check: Results of screen317's Security Check version 0.99.51 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 Java 2 Runtime Environment, SE v1.4.1 Java version out of Date! Adobe Reader X (10.1.4) ````````Process Check: objlist.exe by Laurent```````` Symantec Norton Online Backup NOBuAgent.exe McAfee Online Backup MOBK755backup.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  11. ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial= # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-09-30 01:49:57 # local_time=2012-09-29 09:49:57 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=5121 16777213 100 75 255030 2299936 0 0 # compatibility_mode=5893 16776574 100 94 57716823 100501484 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=226136 # found=0 # cleaned=0 # scan_time=11762
  12. Rkill.txt log: Rkill 2.4.3 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingc...opic308364.html Program started at: 09/29/2012 03:14:07 PM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 Checking Windows Service Integrity: * Windows Defender (WinDefend) is not Running. Startup Type set to: Manual Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 09/29/2012 03:14:29 PM Execution time: 0 hours(s), 0 minute(s), and 22 seconds(s) Combofix log: ComboFix 12-09-27.03 - cdav1313 09/29/2012 15:27:28.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3576.2366 [GMT -4:00] Running from: c:\users\cdav1313\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\cdav1313\GoToAssistDownloadHelper.exe . . ((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-29 ))))))))))))))))))))))))))))))) . . 2012-09-29 20:46 . 2012-09-29 20:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-29 17:17 . 2012-09-29 17:17 -------- d-----w- c:\program files (x86)\ERUNT 2012-09-28 02:47 . 2012-09-28 02:47 -------- d-----w- c:\program files\HitmanPro 2012-09-28 02:17 . 2012-09-28 11:11 -------- d-----w- C:\MGtools 2012-09-28 02:15 . 2012-09-28 02:49 -------- d-----w- c:\programdata\HitmanPro 2012-09-28 02:04 . 2012-09-28 02:04 -------- d-----w- c:\program files\CCleaner 2012-09-26 11:48 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-22 07:00 . 2012-08-24 10:31 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-09-15 18:15 . 2012-09-15 18:15 -------- d-----w- c:\users\cdav1313\AppData\Local\Unity 2012-09-15 13:02 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-09-15 13:00 . 2012-09-15 13:00 -------- d-----w- c:\program files\iPod 2012-09-15 13:00 . 2012-09-15 13:02 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-09-15 13:00 . 2012-09-15 13:02 -------- d-----w- c:\program files\iTunes 2012-09-15 13:00 . 2012-09-15 13:02 -------- d-----w- c:\program files (x86)\iTunes 2012-09-12 04:05 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-12 04:05 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-12 04:04 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-12 04:04 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-09-12 04:04 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-12 04:04 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-12 04:04 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-09-10 21:24 . 2012-09-10 21:24 -------- d-----w- c:\program files (x86)\Common Files\Solveig Multimedia 2012-09-10 21:24 . 2012-09-10 21:24 -------- d-----w- c:\program files (x86)\Solveig Multimedia 2012-09-08 17:12 . 2012-09-10 12:54 -------- d-----w- c:\programdata\VirtualizedApplications 2012-09-08 15:11 . 2012-09-08 15:11 -------- d-----r- C:\MSOCache 2012-09-08 15:01 . 2012-09-08 15:01 -------- d-----w- c:\users\cdav1313\AppData\Local\SoftGrid Client 2012-09-08 15:01 . 2012-09-10 12:54 -------- d-----w- c:\users\cdav1313\AppData\Roaming\SoftGrid Client 2012-09-08 15:01 . 2012-09-08 15:01 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\SoftGrid Client 2012-09-08 15:01 . 2012-09-08 15:01 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\SoftGrid Client 2012-09-05 07:02 . 2012-09-05 10:02 -------- d-----w- c:\users\cdav1313\AppData\Roaming\Skype 2012-08-31 01:09 . 2012-08-31 01:09 -------- d-----w- c:\program files (x86)\RealNetworks 2012-08-31 00:55 . 2012-08-31 00:55 -------- d-----w- c:\programdata\RealNetworks . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-12 07:01 . 2012-06-27 10:04 64462936 ----a-w- c:\windows\system32\MRT.exe 2012-09-11 22:01 . 2012-07-11 02:59 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-09-11 22:01 . 2011-08-10 12:01 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-07 21:04 . 2012-06-24 16:52 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-31 01:54 . 2012-06-30 15:30 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-08-31 01:53 . 2012-06-30 15:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-08-25 13:09 . 2012-07-21 19:55 94208 ----a-w- c:\users\cdav1313\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll 2012-08-25 13:09 . 2012-07-21 19:55 24576 ----a-w- c:\users\cdav1313\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll 2012-08-25 13:09 . 2012-07-21 19:55 1343488 ----a-w- c:\users\cdav1313\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe 2012-08-21 17:01 . 2012-06-25 01:30 125872 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-08-21 17:01 . 2012-06-25 01:30 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2012-07-18 18:15 . 2012-08-15 20:49 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-09 17:42 . 2012-07-09 17:42 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-07-09 17:42 . 2012-07-09 17:42 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2012-07-04 22:16 . 2012-08-15 20:49 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-07-04 22:13 . 2012-08-15 20:49 59392 ----a-w- c:\windows\system32\browcli.dll 2012-07-04 22:13 . 2012-08-15 20:49 136704 ----a-w- c:\windows\system32\browser.dll 2012-07-04 21:14 . 2012-08-15 20:49 41984 ----a-w- c:\windows\SysWow64\browcli.dll 2012-07-02 21:41 . 2012-07-02 21:41 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-06-11 1524056] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384] "Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160] "YMailAdvisor"="c:\program files (x86)\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "BYR_AGENT"="c:\programdata\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe" [2012-09-13 396416] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] . c:\users\cdav1313\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-11 250568] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-26 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936] S1 MOBK755Filter;MOBK755Filter;c:\windows\system32\DRIVERS\MOBK755.sys [2010-09-20 66040] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-24 204288] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [2011-05-30 36456] S2 Live Updater Service;Live Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2012-02-07 255376] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-01-13 103440] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-05-25 162224] S2 MOBK755backup;McAfee Online Backup Service;c:\program files (x86)\McAfee Online Backup\MOBK755backup.exe [2010-09-20 207672] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-08-09 38608] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-05-24 9359872] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-05-24 309760] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ASWMBR *Deregistered* - aswMBR *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2012-09-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 22:01] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK755] @="{f378ff85-8d0a-cbe6-4735-3a67760db6bb}" [HKEY_CLASSES_ROOT\CLSID\{f378ff85-8d0a-cbe6-4735-3a67760db6bb}] 2010-09-20 07:27 4718392 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK755shell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK7552] @="{8406002f-3c7e-565d-de02-414c2856a50b}" [HKEY_CLASSES_ROOT\CLSID\{8406002f-3c7e-565d-de02-414c2856a50b}] 2010-09-20 07:27 4718392 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK755shell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK7553] @="{cb5494dd-88ee-383e-88d7-bbd79c7c52d4}" [HKEY_CLASSES_ROOT\CLSID\{cb5494dd-88ee-383e-88d7-bbd79c7c52d4}] 2010-09-20 07:27 4718392 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK755shell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-11 11580520] . ------- Supplementary Scan ------- . uStart Page = hxxp://my.yahoo.com/p/2.html uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://emachines.msn.com mStart Page = hxxp://emachines.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file) Toolbar-Locked - (no file) Toolbar-Locked - (no file) WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-09-29 16:51:43 ComboFix-quarantined-files.txt 2012-09-29 20:51 . Pre-Run: 433,768,304,640 bytes free Post-Run: 433,575,403,520 bytes free . - - End Of File - - 1B520E2740EABC3D5324F9D051F1BBA4 The system still seems to be running a little choppy. My Yahoo toolbar still isn't working properly. When I click the "Mail Preview" Icon, I either get nothing or a dark blue window. When I click the button to refresh the toolbar, it doesn't load all the way. Still seems real sluggish
  13. aswMBR report: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-29 13:22:51 ----------------------------- 13:22:51.160 OS Version: Windows x64 6.1.7601 Service Pack 1 13:22:51.160 Number of processors: 2 586 0x100 13:22:51.176 ComputerName: CDAV1313-PC UserName: cdav1313 13:22:53.252 Initialize success 13:23:35.403 AVAST engine defs: 12092900 13:24:00.253 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 13:24:00.269 Disk 0 Vendor: WDC_WD5000AAKX-221CA1 17.01H17 Size: 476940MB BusType: 11 13:24:00.285 Disk 0 MBR read successfully 13:24:00.300 Disk 0 MBR scan 13:24:00.316 Disk 0 Windows 7 default MBR code 13:24:00.331 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20000 MB offset 2048 13:24:00.347 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 40962048 13:24:00.378 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 456838 MB offset 41166848 13:24:00.409 Disk 0 scanning C:\Windows\system32\drivers 13:24:23.515 Service scanning 13:24:51.332 Modules scanning 13:24:51.348 Scan finished successfully 14:39:56.623 Disk 0 MBR has been saved successfully to "C:\Users\cdav1313\Desktop\MBR.dat" 14:39:56.654 The log file has been saved successfully to "C:\Users\cdav1313\Desktop\aswMBR.txt" TDSSKILLER log: 22:13:41.0116 3560 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 22:13:42.0712 3560 ============================================================ 22:13:42.0713 3560 Current date / time: 2012/09/27 22:13:42.0712 22:13:42.0713 3560 SystemInfo: 22:13:42.0713 3560 22:13:42.0713 3560 OS Version: 6.1.7601 ServicePack: 1.0 22:13:42.0713 3560 Product type: Workstation 22:13:42.0714 3560 ComputerName: CDAV1313-PC 22:13:42.0715 3560 UserName: cdav1313 22:13:42.0715 3560 Windows directory: C:\Windows 22:13:42.0715 3560 System windows directory: C:\Windows 22:13:42.0715 3560 Running under WOW64 22:13:42.0715 3560 Processor architecture: Intel x64 22:13:42.0715 3560 Number of processors: 2 22:13:42.0715 3560 Page size: 0x1000 22:13:42.0715 3560 Boot type: Normal boot 22:13:42.0716 3560 ============================================================ 22:13:47.0231 3560 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 22:13:47.0237 3560 Drive \Device\Harddisk1\DR1 - Size: 0x2BAA1472000 (2794.52 Gb), SectorSize: 0x1000, Cylinders: 0xB220, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 22:13:47.0240 3560 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 22:13:47.0252 3560 ============================================================ 22:13:47.0252 3560 \Device\Harddisk0\DR0: 22:13:47.0252 3560 MBR partitions: 22:13:47.0252 3560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2710800, BlocksNum 0x32000 22:13:47.0252 3560 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2742800, BlocksNum 0x37C43030 22:13:47.0252 3560 \Device\Harddisk1\DR1: 22:13:47.0503 3560 MBR partitions: 22:13:47.0503 3560 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2BAA0A20 22:13:47.0503 3560 \Device\Harddisk2\DR2: 22:13:47.0505 3560 MBR partitions: 22:13:47.0505 3560 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41 22:13:47.0505 3560 ============================================================ 22:13:47.0604 3560 C: <-> \Device\Harddisk0\DR0\Partition2 22:13:47.0610 3560 E: <-> \Device\Harddisk1\DR1\Partition1 22:13:47.0616 3560 H: <-> \Device\Harddisk2\DR2\Partition1 22:13:47.0616 3560 ============================================================ 22:13:47.0617 3560 Initialize success 22:13:47.0617 3560 ============================================================ 22:13:56.0390 5488 Deinitialize success RKReport log: RogueKiller V8.1.0 [09/28/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo...13-roguekiller/ Website: http://tigzy.geeksto...roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : cdav1313 [Admin rights] Mode : Scan -- Date : 09/29/2012 14:47:06 ¤¤¤ Bad processes : 2 ¤¤¤ [sUSP PATH] VZWNotiAgent.exe -- C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe -> KILLED [TermProc] [sUSP PATH] aswMBR.exe -- C:\Users\cdav1313\Desktop\aswMBR.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 14 ¤¤¤ [RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : BYR_AGENT (C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe) -> FOUND [TASK][sUSP PATH] {7D2E72DF-9DA6-4FA9-81AF-43CAAC6458FB} : C:\Windows\system32\pcalua.exe -a "C:\Users\cdav1313\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0DGOGB89\yahoo_toolbar_install_helper.exe" -d C:\Users\cdav1313\Desktop -> FOUND [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AAKX-221CA1 ATA Device +++++ --- User --- [MBR] 9d6fc4fe93881bfe7b71e5dae1a36436 [bSP] d4bf1dd464fb581e576fc930f20553f4 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 20000 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 40962048 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41166848 | Size: 456838 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WD 5000AAV External USB Device +++++ --- User --- [MBR] a0dd5729daf2e9c10b40f19bb971fcf9 [bSP] 96545aae4c3a8e5d84fbb99372be0652 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt
  14. Ok, so for some reason malwarebytes has quarantined itself. I was using the computer one day when I got 3 "alerts" that malewarebytes wanted to quarantine something. So I blindly (dumbly?) allowed it to. (In retrospect, I do not have the Pro edition of malwarebytes so there shouldn't have been any active scanning going on). So the computer starts running crappy and I can't open Malwarebytes. So I redownload it in another location and open it and there are 3 things in my quarantine: Trojan.Keylogger is the "Vendor" and it lists the "Item" as C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\comctl32.dll.nui The next item quarantined has a "Vendor" called Trojan.Goldun and the "Item" is my malwarebytes (E:\zStuff\Malewarebytes'Anti-Maleware\mbam.exe) The third thing is "Vendor" Trojan.Banker and the "Item" C:\Windows\System32\NLSData0000.dll So I've updated malwarebytes and run a full scan but it comes up clean. I have Yahoo toolbar and on it Yahoo Mail button. Normally when I press the button, it gives me "Mail Preview". Now when I press it, it tells me "To help protect the security of information you enter into this website, the publisher of this content does not allow it to be displayed in a frame" It only started doing that after the 3 quarantined items appeared, so I assume they are somehow linked. I downloaded and ran DDS and these are the reports: DDS: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by cdav1313 at 17:33:46 on 2012-09-26 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3576.2343 [GMT -4:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe C:\Windows\system32\mfevtps.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe C:\Windows\system32\vssvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\ytbb.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://my.yahoo.com/p/2.html uDefault_Page_URL = hxxp://emachines.msn.com mDefault_Page_URL = hxxp://emachines.msn.com mStart Page = hxxp://emachines.msn.com uInternet Settings,ProxyOverride = *.local uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll mWinlogon: Userinit=userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120624164037.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [bYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.4.1/jinstall-1_4_1-windows-i586.cab DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://nainfor.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab TCP: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53 TCP: Interfaces\{AE60ABF8-A607-432C-A229-1CCA1AF805B3} : DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll BHO-X64: uTorrentControl2 - No File BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120624164037.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [bYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] R1 MOBK755Filter;MOBK755Filter;C:\Windows\system32\DRIVERS\MOBK755.sys --> C:\Windows\system32\DRIVERS\MOBK755.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 GREGService;GREGService;C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2011-5-29 36456] R2 Live Updater Service;Live Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2011-8-10 255376] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-6-26 103440] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-24 249936] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-24 249936] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-24 249936] R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-6-24 199304] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-6-24 210616] R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?] R2 MOBK755backup;McAfee Online Backup Service;C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe [2010-9-20 207672] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080] R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-8-9 38608] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-10 250568] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-09-15 18:15:30 -------- d-----w- C:\Users\cdav1313\AppData\Local\Unity 2012-09-15 13:02:52 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-09-15 13:00:55 -------- d-----w- C:\Program Files\iPod 2012-09-15 13:00:53 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-09-15 13:00:53 -------- d-----w- C:\Program Files\iTunes 2012-09-15 13:00:53 -------- d-----w- C:\Program Files (x86)\iTunes 2012-09-12 04:05:01 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-09-12 04:05:00 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys 2012-09-12 04:04:56 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-09-12 04:04:56 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-09-12 04:04:51 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-09-12 04:04:50 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-09-12 04:04:50 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-09-10 21:24:25 -------- d-----w- C:\Program Files (x86)\Common Files\Solveig Multimedia 2012-09-10 21:24:24 -------- d-----w- C:\Program Files (x86)\Solveig Multimedia 2012-09-10 21:16:45 -------- d-----w- C:\Users\cdav1313\AppData\Local\{A62E461C-E13F-49B6-84C9-DFE2616EEF1B} 2012-09-08 17:12:35 -------- d-----w- C:\ProgramData\VirtualizedApplications 2012-09-08 15:01:28 -------- d-----w- C:\Users\cdav1313\AppData\Local\SoftGrid Client 2012-09-08 15:01:24 -------- d-----w- C:\Users\cdav1313\AppData\Roaming\SoftGrid Client 2012-09-03 21:35:40 -------- d-----w- C:\Users\cdav1313\AppData\Local\{648AE64E-A12B-4918-9885-F1B165C41649} 2012-08-31 01:09:22 -------- d-----w- C:\Program Files (x86)\RealNetworks 2012-08-31 01:09:06 -------- d-----w- C:\Users\cdav1313\AppData\Roaming\RealNetworks 2012-08-31 00:55:27 -------- d-----w- C:\ProgramData\RealNetworks 2012-08-28 22:36:55 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client 2012-08-28 22:36:33 -------- d-----w- C:\Users\cdav1313\AppData\Roaming\TP . ==================== Find3M ==================== . 2012-09-11 22:01:18 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-11 22:01:18 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll 2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-09 17:42:56 4547984 ----a-w- C:\Windows\System32\usbaaplrc.dll 2012-07-09 17:42:54 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys 2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll 2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll 2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll . ============= FINISH: 17:37:09.65 =============== Attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 6/24/2012 12:17:30 PM System Uptime: 9/26/2012 5:23:58 PM (0 hours ago) . Motherboard: eMachines | | EL1360G Processor: AMD E-350 Processor | CPU 1 | 1600/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 446 GiB total, 396.227 GiB free. D: is CDROM () E: is FIXED (NTFS) - 2795 GiB total, 1991.973 GiB free. F: is Removable H: is FIXED (NTFS) - 466 GiB total, 18.001 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP40: 9/12/2012 3:00:21 AM - Windows Update RP41: 9/19/2012 7:39:30 AM - Scheduled Checkpoint RP42: 9/22/2012 3:00:12 AM - Windows Update . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.4) MUI Agatha Christie - Death on the Nile AMD VISION Engine Control Center Apple Application Support Apple Software Update Bejeweled 2 Deluxe Build-a-lot 4 - Power Source Catalyst Control Center - Branding Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chronicles of Albian Cisco WebEx Meetings Contrôle ActiveX Windows Live Mesh pour connexions à distance Cradle of Rome 2 D3DX10 Dora's World Adventure eBay Worldwide eMachines Games eMachines Recovery Management eMachines Registration eMachines ScreenSaver eMachines Updater Etron USB3.0 Host Controller Evernote v. 4.5.1 Final Drive: Nitro Fooz Kids Fooz Kids Platform Free Realms Galerie de photos Windows Live Governor of Poker 2 Premium Edition Hotkey Utility Identity Card Java 2 Runtime Environment, SE v1.4.1 Jewel Match 3 Junk Mail filter update LG United Mobile Drivers Malwarebytes Anti-Malware version 1.65.0.1400 McAfee Internet Security McAfee Online Backup Mesh Runtime Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mystery of Mortlake Mansion Nero Control Center 10 Nero ControlCenter 10 Help (CHM) Nero Core Components 10 Nero DiscSpeed 10 Nero DiscSpeed 10 Help (CHM) Nero Express 10 Nero Express 10 Help (CHM) Nero Multimedia Suite 10 Essentials Nero StartSmart 10 Nero StartSmart 10 Help (CHM) Nero Update NOOK for PC Norton Online Backup Penguins! Plants vs. Zombies - Game of the Year Polar Bowler Polar Golfer RealDownloader Realtek Ethernet Controller Driver Realtek High Definition Audio Driver ROBLOX Player for cdav1313 Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) SolveigMM AVI Trimmer Times Reader Torchlight Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update Installer for WildTangent Games App uTorrentControl2 Toolbar Virtual Villagers 5 - New Believers Welcome Center WildTangent Games App (eMachines Games) Windows Live Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Yahoo! Install Manager Yahoo! Internet Mail Yahoo! Mail Advisor Yahoo! Software Update Yahoo! Toolbar Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 9/25/2012 7:42:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06} 9/25/2012 7:32:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} 9/25/2012 7:28:30 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 9/25/2012 7:28:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 9/25/2012 7:28:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 9/25/2012 7:28:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 9/25/2012 7:28:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 9/25/2012 7:28:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 9/25/2012 7:28:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 9/25/2012 7:28:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk MOBK755Filter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf 9/25/2012 7:28:14 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start. 9/25/2012 7:28:13 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 9/25/2012 7:28:13 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 9/25/2012 7:28:13 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start. 9/25/2012 7:28:13 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 9/25/2012 7:28:12 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 9/25/2012 7:28:12 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 9/25/2012 7:28:12 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 9/25/2012 7:28:12 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 9/25/2012 7:28:12 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 9/25/2012 7:28:12 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 9/25/2012 7:28:12 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 9/25/2012 7:28:12 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning. 9/25/2012 7:28:12 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start. 9/25/2012 7:28:12 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 9/25/2012 7:28:12 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 9/25/2012 7:28:12 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 9/25/2012 11:40:11 PM, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s). 9/24/2012 8:15:55 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s). 9/24/2012 8:03:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x0000000000070f95, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092412-24882-01. 9/23/2012 2:33:50 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user cdav1313-PC\cdav1313 SID (S-1-5-21-771940188-3420538874-2173256766-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 9/21/2012 10:37:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service. 9/20/2012 2:33:55 PM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/20/2012 2:33:55 PM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/20/2012 2:33:55 PM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/20/2012 2:33:55 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/20/2012 2:33:55 PM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/20/2012 2:33:55 PM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. . ==== End Of File =========================== Thank you in advance
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.