Jump to content

Possible keylogger virus. Please Help


christo123
 Share

Recommended Posts

Ok, so for some reason malwarebytes has quarantined itself. I was using the computer one day when I got 3 "alerts" that malewarebytes wanted to quarantine something. So I blindly (dumbly?) allowed it to. (In retrospect, I do not have the Pro edition of malwarebytes so there shouldn't have been any active scanning going on).

So the computer starts running crappy and I can't open Malwarebytes. So I redownload it in another location and open it and there are 3 things in my quarantine:

Trojan.Keylogger is the "Vendor" and it lists the "Item" as C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\comctl32.dll.nui

The next item quarantined has a "Vendor" called Trojan.Goldun and the "Item" is my malwarebytes (E:\zStuff\Malewarebytes'Anti-Maleware\mbam.exe)

The third thing is "Vendor" Trojan.Banker and the "Item" C:\Windows\System32\NLSData0000.dll

So I've updated malwarebytes and run a full scan but it comes up clean.

I have Yahoo toolbar and on it Yahoo Mail button. Normally when I press the button, it gives me "Mail Preview". Now when I press it, it tells me "To help protect the security of information you enter into this website, the publisher of this content does not allow it to be displayed in a frame"

It only started doing that after the 3 quarantined items appeared, so I assume they are somehow linked.

I downloaded and ran DDS and these are the reports:

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by cdav1313 at 17:33:46 on 2012-09-26

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3576.2343 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe

C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe

C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

C:\Windows\system32\mfevtps.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe

C:\Windows\system32\vssvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe

C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\ytbb.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://my.yahoo.com/p/2.html

uDefault_Page_URL = hxxp://emachines.msn.com

mDefault_Page_URL = hxxp://emachines.msn.com

mStart Page = hxxp://emachines.msn.com

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll

mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

mWinlogon: Userinit=userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120624164037.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll

TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [bYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.4.1/jinstall-1_4_1-windows-i586.cab

DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://nainfor.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab

TCP: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53

TCP: Interfaces\{AE60ABF8-A607-432C-A229-1CCA1AF805B3} : DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

BHO-X64: uTorrentControl2 - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120624164037.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll

TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [bYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 MOBK755Filter;MOBK755Filter;C:\Windows\system32\DRIVERS\MOBK755.sys --> C:\Windows\system32\DRIVERS\MOBK755.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 GREGService;GREGService;C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2011-5-29 36456]

R2 Live Updater Service;Live Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2011-8-10 255376]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-6-26 103440]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-24 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-24 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-24 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-6-24 199304]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-6-24 210616]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R2 MOBK755backup;McAfee Online Backup Service;C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe [2010-9-20 207672]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-8-9 38608]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-10 250568]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-09-15 18:15:30 -------- d-----w- C:\Users\cdav1313\AppData\Local\Unity

2012-09-15 13:02:52 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-09-15 13:00:55 -------- d-----w- C:\Program Files\iPod

2012-09-15 13:00:53 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-09-15 13:00:53 -------- d-----w- C:\Program Files\iTunes

2012-09-15 13:00:53 -------- d-----w- C:\Program Files (x86)\iTunes

2012-09-12 04:05:01 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-09-12 04:05:00 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys

2012-09-12 04:04:56 574464 ----a-w- C:\Windows\System32\d3d10level9.dll

2012-09-12 04:04:56 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2012-09-12 04:04:51 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-09-12 04:04:50 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-09-12 04:04:50 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-09-10 21:24:25 -------- d-----w- C:\Program Files (x86)\Common Files\Solveig Multimedia

2012-09-10 21:24:24 -------- d-----w- C:\Program Files (x86)\Solveig Multimedia

2012-09-10 21:16:45 -------- d-----w- C:\Users\cdav1313\AppData\Local\{A62E461C-E13F-49B6-84C9-DFE2616EEF1B}

2012-09-08 17:12:35 -------- d-----w- C:\ProgramData\VirtualizedApplications

2012-09-08 15:01:28 -------- d-----w- C:\Users\cdav1313\AppData\Local\SoftGrid Client

2012-09-08 15:01:24 -------- d-----w- C:\Users\cdav1313\AppData\Roaming\SoftGrid Client

2012-09-03 21:35:40 -------- d-----w- C:\Users\cdav1313\AppData\Local\{648AE64E-A12B-4918-9885-F1B165C41649}

2012-08-31 01:09:22 -------- d-----w- C:\Program Files (x86)\RealNetworks

2012-08-31 01:09:06 -------- d-----w- C:\Users\cdav1313\AppData\Roaming\RealNetworks

2012-08-31 00:55:27 -------- d-----w- C:\ProgramData\RealNetworks

2012-08-28 22:36:55 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client

2012-08-28 22:36:33 -------- d-----w- C:\Users\cdav1313\AppData\Roaming\TP

.

==================== Find3M ====================

.

2012-09-11 22:01:18 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-11 22:01:18 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll

2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-09 17:42:56 4547984 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-07-09 17:42:54 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

.

============= FINISH: 17:37:09.65 ===============

Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 6/24/2012 12:17:30 PM

System Uptime: 9/26/2012 5:23:58 PM (0 hours ago)

.

Motherboard: eMachines | | EL1360G

Processor: AMD E-350 Processor | CPU 1 | 1600/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 446 GiB total, 396.227 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 2795 GiB total, 1991.973 GiB free.

F: is Removable

H: is FIXED (NTFS) - 466 GiB total, 18.001 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP40: 9/12/2012 3:00:21 AM - Windows Update

RP41: 9/19/2012 7:39:30 AM - Scheduled Checkpoint

RP42: 9/22/2012 3:00:12 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.4) MUI

Agatha Christie - Death on the Nile

AMD VISION Engine Control Center

Apple Application Support

Apple Software Update

Bejeweled 2 Deluxe

Build-a-lot 4 - Power Source

Catalyst Control Center - Branding

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Chronicles of Albian

Cisco WebEx Meetings

Contrôle ActiveX Windows Live Mesh pour connexions à distance

Cradle of Rome 2

D3DX10

Dora's World Adventure

eBay Worldwide

eMachines Games

eMachines Recovery Management

eMachines Registration

eMachines ScreenSaver

eMachines Updater

Etron USB3.0 Host Controller

Evernote v. 4.5.1

Final Drive: Nitro

Fooz Kids

Fooz Kids Platform

Free Realms

Galerie de photos Windows Live

Governor of Poker 2 Premium Edition

Hotkey Utility

Identity Card

Java 2 Runtime Environment, SE v1.4.1

Jewel Match 3

Junk Mail filter update

LG United Mobile Drivers

Malwarebytes Anti-Malware version 1.65.0.1400

McAfee Internet Security

McAfee Online Backup

Mesh Runtime

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery of Mortlake Mansion

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero DiscSpeed 10

Nero DiscSpeed 10 Help (CHM)

Nero Express 10

Nero Express 10 Help (CHM)

Nero Multimedia Suite 10 Essentials

Nero StartSmart 10

Nero StartSmart 10 Help (CHM)

Nero Update

NOOK for PC

Norton Online Backup

Penguins!

Plants vs. Zombies - Game of the Year

Polar Bowler

Polar Golfer

RealDownloader

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

ROBLOX Player for cdav1313

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

SolveigMM AVI Trimmer

Times Reader

Torchlight

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update Installer for WildTangent Games App

uTorrentControl2 Toolbar

Virtual Villagers 5 - New Believers

Welcome Center

WildTangent Games App (eMachines Games)

Windows Live

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Yahoo! Install Manager

Yahoo! Internet Mail

Yahoo! Mail Advisor

Yahoo! Software Update

Yahoo! Toolbar

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

9/25/2012 7:42:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}

9/25/2012 7:32:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

9/25/2012 7:28:30 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

9/25/2012 7:28:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

9/25/2012 7:28:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

9/25/2012 7:28:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

9/25/2012 7:28:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

9/25/2012 7:28:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

9/25/2012 7:28:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

9/25/2012 7:28:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk MOBK755Filter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf

9/25/2012 7:28:14 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

9/25/2012 7:28:13 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

9/25/2012 7:28:13 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

9/25/2012 7:28:13 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

9/25/2012 7:28:13 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

9/25/2012 7:28:12 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

9/25/2012 7:28:12 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

9/25/2012 7:28:12 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

9/25/2012 7:28:12 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

9/25/2012 7:28:12 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

9/25/2012 7:28:12 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

9/25/2012 7:28:12 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

9/25/2012 7:28:12 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

9/25/2012 7:28:12 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.

9/25/2012 7:28:12 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

9/25/2012 7:28:12 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

9/25/2012 7:28:12 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

9/25/2012 11:40:11 PM, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).

9/24/2012 8:15:55 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).

9/24/2012 8:03:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x0000000000070f95, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092412-24882-01.

9/23/2012 2:33:50 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user cdav1313-PC\cdav1313 SID (S-1-5-21-771940188-3420538874-2173256766-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

9/21/2012 10:37:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.

9/20/2012 2:33:55 PM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/20/2012 2:33:55 PM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/20/2012 2:33:55 PM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/20/2012 2:33:55 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/20/2012 2:33:55 PM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/20/2012 2:33:55 PM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

.

==== End Of File ===========================

Thank you in advance

Link to post
Share on other sites

Hello christo123 and welcome to MalwareBytes forums.

Firstly, you need to remove uTorrentControl2 Toolbar and confirm doing so before we go further.

Use Control Panel >>Programs and Features and Uninstall

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Forum policy on peer-to-peer-programs:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

http://forums.malwar...showtopic=97700

Confirm that it was removed, along with any other peer-to-peer program(s).

Link to post
Share on other sites

Hello christo123.

Very good. Let's have you do the following, so I can see some diagnostic reports.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Do not click any FIX button. We just need an initial report.

Step 4

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program. :excl:

Then copy/paste the following into your post (in order):

  • the contents of aswMBR report;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

aswMBR report:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-09-29 13:22:51

-----------------------------

13:22:51.160 OS Version: Windows x64 6.1.7601 Service Pack 1

13:22:51.160 Number of processors: 2 586 0x100

13:22:51.176 ComputerName: CDAV1313-PC UserName: cdav1313

13:22:53.252 Initialize success

13:23:35.403 AVAST engine defs: 12092900

13:24:00.253 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4

13:24:00.269 Disk 0 Vendor: WDC_WD5000AAKX-221CA1 17.01H17 Size: 476940MB BusType: 11

13:24:00.285 Disk 0 MBR read successfully

13:24:00.300 Disk 0 MBR scan

13:24:00.316 Disk 0 Windows 7 default MBR code

13:24:00.331 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20000 MB offset 2048

13:24:00.347 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 40962048

13:24:00.378 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 456838 MB offset 41166848

13:24:00.409 Disk 0 scanning C:\Windows\system32\drivers

13:24:23.515 Service scanning

13:24:51.332 Modules scanning

13:24:51.348 Scan finished successfully

14:39:56.623 Disk 0 MBR has been saved successfully to "C:\Users\cdav1313\Desktop\MBR.dat"

14:39:56.654 The log file has been saved successfully to "C:\Users\cdav1313\Desktop\aswMBR.txt"

TDSSKILLER log:

22:13:41.0116 3560 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

22:13:42.0712 3560 ============================================================

22:13:42.0713 3560 Current date / time: 2012/09/27 22:13:42.0712

22:13:42.0713 3560 SystemInfo:

22:13:42.0713 3560

22:13:42.0713 3560 OS Version: 6.1.7601 ServicePack: 1.0

22:13:42.0713 3560 Product type: Workstation

22:13:42.0714 3560 ComputerName: CDAV1313-PC

22:13:42.0715 3560 UserName: cdav1313

22:13:42.0715 3560 Windows directory: C:\Windows

22:13:42.0715 3560 System windows directory: C:\Windows

22:13:42.0715 3560 Running under WOW64

22:13:42.0715 3560 Processor architecture: Intel x64

22:13:42.0715 3560 Number of processors: 2

22:13:42.0715 3560 Page size: 0x1000

22:13:42.0715 3560 Boot type: Normal boot

22:13:42.0716 3560 ============================================================

22:13:47.0231 3560 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:13:47.0237 3560 Drive \Device\Harddisk1\DR1 - Size: 0x2BAA1472000 (2794.52 Gb), SectorSize: 0x1000, Cylinders: 0xB220, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

22:13:47.0240 3560 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

22:13:47.0252 3560 ============================================================

22:13:47.0252 3560 \Device\Harddisk0\DR0:

22:13:47.0252 3560 MBR partitions:

22:13:47.0252 3560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2710800, BlocksNum 0x32000

22:13:47.0252 3560 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2742800, BlocksNum 0x37C43030

22:13:47.0252 3560 \Device\Harddisk1\DR1:

22:13:47.0503 3560 MBR partitions:

22:13:47.0503 3560 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2BAA0A20

22:13:47.0503 3560 \Device\Harddisk2\DR2:

22:13:47.0505 3560 MBR partitions:

22:13:47.0505 3560 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41

22:13:47.0505 3560 ============================================================

22:13:47.0604 3560 C: <-> \Device\Harddisk0\DR0\Partition2

22:13:47.0610 3560 E: <-> \Device\Harddisk1\DR1\Partition1

22:13:47.0616 3560 H: <-> \Device\Harddisk2\DR2\Partition1

22:13:47.0616 3560 ============================================================

22:13:47.0617 3560 Initialize success

22:13:47.0617 3560 ============================================================

22:13:56.0390 5488 Deinitialize success

RKReport log:

RogueKiller V8.1.0 [09/28/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Website: http://tigzy.geeksto...roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : cdav1313 [Admin rights]

Mode : Scan -- Date : 09/29/2012 14:47:06

¤¤¤ Bad processes : 2 ¤¤¤

[sUSP PATH] VZWNotiAgent.exe -- C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe -> KILLED [TermProc]

[sUSP PATH] aswMBR.exe -- C:\Users\cdav1313\Desktop\aswMBR.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 14 ¤¤¤

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : BYR_AGENT (C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe) -> FOUND

[TASK][sUSP PATH] {7D2E72DF-9DA6-4FA9-81AF-43CAAC6458FB} : C:\Windows\system32\pcalua.exe -a "C:\Users\cdav1313\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0DGOGB89\yahoo_toolbar_install_helper.exe" -d C:\Users\cdav1313\Desktop -> FOUND

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKX-221CA1 ATA Device +++++

--- User ---

[MBR] 9d6fc4fe93881bfe7b71e5dae1a36436

[bSP] d4bf1dd464fb581e576fc930f20553f4 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 20000 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 40962048 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41166848 | Size: 456838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: WD 5000AAV External USB Device +++++

--- User ---

[MBR] a0dd5729daf2e9c10b40f19bb971fcf9

[bSP] 96545aae4c3a8e5d84fbb99372be0652 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

Link to post
Share on other sites

Turn off your antivirus

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Step 2

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member christo123 only. If you are a casual viewer, do NOT try this on your system!

If you are not christo123 and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

Link to post
Share on other sites

Rkill.txt log:

Rkill 2.4.3 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingc...opic308364.html

Program started at: 09/29/2012 03:14:07 PM in x64 mode.

Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.

Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 09/29/2012 03:14:29 PM

Execution time: 0 hours(s), 0 minute(s), and 22 seconds(s)

Combofix log:

ComboFix 12-09-27.03 - cdav1313 09/29/2012 15:27:28.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3576.2366 [GMT -4:00]

Running from: c:\users\cdav1313\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\cdav1313\GoToAssistDownloadHelper.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-29 )))))))))))))))))))))))))))))))

.

.

2012-09-29 20:46 . 2012-09-29 20:46 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-29 17:17 . 2012-09-29 17:17 -------- d-----w- c:\program files (x86)\ERUNT

2012-09-28 02:47 . 2012-09-28 02:47 -------- d-----w- c:\program files\HitmanPro

2012-09-28 02:17 . 2012-09-28 11:11 -------- d-----w- C:\MGtools

2012-09-28 02:15 . 2012-09-28 02:49 -------- d-----w- c:\programdata\HitmanPro

2012-09-28 02:04 . 2012-09-28 02:04 -------- d-----w- c:\program files\CCleaner

2012-09-26 11:48 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-09-22 07:00 . 2012-08-24 10:31 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-09-15 18:15 . 2012-09-15 18:15 -------- d-----w- c:\users\cdav1313\AppData\Local\Unity

2012-09-15 13:02 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-09-15 13:00 . 2012-09-15 13:00 -------- d-----w- c:\program files\iPod

2012-09-15 13:00 . 2012-09-15 13:02 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-09-15 13:00 . 2012-09-15 13:02 -------- d-----w- c:\program files\iTunes

2012-09-15 13:00 . 2012-09-15 13:02 -------- d-----w- c:\program files (x86)\iTunes

2012-09-12 04:05 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-09-12 04:05 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2012-09-12 04:04 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-09-12 04:04 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-09-12 04:04 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-09-12 04:04 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-09-12 04:04 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-09-10 21:24 . 2012-09-10 21:24 -------- d-----w- c:\program files (x86)\Common Files\Solveig Multimedia

2012-09-10 21:24 . 2012-09-10 21:24 -------- d-----w- c:\program files (x86)\Solveig Multimedia

2012-09-08 17:12 . 2012-09-10 12:54 -------- d-----w- c:\programdata\VirtualizedApplications

2012-09-08 15:11 . 2012-09-08 15:11 -------- d-----r- C:\MSOCache

2012-09-08 15:01 . 2012-09-08 15:01 -------- d-----w- c:\users\cdav1313\AppData\Local\SoftGrid Client

2012-09-08 15:01 . 2012-09-10 12:54 -------- d-----w- c:\users\cdav1313\AppData\Roaming\SoftGrid Client

2012-09-08 15:01 . 2012-09-08 15:01 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\SoftGrid Client

2012-09-08 15:01 . 2012-09-08 15:01 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\SoftGrid Client

2012-09-05 07:02 . 2012-09-05 10:02 -------- d-----w- c:\users\cdav1313\AppData\Roaming\Skype

2012-08-31 01:09 . 2012-08-31 01:09 -------- d-----w- c:\program files (x86)\RealNetworks

2012-08-31 00:55 . 2012-08-31 00:55 -------- d-----w- c:\programdata\RealNetworks

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-12 07:01 . 2012-06-27 10:04 64462936 ----a-w- c:\windows\system32\MRT.exe

2012-09-11 22:01 . 2012-07-11 02:59 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-09-11 22:01 . 2011-08-10 12:01 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-07 21:04 . 2012-06-24 16:52 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-31 01:54 . 2012-06-30 15:30 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-08-31 01:53 . 2012-06-30 15:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-08-25 13:09 . 2012-07-21 19:55 94208 ----a-w- c:\users\cdav1313\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll

2012-08-25 13:09 . 2012-07-21 19:55 24576 ----a-w- c:\users\cdav1313\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll

2012-08-25 13:09 . 2012-07-21 19:55 1343488 ----a-w- c:\users\cdav1313\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe

2012-08-21 17:01 . 2012-06-25 01:30 125872 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-08-21 17:01 . 2012-06-25 01:30 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-07-18 18:15 . 2012-08-15 20:49 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-09 17:42 . 2012-07-09 17:42 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-07-09 17:42 . 2012-07-09 17:42 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2012-07-04 22:16 . 2012-08-15 20:49 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-07-04 22:13 . 2012-08-15 20:49 59392 ----a-w- c:\windows\system32\browcli.dll

2012-07-04 22:13 . 2012-08-15 20:49 136704 ----a-w- c:\windows\system32\browser.dll

2012-07-04 21:14 . 2012-08-15 20:49 41984 ----a-w- c:\windows\SysWow64\browcli.dll

2012-07-02 21:41 . 2012-07-02 21:41 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-06-11 1524056]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]

"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]

"YMailAdvisor"="c:\program files (x86)\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"BYR_AGENT"="c:\programdata\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe" [2012-09-13 396416]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

.

c:\users\cdav1313\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-11 250568]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-26 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]

S1 MOBK755Filter;MOBK755Filter;c:\windows\system32\DRIVERS\MOBK755.sys [2010-09-20 66040]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-24 204288]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [2011-05-30 36456]

S2 Live Updater Service;Live Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2012-02-07 255376]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-01-13 103440]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-05-25 162224]

S2 MOBK755backup;McAfee Online Backup Service;c:\program files (x86)\McAfee Online Backup\MOBK755backup.exe [2010-09-20 207672]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-08-09 38608]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-05-24 9359872]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-05-24 309760]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ASWMBR

*Deregistered* - aswMBR

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-29 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 22:01]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK755]

@="{f378ff85-8d0a-cbe6-4735-3a67760db6bb}"

[HKEY_CLASSES_ROOT\CLSID\{f378ff85-8d0a-cbe6-4735-3a67760db6bb}]

2010-09-20 07:27 4718392 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK755shell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK7552]

@="{8406002f-3c7e-565d-de02-414c2856a50b}"

[HKEY_CLASSES_ROOT\CLSID\{8406002f-3c7e-565d-de02-414c2856a50b}]

2010-09-20 07:27 4718392 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK755shell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK7553]

@="{cb5494dd-88ee-383e-88d7-bbd79c7c52d4}"

[HKEY_CLASSES_ROOT\CLSID\{cb5494dd-88ee-383e-88d7-bbd79c7c52d4}]

2010-09-20 07:27 4718392 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK755shell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-11 11580520]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.yahoo.com/p/2.html

uLocal Page = c:\windows\system32\blank.htm

mDefault_Page_URL = hxxp://emachines.msn.com

mStart Page = hxxp://emachines.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-09-29 16:51:43

ComboFix-quarantined-files.txt 2012-09-29 20:51

.

Pre-Run: 433,768,304,640 bytes free

Post-Run: 433,575,403,520 bytes free

.

- - End Of File - - 1B520E2740EABC3D5324F9D051F1BBA4

The system still seems to be running a little choppy. My Yahoo toolbar still isn't working properly. When I click the "Mail Preview" Icon, I either get nothing or a dark blue window. When I click the button to refresh the toolbar, it doesn't load all the way. Still seems real sluggish

Link to post
Share on other sites

I'd suggest you not try Mail or do any websurfing till after we have finished running other tools. So please be patient.

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://go.eset.com/us/online-scanner/faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

Re-enable the antivirus program.

Reply with copy of the Eset scan log

There will be more to do later, after this.

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-09-30 01:49:57

# local_time=2012-09-29 09:49:57 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5121 16777213 100 75 255030 2299936 0 0

# compatibility_mode=5893 16776574 100 94 57716823 100501484 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=226136

# found=0

# cleaned=0

# scan_time=11762

Link to post
Share on other sites

That is a very good result from ESET scan. Please do the following:

Step 1

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

Step 2

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both

Step 3

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Edited by Maurice Naggar
Link to post
Share on other sites

FSS:

Farbar Service Scanner Version: 19-09-2012

Ran by cdav1313 (administrator) on 30-09-2012 at 08:52:41

Running from "C:\Users\cdav1313\Desktop"

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

RSIT Info:

info.txt logfile of random's system information tool 1.09 2012-09-30 08:54:44

======Uninstall list======

-->"C:\Program Files (x86)\eMachines Games\Game Explorer Categories - main\Uninstall.exe"

-->C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE

Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{FDB3B167-F4FA-461D-976F-286304A57B2A}

Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe -maintain activex

Adobe Reader X (10.1.4) MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-AA0000000001}

Agatha Christie - Death on the Nile-->"C:\Program Files (x86)\eMachines Games\Agatha Christie - Death on the Nile\uninstall\uninstaller.exe"

Apple Application Support-->MsiExec.exe /I{63EC2120-1742-4625-AA47-C6A8AEC9C64C}

Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

Bejeweled 2 Deluxe-->"C:\Program Files (x86)\eMachines Games\Bejeweled 2 Deluxe\uninstall\uninstaller.exe"

Build-a-lot 4 - Power Source-->"C:\Program Files (x86)\eMachines Games\Build-a-lot 4 - Power Source\uninstall\uninstaller.exe"

Catalyst Control Center - Branding-->MsiExec.exe /I{CB4A1B25-37AF-4050-AFD9-837FBADF7CD7}

Chronicles of Albian-->"C:\Program Files (x86)\eMachines Games\Chronicles of Albian\uninstall\uninstaller.exe"

Contrôle ActiveX Windows Live Mesh pour connexions à distance-->MsiExec.exe /I{55D003F4-9599-44BF-BA9E-95D060730DD3}

Cradle of Rome 2-->"C:\Program Files (x86)\eMachines Games\Cradle of Rome 2\uninstall\uninstaller.exe"

D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}

Dora's World Adventure-->"C:\Program Files (x86)\eMachines Games\Doras World Adventure\uninstall\uninstaller.exe"

eBay Worldwide-->MsiExec.exe /I{D3E5A972-9A15-427D-AE78-8181A5FD943C}

eMachines Games-->"C:\Program Files (x86)\eMachines Games\Uninstall.exe"

eMachines Recovery Management-->"C:\Program Files (x86)\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x409 -removeonly

eMachines Registration-->C:\Program Files (x86)\eMachines\Registration\Uninstall.exe

eMachines ScreenSaver-->C:\Program Files (x86)\eMachines\Screensaver\Uninstall.exe

eMachines Updater-->"C:\Program Files (x86)\InstallShield Installation Information\{EE171732-BEB4-4576-887D-CB62727F01CA}\setup.exe" -runfromtemp -l0x409 -removeonly

ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"

ESET Online Scanner v3-->C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

Etron USB3.0 Host Controller-->"C:\Program Files (x86)\InstallShield Installation Information\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}\setup.exe" -runfromtemp -l0x0409 -removeonly

Etron USB3.0 Host Controller-->MsiExec.exe /I{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}

Evernote v. 4.5.1-->MsiExec.exe /X{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}

Final Drive: Nitro-->"C:\Program Files (x86)\eMachines Games\Final Drive Nitro\uninstall\uninstaller.exe"

Fooz Kids Platform-->"C:\Program Files (x86)\InstallShield Installation Information\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}\setup.exe" -runfromtemp -l0x0409 -removeonly

Fooz Kids-->msiexec /qb /x {A4E908E5-EE02-843C-9D01-9EA69410B3AB}

Fooz Kids-->MsiExec.exe /I{A4E908E5-EE02-843C-9D01-9EA69410B3AB}

Galerie de photos Windows Live-->MsiExec.exe /X{488F0347-C4A7-4374-91A7-30818BEDA710}

Governor of Poker 2 Premium Edition-->"C:\Program Files (x86)\eMachines Games\Governor of Poker 2 Premium Edition\uninstall\uninstaller.exe"

Hotkey Utility-->C:\Program Files (x86)\eMachines\Hotkey Utility\Uninstall.exe

Identity Card-->C:\Program Files (x86)\eMachines\Identity Card\Uninstall.exe

Java 2 Runtime Environment, SE v1.4.1-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{CD0159C9-17FB-11D6-A76A-00B0D079AF64}\setup.exe" Anytext

Jewel Match 3-->"C:\Program Files (x86)\eMachines Games\Jewel Match 3\uninstall\uninstaller.exe"

Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}

LG United Mobile Drivers-->MsiExec.exe /X{B03954CC-E130-4E57-BC83-869978685902}

Malwarebytes Anti-Malware version 1.65.0.1400-->"E:\This\unins000.exe"

McAfee Internet Security-->C:\Program Files\McAfee\MSC\mcuihost.exe /body:misp://MSCJsRes.dll::uninstall.html /id:uninstall

McAfee Online Backup-->C:\Program Files (x86)\McAfeeMOBK\MozyUninstaller.exe

Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}

Microsoft Office 2010-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE}

Microsoft Office Click-to-Run 2010-->"C:\PROGRA~2\COMMON~1\MICROS~1\VIRTUA~1\CVHBS.EXE" /removeall

Microsoft Office Starter 2010 - English-->C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvhbs.exe /uninstall {90140011-0066-0409-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}

MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

Mystery of Mortlake Mansion-->"C:\Program Files (x86)\eMachines Games\Mystery of Mortlake Mansion\uninstall\uninstaller.exe"

Nero Control Center 10-->MsiExec.exe /X{6DFB899F-17A2-48F0-A533-ED8D6866CF38}

Nero ControlCenter 10 Help (CHM)-->MsiExec.exe /X{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}

Nero Core Components 10-->MsiExec.exe /X{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}

Nero DiscSpeed 10 Help (CHM)-->MsiExec.exe /X{C18A0418-442A-4186-AF98-D08F5054A2FC}

Nero DiscSpeed 10-->MsiExec.exe /X{34490F4E-48D0-492E-8249-B48BECF0537C}

Nero Express 10 Help (CHM)-->MsiExec.exe /X{33643918-7957-4839-92C7-EA96CB621A98}

Nero Express 10-->MsiExec.exe /X{70550193-1C22-445C-8FA4-564E155DB1A7}

Nero Multimedia Suite 10 Essentials-->MsiExec.exe /I{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}

Nero StartSmart 10 Help (CHM)-->MsiExec.exe /X{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}

Nero StartSmart 10-->MsiExec.exe /X{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}

Nero Update-->MsiExec.exe /X{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}

NOOK for PC-->"C:\Program Files (x86)\Barnes & Noble\BNDesktopReader\uninstall.exe"

Norton Online Backup-->MsiExec.exe /X{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}

Penguins!-->"C:\Program Files (x86)\eMachines Games\Penguins!\uninstall\uninstaller.exe"

Plants vs. Zombies - Game of the Year-->"C:\Program Files (x86)\eMachines Games\Plants vs Zombies - Game of the Year\uninstall\uninstaller.exe"

Polar Bowler-->"C:\Program Files (x86)\eMachines Games\Polar Bowler\uninstall\uninstaller.exe"

Polar Golfer-->"C:\Program Files (x86)\eMachines Games\Polar Golfer\uninstall\uninstaller.exe"

RealDownloader-->MsiExec.exe /X{A88E1685-1986-4A86-8E88-5FE1E727D026}

Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client

SolveigMM AVI Trimmer-->"C:\Program Files (x86)\Solveig Multimedia\SolveigMM AVI Trimmer\Uninstall.exe" "C:\Program Files (x86)\Solveig Multimedia\SolveigMM AVI Trimmer\install.log" -u

Times Reader-->msiexec /qb /x {491ADA37-04EE-2ECE-9F86-DDC0106047AC}

Times Reader-->MsiExec.exe /I{491ADA37-04EE-2ECE-9F86-DDC0106047AC}

Torchlight-->"C:\Program Files (x86)\eMachines Games\Torchlight\uninstall\uninstaller.exe"

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client

Update Installer for WildTangent Games App-->"C:\Program Files (x86)\WildTangent Games\App\Uninstall.exe"

Virtual Villagers 5 - New Believers-->"C:\Program Files (x86)\eMachines Games\Virtual Villagers 5 - New Believers\uninstall\uninstaller.exe"

Welcome Center-->C:\Program Files (x86)\eMachines\Welcome Center\Uninstall.exe

WildTangent Games App (eMachines Games)-->"C:\Program Files (x86)\WildTangent Games\Touchpoints\emachines\Uninstall.exe"

Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}

Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}

Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}

Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}

Windows Live Mail-->MsiExec.exe /I{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}

Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}

Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}

Windows Live Mesh-->MsiExec.exe /I{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}

Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}

Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}

Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}

Windows Live Messenger-->MsiExec.exe /X{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}

Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}

Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}

Windows Live Movie Maker-->MsiExec.exe /X{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}

Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}

Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}

Windows Live Photo Common-->MsiExec.exe /X{C893D8C0-1BA0-4517-B11C-E89B65E72F70}

Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}

Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}

Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}

Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}

Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}

Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{05E379CC-F626-4E7D-8354-463865B303BF}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}

Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

Windows Live Writer Resources-->MsiExec.exe /X{62687B11-58B5-4A18-9BC3-9DF4CE03F194}

Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}

Windows Live Writer-->MsiExec.exe /X{3B9A92DA-6374-4872-B646-253F18624D5F}

Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}

Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}

Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}

Windows Live-->MsiExec.exe /I{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}

Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~2\Yahoo!\Common\YINSTH~1.DLL

Yahoo! Internet Mail-->C:\Windows\system32\regsvr32 /u /s C:\PROGRA~2\Yahoo!\Common\YMMAPI.dll

Yahoo! Mail Advisor-->C:\PROGRA~2\Yahoo!\Common\UNINST~1.EXE

Yahoo! Software Update-->C:\PROGRA~2\Yahoo!\SOFTWA~1\UNINST~1.EXE

Yahoo! Toolbar-->C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE

Zuma's Revenge-->"C:\Program Files (x86)\eMachines Games\Zumas Revenge\uninstall\uninstaller.exe"

======System event log======

Computer Name: cdav1313-PC

Event Code: 1014

Message: Name resolution for the name us.mcafee.com timed out after none of the configured DNS servers responded.

Record Number: 399475

Source Name: Microsoft-Windows-DNS-Client

Time Written: 20120913035221.065938-000

Event Type: Warning

User: NT AUTHORITY\NETWORK SERVICE

Computer Name: cdav1313-PC

Event Code: 1014

Message: Name resolution for the name cheetah.vizu.com timed out after none of the configured DNS servers responded.

Record Number: 398742

Source Name: Microsoft-Windows-DNS-Client

Time Written: 20120912234306.104442-000

Event Type: Warning

User: NT AUTHORITY\NETWORK SERVICE

Computer Name: cdav1313-PC

Event Code: 1014

Message: Name resolution for the name r.turn.com timed out after none of the configured DNS servers responded.

Record Number: 398279

Source Name: Microsoft-Windows-DNS-Client

Time Written: 20120912212605.786351-000

Event Type: Warning

User: NT AUTHORITY\NETWORK SERVICE

Computer Name: cdav1313-PC

Event Code: 1014

Message: Name resolution for the name us.mcafee.com timed out after none of the configured DNS servers responded.

Record Number: 397251

Source Name: Microsoft-Windows-DNS-Client

Time Written: 20120912142456.016396-000

Event Type: Warning

User: NT AUTHORITY\NETWORK SERVICE

Computer Name: cdav1313-PC

Event Code: 1014

Message: Name resolution for the name us.mcafee.com timed out after none of the configured DNS servers responded.

Record Number: 397250

Source Name: Microsoft-Windows-DNS-Client

Time Written: 20120912142322.541033-000

Event Type: Warning

User: NT AUTHORITY\NETWORK SERVICE

=====Application event log=====

Computer Name: cdav1313-PC

Event Code: 1530

Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -

1 user registry handles leaked from \Registry\User\S-1-5-21-771940188-3420538874-2173256766-1000:

Process 492 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-771940188-3420538874-2173256766-1000

Record Number: 1442

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20120624170337.440323-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: cdav1313-PC

Event Code: 4107

Message: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.

Record Number: 1415

Source Name: Microsoft-Windows-CAPI2

Time Written: 20120624163431.106788-000

Event Type: Error

User:

Computer Name: cdav1313-PC

Event Code: 1008

Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 1372

Source Name: Microsoft-Windows-Search

Time Written: 20120624161650.000000-000

Event Type: Warning

User:

Computer Name: cdav1313-PC

Event Code: 10

Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Record Number: 1369

Source Name: Microsoft-Windows-WMI

Time Written: 20120624151652.000000-000

Event Type: Error

User:

Computer Name: WIN-VC7ONHVJIDI

Event Code: 6001

Message: The winlogon notification subscriber <GPClient> failed a notification event.

Record Number: 1360

Source Name: Microsoft-Windows-Winlogon

Time Written: 20120415091749.000000-000

Event Type: Warning

User:

=====Security event log=====

Computer Name: WIN-VC7ONHVJIDI

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-5-18

Account Name: WIN-VC7ONHVJIDI$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon Type: 5

New Logon:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x1e4

Process Name: C:\Windows\System32\services.exe

Network Information:

Workstation Name:

Source Network Address: -

Source Port: -

Detailed Authentication Information:

Logon Process: Advapi

Authentication Package: Negotiate

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 769

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120415091715.763713-000

Event Type: Audit Success

User:

Computer Name: WIN-VC7ONHVJIDI

Event Code: 4672

Message: Special privileges assigned to new logon.

Subject:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 768

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120415091714.281710-000

Event Type: Audit Success

User:

Computer Name: WIN-VC7ONHVJIDI

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-5-18

Account Name: WIN-VC7ONHVJIDI$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon Type: 5

New Logon:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x1e4

Process Name: C:\Windows\System32\services.exe

Network Information:

Workstation Name:

Source Network Address: -

Source Port: -

Detailed Authentication Information:

Logon Process: Advapi

Authentication Package: Negotiate

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 767

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120415091714.281710-000

Event Type: Audit Success

User:

Computer Name: WIN-VC7ONHVJIDI

Event Code: 4738

Message: A user account was changed.

Subject:

Security ID: S-1-5-21-771940188-3420538874-2173256766-500

Account Name: Administrator

Account Domain: WIN-VC7ONHVJIDI

Logon ID: 0x39d4b

Target Account:

Security ID: S-1-5-21-771940188-3420538874-2173256766-500

Account Name: Administrator

Account Domain: WIN-VC7ONHVJIDI

Changed Attributes:

SAM Account Name: -

Display Name: -

User Principal Name: -

Home Directory: -

Home Drive: -

Script Path: -

Profile Path: -

User Workstations: -

Password Last Set: -

Account Expires: -

Primary Group ID: -

AllowedToDelegateTo: -

Old UAC Value: 0x211

New UAC Value: 0x211

User Account Control: -

User Parameters: -

SID History: -

Logon Hours: -

Additional Information:

Privileges: -

Record Number: 766

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120415091712.253707-000

Event Type: Audit Success

User:

Computer Name: WIN-VC7ONHVJIDI

Event Code: 1102

Message: The audit log was cleared.

Subject:

Security ID: S-1-5-21-771940188-3420538874-2173256766-500

Account Name: Administrator

Domain Name: WIN-VC7ONHVJIDI

Logon ID: 0x39d4b

Record Number: 765

Source Name: Microsoft-Windows-Eventlog

Time Written: 20120415091708.197699-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=2

"PROCESSOR_LEVEL"=20

"PROCESSOR_IDENTIFIER"=AMD64 Family 20 Model 1 Stepping 0, AuthenticAMD

"PROCESSOR_REVISION"=0100

"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log

"windows_tracing_flags"=3

"AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\

"asl.log"=Destination=file

-----------------EOF-----------------

RSIT Log:

Logfile of random's system information tool 1.09 (written by random/random)

Run by cdav1313 at 2012-09-30 08:54:12

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 413 GB (90%) free of 457 GB

Total RAM: 3576 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:54:39 AM, on 9/30/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16450)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe

C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe

C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe

C:\Program Files (x86)\iTunes\iTunes.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\cdav1313\Desktop\FSS.exe

C:\Windows\SysWOW64\notepad.exe

C:\Users\cdav1313\Desktop\RSIT.exe

C:\Program Files (x86)\trend micro\cdav1313.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://emachines.msn.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120624164037.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [bYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\j2re1.4.1\bin\npjpi141.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\j2re1.4.1\bin\npjpi141.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.clonewarsadventures.com

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1) - http://javadl-esd.su...indows-i586.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://nainfor.webe...ex/ieatgpc1.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

O23 - Service: McAfee Online Backup Service (MOBK755backup) - McAfee, Inc. - C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 12516 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll [2012-06-11 1524056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealNetworks Download and Record Plugin for Internet Explorer - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-08-09 508656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]

scriptproxy - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120624164037.dll [2012-05-25 79776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2012-02-17 281600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll [2012-06-11 1524056]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2012-02-17 281600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Norton Online Backup"=C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-01 1155928]

"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-05-25 336384]

"Hotkey Utility"=C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [2011-08-10 627304]

"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-08-27 59280]

"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2012-03-21 1675160]

"YMailAdvisor"=C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe [2009-05-08 174424]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]

"BYR_AGENT"=C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe [2012-09-13 396416]

"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-09-09 421776]

C:\Users\cdav1313\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

ERUNT AutoBackup.lnk - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro36]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro36.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=0

"ConsentPromptBehaviorUser"=3

"EnableLUA"=0

"EnableUIADesktopToggle"=0

"PromptOnSecureDesktop"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm

"vidc.cvid"=iccvid.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"msacm.siren"=sirenacm.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-09-30 08:54:12 ----D---- C:\rsit

2012-09-30 08:54:12 ----D---- C:\Program Files (x86)\trend micro

2012-09-29 18:22:21 ----D---- C:\Program Files (x86)\ESET

2012-09-29 16:57:39 ----D---- C:\e

2012-09-29 16:57:31 ----D---- C:\Data

2012-09-29 16:55:42 ----SHD---- C:\$RECYCLE.BIN

2012-09-29 16:51:44 ----A---- C:\ComboFix.txt

2012-09-29 15:23:36 ----A---- C:\Windows\zip.exe

2012-09-29 15:23:36 ----A---- C:\Windows\SWSC.exe

2012-09-29 15:23:36 ----A---- C:\Windows\SWREG.exe

2012-09-29 15:23:36 ----A---- C:\Windows\sed.exe

2012-09-29 15:23:36 ----A---- C:\Windows\PEV.exe

2012-09-29 15:23:36 ----A---- C:\Windows\NIRCMD.exe

2012-09-29 15:23:36 ----A---- C:\Windows\MBR.exe

2012-09-29 15:23:36 ----A---- C:\Windows\grep.exe

2012-09-29 15:22:07 ----D---- C:\Qoobox

2012-09-29 13:18:08 ----D---- C:\Windows\ERDNT

2012-09-29 13:17:09 ----D---- C:\Program Files (x86)\ERUNT

2012-09-27 22:17:45 ----D---- C:\MGtools

2012-09-27 22:15:20 ----D---- C:\ProgramData\HitmanPro

2012-09-27 22:13:41 ----A---- C:\TDSSKiller.2.8.10.0_27.09.2012_22.13.41_log.txt

2012-09-27 22:11:24 ----A---- C:\TDSSKiller.2.8.10.0_27.09.2012_22.11.24_log.txt

2012-09-22 03:01:03 ----A---- C:\Windows\SysWOW64\mshtmled.dll

2012-09-22 03:01:02 ----A---- C:\Windows\SysWOW64\vbscript.dll

2012-09-22 03:01:02 ----A---- C:\Windows\SysWOW64\ieui.dll

2012-09-22 03:01:01 ----A---- C:\Windows\SysWOW64\url.dll

2012-09-22 03:01:01 ----A---- C:\Windows\SysWOW64\ieUnatt.exe

2012-09-22 03:01:00 ----A---- C:\Windows\SysWOW64\urlmon.dll

2012-09-22 03:00:59 ----A---- C:\Windows\SysWOW64\msfeeds.dll

2012-09-22 03:00:58 ----A---- C:\Windows\SysWOW64\wininet.dll

2012-09-22 03:00:57 ----A---- C:\Windows\SysWOW64\jscript9.dll

2012-09-22 03:00:57 ----A---- C:\Windows\SysWOW64\jscript.dll

2012-09-22 03:00:55 ----A---- C:\Windows\SysWOW64\jsproxy.dll

2012-09-22 03:00:55 ----A---- C:\Windows\SysWOW64\iertutil.dll

2012-09-22 03:00:52 ----A---- C:\Windows\SysWOW64\mshtml.dll

2012-09-22 03:00:47 ----A---- C:\Windows\SysWOW64\ieframe.dll

2012-09-16 16:30:11 ----A---- C:\log.txt

2012-09-15 09:00:53 ----D---- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-09-15 09:00:53 ----D---- C:\Program Files (x86)\iTunes

2012-09-15 08:49:50 ----D---- C:\Config.Msi

2012-09-12 00:04:56 ----A---- C:\Windows\SysWOW64\d3d10level9.dll

2012-09-10 17:24:25 ----D---- C:\Program Files (x86)\Common Files\Solveig Multimedia

2012-09-10 17:24:24 ----D---- C:\Program Files (x86)\Solveig Multimedia

2012-09-08 13:12:35 ----D---- C:\ProgramData\VirtualizedApplications

2012-09-08 11:11:11 ----RD---- C:\MSOCache

2012-09-08 11:01:24 ----D---- C:\Users\cdav1313\AppData\Roaming\SoftGrid Client

2012-09-05 03:02:24 ----D---- C:\Users\cdav1313\AppData\Roaming\Skype

======List of files/folders modified in the last 1 month======

2012-09-30 08:54:15 ----D---- C:\Windows\Temp

2012-09-30 08:54:12 ----RD---- C:\Program Files (x86)

2012-09-29 22:16:05 ----D---- C:\Windows\System32

2012-09-29 22:16:05 ----D---- C:\Windows\inf

2012-09-29 22:11:30 ----A---- C:\Windows\SysWOW64\lgAxconfig.ini

2012-09-29 18:22:23 ----D---- C:\Windows\Downloaded Program Files

2012-09-29 16:55:16 ----D---- C:\Windows

2012-09-29 16:47:20 ----A---- C:\Windows\system.ini

2012-09-29 16:32:51 ----D---- C:\Windows\SysWOW64\drivers

2012-09-29 16:32:51 ----D---- C:\Windows\SysWOW64

2012-09-29 16:32:51 ----D---- C:\Windows\AppPatch

2012-09-29 16:32:45 ----D---- C:\Program Files (x86)\Common Files

2012-09-29 15:24:07 ----SHD---- C:\System Volume Information

2012-09-29 15:21:45 ----D---- C:\Windows\Prefetch

2012-09-28 00:21:45 ----D---- C:\Windows\rescache

2012-09-27 22:47:00 ----RD---- C:\Program Files

2012-09-27 22:15:20 ----D---- C:\ProgramData

2012-09-27 22:14:52 ----D---- C:\Windows\Panther

2012-09-27 22:14:49 ----D---- C:\Windows\Minidump

2012-09-27 22:14:49 ----D---- C:\Windows\Logs

2012-09-27 22:14:49 ----D---- C:\Windows\debug

2012-09-27 03:01:20 ----D---- C:\Windows\winsxs

2012-09-26 17:17:43 ----D---- C:\Users\cdav1313\AppData\Roaming\uTorrent

2012-09-22 03:17:41 ----D---- C:\Windows\SysWOW64\migration

2012-09-22 03:17:41 ----D---- C:\Program Files (x86)\Internet Explorer

2012-09-15 09:04:55 ----SHD---- C:\Windows\Installer

2012-09-15 09:00:54 ----D---- C:\Program Files (x86)\Common Files\Apple

2012-09-11 18:03:29 ----D---- C:\ProgramData\Adobe

2012-09-11 18:01:18 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-09-08 11:02:17 ----SD---- C:\Users\cdav1313\AppData\Roaming\Microsoft

2012-09-08 11:02:04 ----D---- C:\Users\cdav1313\AppData\Roaming\TP

2012-09-08 11:00:57 ----SD---- C:\ProgramData\Microsoft

2012-09-05 06:02:19 ----D---- C:\ProgramData\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys []

R0 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys []

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []

R1 mfenlfk;McAfee NDIS Light Filter; C:\Windows\system32\DRIVERS\mfenlfk.sys []

R1 MOBK755Filter;MOBK755Filter; C:\Windows\system32\DRIVERS\MOBK755.sys []

R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []

R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys []

R3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys []

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []

R3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys []

R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys []

R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys []

R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []

R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys []

R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys []

R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys []

R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys []

R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []

S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys []

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 mfeavfk01;McAfee Inc.; C:\Windows\SysWOW64\drivers\mfeavfk01.sys []

S3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys []

S3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys []

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []

S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys []

S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []

S3 usbbus;LGE CDMA Composite USB Device; C:\Windows\system32\DRIVERS\lgx64bus.sys []

S3 UsbDiag;LGE CDMA USB Serial Port; C:\Windows\system32\DRIVERS\lgx64diag.sys []

S3 USBModem;LGE CDMA USB Modem; C:\Windows\system32\DRIVERS\lgx64modem.sys []

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]

R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

R2 GREGService;GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2011-05-29 36456]

R2 Live Updater Service;Live Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2012-02-06 255376]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-01-13 103440]

R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R2 McShield;McAfee McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2012-05-25 199304]

R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616]

R2 mfevtp;McAfee Validation Trust Protection Service; C:\Windows\system32\mfevtps.exe []

R2 MOBK755backup;McAfee Online Backup Service; C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe [2010-09-20 207672]

R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]

R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-01 2804568]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-08-09 38608]

R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]

R2 YahooAUService;Yahoo! Updater; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-09-09 936848]

R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-11 250568]

S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2012-08-23 502064]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

Security Check:

Results of screen317's Security Check version 0.99.51

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

McAfee Anti-Virus and Anti-Spyware

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.0.1400

Java 2 Runtime Environment, SE v1.4.1

Java version out of Date!

Adobe Reader X (10.1.4)

````````Process Check: objlist.exe by Laurent````````

Symantec Norton Online Backup NOBuAgent.exe

McAfee Online Backup MOBK755backup.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

There's an old version of Java runtime that needs to be Uninstalled, Java 2 Runtime Environment, SE v1.4.1

Older versions of Java pose a security risk.

And if you do not need Java for the programs that you use, keep Java off your system. There is a security concern about the newest versions as well.

See http://seclists.org/bugtraq/2012/Sep/109

and https://www.networkworld.com/community/blog/time-disable-java-again-1-billion-risk-newest-critical-java-bug

This system appears to have an older version of Adobe Flash Player:

To de-install Flash Player

Use Programs and Features (Windows 7 & Vista) or Add-or-Remove Programs (Windows XP) to de-install older versions of Flash Player.

For stubborn cases,

Download and save the Flash Player uninstaller >> uninstall Flash Player for 32-bit Windows<<

If you have Windows 64-bit, use this Flash Player uninstaller >> uninstall Flash Player for 64-bit Windows<<

Close all browsers and instant messenger (IM) programs.

Run the uninstaller.

To get latest Flash Player

Go to http://www.adobe.com/go/getflash

and get the latest Flash Player

Un-Check any checkbox for Google Chrome, or McAfee Security Scan Plus, or any other widget or toolbar or add-on!!!

Reference: How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

http://support.microsoft.com/kb/827218

Windows 7 User Account Control

Windows 7 User Account Control provides some protection for yur system. Right now, it is Off. Please turn it ON.

See 7 this MS reference http://windows.microsoft.com/en-US/windows7/Turn-User-Account-Control-on-or-off

You can set it 1 or 2 notches below the maximum.

Other than that, I do not see anything malware-wise in your RSIT log. And the FSS result is good.

You should likely see the Yahoo support website regarding issue with Yahoo mail / Yahoo toolbar.

How is the system now ?

Link to post
Share on other sites

I uninstalled Flash & Java. Its still not running right. I was using the Yahoo toolbar problem as a guide because that started acting up the same time everything else happened. Internet Explorer still every now and then will freeze up and a box will open sayingsomething about IE not working or responding or something and it reopens it all (it does this several times an hour and never used to).

And what about my quarantined items from my 1st post. Malewarebytes quarantined itself by itself (and that was the start of my IE & Yahoo toolbar problems). And I don't know what the other 2 things are. Should I delete them out of my quarantine? Restore them? One of them calls itself a "Keylogger" which worries me. And its the end of the month and I have to start paying bills but I'm afraid to go to my bank's website and type a password.

Link to post
Share on other sites

For Internet Explorer:

Using IE (only!) to http://support.microsoft.com/kb/923737

[ignore any DOES NOT APPLY warning as well as the APPLIES TO section],

run the Fix It and then reboot.

Tip: For optimal results, enable the Delete personal settings option.

Start MBAM.

Click the Quarantine tab. Provide a list of what is in there.

Link to post
Share on other sites

3 things in my quarantine:

Trojan.Keylogger is the "Vendor" and it lists the "Item" as C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\comctl32.dll.nui

The next item quarantined has a "Vendor" called Trojan.Goldun and the "Item" is my malwarebytes (E:\zStuff\Malewarebytes'Anti-Maleware\mbam.exe)

The third thing is "Vendor" Trojan.Banker and the "Item" C:\Windows\System32\NLSData0000.dll

Link to post
Share on other sites

1 item is a false positive. and the item on the E drive is not the installed MBAM.

In MBAM, at the Quarantine tab

Have this item permanently deleted

quarantined has a "Vendor" called Trojan.Goldun (E:\zStuff\Malewarebytes'Anti-Maleware\mbam.exe)

This next item is a false positive and you can restore it

"Item" C:\Windows\System32\NLSData0000.dll

Then Exit out of MBAM.

Step 2

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Please close any of your open windows/programs and exit; saving any open work you have.

Go slow and careful. This is a Custom scan. Have infinite patience while it runs.

Temporarily turn OFF your antivirus program so that it does not interfere. Leave the firewall on

For a how-to-reference, see this How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\\Application Data\\*.
    %ALLUSERSPROFILE%\\Application Data\\*.exe /s
    %ALLUSERSPROFILE%\\Application Data\\*.dll /s
    %APPDATA%\\*.
    %APPDATA%\\*.exe /s
    %SYSTEMDRIVE%\\*.exe
    /md5start
    services.*
    comctl32.*
    wbemess.dill
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    consrv.dll
    qmgr.dll
    /md5stop
    c:|conduit;true;true;true; /FP
    c:|Fun4IM;true;true;true; /FP
    c:|Bandoo;true;true;true; /FP
    c:|Searchn;true;true;true; /FP
    c:|Searchq;true;true;true; /FP
    c:|datamngr;true;true;true; /FP
    c:|iLivid;true;true;true; /FP
    c:|whitesmoke;true;true;true; /FP
    c:|services.ex;true;true;true; /FP
    %USERPROFILE%\\..|smtmp;true;true;true /FP
    %systemroot%\\*. /mp /s
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • :excl: Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long. Have inifinite patience. OTL may appear to stall but it will finish.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please Copy/Paste the OTL log(s) into a new reply.

Step 3

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and paste the MBAM scan log for review.

Edited by Maurice Naggar
Link to post
Share on other sites

Sorry, I've been working outside and am about to leave for awhile. I will download and do all the scans you asked for in a few hours. I just wanted to say real quick before I go that I think that the malwarebytes in my quarantine was in fact my actual malewarebytes program. That was the location it was in, and after the mysterious quarantine of those 3 items, I could not open malwarebytes and therefore had to redownload it anew in a new location as I stated in my original posting. Though with the new one, I no longer need the old one I will delete it, I just wanted you to be aware of that.

I will do the OTL scan and malewarebytes scan in a few hours after I return home and will post the logs then. Thank you.

Link to post
Share on other sites

OTL.txt: (Part 1)

OTL logfile created on: 9/30/2012 4:24:42 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\cdav1313\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 74.71% Memory free

6.98 Gb Paging File | 5.65 Gb Available in Paging File | 80.95% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 446.13 Gb Total Space | 401.73 Gb Free Space | 90.05% Space Free | Partition Type: NTFS

Drive E: | 2794.51 Gb Total Space | 1996.51 Gb Free Space | 71.44% Space Free | Partition Type: NTFS

Drive H: | 465.75 Gb Total Space | 18.00 Gb Free Space | 3.86% Space Free | Partition Type: NTFS

Computer Name: CDAV1313-PC | User Name: cdav1313 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/30 16:22:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\cdav1313\Desktop\OTL.exe

PRC - [2012/09/13 00:54:58 | 000,396,416 | ---- | M] (LG Electronics) -- C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe

PRC - [2012/08/09 13:02:26 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/02/06 20:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011/08/10 23:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe

PRC - [2011/05/29 22:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe

PRC - [2010/05/04 15:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe

PRC - [2009/05/08 06:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe

PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/08/10 23:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe

MOD - [2011/08/10 23:57:22 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyHook.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/08/23 11:57:48 | 000,502,064 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV:64bit: - [2012/05/25 17:13:54 | 000,162,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2012/05/25 16:59:02 | 000,210,616 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV:64bit: - [2012/05/25 16:58:32 | 000,199,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV:64bit: - [2012/02/06 20:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Live Updater Service)

SRV:64bit: - [2011/05/24 10:03:40 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/09/30 10:42:49 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/08/09 13:02:26 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)

SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/01/13 11:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)

SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/05/29 22:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe -- (GREGService)

SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/09/20 03:27:20 | 000,207,672 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe -- (MOBK755backup)

SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)

SRV - [2010/05/04 15:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)

DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)

DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)

DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)

DRV:64bit: - [2011/12/15 13:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)

DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011/07/14 01:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/07/14 01:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/06/06 05:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2011/05/24 11:26:58 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/05/24 09:25:44 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/05/16 10:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/02/14 02:42:36 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)

DRV:64bit: - [2011/02/14 02:42:30 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)

DRV:64bit: - [2011/02/14 02:42:28 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)

DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/09/20 03:27:12 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK755.sys -- (MOBK755Filter)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://emachines.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://emachines.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/p/2.html

IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)

IE - HKCU\..\SearchScopes,DefaultScope = {E2552AB6-3D90-4879-A1A7-1CA2141A750F}

IE - HKCU\..\SearchScopes\{E2552AB6-3D90-4879-A1A7-1CA2141A750F}: "URL" = http://www.google.co...{outputEncoding?}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.2.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.2.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\cdav1313\AppData\Local\Roblox\Versions\version-5e3e8a498c5b4d63\\NPRobloxProxy.dll ()

FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\cdav1313\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\cdav1313\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/06/24 16:40:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/06/27 06:17:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B1FC07E1-E05B-4567-8891-E63FBE545BA8}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/08/30 21:09:30 | 000,000,000 | ---D | M]

[2012/06/24 14:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cdav1313\AppData\Roaming\Mozilla\Firefox\extensions

[2012/06/24 14:45:59 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\cdav1313\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

O1 HOSTS File: ([2012/09/29 16:47:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics)

O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)

O4 - Startup: C:\Users\cdav1313\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)

O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://nainfor.webe...ex/ieatgpc1.cab (GpcContainer Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE60ABF8-A607-432C-A229-1CCA1AF805B3}: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: hitmanpro36 - Reg Error: Value error.

SafeBootMin:64bit: hitmanpro36.sys - Reg Error: Value error.

SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SafeBootMin:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: hitmanpro36 - Reg Error: Value error.

SafeBootMin: hitmanpro36.sys - Reg Error: Value error.

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: hitmanpro36 - Reg Error: Value error.

SafeBootNet:64bit: hitmanpro36.sys - Reg Error: Value error.

SafeBootNet:64bit: McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SafeBootNet:64bit: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SafeBootNet:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()

SafeBootNet:64bit: mfefirek - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)

SafeBootNet:64bit: mfefirek.sys - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)

SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)

SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)

SafeBootNet:64bit: mfevtp - C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: hitmanpro36 - Reg Error: Value error.

SafeBootNet: hitmanpro36.sys - Reg Error: Value error.

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.

ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.

ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/30 16:21:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\cdav1313\Desktop\OTL.exe

[2012/09/30 16:21:26 | 001,537,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NLSData0000.dll

[2012/09/30 14:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2012/09/30 14:07:12 | 000,000,000 | ---D | C] -- C:\Users\cdav1313\AppData\Roaming\Yahoo!

[2012/09/30 14:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion

[2012/09/30 10:42:49 | 000,696,240 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/09/30 10:42:48 | 000,073,136 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/09/30 08:54:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro

[2012/09/30 08:54:12 | 000,000,000 | ---D | C] -- C:\rsit

[2012/09/30 08:52:04 | 000,693,265 | ---- | C] (Farbar) -- C:\Users\cdav1313\Desktop\FSS.exe

[2012/09/29 18:22:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/09/29 17:23:58 | 000,000,000 | ---D | C] -- C:\Users\cdav1313\AppData\Local\{51C60E90-B46A-44DA-8D70-D41B25171B38}

[2012/09/29 16:57:39 | 000,000,000 | ---D | C] -- C:\e

[2012/09/29 16:57:31 | 000,000,000 | ---D | C] -- C:\Data

[2012/09/29 16:55:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/09/29 15:23:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/09/29 15:23:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/09/29 15:23:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/09/29 15:22:07 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/09/29 15:18:36 | 004,757,745 | R--- | C] (Swearware) -- C:\Users\cdav1313\Desktop\ComboFix.exe

[2012/09/29 15:13:52 | 001,678,240 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\cdav1313\Desktop\rkill.com

[2012/09/29 15:12:37 | 000,000,000 | ---D | C] -- C:\Users\cdav1313\Desktop\rkill

[2012/09/29 13:21:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\cdav1313\Desktop\aswMBR.exe

[2012/09/29 13:18:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/09/29 13:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/09/29 13:17:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2012/09/27 22:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro

[2012/09/27 22:17:45 | 000,000,000 | ---D | C] -- C:\MGtools

[2012/09/27 22:15:50 | 008,864,168 | ---- | C] (SurfRight B.V.) -- C:\Users\cdav1313\Desktop\HitmanPro36_x64.exe

[2012/09/27 22:15:20 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2012/09/27 22:14:21 | 007,758,424 | ---- | C] (SurfRight B.V.) -- C:\Users\cdav1313\Desktop\HitmanPro36.exe

[2012/09/27 22:13:32 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\cdav1313\Desktop\tdsskiller.exe

[2012/09/27 22:09:56 | 000,000,000 | ---D | C] -- C:\Users\cdav1313\Desktop\RK_Quarantine

[2012/09/27 22:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012/09/26 07:48:19 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe

[2012/09/24 20:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\This

[2012/09/22 03:01:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/09/22 03:01:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/09/22 03:01:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/09/22 03:01:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/09/22 03:01:01 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/09/22 03:01:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/09/22 03:01:01 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/09/22 03:01:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/09/22 03:01:00 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/09/22 03:01:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/09/22 03:00:59 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/09/22 03:00:59 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012/09/22 03:00:57 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/09/22 03:00:56 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/09/22 03:00:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012/09/15 14:15:30 | 000,000,000 | ---D | C] -- C:\Users\cdav1313\AppData\Local\Unity

[2012/09/15 09:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/09/15 09:02:52 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys

[2012/09/15 09:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/09/15 09:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/09/15 09:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2012/09/15 09:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2012/09/12 00:05:00 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys

[2012/09/12 00:04:56 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll

[2012/09/12 00:04:50 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys

[2012/09/12 00:04:50 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

[2012/09/10 17:36:54 | 000,000,000 | ---D | C] -- C:\Users\cdav1313\Desktop\PF

[2012/09/10 17:24:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solveig Multimedia

[2012/09/10 17:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Solveig Multimedia

[2012/09/10 17:24:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Solveig Multimedia

[2012/09/10 17:16:45 | 000,000,000 | ---D | C] -- C:\Users\cdav1313\AppData\Local\{A62E461C-E13F-49B6-84C9-DFE2616EEF1B}

[2012/09/08 13:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications

[2012/09/08 11:11:11 | 000,000,000 | R--D | C] -- C:\MSOCache

[2012/09/08 11:01:28 | 000,000,000 | ---D | C] -- C:\Users\cdav1313\AppData\Local\SoftGrid Client

[2012/09/08 11:01:24 | 000,000,000 | ---D | C] -- C:\Users\cdav1313\AppData\Roaming\SoftGrid Client

[2012/09/08 11:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)

[2012/09/05 03:02:24 | 000,000,000 | ---D | C] -- C:\Users\cdav1313\AppData\Roaming\Skype

[2012/09/03 17:35:40 | 000,000,000 | ---D | C] -- C:\Users\cdav1313\AppData\Local\{648AE64E-A12B-4918-9885-F1B165C41649}

========== Files - Modified Within 30 Days ==========

[2012/09/30 16:22:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\cdav1313\Desktop\OTL.exe

[2012/09/30 16:21:26 | 001,537,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\NLSData0000.dll

[2012/09/30 16:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/09/30 14:12:00 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/09/30 14:12:00 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/09/30 14:09:15 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/09/30 14:09:15 | 000,624,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/09/30 14:09:15 | 000,106,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/09/30 14:08:35 | 000,001,837 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk

[2012/09/30 14:04:52 | 000,000,065 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini

[2012/09/30 14:04:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/09/30 14:03:59 | 2812,485,632 | -HS- | M] () -- C:\hiberfil.sys

[2012/09/30 10:42:49 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/09/30 10:42:48 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/09/30 09:00:02 | 000,881,724 | ---- | M] () -- C:\Users\cdav1313\Desktop\SecurityCheck.exe

[2012/09/30 08:54:06 | 000,781,383 | ---- | M] () -- C:\Users\cdav1313\Desktop\RSIT.exe

[2012/09/30 08:52:17 | 000,693,265 | ---- | M] (Farbar) -- C:\Users\cdav1313\Desktop\FSS.exe

[2012/09/29 17:24:12 | 000,083,508 | ---- | M] () -- C:\Users\cdav1313\Desktop\2261683.jpg

[2012/09/29 17:23:38 | 000,000,996 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/09/29 16:57:45 | 000,000,380 | ---- | M] () -- C:\edu.bmp

[2012/09/29 16:57:45 | 000,000,304 | ---- | M] () -- C:\dir.bmp

[2012/09/29 16:57:45 | 000,000,284 | ---- | M] () -- C:\srch_map_1.gif

[2012/09/29 16:57:45 | 000,000,279 | ---- | M] () -- C:\hj_1.gif

[2012/09/29 16:57:45 | 000,000,277 | ---- | M] () -- C:\mov_1.gif

[2012/09/29 16:57:45 | 000,000,274 | ---- | M] () -- C:\trav_1.gif

[2012/09/29 16:57:45 | 000,000,273 | ---- | M] () -- C:\srch_stk_1.gif

[2012/09/29 16:57:45 | 000,000,268 | ---- | M] () -- C:\ab_1.gif

[2012/09/29 16:57:45 | 000,000,240 | ---- | M] () -- C:\srch_site_1.gif

[2012/09/29 16:57:45 | 000,000,138 | ---- | M] () -- C:\flk2.gif

[2012/09/29 16:57:45 | 000,000,121 | ---- | M] () -- C:\srch_nws_1.gif

[2012/09/29 16:57:45 | 000,000,113 | ---- | M] () -- C:\srch_aud_1.gif

[2012/09/29 16:57:45 | 000,000,103 | ---- | M] () -- C:\del_1.gif

[2012/09/29 16:57:44 | 000,000,265 | ---- | M] () -- C:\srch_ans_1.gif

[2012/09/29 16:57:44 | 000,000,131 | ---- | M] () -- C:\srch_loc_1.gif

[2012/09/29 16:57:44 | 000,000,123 | ---- | M] () -- C:\srch_sh_1.gif

[2012/09/29 16:57:43 | 000,000,235 | ---- | M] () -- C:\srch_1.gif

[2012/09/29 16:57:43 | 000,000,112 | ---- | M] () -- C:\srch_vid_1.gif

[2012/09/29 16:57:43 | 000,000,112 | ---- | M] () -- C:\srch_img_1.gif

[2012/09/29 16:47:03 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/09/29 15:18:37 | 004,757,745 | R--- | M] (Swearware) -- C:\Users\cdav1313\Desktop\ComboFix.exe

[2012/09/29 15:13:52 | 001,678,240 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\cdav1313\Desktop\rkill.com

[2012/09/29 14:45:46 | 001,412,096 | ---- | M] () -- C:\Users\cdav1313\Desktop\RogueKiller.exe

[2012/09/29 14:39:56 | 000,000,512 | ---- | M] () -- C:\Users\cdav1313\Desktop\MBR.dat

[2012/09/29 13:22:03 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\cdav1313\Desktop\aswMBR.exe

[2012/09/29 13:17:30 | 000,001,113 | ---- | M] () -- C:\Users\cdav1313\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2012/09/29 13:17:13 | 000,000,933 | ---- | M] () -- C:\Users\cdav1313\Desktop\NTREGOPT.lnk

[2012/09/29 13:17:13 | 000,000,914 | ---- | M] () -- C:\Users\cdav1313\Desktop\ERUNT.lnk

[2012/09/27 22:17:45 | 001,670,974 | ---- | M] () -- C:\Users\cdav1313\Desktop\MGtools.exe

[2012/09/27 22:17:05 | 008,864,168 | ---- | M] (SurfRight B.V.) -- C:\Users\cdav1313\Desktop\HitmanPro36_x64.exe

[2012/09/27 22:15:15 | 007,758,424 | ---- | M] (SurfRight B.V.) -- C:\Users\cdav1313\Desktop\HitmanPro36.exe

[2012/09/27 22:13:36 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\cdav1313\Desktop\tdsskiller.exe

[2012/09/24 20:16:18 | 000,000,519 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/09/24 20:08:12 | 000,000,047 | ---- | M] () -- C:\Users\cdav1313\AppData\Roaming\mbam.context.scan

[2012/09/23 17:34:57 | 000,001,181 | ---- | M] () -- C:\Users\cdav1313\Desktop\ROBLOX Studio 2.0 Beta.lnk

[2012/09/23 17:34:56 | 000,001,161 | ---- | M] () -- C:\Users\cdav1313\Desktop\ROBLOX Studio.lnk

[2012/09/23 17:34:55 | 000,001,362 | ---- | M] () -- C:\Users\cdav1313\Desktop\ROBLOX Player.lnk

[2012/09/21 01:54:15 | 000,294,431 | ---- | M] () -- C:\Users\cdav1313\Desktop\front.jpeg

[2012/09/15 09:03:06 | 000,001,792 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/09/10 17:24:38 | 000,001,210 | ---- | M] () -- C:\Users\cdav1313\Desktop\SolveigMM AVI Trimmer + MKV.lnk

[2012/09/09 22:08:50 | 000,113,576 | ---- | M] () -- C:\Users\cdav1313\Desktop\Draft Report Card.jpg

[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/09/30 10:42:50 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/09/30 08:59:59 | 000,881,724 | ---- | C] () -- C:\Users\cdav1313\Desktop\SecurityCheck.exe

[2012/09/30 08:53:50 | 000,781,383 | ---- | C] () -- C:\Users\cdav1313\Desktop\RSIT.exe

[2012/09/29 17:23:32 | 000,083,508 | ---- | C] () -- C:\Users\cdav1313\Desktop\2261683.jpg

[2012/09/29 16:57:45 | 000,000,380 | ---- | C] () -- C:\edu.bmp

[2012/09/29 16:57:45 | 000,000,304 | ---- | C] () -- C:\dir.bmp

[2012/09/29 16:57:45 | 000,000,284 | ---- | C] () -- C:\srch_map_1.gif

[2012/09/29 16:57:45 | 000,000,279 | ---- | C] () -- C:\hj_1.gif

[2012/09/29 16:57:45 | 000,000,277 | ---- | C] () -- C:\mov_1.gif

[2012/09/29 16:57:45 | 000,000,274 | ---- | C] () -- C:\trav_1.gif

[2012/09/29 16:57:45 | 000,000,273 | ---- | C] () -- C:\srch_stk_1.gif

[2012/09/29 16:57:45 | 000,000,268 | ---- | C] () -- C:\ab_1.gif

[2012/09/29 16:57:45 | 000,000,240 | ---- | C] () -- C:\srch_site_1.gif

[2012/09/29 16:57:45 | 000,000,138 | ---- | C] () -- C:\flk2.gif

[2012/09/29 16:57:45 | 000,000,121 | ---- | C] () -- C:\srch_nws_1.gif

[2012/09/29 16:57:45 | 000,000,113 | ---- | C] () -- C:\srch_aud_1.gif

[2012/09/29 16:57:45 | 000,000,103 | ---- | C] () -- C:\del_1.gif

[2012/09/29 16:57:44 | 000,000,265 | ---- | C] () -- C:\srch_ans_1.gif

[2012/09/29 16:57:44 | 000,000,131 | ---- | C] () -- C:\srch_loc_1.gif

[2012/09/29 16:57:44 | 000,000,123 | ---- | C] () -- C:\srch_sh_1.gif

[2012/09/29 16:57:43 | 000,000,235 | ---- | C] () -- C:\srch_1.gif

[2012/09/29 16:57:43 | 000,000,112 | ---- | C] () -- C:\srch_vid_1.gif

[2012/09/29 16:57:43 | 000,000,112 | ---- | C] () -- C:\srch_img_1.gif

[2012/09/29 15:23:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/09/29 15:23:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/09/29 15:23:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/09/29 15:23:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/09/29 15:23:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/09/29 14:45:41 | 001,412,096 | ---- | C] () -- C:\Users\cdav1313\Desktop\RogueKiller.exe

[2012/09/29 14:39:56 | 000,000,512 | ---- | C] () -- C:\Users\cdav1313\Desktop\MBR.dat

[2012/09/29 13:17:30 | 000,001,113 | ---- | C] () -- C:\Users\cdav1313\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2012/09/29 13:17:13 | 000,000,933 | ---- | C] () -- C:\Users\cdav1313\Desktop\NTREGOPT.lnk

[2012/09/29 13:17:13 | 000,000,914 | ---- | C] () -- C:\Users\cdav1313\Desktop\ERUNT.lnk

[2012/09/27 22:17:38 | 001,670,974 | ---- | C] () -- C:\Users\cdav1313\Desktop\MGtools.exe

[2012/09/27 22:04:32 | 000,000,996 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/09/24 20:16:18 | 000,000,519 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/09/24 20:08:12 | 000,000,047 | ---- | C] () -- C:\Users\cdav1313\AppData\Roaming\mbam.context.scan

[2012/09/21 18:13:52 | 000,294,431 | ---- | C] () -- C:\Users\cdav1313\Desktop\front.jpeg

[2012/09/15 09:03:06 | 000,001,792 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/09/10 17:24:38 | 000,001,210 | ---- | C] () -- C:\Users\cdav1313\Desktop\SolveigMM AVI Trimmer + MKV.lnk

[2012/09/09 22:08:49 | 000,113,576 | ---- | C] () -- C:\Users\cdav1313\Desktop\Draft Report Card.jpg

[2012/09/02 23:11:41 | 000,001,181 | ---- | C] () -- C:\Users\cdav1313\Desktop\ROBLOX Studio 2.0 Beta.lnk

[2012/09/02 23:11:40 | 000,001,161 | ---- | C] () -- C:\Users\cdav1313\Desktop\ROBLOX Studio.lnk

[2012/09/02 23:11:39 | 000,001,362 | ---- | C] () -- C:\Users\cdav1313\Desktop\ROBLOX Player.lnk

[2012/08/28 18:37:19 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/07/21 16:02:50 | 000,000,065 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini

[2012/06/24 13:11:13 | 000,000,441 | ---- | C] () -- C:\Windows\wininit.ini

[2012/04/15 04:51:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/12/12 23:10:13 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/05/25 01:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %ALLUSERSPROFILE%\\Application Data\\*. >

< %ALLUSERSPROFILE%\\Application Data\\*.exe /s >

< %ALLUSERSPROFILE%\\Application Data\\*.dll /s >

< %APPDATA%\\*. >

[2012/07/03 17:34:45 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\Adobe

[2012/06/24 17:10:16 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\Apple Computer

[2012/06/24 12:19:42 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\Identities

[2012/04/15 04:58:40 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\Macromedia

[2012/06/24 12:53:24 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\Malwarebytes

[2010/11/21 03:16:41 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\Media Center Programs

[2012/09/08 11:02:17 | 000,000,000 | --SD | M] -- C:\Users\cdav1313\AppData\Roaming\\Microsoft

[2012/06/24 14:45:59 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\Mozilla

[2012/06/24 12:20:03 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\OEM

[2012/08/30 21:09:58 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\Real

[2012/08/30 21:09:06 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\RealNetworks

[2012/09/05 06:02:12 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\Skype

[2012/09/10 08:54:34 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\SoftGrid Client

[2012/09/08 11:02:04 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\TP

[2012/09/26 17:17:43 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\uTorrent

[2012/06/25 07:10:06 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\WildTangent

[2012/06/24 22:29:23 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\WinRAR

[2012/09/30 14:07:12 | 000,000,000 | ---D | M] -- C:\Users\cdav1313\AppData\Roaming\\Yahoo!

< %APPDATA%\\*.exe /s >

[2012/04/15 04:58:30 | 000,053,632 | ---- | M] () -- C:\Users\cdav1313\AppData\Roaming\\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2010/10/01 02:08:59 | 000,044,544 | R--- | M] () -- C:\Users\cdav1313\AppData\Roaming\\Microsoft\Windows\Templates\H\TL_Bootstrap.exe

[2012/08/25 09:09:14 | 001,343,488 | ---- | M] () -- C:\Users\cdav1313\AppData\Roaming\\Microsoft\Windows\Templates\TLPC\TL_PC.exe

< %SYSTEMDRIVE%\\*.exe >

Link to post
Share on other sites

OTL.txt (Part 2):

< MD5 for: COMCTL32.DLL >

[2010/11/20 23:24:32 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=14DFDEAF4E589ED3F1FF187A86B9408C -- C:\Windows\ERDNT\cache64\comctl32.dll

[2010/11/20 23:24:32 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=14DFDEAF4E589ED3F1FF187A86B9408C -- C:\Windows\SysNative\comctl32.dll

[2010/11/20 23:24:08 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=14DFDEAF4E589ED3F1FF187A86B9408C -- C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll

[2010/11/20 23:24:32 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=14DFDEAF4E589ED3F1FF187A86B9408C -- C:\Windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_97c2246fee970dbb\comctl32.dll

[2010/11/20 23:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) MD5=352B3DC62A0D259A82A052238425C872 -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

[2010/11/20 23:23:51 | 002,030,080 | ---- | M] (Microsoft Corporation) MD5=7FA8FDC2C2A27817FD0F624E78D3B50C -- C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll

[2010/11/20 23:23:56 | 000,530,432 | ---- | M] (Microsoft Corporation) MD5=BDAC1AA64495D0F7E1FF810EBBF1F018 -- C:\Windows\ERDNT\cache86\comctl32.dll

[2010/11/20 23:23:56 | 000,530,432 | ---- | M] (Microsoft Corporation) MD5=BDAC1AA64495D0F7E1FF810EBBF1F018 -- C:\Windows\SysWOW64\comctl32.dll

[2010/11/20 23:24:09 | 000,530,432 | ---- | M] (Microsoft Corporation) MD5=BDAC1AA64495D0F7E1FF810EBBF1F018 -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll

[2010/11/20 23:23:56 | 000,530,432 | ---- | M] (Microsoft Corporation) MD5=BDAC1AA64495D0F7E1FF810EBBF1F018 -- C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_3ba388ec36399c85\comctl32.dll

< MD5 for: COMCTL32.DLL.MUI >

[2009/07/13 21:17:45 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=00C093BECABAEBCF8AF71968720F8E0D -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_th-th_9a95bfc47d1c7826\comctl32.dll.mui

[2009/07/13 21:17:54 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=02326B2B45E9A79E27C27545C3169A39 -- C:\Windows\SysNative\da-DK\comctl32.dll.mui

[2009/07/13 21:17:54 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=02326B2B45E9A79E27C27545C3169A39 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_da-dk_1439d69c93eb335d\comctl32.dll.mui

[2009/07/13 21:17:54 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=02326B2B45E9A79E27C27545C3169A39 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_18a24a3dbedfab6e\comctl32.dll.mui

[2009/07/13 21:17:50 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=06DE7EC7F44876CD19DCA8F0A1B9C8C1 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_es-es_103af8cc43d0a688\comctl32.dll.mui

[2009/07/13 21:17:52 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=0DE27924408BE297A97B985805C52C68 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_hu-hu_fa62ef131b028c06\comctl32.dll.mui

[2009/07/13 21:17:48 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=0E823E0CC33119E846EB19A49A7D540C -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_fi-fi_af55fd7938ea98b2\comctl32.dll.mui

[2009/07/13 20:55:30 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=126261ECF493CFD866CB107C24232B41 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_nb-no_12e978dfe001d01b\comctl32.dll.mui

[2009/07/13 20:55:22 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=148C89424D7C9CA1E695B11DA73BC911 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_it-it_e4c79be92250cb6e\comctl32.dll.mui

[2009/07/13 20:55:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=1791BA30CC5EC66CBA07DD7BA0778E94 -- C:\Windows\SysWOW64\de-DE\comctl32.dll.mui

[2009/07/13 20:55:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=1791BA30CC5EC66CBA07DD7BA0778E94 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_de-de_5912a2afaa3db0fd\comctl32.dll.mui

[2009/07/13 20:55:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=1791BA30CC5EC66CBA07DD7BA0778E94 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b9af43f608588ed2\comctl32.dll.mui

[2009/07/13 21:17:47 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=17E6053B914C64049B0BFAD5CA7770DB -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_da-dk_6a5330b352f55484\comctl32.dll.mui

[2009/07/13 21:17:53 | 000,009,216 | ---- | M] (Microsoft Corporation) MD5=1A36BA3794422453EDC8FDEFC0512F3A -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-tw_73f243ac283c6b65\comctl32.dll.mui

[2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=1A770B5643196FC22BDAA429329E217D -- C:\Windows\SysNative\pt-PT\comctl32.dll.mui

[2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=1A770B5643196FC22BDAA429329E217D -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-pt_bcd447c1f0c30137\comctl32.dll.mui

[2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=1A770B5643196FC22BDAA429329E217D -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_pt-pt_c13cbb631bb77948\comctl32.dll.mui

[2009/07/13 20:55:19 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=1BF1D03FD41E9FCCC5B4796F18DD72E1 -- C:\Windows\SysWOW64\sk-SK\comctl32.dll.mui

[2009/07/13 20:55:19 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=1BF1D03FD41E9FCCC5B4796F18DD72E1 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_sk-sk_ea3f9509df3aaa93\comctl32.dll.mui

[2009/07/13 20:55:19 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=1BF1D03FD41E9FCCC5B4796F18DD72E1 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_4adc36503d558868\comctl32.dll.mui

[2009/07/13 21:17:54 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=1DB9C2802ACB17FC39602FDA10333975 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_hr-hr_f92ec94d1bc52a9e\comctl32.dll.mui

[2009/07/13 21:17:49 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=20F452AEF05E26275E18415E06CE00BA -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pl-pl_0fb7e7c8b1d41e9e\comctl32.dll.mui

[2009/07/13 20:55:28 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=2152D4D1008B3B709167CCD1F291AA09 -- C:\Windows\SysWOW64\th-TH\comctl32.dll.mui

[2009/07/13 20:55:28 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=2152D4D1008B3B709167CCD1F291AA09 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_th-th_8c299c84d28e8005\comctl32.dll.mui

[2009/07/13 20:55:28 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=2152D4D1008B3B709167CCD1F291AA09 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_th-th_ecc63dcb30a95dda\comctl32.dll.mui

[2009/07/13 21:17:49 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=227DD89056EDB6C22978E7109E7D5E97 -- C:\Windows\SysNative\uk-UA\comctl32.dll.mui

[2009/07/13 21:17:49 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=227DD89056EDB6C22978E7109E7D5E97 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_uk-ua_e45f70e8b2bac1fb\comctl32.dll.mui

[2009/07/13 21:17:49 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=227DD89056EDB6C22978E7109E7D5E97 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_uk-ua_e8c7e489ddaf3a0c\comctl32.dll.mui

[2009/07/13 20:55:35 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=231BCB21B5AD8DE7523C972A5054379A -- C:\Windows\SysWOW64\ro-RO\comctl32.dll.mui

[2009/07/13 20:55:35 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=231BCB21B5AD8DE7523C972A5054379A -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_ro-ro_48bc44d0eba5f599\comctl32.dll.mui

[2009/07/13 20:55:35 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=231BCB21B5AD8DE7523C972A5054379A -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ro-ro_a958e61749c0d36e\comctl32.dll.mui

[2009/07/13 21:17:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=24C1D1F456E6BEEF6E0F9FF7C39390D4 -- C:\Windows\SysNative\et-EE\comctl32.dll.mui

[2009/07/13 21:17:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=24C1D1F456E6BEEF6E0F9FF7C39390D4 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_et-ee_b3e16a4588cc61f0\comctl32.dll.mui

[2009/07/13 21:17:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=24C1D1F456E6BEEF6E0F9FF7C39390D4 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_et-ee_b849dde6b3c0da01\comctl32.dll.mui

[2009/07/13 21:17:42 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=280E69964DB80C3965DD98953D433336 -- C:\Windows\SysNative\fi-FI\comctl32.dll.mui

[2009/07/13 21:17:42 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=280E69964DB80C3965DD98953D433336 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_fi-fi_593ca36279e0778b\comctl32.dll.mui

[2009/07/13 21:17:42 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=280E69964DB80C3965DD98953D433336 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_fi-fi_5da51703a4d4ef9c\comctl32.dll.mui

[2009/07/13 20:55:28 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=28C91B76B5DBA5E0CCDA3DA9387CC3FA -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_sv-se_3d38d4e8a053e3eb\comctl32.dll.mui

[2009/07/13 20:55:40 | 000,010,752 | ---- | M] (Microsoft Corporation) MD5=2A7FB521CD719314F7C0EA5B92F506E2 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_he-il_3ebf4d44318de6de\comctl32.dll.mui

[2009/07/13 21:17:53 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=2B3E326190D79BD5D92321DD5BDC9D49 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_el-gr_1014f38243e111ac\comctl32.dll.mui

[2009/07/13 21:17:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D1FE2ED91B26829E2FF1F48A6C8D226 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ja-jp_3f3fe41f00efb443\comctl32.dll.mui

[2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=3069E7E9A89B320438B5D6C2D6147D10 -- C:\Windows\SysNative\el-GR\comctl32.dll.mui

[2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=3069E7E9A89B320438B5D6C2D6147D10 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_el-gr_b9fb996b84d6f085\comctl32.dll.mui

[2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=3069E7E9A89B320438B5D6C2D6147D10 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_el-gr_be640d0cafcb6896\comctl32.dll.mui

[2009/07/13 21:17:46 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=329A3178B7F9143E975504C23DE0F506 -- C:\Windows\SysNative\fr-FR\comctl32.dll.mui

[2009/07/13 21:17:46 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=329A3178B7F9143E975504C23DE0F506 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_fr-fr_5cd914b477989bc3\comctl32.dll.mui

[2009/07/13 21:17:46 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=329A3178B7F9143E975504C23DE0F506 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_61418855a28d13d4\comctl32.dll.mui

[2009/07/13 21:17:52 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=3427FC3DCB613A950F782014C0072833 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_nb-no_cb3c4208cb85a715\comctl32.dll.mui

[2009/07/13 20:55:23 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=389E55B573CE7CC94B58680A18377FD2 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_de-de_af2bfcc66947d224\comctl32.dll.mui

[2009/07/13 20:55:36 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=39D6131FE052A1F29C777D335B2961E7 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ro-ro_9ed59ee7aab016c0\comctl32.dll.mui

[2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=3CBF2260F75E6788EDC863B9158513D7 -- C:\Windows\SysNative\it-IT\comctl32.dll.mui

[2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=3CBF2260F75E6788EDC863B9158513D7 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_it-it_47010afb4eca8141\comctl32.dll.mui

[2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=3CBF2260F75E6788EDC863B9158513D7 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4b697e9c79bef952\comctl32.dll.mui

[2009/07/13 20:55:19 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=3D216A3E9C7BDE5696E74B1E4ACFB14D -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_uk-ua_822601d686410c28\comctl32.dll.mui

[2009/07/13 21:17:57 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=3E6A8251724F896845240ECD05771AC2 -- C:\Windows\SysNative\zh-HK\comctl32.dll.mui

[2009/07/13 21:17:57 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=3E6A8251724F896845240ECD05771AC2 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_zh-hk_1887a4cd6c9ce05e\comctl32.dll.mui

[2009/07/13 21:17:57 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=3E6A8251724F896845240ECD05771AC2 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_zh-hk_1cf0186e9791586f\comctl32.dll.mui

[2009/07/13 21:17:40 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=3F59D28D682A66367B628B6705E77792 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ro-ro_572868109633edba\comctl32.dll.mui

[2009/07/13 21:17:42 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=406F5DEB4A4731530D5F38B84BD45B9C -- C:\Windows\SysNative\ko-KR\comctl32.dll.mui

[2009/07/13 21:17:42 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=406F5DEB4A4731530D5F38B84BD45B9C -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_ko-kr_8c9066bd34565a32\comctl32.dll.mui

[2009/07/13 21:17:42 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=406F5DEB4A4731530D5F38B84BD45B9C -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_90f8da5e5f4ad243\comctl32.dll.mui

[2009/07/13 21:17:54 | 000,009,216 | ---- | M] (Microsoft Corporation) MD5=4096D69C291FFE8410FC74B73345A1D4 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-cn_6ff606562acb8ef5\comctl32.dll.mui

[2009/07/13 20:55:29 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=4119B61CA4C5D2BA7125E96F4728D542 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ru-ru_a13dea73a92ad990\comctl32.dll.mui

[2009/07/13 21:17:51 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=422110049D668EE559AB1D0BBC49E1D2 -- C:\Windows\SysNative\hr-HR\comctl32.dll.mui

[2009/07/13 21:17:51 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=422110049D668EE559AB1D0BBC49E1D2 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_hr-hr_a3156f365cbb0977\comctl32.dll.mui

[2009/07/13 21:17:51 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=422110049D668EE559AB1D0BBC49E1D2 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_a77de2d787af8188\comctl32.dll.mui

[2009/07/13 20:55:25 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=43E43E18CBE47225647C7987559D90A3 -- C:\Windows\SysWOW64\zh-TW\comctl32.dll.mui

[2009/07/13 20:55:25 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=43E43E18CBE47225647C7987559D90A3 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_zh-tw_6586206c7dae7344\comctl32.dll.mui

[2009/07/13 20:55:25 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=43E43E18CBE47225647C7987559D90A3 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_zh-tw_c622c1b2dbc95119\comctl32.dll.mui

[2009/07/13 20:55:20 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=45F542884C82CE1A60AD12E804ACC010 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_nl-nl_1128c41de12dd9f0\comctl32.dll.mui

[2009/07/13 21:17:55 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=46A136DFFFFD4FE092C2F0D8084F593F -- C:\Windows\SysNative\zh-TW\comctl32.dll.mui

[2009/07/13 21:17:55 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=46A136DFFFFD4FE092C2F0D8084F593F -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_zh-tw_1dd8e99569324a3e\comctl32.dll.mui

[2009/07/13 21:17:55 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=46A136DFFFFD4FE092C2F0D8084F593F -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_zh-tw_22415d369426c24f\comctl32.dll.mui

[2009/07/13 20:55:31 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=46F24ECF0F753EABECCF67ED4CB11F23 -- C:\Windows\SysWOW64\bg-BG\comctl32.dll.mui

[2009/07/13 20:55:31 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=46F24ECF0F753EABECCF67ED4CB11F23 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_bg-bg_13a3b6b1c4998439\comctl32.dll.mui

[2009/07/13 20:55:31 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=46F24ECF0F753EABECCF67ED4CB11F23 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_bg-bg_744057f822b4620e\comctl32.dll.mui

[2009/07/13 21:17:57 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=4B4302023AA2FD183DDC90D149F4F7E1 -- C:\Windows\SysNative\zh-CN\comctl32.dll.mui

[2009/07/13 21:17:57 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=4B4302023AA2FD183DDC90D149F4F7E1 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_zh-cn_19dcac3f6bc16dce\comctl32.dll.mui

[2009/07/13 21:17:57 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=4B4302023AA2FD183DDC90D149F4F7E1 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_zh-cn_1e451fe096b5e5df\comctl32.dll.mui

[2009/07/13 20:55:22 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=4E07E827D1B6CFEC7BA81232E3EC9F99 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88\comctl32.dll.mui

[2009/07/13 21:17:41 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=4F30080012197F9357365C4D9279FEA0 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_120bd26cb05db282\comctl32.dll.mui

[2009/07/13 21:17:49 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=4FBC97D4B28295E1E64B536B53137951 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_cs-cz_cd19508c5caf5885\comctl32.dll.mui

[2009/07/13 21:17:49 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=53BC29917CDBB1C4646C69B72A7E105B -- C:\Windows\SysNative\cs-CZ\comctl32.dll.mui

[2009/07/13 21:17:49 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=53BC29917CDBB1C4646C69B72A7E105B -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_cs-cz_76fff6759da5375e\comctl32.dll.mui

[2009/07/13 21:17:49 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=53BC29917CDBB1C4646C69B72A7E105B -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_7b686a16c899af6f\comctl32.dll.mui

[2009/07/13 20:55:21 | 000,009,216 | ---- | M] (Microsoft Corporation) MD5=53CF3BC8F04737F5397209D8F81A2E95 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-hk_b64e35bb40232a8b\comctl32.dll.mui

[2009/07/13 20:55:33 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=57EEB9F92BC92F3AC69E31699188848F -- C:\Windows\SysWOW64\sr-Latn-CS\comctl32.dll.mui

[2009/07/13 20:55:33 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=57EEB9F92BC92F3AC69E31699188848F -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_sr-..-cs_88db3354592d20be\comctl32.dll.mui

[2009/07/13 20:55:33 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=57EEB9F92BC92F3AC69E31699188848F -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sr-..-cs_e977d49ab747fe93\comctl32.dll.mui

[2009/07/13 20:55:22 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=59DE495ED0266E645EB3DE2201EB2304 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_fi-fi_f70334504d66c1b8\comctl32.dll.mui

[2009/07/13 20:55:38 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=5A71769E05A9E85116F6F0ABE9CA4233 -- C:\Windows\SysWOW64\ar-SA\comctl32.dll.mui

[2009/07/13 20:55:38 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=5A71769E05A9E85116F6F0ABE9CA4233 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_ar-sa_6d63d528d41932e2\comctl32.dll.mui

[2009/07/13 20:55:38 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=5A71769E05A9E85116F6F0ABE9CA4233 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_ce00766f323410b7\comctl32.dll.mui

[2009/07/13 21:17:50 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=5A863C8014A63216114DE516B6D4A087 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_uk-ua_3a78caff71c4e322\comctl32.dll.mui

[2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=5AB44B6AA114A8601EC936C99B0C7C82 -- C:\Windows\SysNative\de-DE\comctl32.dll.mui

[2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=5AB44B6AA114A8601EC936C99B0C7C82 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_de-de_11656bd895c187f7\comctl32.dll.mui

[2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=5AB44B6AA114A8601EC936C99B0C7C82 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_de-de_15cddf79c0b60008\comctl32.dll.mui

[2009/07/13 20:55:33 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=5EE30F189078EBC63F81679324FBF63B -- C:\Windows\SysWOW64\hr-HR\comctl32.dll.mui

[2009/07/13 20:55:33 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=5EE30F189078EBC63F81679324FBF63B -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_hr-hr_eac2a60d7137327d\comctl32.dll.mui

[2009/07/13 20:55:33 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=5EE30F189078EBC63F81679324FBF63B -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_4b5f4753cf521052\comctl32.dll.mui

[2009/07/13 20:55:39 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=604EFBAF84C4508094ED1BB7073C87D7 -- C:\Windows\SysWOW64\ru-RU\comctl32.dll.mui

[2009/07/13 20:55:39 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=604EFBAF84C4508094ED1BB7073C87D7 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_ru-ru_4b24905cea20b869\comctl32.dll.mui

[2009/07/13 20:55:39 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=604EFBAF84C4508094ED1BB7073C87D7 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_abc131a3483b963e\comctl32.dll.mui

[2009/07/13 20:55:20 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=6163DD90F8A1DC77DB6EF20A82E0655C -- C:\Windows\SysWOW64\el-GR\comctl32.dll.mui

[2009/07/13 20:55:20 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=6163DD90F8A1DC77DB6EF20A82E0655C -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_el-gr_01a8d0429953198b\comctl32.dll.mui

[2009/07/13 20:55:20 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=6163DD90F8A1DC77DB6EF20A82E0655C -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_el-gr_62457188f76df760\comctl32.dll.mui

[2009/07/13 20:55:34 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=616DCB1C3D2F39206F4B5FCB1E8AE6E0 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_lv-lv_ceef922ff982b0ec\comctl32.dll.mui

[2009/07/13 20:55:24 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=62CEDB4DE7FA47284093E0DBDED963FD -- C:\Windows\SysWOW64\lt-LT\comctl32.dll.mui

[2009/07/13 20:55:24 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=62CEDB4DE7FA47284093E0DBDED963FD -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_lt-lt_7808c9953afa4ed5\comctl32.dll.mui

[2009/07/13 20:55:24 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=62CEDB4DE7FA47284093E0DBDED963FD -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_lt-lt_d8a56adb99152caa\comctl32.dll.mui

[2009/07/13 20:55:35 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=63CF5A2552BDE2BCF4AF0BFC079AD895 -- C:\Windows\SysWOW64\nl-NL\comctl32.dll.mui

[2009/07/13 20:55:35 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=63CF5A2552BDE2BCF4AF0BFC079AD895 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_nl-nl_bb0f6a072223b8c9\comctl32.dll.mui

[2009/07/13 20:55:35 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=63CF5A2552BDE2BCF4AF0BFC079AD895 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_nl-nl_1bac0b4d803e969e\comctl32.dll.mui

[2009/07/13 21:17:43 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=67C54A4E6962147E0B7AE8AAE0D174D4 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-pt_12eda1d8afcd225e\comctl32.dll.mui

[2009/07/13 20:55:27 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=6872A82D4FACD4F5151092F6ED9E9F76 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-pt_5a9ad8afc4494b64\comctl32.dll.mui

[2009/07/13 21:17:53 | 000,009,216 | ---- | M] (Microsoft Corporation) MD5=6B6A98F69E1A3203FAEBC3B75C2E2126 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ko-kr_e2a9c0d3f3607b59\comctl32.dll.mui

[2009/07/13 20:55:37 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=6C24FA0C70456773759DD29ADCF9E206 -- C:\Windows\SysWOW64\ko-KR\comctl32.dll.mui

[2009/07/13 20:55:37 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=6C24FA0C70456773759DD29ADCF9E206 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_ko-kr_d43d9d9448d28338\comctl32.dll.mui

[2009/07/13 20:55:37 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=6C24FA0C70456773759DD29ADCF9E206 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_34da3edaa6ed610d\comctl32.dll.mui

[2009/07/13 20:55:24 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=6C7187775A7FB39DD73C63B2137ED8DE -- C:\Windows\SysWOW64\et-EE\comctl32.dll.mui

[2009/07/13 20:55:24 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=6C7187775A7FB39DD73C63B2137ED8DE -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_et-ee_fb8ea11c9d488af6\comctl32.dll.mui

[2009/07/13 20:55:24 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=6C7187775A7FB39DD73C63B2137ED8DE -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_et-ee_5c2b4262fb6368cb\comctl32.dll.mui

[2009/07/13 21:17:42 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=6D1B9F0BFF4CAA705DFEF8D7F3431308 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ar-sa_7bcff8687ea72b03\comctl32.dll.mui

[2009/07/13 20:55:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=6D4D7B7237E32708737091C42137A467 -- C:\Windows\SysWOW64\pt-BR\comctl32.dll.mui

[2009/07/13 20:55:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=6D4D7B7237E32708737091C42137A467 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61\comctl32.dll.mui

[2009/07/13 20:55:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=6D4D7B7237E32708737091C42137A467 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_643c507363ea9836\comctl32.dll.mui

[2009/07/13 21:17:45 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=6E99E65FD70A97C389B1F1ED39C41963 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_it-it_9d1a65120dd4a268\comctl32.dll.mui

[2009/07/13 20:55:38 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=70F479AFBDE3D69946B8D1362046091A -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_es-es_57e82fa3584ccf8e\comctl32.dll.mui

[2009/07/13 21:17:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=712D62AC33B2D6BC306827AF89E23BBD -- C:\Windows\SysNative\ro-RO\comctl32.dll.mui

[2009/07/13 21:17:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=712D62AC33B2D6BC306827AF89E23BBD -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_ro-ro_010f0df9d729cc93\comctl32.dll.mui

[2009/07/13 21:17:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=712D62AC33B2D6BC306827AF89E23BBD -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ro-ro_0577819b021e44a4\comctl32.dll.mui

[2009/07/13 20:55:39 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=752E659772D0967526A3D521D78A15CB -- C:\Windows\SysWOW64\nb-NO\comctl32.dll.mui

[2009/07/13 20:55:39 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=752E659772D0967526A3D521D78A15CB -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_nb-no_bcd01ec920f7aef4\comctl32.dll.mui

[2009/07/13 20:55:39 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=752E659772D0967526A3D521D78A15CB -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_nb-no_1d6cc00f7f128cc9\comctl32.dll.mui

[2009/07/13 21:17:48 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=76276B06401C80009BA12915C7BBAEDD -- C:\Windows\SysNative\lv-LV\comctl32.dll.mui

[2009/07/13 21:17:48 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=76276B06401C80009BA12915C7BBAEDD -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_lv-lv_3129014225fc66bf\comctl32.dll.mui

[2009/07/13 21:17:48 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=76276B06401C80009BA12915C7BBAEDD -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_lv-lv_359174e350f0ded0\comctl32.dll.mui

[2009/07/13 21:17:42 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=77931AA86B6A9282121962F5EF3D80BE -- C:\Windows\SysNative\lt-LT\comctl32.dll.mui

[2009/07/13 21:17:42 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=77931AA86B6A9282121962F5EF3D80BE -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_lt-lt_305b92be267e25cf\comctl32.dll.mui

[2009/07/13 21:17:42 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=77931AA86B6A9282121962F5EF3D80BE -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_lt-lt_34c4065f51729de0\comctl32.dll.mui

[2009/07/13 20:55:30 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F86AFBB49CE327FD5E40C475F569196 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_tr-tr_e6461f2f8f0fe5dc\comctl32.dll.mui

[2009/07/13 21:17:47 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=7FC83ED9C9B1F441AAC5DF7C1BCB69BE -- C:\Windows\SysNative\th-TH\comctl32.dll.mui

[2009/07/13 21:17:47 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=7FC83ED9C9B1F441AAC5DF7C1BCB69BE -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_th-th_447c65adbe1256ff\comctl32.dll.mui

[2009/07/13 21:17:47 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=7FC83ED9C9B1F441AAC5DF7C1BCB69BE -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_th-th_48e4d94ee906cf10\comctl32.dll.mui

[2009/07/13 21:17:51 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=827719C879C344B0817F7144485BDFE0 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_sr-..-cs_9747569403bb18df\comctl32.dll.mui

[2009/07/13 21:17:53 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=83A9AA0DE014FF527528C0448305E8CB -- C:\Windows\SysNative\sk-SK\comctl32.dll.mui

[2009/07/13 21:17:53 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=83A9AA0DE014FF527528C0448305E8CB -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_sk-sk_a2925e32cabe818d\comctl32.dll.mui

[2009/07/13 21:17:53 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=83A9AA0DE014FF527528C0448305E8CB -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_a6fad1d3f5b2f99e\comctl32.dll.mui

[2009/07/13 21:17:54 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=8707D17644688778FDFFE5C4A769C5E0 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_fr-fr_b2f26ecb36a2bcea\comctl32.dll.mui

[2009/07/13 20:55:32 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=87CD27B1F1F408939E15AB4D832A221A -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ja-jp_86ed1af6156bdd49\comctl32.dll.mui

[2009/07/13 21:17:44 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=87E5117D11667B8BA763C61F2647B9F6 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\comctl32.dll.mui

[2009/07/13 20:55:33 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=87E5117D11667B8BA763C61F2647B9F6 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_581cd2bf5825dde9\comctl32.dll.mui

[2009/07/13 20:55:21 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8835CD0F5904C9A4C7B8BFECDC336FE0 -- C:\Windows\SysWOW64\es-ES\comctl32.dll.mui

[2009/07/13 20:55:21 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8835CD0F5904C9A4C7B8BFECDC336FE0 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_es-es_01ced58c9942ae67\comctl32.dll.mui

[2009/07/13 20:55:21 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8835CD0F5904C9A4C7B8BFECDC336FE0 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_es-es_626b76d2f75d8c3c\comctl32.dll.mui

[2009/07/13 20:55:20 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8883D1401A2AC8038A5E6CC3BD31C9C3 -- C:\Windows\SysWOW64\it-IT\comctl32.dll.mui

[2009/07/13 20:55:20 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8883D1401A2AC8038A5E6CC3BD31C9C3 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_it-it_8eae41d26346aa47\comctl32.dll.mui

[2009/07/13 20:55:20 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8883D1401A2AC8038A5E6CC3BD31C9C3 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ef4ae318c161881c\comctl32.dll.mui

[2009/07/13 20:55:26 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=898DA9268D895E36A8ACFF64A50F1BF4 -- C:\Windows\SysWOW64\sl-SI\comctl32.dll.mui

[2009/07/13 20:55:26 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=898DA9268D895E36A8ACFF64A50F1BF4 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_sl-si_e951b6c1dfd4bd76\comctl32.dll.mui

[2009/07/13 20:55:26 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=898DA9268D895E36A8ACFF64A50F1BF4 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sl-si_49ee58083def9b4b\comctl32.dll.mui

[2009/07/13 20:55:26 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8A20F45D656DDEA3241AA2E5114F5A90 -- C:\Windows\SysWOW64\cs-CZ\comctl32.dll.mui

[2009/07/13 20:55:26 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8A20F45D656DDEA3241AA2E5114F5A90 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_cs-cz_bead2d4cb2216064\comctl32.dll.mui

[2009/07/13 20:55:26 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8A20F45D656DDEA3241AA2E5114F5A90 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_1f49ce93103c3e39\comctl32.dll.mui

[2009/07/13 21:17:41 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8A2E1E98C1D4B30016BEDCBD31A98AB3 -- C:\Windows\SysNative\tr-TR\comctl32.dll.mui

[2009/07/13 21:17:41 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8A2E1E98C1D4B30016BEDCBD31A98AB3 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_tr-tr_487f8e41bb899baf\comctl32.dll.mui

[2009/07/13 21:17:41 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8A2E1E98C1D4B30016BEDCBD31A98AB3 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_tr-tr_4ce801e2e67e13c0\comctl32.dll.mui

[2009/07/13 21:17:42 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8A652B5BD20BB7EC67826264B2E70EC7 -- C:\Windows\SysNative\sl-SI\comctl32.dll.mui

[2009/07/13 21:17:42 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8A652B5BD20BB7EC67826264B2E70EC7 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_sl-si_a1a47feacb589470\comctl32.dll.mui

[2009/07/13 21:17:42 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8A652B5BD20BB7EC67826264B2E70EC7 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sl-si_a60cf38bf64d0c81\comctl32.dll.mui

[2009/07/13 21:17:56 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=8C67F14F9205F77ABEC3029F007E92C9 -- C:\Windows\SysNative\he-IL\comctl32.dll.mui

[2009/07/13 21:17:56 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=8C67F14F9205F77ABEC3029F007E92C9 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_he-il_a0f8bc565e079cb1\comctl32.dll.mui

[2009/07/13 21:17:56 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=8C67F14F9205F77ABEC3029F007E92C9 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_he-il_a5612ff788fc14c2\comctl32.dll.mui

[2009/07/13 21:17:50 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=8F05BDA9B878C1625115B3048F40BF8E -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_sl-si_f7bdda018a62b597\comctl32.dll.mui

[2009/07/13 20:55:33 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=9105D57924AC29D89D01D989F8A988E0 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_sk-sk_4058ef209e44cbba\comctl32.dll.mui

[2009/07/13 20:55:23 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=919482123FBC4F2CA352FFA22238F379 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_sl-si_3f6b10d89edede9d\comctl32.dll.mui

[2009/07/13 21:17:46 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=9814A52ED2BBD217983909F6BF6F8EE9 -- C:\Windows\SysNative\ar-SA\comctl32.dll.mui

[2009/07/13 21:17:46 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=9814A52ED2BBD217983909F6BF6F8EE9 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_ar-sa_25b69e51bf9d09dc\comctl32.dll.mui

[2009/07/13 21:17:46 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=9814A52ED2BBD217983909F6BF6F8EE9 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_2a1f11f2ea9181ed\comctl32.dll.mui

[2009/07/13 20:55:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=9E47B8D8243269CB37A3321BD75AD0C8 -- C:\Windows\SysWOW64\da-DK\comctl32.dll.mui

[2009/07/13 20:55:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=9E47B8D8243269CB37A3321BD75AD0C8 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_da-dk_5be70d73a8675c63\comctl32.dll.mui

[2009/07/13 20:55:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=9E47B8D8243269CB37A3321BD75AD0C8 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_bc83aeba06823a38\comctl32.dll.mui

[2009/07/13 20:55:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=9E4D90E78334C8D8D1C41B61E001E071 -- C:\Windows\SysWOW64\pl-PL\comctl32.dll.mui

[2009/07/13 20:55:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=9E4D90E78334C8D8D1C41B61E001E071 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pl-pl_014bc4890746267d\comctl32.dll.mui

[2009/07/13 20:55:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=9E4D90E78334C8D8D1C41B61E001E071 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_61e865cf65610452\comctl32.dll.mui

[2009/07/13 20:55:22 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=A651A39659D9E5E3597B6EF79740DCA4 -- C:\Windows\SysWOW64\fr-FR\comctl32.dll.mui

[2009/07/13 20:55:22 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=A651A39659D9E5E3597B6EF79740DCA4 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_fr-fr_a4864b8b8c14c4c9\comctl32.dll.mui

[2009/07/13 20:55:22 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=A651A39659D9E5E3597B6EF79740DCA4 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0522ecd1ea2fa29e\comctl32.dll.mui

[2009/07/13 21:17:53 | 000,010,752 | ---- | M] (Microsoft Corporation) MD5=A9AA2C8A7D708469BEAC36AD4463BCC3 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_he-il_f712166d1d11bdd8\comctl32.dll.mui

[2009/07/13 20:55:36 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=AA019C97CC28D66AD5D04AAA644D8B13 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_bg-bg_69bd10c883a3a560\comctl32.dll.mui

[2009/07/13 21:17:47 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=AAC972B3A8BDF093AE5442B9BEB7082F -- C:\Windows\SysNative\hu-HU\comctl32.dll.mui

[2009/07/13 21:17:47 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=AAC972B3A8BDF093AE5442B9BEB7082F -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_hu-hu_a44994fc5bf86adf\comctl32.dll.mui

[2009/07/13 21:17:47 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=AAC972B3A8BDF093AE5442B9BEB7082F -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_a8b2089d86ece2f0\comctl32.dll.mui

[2009/07/13 20:55:29 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=ACA1A246151E772D458ABD93B998CA2E -- C:\Windows\SysWOW64\zh-CN\comctl32.dll.mui

[2009/07/13 20:55:29 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=ACA1A246151E772D458ABD93B998CA2E -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_zh-cn_6189e316803d96d4\comctl32.dll.mui

[2009/07/13 20:55:29 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=ACA1A246151E772D458ABD93B998CA2E -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_zh-cn_c226845cde5874a9\comctl32.dll.mui

[2009/07/13 20:55:29 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=B2A08F880966BA15BEFB4FEF409F7231 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_fr-fr_fa9fa5a24b1ee5f0\comctl32.dll.mui

[2009/07/13 20:55:22 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=B531F91B96DE681BF1B0D6AC5A185C7D -- C:\Windows\SysWOW64\zh-HK\comctl32.dll.mui

[2009/07/13 20:55:22 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=B531F91B96DE681BF1B0D6AC5A185C7D -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_zh-hk_6034dba481190964\comctl32.dll.mui

[2009/07/13 20:55:22 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=B531F91B96DE681BF1B0D6AC5A185C7D -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_zh-hk_c0d17ceadf33e739\comctl32.dll.mui

[2009/07/13 21:17:52 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=B5473FE4EC2A9876AD1AD9F3B44D4985 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_bg-bg_220fd9f16f277c5a\comctl32.dll.mui

[2009/07/13 21:17:55 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=B764B551D9E479B2FBFBE98201F0E088 -- C:\Windows\SysNative\sv-SE\comctl32.dll.mui

[2009/07/13 21:17:55 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=B764B551D9E479B2FBFBE98201F0E088 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_sv-se_9f7243facccd99be\comctl32.dll.mui

[2009/07/13 21:17:55 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=B764B551D9E479B2FBFBE98201F0E088 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_a3dab79bf7c211cf\comctl32.dll.mui

[2009/07/13 20:55:34 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=B8F0F39E100DAD8EC7D14F7509D70AC4 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_da-dk_b200678a67717d8a\comctl32.dll.mui

[2009/07/13 20:55:24 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=B9A57EBCA828CF2DC2B4EAFD1AA562A2 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_hr-hr_40dc0024304153a4\comctl32.dll.mui

[2009/07/13 20:55:19 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=BD2101D558D2AA5529FB57C94E0C6DD7 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_hu-hu_421025ea2f7eb50c\comctl32.dll.mui

[2009/07/13 21:17:41 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=BF3D86C247C16A98A0EEF699A5F0A439 -- C:\Windows\SysNative\ja-JP\comctl32.dll.mui

[2009/07/13 21:17:41 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=BF3D86C247C16A98A0EEF699A5F0A439 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_ja-jp_e9268a0841e5931c\comctl32.dll.mui

[2009/07/13 21:17:41 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=BF3D86C247C16A98A0EEF699A5F0A439 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ed8efda96cda0b2d\comctl32.dll.mui

[2009/07/13 20:55:23 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=C0F8AE31A375339397BC18227BDF4C94 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_sr-..-cs_def48d6b183741e5\comctl32.dll.mui

[2009/07/13 20:55:33 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=C13C584DDA2339846B1B5AEB276D9AA3 -- C:\Windows\SysWOW64\en-US\comctl32.dll.mui

[2009/07/13 20:55:33 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=C13C584DDA2339846B1B5AEB276D9AA3 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_en-us_020378a8991bbcc2\comctl32.dll.mui

[2009/07/13 20:55:33 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=C13C584DDA2339846B1B5AEB276D9AA3 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_en-us_62a019eef7369a97\comctl32.dll.mui

[2009/07/13 20:55:26 | 000,009,216 | ---- | M] (Microsoft Corporation) MD5=C14CB7445E742B53168E49E988967218 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ko-kr_2a56f7ab07dca45f\comctl32.dll.mui

[2009/07/13 20:55:23 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=C15DA922E7FB2539C2C64B027177BC24 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_cs-cz_14c68763712b818b\comctl32.dll.mui

[2009/07/13 21:17:56 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=C1D099FAAC5E6E59D29A88672433A544 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ru-ru_5990b39c94aeb08a\comctl32.dll.mui

[2009/07/13 21:17:55 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=C39CDB0338DE3CBCFE5ED2DB47DA8F8B -- C:\Windows\SysNative\en-US\comctl32.dll.mui

[2009/07/13 21:17:55 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=C39CDB0338DE3CBCFE5ED2DB47DA8F8B -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_en-us_ba5641d1849f93bc\comctl32.dll.mui

[2009/07/13 21:17:55 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=C39CDB0338DE3CBCFE5ED2DB47DA8F8B -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bebeb572af940bcd\comctl32.dll.mui

[2009/07/13 20:55:32 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=C4BBBDBC6021452AA8986AA286B547B3 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_lt-lt_ce2223abfa046ffc\comctl32.dll.mui

[2009/07/13 20:55:24 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=C83FD25A2501DB51D5D580DE2B914460 -- C:\Windows\SysWOW64\hu-HU\comctl32.dll.mui

[2009/07/13 20:55:24 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=C83FD25A2501DB51D5D580DE2B914460 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_hu-hu_ebf6cbd3707493e5\comctl32.dll.mui

[2009/07/13 20:55:24 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=C83FD25A2501DB51D5D580DE2B914460 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_4c936d19ce8f71ba\comctl32.dll.mui

[2009/07/13 21:17:42 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=CAAA998726C4051372C571BF6CB72B79 -- C:\Windows\SysNative\nl-NL\comctl32.dll.mui

[2009/07/13 21:17:42 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=CAAA998726C4051372C571BF6CB72B79 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_nl-nl_736233300da78fc3\comctl32.dll.mui

[2009/07/13 21:17:42 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=CAAA998726C4051372C571BF6CB72B79 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_nl-nl_77caa6d1389c07d4\comctl32.dll.mui

[2009/07/13 20:55:19 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=CDD1A11AC162F252DB06EB63B0ABBD8A -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pl-pl_57651e9fc65047a4\comctl32.dll.mui

[2009/07/13 20:55:33 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=D0854FD24B2210E17EEC048323E907C9 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_et-ee_51a7fb335c52ac1d\comctl32.dll.mui

[2009/07/13 21:17:46 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=D2066FE305AD9788F7EAAF47CE9FF1B8 -- C:\Windows\SysNative\es-ES\comctl32.dll.mui

[2009/07/13 21:17:46 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=D2066FE305AD9788F7EAAF47CE9FF1B8 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_es-es_ba219eb584c68561\comctl32.dll.mui

[2009/07/13 21:17:46 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=D2066FE305AD9788F7EAAF47CE9FF1B8 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_es-es_be8a1256afbafd72\comctl32.dll.mui

[2009/07/13 20:55:23 | 000,009,216 | ---- | M] (Microsoft Corporation) MD5=D505AA097F000F34FFF676E5BA7F04C9 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-tw_bb9f7a833cb8946b\comctl32.dll.mui

[2009/07/13 20:55:20 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=D5F2B66ABF861403D1A4C41DF5292817 -- C:\Windows\SysWOW64\fi-FI\comctl32.dll.mui

[2009/07/13 20:55:20 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=D5F2B66ABF861403D1A4C41DF5292817 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_fi-fi_a0e9da398e5ca091\comctl32.dll.mui

[2009/07/13 20:55:20 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=D5F2B66ABF861403D1A4C41DF5292817 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_fi-fi_01867b7fec777e66\comctl32.dll.mui

[2009/07/13 21:17:40 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=D74E796963404EDD28FD11F2793B654E -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_sk-sk_f8abb84989c8a2b4\comctl32.dll.mui

[2009/07/13 21:17:47 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=D91EF2CC8BAFDE5FF720602C9748261E -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_de-de_677ec5ef54cba91e\comctl32.dll.mui

[2009/07/13 21:17:46 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=DCBFC3D8DE7C05CADACB17ADDADCE1F2 -- C:\Windows\SysNative\sr-Latn-CS\comctl32.dll.mui

[2009/07/13 21:17:46 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=DCBFC3D8DE7C05CADACB17ADDADCE1F2 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_sr-..-cs_412dfc7d44b0f7b8\comctl32.dll.mui

[2009/07/13 21:17:46 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=DCBFC3D8DE7C05CADACB17ADDADCE1F2 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sr-..-cs_4596701e6fa56fc9\comctl32.dll.mui

[2009/07/13 21:17:56 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=DEB9025EE59B31764A7824E68B1FF84B -- C:\Windows\SysNative\ru-RU\comctl32.dll.mui

[2009/07/13 21:17:56 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=DEB9025EE59B31764A7824E68B1FF84B -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_ru-ru_03775985d5a48f63\comctl32.dll.mui

[2009/07/13 21:17:56 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=DEB9025EE59B31764A7824E68B1FF84B -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_07dfcd2700990774\comctl32.dll.mui

[2009/07/13 20:55:32 | 000,009,216 | ---- | M] (Microsoft Corporation) MD5=DF699213BA232CBAD1FC40C020AA66BA -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-cn_b7a33d2d3f47b7fb\comctl32.dll.mui

[2009/07/13 20:55:30 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E15CADEDC60E64CBEC8A47B8178DF783 -- C:\Windows\SysWOW64\uk-UA\comctl32.dll.mui

[2009/07/13 20:55:30 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E15CADEDC60E64CBEC8A47B8178DF783 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_uk-ua_2c0ca7bfc736eb01\comctl32.dll.mui

[2009/07/13 20:55:30 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E15CADEDC60E64CBEC8A47B8178DF783 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_uk-ua_8ca949062551c8d6\comctl32.dll.mui

[2009/07/13 21:17:48 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=E1D1B4850D910AF4409BD03A38F4AE4D -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_sv-se_f58b9e118bd7bae5\comctl32.dll.mui

[2009/07/13 20:55:37 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E35AE0DEF052BB6F9990807DE2266F77 -- C:\Windows\SysWOW64\sv-SE\comctl32.dll.mui

[2009/07/13 20:55:37 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E35AE0DEF052BB6F9990807DE2266F77 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_sv-se_e71f7ad1e149c2c4\comctl32.dll.mui

[2009/07/13 20:55:37 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E35AE0DEF052BB6F9990807DE2266F77 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_47bc1c183f64a099\comctl32.dll.mui

[2009/07/13 21:17:44 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E3E14A803DA495DBB75B0696B619664F -- C:\Windows\SysNative\nb-NO\comctl32.dll.mui

[2009/07/13 21:17:44 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E3E14A803DA495DBB75B0696B619664F -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_nb-no_7522e7f20c7b85ee\comctl32.dll.mui

[2009/07/13 21:17:44 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E3E14A803DA495DBB75B0696B619664F -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_nb-no_798b5b93376ffdff\comctl32.dll.mui

[2009/07/13 20:55:31 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E58A29AE01BC5E9613042E530EC63F60 -- C:\Windows\SysWOW64\pt-PT\comctl32.dll.mui

[2009/07/13 20:55:31 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E58A29AE01BC5E9613042E530EC63F60 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-pt_04817e99053f2a3d\comctl32.dll.mui

[2009/07/13 20:55:31 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E58A29AE01BC5E9613042E530EC63F60 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_pt-pt_651e1fdf635a0812\comctl32.dll.mui

[2009/07/13 21:17:49 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=E5EBFED216B5F0C9858EA24E73D3DF8C -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_nl-nl_c97b8d46ccb1b0ea\comctl32.dll.mui

[2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E66275134F843F540E8B060DC2DB5AEF -- C:\Windows\SysNative\pt-BR\comctl32.dll.mui

[2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E66275134F843F540E8B060DC2DB5AEF -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_bbf27855f153915b\comctl32.dll.mui

[2009/07/13 21:17:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E66275134F843F540E8B060DC2DB5AEF -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c05aebf71c48096c\comctl32.dll.mui

[2009/07/13 20:55:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E7921F0C5AEE24A12707EAC3926AFD11 -- C:\Windows\SysWOW64\lv-LV\comctl32.dll.mui

[2009/07/13 20:55:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E7921F0C5AEE24A12707EAC3926AFD11 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_lv-lv_78d638193a788fc5\comctl32.dll.mui

[2009/07/13 20:55:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E7921F0C5AEE24A12707EAC3926AFD11 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_lv-lv_d972d95f98936d9a\comctl32.dll.mui

[2009/07/13 21:17:45 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E7DC62C8D64E9CB3BE85C51D414AEB9C -- C:\Windows\SysNative\bg-BG\comctl32.dll.mui

[2009/07/13 21:17:45 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E7DC62C8D64E9CB3BE85C51D414AEB9C -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_bg-bg_cbf67fdab01d5b33\comctl32.dll.mui

[2009/07/13 21:17:45 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=E7DC62C8D64E9CB3BE85C51D414AEB9C -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_bg-bg_d05ef37bdb11d344\comctl32.dll.mui

[2009/07/13 21:17:45 | 000,009,216 | ---- | M] (Microsoft Corporation) MD5=E9702953F9BB2CB83A7A95022146DA80 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-hk_6ea0fee42ba70185\comctl32.dll.mui

[2009/07/13 20:55:31 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=EAA53E34D65B6B636808DD59C3A14ACC -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_th-th_e242f69b9198a12c\comctl32.dll.mui

[2009/07/13 21:17:46 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=EB24B863CF6B3DC103D6C670359250C8 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_et-ee_09fac45c47d68317\comctl32.dll.mui

[2009/07/13 21:17:51 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=EC2426EEF6071903E22106E9ECA6F678 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_tr-tr_9e98e8587a93bcd6\comctl32.dll.mui

[2009/07/13 20:55:31 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=EC2DD6D3934731674F8CEF749B699198 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ar-sa_c37d2f3f93235409\comctl32.dll.mui

[2009/07/13 20:55:32 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=EEB3B0978CB733501B7652B6F408B847 -- C:\Windows\SysWOW64\he-IL\comctl32.dll.mui

[2009/07/13 20:55:32 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=EEB3B0978CB733501B7652B6F408B847 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_he-il_e8a5f32d7283c5b7\comctl32.dll.mui

[2009/07/13 20:55:32 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=EEB3B0978CB733501B7652B6F408B847 -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_he-il_49429473d09ea38c\comctl32.dll.mui

[2009/07/13 20:55:31 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=F1498C2041185E84E7BACB5BD07053B9 -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_el-gr_57c22a59585d3ab2\comctl32.dll.mui

[2009/07/13 21:17:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=F7187586D312E9D8A6A372CB7C623D54 -- C:\Windows\SysNative\pl-PL\comctl32.dll.mui

[2009/07/13 21:17:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=F7187586D312E9D8A6A372CB7C623D54 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pl-pl_b99e8db1f2c9fd77\comctl32.dll.mui

[2009/07/13 21:17:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=F7187586D312E9D8A6A372CB7C623D54 -- C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_be0701531dbe7588\comctl32.dll.mui

[2009/07/13 21:17:41 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=FA7075BF402CF68A1E21CB9DE011CEC1 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_lt-lt_8674ecd4e58846f6\comctl32.dll.mui

[2009/07/13 20:55:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=FC6E1D9ABD1401C69A78509EE7A19FBB -- C:\Windows\SysWOW64\tr-TR\comctl32.dll.mui

[2009/07/13 20:55:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=FC6E1D9ABD1401C69A78509EE7A19FBB -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_tr-tr_902cc518d005c4b5\comctl32.dll.mui

[2009/07/13 20:55:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=FC6E1D9ABD1401C69A78509EE7A19FBB -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_tr-tr_f0c9665f2e20a28a\comctl32.dll.mui

[2009/07/13 20:55:34 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FD7345F5F0452E30A3EDE90B22CE2A4D -- C:\Windows\SysWOW64\ja-JP\comctl32.dll.mui

[2009/07/13 20:55:34 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FD7345F5F0452E30A3EDE90B22CE2A4D -- C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_ja-jp_30d3c0df5661bc22\comctl32.dll.mui

[2009/07/13 20:55:34 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FD7345F5F0452E30A3EDE90B22CE2A4D -- C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_91706225b47c99f7\comctl32.dll.mui

[2009/07/13 21:17:44 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=FF3075142C76E05DBBFAC42F83824156 -- C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_lv-lv_87425b58e50687e6\comctl32.dll.mui

< MD5 for: EXPLORER.EXE >

[2011/07/14 01:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2011/07/14 01:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe

[2011/07/14 01:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011/07/14 01:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011/07/14 01:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2011/07/14 01:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011/07/14 01:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: QMGR.DLL >

[2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\ERDNT\cache64\qmgr.dll

[2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll

[2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

< MD5 for: SERVICES >

[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.ASFX >

[2012/04/04 01:54:08 | 000,002,637 | ---- | M] () MD5=016DFC4F3F133AE19338EECD1924886A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ro_RO\Services\Services.asfx

[2012/04/04 01:54:08 | 000,002,970 | ---- | M] () MD5=05A68D76420994EF8DF33184BFA98E04 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\uk_UA\Services\Services.asfx

[2012/04/04 01:54:04 | 000,002,555 | ---- | M] () MD5=272301585AC133486E70228DA27659AC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_TW\Services\Services.asfx

[2012/04/04 01:54:02 | 000,002,562 | ---- | M] () MD5=27CE9BD3209B549BB776B8C877455A91 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nb_NO\Services\Services.asfx

[2012/04/04 01:54:02 | 000,002,632 | ---- | M] () MD5=2998A4AE8D0EF5122CCB985CF7E9D9D3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ko_KR\Services\Services.asfx

[2012/04/04 01:54:02 | 000,002,545 | ---- | M] () MD5=2EEC9DDBD0B4EE5F65532322C383938A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_CN\Services\Services.asfx

[2012/04/04 01:54:04 | 000,002,629 | ---- | M] () MD5=3A0082D76426A87FB4937D426C491C10 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\cs_CZ\Services\Services.asfx

[2012/04/04 01:54:04 | 000,002,590 | ---- | M] () MD5=448953BD0CF26CE03D9E7CC1A7B278BC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\tr_TR\Services\Services.asfx

[2012/04/04 01:53:58 | 000,002,605 | ---- | M] () MD5=5A2C5D0DA3EAAB2AA77F16947D0E14FF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\it_IT\Services\Services.asfx

[2012/04/04 01:54:04 | 000,002,679 | ---- | M] () MD5=5DD2704563A6A79C466E44CD966B2655 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hu_HU\Services\Services.asfx

[2012/04/04 01:53:56 | 000,002,711 | ---- | M] () MD5=6B0E7B068BD530B8FCEBC04CC8844AA9 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ja_JP\Services\Services.asfx

[2012/04/04 01:54:08 | 000,002,582 | ---- | M] () MD5=797FC263D59784AD1498560C34FA7DA1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sl_SI\Services\Services.asfx

[2012/04/04 01:53:56 | 000,002,626 | ---- | M] () MD5=8073B18DC740B965256CE0957E363AC5 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fr_FR\Services\Services.asfx

[2012/04/04 01:54:02 | 000,002,634 | ---- | M] () MD5=912DD5C0C7C8D7572AD598414D56E24A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pt_BR\Services\Services.asfx

[2012/04/04 01:53:56 | 000,002,655 | ---- | M] () MD5=ABFBB9D0398492D849690C344C1316BB -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_DE\Services\Services.asfx

[2012/04/04 01:54:08 | 000,002,638 | ---- | M] () MD5=C2C37202B0E55877A64ADDBDE738284E -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sk_SK\Services\Services.asfx

[2012/04/04 01:54:04 | 000,002,589 | ---- | M] () MD5=C313AD3602D4965A1918E86B9F3E84CF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pl_PL\Services\Services.asfx

[2012/04/04 01:54:10 | 000,002,609 | ---- | M] () MD5=C7FA88C21103C70826F274A0E865AEDF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ca_ES\Services\Services.asfx

[2012/04/04 01:54:10 | 000,002,576 | ---- | M] () MD5=D27D52045EB6A2EE031F7D2EA0349BC3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\eu_ES\Services\Services.asfx

[2012/04/04 01:54:02 | 000,002,560 | ---- | M] () MD5=D5642B1BFE0A70231D14C11D3D3FD60D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\da_DK\Services\Services.asfx

[2012/04/04 01:54:08 | 000,002,588 | ---- | M] () MD5=DB216743CDE75637621E2FD39431BBD4 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hr_HR\Services\Services.asfx

[2012/04/04 01:53:58 | 000,002,620 | ---- | M] () MD5=DCF7A8843832327386B81ABD189AC236 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\es_ES\Services\Services.asfx

[2012/04/04 01:54:04 | 000,002,997 | ---- | M] () MD5=DD3F4DAF426555D8D85FF4D7C5A04F37 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ru_RU\Services\Services.asfx

[2010/11/16 00:02:32 | 000,000,228 | R--- | M] () MD5=E09422BE0C7636A7B63A1527C4C1372D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx

[2012/04/04 01:54:02 | 000,002,599 | ---- | M] () MD5=F09D769A94767C3C7E7015A5C6C99A39 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fi_FI\Services\Services.asfx

[2012/04/04 01:53:58 | 000,002,628 | ---- | M] () MD5=F844D742DB53C7D671BF7ED6517414D1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nl_NL\Services\Services.asfx

[2012/04/04 01:53:58 | 000,002,582 | ---- | M] () MD5=FED4BDA3B6A9EB9DB59C254D8C987495 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sv_SE\Services\Services.asfx

< MD5 for: SERVICES.ASFX1 >

[2010/11/16 00:02:32 | 000,000,228 | R--- | M] () MD5=A7B7A4CC1A717292474115CD3A4AC121 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx1

< MD5 for: SERVICES.ASFX10 >

[2010/11/16 00:02:34 | 000,000,233 | R--- | M] () MD5=3382FAB54FC906B0E40269D903A8D690 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx10

< MD5 for: SERVICES.ASFX11 >

[2010/11/16 00:02:26 | 000,000,227 | R--- | M] () MD5=F36865AB3B9813962B7EDBE66FA1C28A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx11

< MD5 for: SERVICES.ASFX12 >

[2010/11/16 00:02:30 | 000,000,225 | R--- | M] () MD5=9287C7268CC0F37F1DDE18CEBB128685 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx12

< MD5 for: SERVICES.ASFX13 >

[2010/11/16 00:02:30 | 000,000,228 | R--- | M] () MD5=95326C46AC2654AFF5C8543DFE22CCB3 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx13

< MD5 for: SERVICES.ASFX14 >

[2010/11/16 00:02:26 | 000,000,228 | R--- | M] () MD5=14DA84ECAF57B5ADA36B9093FF04CF32 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx14

< MD5 for: SERVICES.ASFX15 >

[2010/11/16 00:02:26 | 000,000,231 | R--- | M] () MD5=CF94F061685A38BABE0BBD463191EDE7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx15

< MD5 for: SERVICES.ASFX16 >

[2010/11/16 00:02:34 | 000,000,232 | R--- | M] () MD5=B6E63D87C73CED2D6B433C542C5C3965 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx16

< MD5 for: SERVICES.ASFX17 >

[2010/11/16 00:02:34 | 000,000,230 | R--- | M] () MD5=545E97C4F4CEA743A8D86B685EE2EDBB -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx17

< MD5 for: SERVICES.ASFX18 >

[2010/11/16 00:02:24 | 000,000,230 | R--- | M] () MD5=2577B66F38E0DEA25F328DA4A0FED322 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx18

< MD5 for: SERVICES.ASFX19 >

[2010/11/16 00:02:26 | 000,000,225 | R--- | M] () MD5=0A27F1D6595A69800A43CDE155B1E4A0 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx19

< MD5 for: SERVICES.ASFX2 >

[2010/11/16 00:02:36 | 000,000,264 | R--- | M] () MD5=0652D24D4E2799851A6DF1705E2BFFDA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx2

< MD5 for: SERVICES.ASFX20 >

[2010/11/16 00:02:38 | 000,000,231 | R--- | M] () MD5=C85F2519DC6AECF93F67AA613A320136 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx20

< MD5 for: SERVICES.ASFX21 >

[2010/11/16 00:02:26 | 000,000,231 | R--- | M] () MD5=8C95C0528EA7049A1DFC7A7342461D75 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx21

< MD5 for: SERVICES.ASFX22 >

[2010/11/16 00:02:24 | 000,000,231 | R--- | M] () MD5=9F2731666F5771CC5C1E4EEDC8FB8607 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx22

< MD5 for: SERVICES.ASFX23 >

[2010/11/16 00:02:26 | 000,000,225 | R--- | M] () MD5=0E89BE53F56B22390CF61584B649CE01 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx23

< MD5 for: SERVICES.ASFX24 >

[2010/11/16 00:02:32 | 000,000,229 | R--- | M] () MD5=E57594DB9B9D78AB4B53D34CAFEB8497 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx24

< MD5 for: SERVICES.ASFX25 >

[2010/11/16 00:02:36 | 000,000,232 | R--- | M] () MD5=611CB9CC21D2DDAD711690671F70EF39 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx25

< MD5 for: SERVICES.ASFX3 >

[2010/11/16 00:02:34 | 000,000,229 | R--- | M] () MD5=F9824728970AC8199BABDC9CBA5E038C -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx3

< MD5 for: SERVICES.ASFX4 >

[2010/11/16 00:02:26 | 000,000,226 | R--- | M] () MD5=55EA57D90AE22BDF0132597EF0D7C9C7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx4

< MD5 for: SERVICES.ASFX5 >

[2010/11/16 00:02:34 | 000,000,233 | R--- | M] () MD5=846C265B751189E88B74F0155DB6B828 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx5

< MD5 for: SERVICES.ASFX6 >

[2010/11/16 00:02:36 | 000,000,231 | R--- | M] () MD5=89BD37C4118540FD5AA8CDD0C24D6C0A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx6

< MD5 for: SERVICES.ASFX7 >

[2010/11/16 00:02:34 | 000,000,245 | R--- | M] () MD5=0B82FAB8FF5F988C5311DF1144A7D740 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx7

< MD5 for: SERVICES.ASFX8 >

[2010/11/16 00:02:34 | 000,000,231 | R--- | M] () MD5=5226417D3C8206000A8983BDC1243075 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx8

< MD5 for: SERVICES.ASFX9 >

[2010/11/16 00:02:30 | 000,000,234 | R--- | M] () MD5=EBD8D036504F2935675F5F432F076DBA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx9

< MD5 for: SERVICES.CFG >

[2012/07/27 16:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg

[2010/11/16 00:02:22 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.cfg

< MD5 for: SERVICES.EXE >

[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe

[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe

[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >

[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui

[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.JS >

[2011/06/13 16:29:02 | 000,018,691 | ---- | M] () MD5=A29A268BD513B6BC07270653DD48774C -- C:\Program Files (x86)\Barnes & Noble\BNDesktopReader\HTML\js\services.js

< MD5 for: SERVICES.LNK >

[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >

[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof

[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >

[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc

[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc

[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc

[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc

[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc

[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc

[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc

[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >

[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml

[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >

[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe

[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe

[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe

[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe

[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >

[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe

[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe

[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >

[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe

[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< c:|conduit;true;true;true; /FP >

[2012/06/24 14:45:56 | 000,000,000 | ---D | M] -- c:\Program Files (x86)\Conduit

[2012/06/24 14:45:56 | 000,000,000 | ---D | M] -- c:\Program Files (x86)\Conduit\Community Alerts

[2012/09/29 09:43:20 | 000,000,000 | ---D | M] -- c:\Users\cdav1313\AppData\Local\Conduit

[2012/06/24 14:45:56 | 000,000,000 | ---D | M] -- c:\Users\cdav1313\AppData\LocalLow\Conduit

[2012/06/24 15:03:43 | 000,000,000 | ---D | M] -- c:\Users\cdav1313\AppData\LocalLow\Conduit\Community Alerts

< c:|Fun4IM;true;true;true; /FP >

< c:|Bandoo;true;true;true; /FP >

< c:|Searchn;true;true;true; /FP >

< c:|Searchq;true;true;true; /FP >

< c:|datamngr;true;true;true; /FP >

< c:|iLivid;true;true;true; /FP >

< c:|whitesmoke;true;true;true; /FP >

< c:|services.ex;true;true;true; /FP >

< %USERPROFILE%\\..|smtmp;true;true;true /FP >

< %systemroot%\\*. /mp /s >

< End of report >

Link to post
Share on other sites

Extras.Txt:

OTL Extras logfile created on: 9/30/2012 4:24:42 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\cdav1313\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 74.71% Memory free

6.98 Gb Paging File | 5.65 Gb Available in Paging File | 80.95% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 446.13 Gb Total Space | 401.73 Gb Free Space | 90.05% Space Free | Partition Type: NTFS

Drive E: | 2794.51 Gb Total Space | 1996.51 Gb Free Space | 71.44% Space Free | Partition Type: NTFS

Drive H: | 465.75 Gb Total Space | 18.00 Gb Free Space | 3.86% Space Free | Partition Type: NTFS

Computer Name: CDAV1313-PC | User Name: cdav1313 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{07020884-B671-4473-A33B-91BA3614C1AD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{07217471-5D8D-43F8-A3EC-9BC9301638E7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{08488F82-FD03-40F7-A150-5935F2B4BA0D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{0AD4294E-60F3-4F96-BA43-EA6E64A90E1C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{1E95EF4D-F94E-4390-8702-6A53A5A62949}" = lport=139 | protocol=6 | dir=in | app=system |

"{278DEDD5-1715-40B0-9A5C-758077363131}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{2C8637F0-C819-4D67-B873-5D4F2C949F14}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{2EA2A314-F20B-4113-A768-0282D8DD83D2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{3CA31E3B-BAA6-4E30-8551-4CB01353F072}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{41671224-B3C9-422E-ABA6-634CD6A4AF39}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{52CDBEE3-24D9-45D3-8930-41306352557C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{5480016D-2F0F-4CAD-BC79-5699D6CE89A9}" = lport=138 | protocol=17 | dir=in | app=system |

"{80846B12-FE46-46E9-A164-35D438A202D1}" = rport=445 | protocol=6 | dir=out | app=system |

"{8CC337B7-990E-473F-8A7A-A98DBF167803}" = lport=445 | protocol=6 | dir=in | app=system |

"{95377C9C-4B6A-4306-8902-FBA1B35DCFC1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{9E3623D3-79A7-419C-BC0D-05D4C765BDC3}" = lport=137 | protocol=17 | dir=in | app=system |

"{A95F2309-9101-4651-902E-41509D8B9453}" = lport=10243 | protocol=6 | dir=in | app=system |

"{AB6D1B80-FED1-41F6-B8BF-9D71A533B26E}" = rport=138 | protocol=17 | dir=out | app=system |

"{B7F92451-40F6-4C81-B110-F385A06D2390}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{CFB77827-D86C-461B-98B7-CF21948B6E17}" = rport=139 | protocol=6 | dir=out | app=system |

"{D576A9F3-4042-4568-910C-55D3CCE36BFA}" = rport=137 | protocol=17 | dir=out | app=system |

"{EB252BE3-BA05-44B2-9A24-E5BA2042F417}" = rport=10243 | protocol=6 | dir=out | app=system |

"{F244E626-4E0B-4143-971E-6707981E1DDD}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{087D6CB1-4AE1-4BAE-8F62-5114158EE089}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{0D68B088-BA46-41C0-B678-E3328200F10E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{1255CA61-1FFD-404D-95DB-EACE5A63CA10}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{16B1ADB4-CA97-4700-AA4B-DABB2819A916}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{20361E3A-4B2E-417E-899C-2109A6964566}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{20B63166-0FFB-45D9-A9BF-A29E65546663}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{2277AE47-1F35-46B1-835A-EBD763EEE813}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{2F58959A-435C-4862-9070-807CD6B406B1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{34E17318-4A16-47F8-8FE2-F34E5EFF9D02}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{34FBCDA5-C81B-44CC-ABD3-F32C55B9B51F}" = protocol=58 | dir=in | app=system |

"{37C1F83D-3D4F-4021-93AF-E804F9D4BC99}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{43828434-2BCD-43B8-BF74-8DE111C52AAF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{52D4379C-9690-478D-8E65-EE17CF1761C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{5B3FFC57-8A8F-44B5-A2C6-F75821E18281}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{605F047D-5F78-4820-B21D-4B1358EB611A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{6254B8F5-40FA-432C-AD77-0B2B12F77C0F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{6FBF3A3C-AE47-4DD8-97E0-5030AA4E1AC9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{7A8EEF22-1190-4A13-AA62-E2C6D726153B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{9173EC5D-35B4-488E-B16B-E94CD595D884}" = protocol=6 | dir=out | app=system |

"{97915310-643E-43EE-B22B-186F7CC96E88}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{A8318632-0FD9-4005-9790-F4D2540FDF7D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{AAAB592E-C16A-41B7-B7B2-44E0F44817EC}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |

"{AC1A196C-ABD2-47B7-975E-68FE73B8302D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{AE183F56-B051-40F6-952B-A039A6353A51}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{BB699A11-A85F-4506-9014-09BF507FF79A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{C89A80D4-9547-4305-AC03-090B56A1D57E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{CB4CC0F5-1260-4A4D-8BE8-A296335625A2}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{D270E208-5F57-4421-BECA-9DE3D319C855}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D7A0D108-9495-45B3-9C0F-4E295C7A37A4}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{F29739D5-7050-410C-A171-1A17272FCAE7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{F39F8AF2-9B86-4BA6-9882-C825AE11A044}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{FE36A0A1-4268-4172-86CF-432B0CD83DCF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{36DECD8B-3527-185E-02B2-707A4E49F167}" = McAfee Online Backup

"{40D63515-FF59-9430-BFF0-BF2D26A6AB76}" = ATI AVIVO64 Codecs

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4EEAE843-530C-05DA-DE42-ED6DF19B2F7B}" = AMD Media Foundation Decoders

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A63555F3-DDAE-D6B9-4021-096C29A38EE6}" = AMD Drag and Drop Transcoding

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{AE618CAE-B14A-9877-D2E2-5A4556A1B508}" = ccc-utility64

"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F7F1A2DA-481A-1B41-8959-4B224C6B20B6}" = ATI Catalyst Install Manager

"CCleaner" = CCleaner

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup

"{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}" = Evernote v. 4.5.1

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2E8F3D27-6BB1-61F6-63B5-353C196A1A89}" = CCC Help Czech

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{3C564B1C-9A46-1CBA-7E91-0E31562E99E8}" = CCC Help Italian

"{3D7CA1C7-8E89-2D63-FAE8-29B308EE5E0A}" = CCC Help Portuguese

"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup

"{40C33F45-E45B-F8C5-E8B5-0AB19B254683}" = AMD VISION Engine Control Center

"{42921D90-1419-50A1-9178-2AB5FDA7A6ED}" = CCC Help Korean

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader

"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)

"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{59548157-0904-C399-B97F-177DA6FA9625}" = CCC Help Hungarian

"{61E4B8A6-8EAB-BE0A-0259-8C86CD118C4E}" = CCC Help Japanese

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A837420-0195-4921-5590-C911A30EF872}" = CCC Help Finnish

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-emachines" = WildTangent Games App (eMachines Games)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8D2D742A-59DE-DCFD-6177-50564A4538DB}" = Catalyst Control Center InstallProxy

"{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}" = Fooz Kids Platform

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{983A660B-E298-0421-19B5-45897FC8B6E9}" = CCC Help Dutch

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE36BA3-1FA4-0D64-44D2-C787C4CEDE85}" = CCC Help Greek

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A45EA225-8303-611C-D0FA-A1794E938CA5}" = CCC Help English

"{A4E908E5-EE02-843C-9D01-9EA69410B3AB}" = Fooz Kids

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A88E1685-1986-4A86-8E88-5FE1E727D026}" = RealDownloader

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI

"{ACD9C758-45E9-48F9-89B1-14761D288014}" = CCC Help Russian

"{B03954CC-E130-4E57-BC83-869978685902}" = LG United Mobile Drivers

"{B659C147-F295-8B3E-33B6-A95E319B428A}" = CCC Help Chinese Traditional

"{BAB9E22B-A2C8-5738-BB10-4881A1AA45EC}" = CCC Help Spanish

"{BE816F03-DFA8-01E2-FE19-99A9DCD8A460}" = CCC Help Swedish

"{C1325A6D-E585-3B9E-6262-AE805FF54948}" = Catalyst Control Center Localization All

"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C7888DE5-689C-C8D1-3CF5-70180272083F}" = CCC Help German

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{CB4A1B25-37AF-4050-AFD9-837FBADF7CD7}" = Catalyst Control Center - Branding

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DF19A8EB-9429-1844-16F7-91A649588C99}" = CCC Help Turkish

"{DFA1C724-02CB-24C3-4283-9C63100C5234}" = CCC Help Chinese Standard

"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E24D1CB0-0ECB-0839-778F-C4237F105D68}" = CCC Help Norwegian

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater

"{EF35E6F2-848E-A56A-1080-25861DA79D49}" = CCC Help Danish

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F5B26951-AE15-F68E-89B0-CE89C7B2F9EA}" = CCC Help Thai

"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)

"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10

"{FB66215D-0761-EDC1-1446-E1E5286F5A33}" = CCC Help French

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE14010A-0AFF-88E8-B273-B878D8558195}" = CCC Help Polish

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"BN_DesktopReader" = NOOK for PC

"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader

"eMachines Registration" = eMachines Registration

"eMachines Screensaver" = eMachines ScreenSaver

"eMachines Welcome Center" = Welcome Center

"ERUNT_is1" = ERUNT 1.1j

"ESET Online Scanner" = ESET Online Scanner v3

"FoozKids" = Fooz Kids

"Hotkey Utility" = Hotkey Utility

"Identity Card" = Identity Card

"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400

"MSC" = McAfee Internet Security

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"SolveigMM AVI Trimmer 2.0.1204.27" = SolveigMM AVI Trimmer

"WildTangent emachines Master Uninstall" = eMachines Games

"WinLiveSuite" = Windows Live Essentials

"WTA-002781fd-bcba-4892-b9cd-42f5ec0eaa62" = Final Drive: Nitro

"WTA-07b35df1-23d6-4993-938a-ded40b164203" = Jewel Match 3

"WTA-2ae1e4a1-1a74-4b95-aa2e-bd1d1b4ee6b0" = Mystery of Mortlake Mansion

"WTA-3a716b28-e8a2-4cf3-883a-a3b8caeb2a75" = Build-a-lot 4 - Power Source

"WTA-4a7a1f8b-95ef-4b1c-b7f3-8e6121735af5" = Governor of Poker 2 Premium Edition

"WTA-5ad9af41-4bb6-43c2-b7b7-e89d08bda186" = Penguins!

"WTA-5c2e059b-617b-4fed-82b6-4fc634d1aefa" = Agatha Christie - Death on the Nile

"WTA-79d63b1a-26dc-4afa-bedf-5a9f56b1c6d7" = Virtual Villagers 5 - New Believers

"WTA-9bfbe13d-2761-454a-9fcd-fe12eb3e3eef" = Torchlight

"WTA-a63d6f7f-3614-4ae3-8ad4-fc2b996cbd7e" = Polar Bowler

"WTA-b2c12114-0d47-4098-9eeb-dea1d02a1a75" = Plants vs. Zombies - Game of the Year

"WTA-ca657c69-8bfb-489b-a19f-807c4bf073cb" = Chronicles of Albian

"WTA-d5450cc6-46c2-4a19-b61f-ab408f55b4a3" = Cradle of Rome 2

"WTA-db8a00c1-c07d-49f9-907f-85392ba2e198" = Dora's World Adventure

"WTA-deb3040b-c90c-4e4c-aaad-ca5864fa08ea" = Bejeweled 2 Deluxe

"WTA-e53f302b-7388-4065-8d00-7fa84715f49f" = Zuma's Revenge

"WTA-eccd2bc6-2552-4459-9ffd-b1e54b6d3350" = Polar Golfer

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Mail" = Yahoo! Internet Mail

"Yahoo! Mail Advisor" = Yahoo! Mail Advisor

"Yahoo! Software Update" = Yahoo! Software Update

"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for cdav1313

"ActiveTouchMeetingClient" = Cisco WebEx Meetings

"SOE-Free Realms" = Free Realms

"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 9/13/2012 6:26:20 AM | Computer Name = cdav1313-PC | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 9.0.8112.16448 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 15a8 Start

Time: 01cd919882da731b Termination Time: 100 Application Path: C:\Program Files (x86)\Internet

Explorer\iexplore.exe Report Id:

Error - 9/13/2012 6:35:28 AM | Computer Name = cdav1313-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{A88E1685-1986-4A86-8E88-5FE1E727D026}\recordingmanager.exe".

Dependent

Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/13/2012 6:38:34 AM | Computer Name = cdav1313-PC | Source = WinMgmt | ID = 10

Description =

Error - 9/13/2012 6:39:37 AM | Computer Name = cdav1313-PC | Source = VSS | ID = 8194

Description =

Error - 9/14/2012 1:13:55 AM | Computer Name = cdav1313-PC | Source = Application Error | ID = 1000

Description = Faulting application name: HotkeyUtility.exe, version: 2.5.3505.0,

time stamp: 0x4e434f79 Faulting module name: HotkeyUtility.exe, version: 2.5.3505.0,

time stamp: 0x4e434f79 Exception code: 0xc0000417 Fault offset: 0x0002ad0d Faulting

process id: 0xee4 Faulting application start time: 0x01cd919bc59c904c Faulting application

path: C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe Faulting

module path: C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe Report

Id: fa93f10a-fe2a-11e1-b1f1-c89cdcab3d8b

Error - 9/14/2012 1:55:56 AM | Computer Name = cdav1313-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{A88E1685-1986-4A86-8E88-5FE1E727D026}\recordingmanager.exe".

Dependent

Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/14/2012 6:05:56 AM | Computer Name = cdav1313-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{A88E1685-1986-4A86-8E88-5FE1E727D026}\recordingmanager.exe".

Dependent

Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/14/2012 5:20:27 PM | Computer Name = cdav1313-PC | Source = Application Error | ID = 1000

Description = Faulting application name: DVDMaker.exe, version: 6.1.7600.16385,

time stamp: 0x4a5bd0ca Faulting module name: unknown, version: 0.0.0.0, time stamp:

0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process

id: 0x1240 Faulting application start time: 0x01cd9260897d96ea Faulting application

path: C:\Program Files\DVD Maker\DVDMaker.exe Faulting module path: unknown Report

Id: 005ad848-feb2-11e1-b1f1-c89cdcab3d8b

Error - 9/14/2012 5:20:35 PM | Computer Name = cdav1313-PC | Source = Application Error | ID = 1000

Description = Faulting application name: DVDMaker.exe, version: 6.1.7600.16385,

time stamp: 0x4a5bd0ca Faulting module name: unknown, version: 0.0.0.0, time stamp:

0x00000000 Exception code: 0xc000041d Fault offset: 0x0000000000000000 Faulting process

id: 0x1240 Faulting application start time: 0x01cd9260897d96ea Faulting application

path: C:\Program Files\DVD Maker\DVDMaker.exe Faulting module path: unknown Report

Id: 055dddfb-feb2-11e1-b1f1-c89cdcab3d8b

Error - 9/15/2012 8:55:40 AM | Computer Name = cdav1313-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{A88E1685-1986-4A86-8E88-5FE1E727D026}\recordingmanager.exe".

Dependent

Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]

Error - 7/19/2012 9:27:19 PM | Computer Name = cdav1313-PC | Source = MCUpdate | ID = 0

Description = 9:27:19 PM - Error connecting to the internet. 9:27:19 PM - Unable

to contact server..

Error - 7/19/2012 9:27:54 PM | Computer Name = cdav1313-PC | Source = MCUpdate | ID = 0

Description = 9:27:48 PM - Error connecting to the internet. 9:27:48 PM - Unable

to contact server..

Error - 7/19/2012 10:28:39 PM | Computer Name = cdav1313-PC | Source = MCUpdate | ID = 0

Description = 10:28:39 PM - Error connecting to the internet. 10:28:39 PM - Unable

to contact server..

Error - 7/30/2012 8:22:05 PM | Computer Name = cdav1313-PC | Source = MCUpdate | ID = 0

Description = 8:22:05 PM - Error connecting to the internet. 8:22:05 PM - Unable

to contact server..

Error - 8/8/2012 9:53:24 AM | Computer Name = cdav1313-PC | Source = MCUpdate | ID = 0

Description = 9:53:19 AM - Error connecting to the internet. 9:53:19 AM - Unable

to contact server..

Error - 8/8/2012 10:58:53 AM | Computer Name = cdav1313-PC | Source = MCUpdate | ID = 0

Description = 10:58:50 AM - Error connecting to the internet. 10:58:50 AM - Unable

to contact server..

Error - 8/8/2012 11:59:37 AM | Computer Name = cdav1313-PC | Source = MCUpdate | ID = 0

Description = 11:59:35 AM - Error connecting to the internet. 11:59:35 AM - Unable

to contact server..

Error - 8/8/2012 1:00:23 PM | Computer Name = cdav1313-PC | Source = MCUpdate | ID = 0

Description = 1:00:20 PM - Error connecting to the internet. 1:00:20 PM - Unable

to contact server..

Error - 8/18/2012 9:20:50 AM | Computer Name = cdav1313-PC | Source = MCUpdate | ID = 0

Description = 9:20:42 AM - Error connecting to the internet. 9:20:42 AM - Unable

to contact server..

Error - 8/18/2012 10:21:54 AM | Computer Name = cdav1313-PC | Source = MCUpdate | ID = 0

Description = 10:21:47 AM - Error connecting to the internet. 10:21:47 AM - Unable

to contact server..

[ System Events ]

Error - 9/28/2012 9:22:34 PM | Computer Name = cdav1313-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 9:21:00 PM on ?9/?28/?2012 was unexpected.

Error - 9/28/2012 9:23:16 PM | Computer Name = cdav1313-PC | Source = WMPNetworkSvc | ID = 866300

Description =

Error - 9/29/2012 4:45:08 PM | Computer Name = cdav1313-PC | Source = Application Popup | ID = 1060

Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility

with this system. Please contact your software vendor for a compatible version

of the driver.

Error - 9/29/2012 4:47:07 PM | Computer Name = cdav1313-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 9/29/2012 4:54:20 PM | Computer Name = cdav1313-PC | Source = DCOM | ID = 10010

Description =

Error - 9/29/2012 5:09:47 PM | Computer Name = cdav1313-PC | Source = DCOM | ID = 10010

Description =

Error - 9/29/2012 10:09:29 PM | Computer Name = cdav1313-PC | Source = DCOM | ID = 10010

Description =

Error - 9/29/2012 10:09:29 PM | Computer Name = cdav1313-PC | Source = DCOM | ID = 10010

Description =

Error - 9/30/2012 10:58:25 AM | Computer Name = cdav1313-PC | Source = DCOM | ID = 10010

Description =

Error - 9/30/2012 2:03:02 PM | Computer Name = cdav1313-PC | Source = DCOM | ID = 10010

Description =

< End of report >

Link to post
Share on other sites

MBAM log:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.30.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

cdav1313 :: CDAV1313-PC [administrator]

9/30/2012 4:54:47 PM

mbam-log-2012-09-30 (16-54-47).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 209022

Time elapsed: 4 minute(s), 11 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

The MBAM scan is very good. Before that, the ESET scan had found nothing.

We can proceed to close this out.

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix icon_exclaim.gif),

put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Highlight the line in this CODEBOX.
    Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
    c:\users\cdav1313\Desktop\ComboFix.exe /uninstall


  • Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
    Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
    Then tap Enter

IF in the case Combofix un-install has an issue, skip that step.

NEXT

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

aswMBR

RogueKiller.exe

TDSSKILLER.exe

RKILL

FSS.exe

SecurityCheck.exe

You may go to Control Panel >> Programs and Features & Uninstall ESET Online scanner

Safer practices & malware prevention

We are finished here. Best regards. cool.gif

Link to post
Share on other sites

Leave the item in quarantine. It is out of the way.

The "problem" is not malware-related. Nor is it obvious. The IE "has stopped working" has been seen a lot, and again, in your case, is not from malware.

Here is the only things I can think of:

Download TFC by OldTimer and SAVE it to your desktop

  • Double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Using IE (only!) to http://support.microsoft.com/kb/923737

[ignore any DOES NOT APPLY warning as well as the APPLIES TO section],

run the Fix It and then reboot.

Tip: For optimal results, enable the Delete personal settings option.

Using Internet Explorer browser, run the Microsoft Fix-It on the following MS page

http://support.microsoft.com/mats/ie_performance_and_safety

If your Internet Explorer is still having issues, then see the reply by Yog Li marked as answer at the following MS Technet page

http://social.technet.microsoft.com/Forums/en-US/itprovistaie/thread/d7603c5d-b8f6-46d0-ab0a-14fb6177813c/

I suggest you get and run the Microsoft Windows Defender Offline. This is an "offline" tool that you boot the pc with and scan your system for malware.

To get started, find a blank CD, DVD, or USB flash drive with at least 250 MB of free space and then download and run the tool—the tool will help you create the removable media.

The basic sequence of steps are

a) Download and SAVE the tool to a unique folder/location on your pc

b) Create the CD/DVD/USB-flash drive with tool

c) Set pc to boot from the offline media

d) Place media in & restart system

e) Run the tool. Have infinite patience & have it scan the entire system. Remove any malware that is found.

Download & info link http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline

The frequently asked questions for this tool

http://windows.microsoft.com/en-US/windows/windows-defender-offline-faq

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share