Solved Windows/Mcafee host process has stopped + no Internet?

HummingTurtle · Jun 21, 2012

Hi, I have been having some trouble with my laptop recently. I first noticed it about a week ago when I started to randomly recieve 'Windows Host Processes has stopped working'. A few days later, 'Mcafee host processes has stopped working' started to appear.

Even more recently, I have been unable to browse the internet without constant lag. e.g. I will connect to my router from said laptop, but will be unable to load a page from on that laptop OR from my desktop PC. However if I disconnect my laptop's wireless connection, the desktop's internet works perfectly fine. I have had to download Malwarebytes, DDS and Gmer from my desktop and then transfer them to my laptop via flash drive.

And I'm not sure if this is related or not, but also around a week ago I noticed that when I tried to sort my folders (say, by date created), that when I left the folder it would revert back to the original sort method, usually by name. It has not done this before.

(Also, Gmer found nothing and as such there is no log.)

HummingTurtle · Jun 21, 2012

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.21.10
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Zach :: ZACH-PC [administrator]
6/21/2012 2:40:04 PM
mbam-log-2012-06-21 (14-40-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230660
Time elapsed: 5 minute(s), 10 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\Installer\{4ed00426-761c-ade8-3eda-60229d9845f4}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
(end)

HummingTurtle · Jun 21, 2012

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Zach at 15:08:52 on 2012-06-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2517 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\SMINST\BLService.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\DFX\DFX.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Hp\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\mcupdate.EXE
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\mcbuilder.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120429133016.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Google Update] "C:\Users\Zach\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [PlusService] "C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DFX.lnk - C:\Program Files (x86)\DFX\DFX.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0E98E87D-2B9E-4EE9-91B4-C640D7D3740C} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9961ABBC-E3FB-4574-9D02-AD22FB31F15E} : DhcpNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120429133016.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [PlusService] "C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\3uw49nnd.default\
FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Users\Zach\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-8 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-8 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-8 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-8 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-4-8 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-4-8 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-4-20 365952]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-4-20 193840]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 ActionReplayDS;ActionReplayDS;C:\Windows\system32\Drivers\ActionReplayDS_x64.sys --> C:\Windows\system32\Drivers\ActionReplayDS_x64.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 257696]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2012-4-9 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-06-21 19:40:46 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 19:39:58 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 19:39:58 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-21 19:39:41 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 19:39:41 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-21 19:39:41 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-21 19:39:41 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-20 21:19:27 116016 ----a-w- C:\Windows\System32\drivers\24673136.sys
2012-06-16 05:09:15 -------- d-----w- C:\Users\Zach\AppData\Local\Macromedia
2012-06-15 20:36:44 -------- d-----w- C:\Program Files\iPod(113)
2012-06-15 20:11:58 -------- d-----w- C:\Program Files (x86)\QuickTime(102)
2012-06-10 06:38:56 -------- d-----w- C:\Users\Zach\AppData\Roaming\Malwarebytes
2012-06-10 06:38:40 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-10 06:38:37 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-10 06:38:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-05 22:25:46 -------- d-----w- C:\Program Files (x86)\Datel
2012-06-05 22:14:01 51600 ----a-w- C:\Windows\System32\drivers\ActionReplayDS_x64.sys
2012-06-05 00:49:22 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{206E627B-C931-4374-BF0D-75407E6B8462}\mpengine.dll
2012-05-28 09:46:04 1689600 ----a-w- C:\Windows\SysWow64\mprdin.dll
.
==================== Find3M ====================
.
2012-05-05 13:19:30 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 13:19:30 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 13:19:23 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-17 22:17:45 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-09 17:59:57 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll
2012-04-09 17:58:48 449024 ----a-w- C:\Windows\System32\WMPhoto.dll
2012-04-08 17:06:24 505392 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-04-08 17:06:24 353840 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-04-08 17:06:24 1053232 ----a-w- C:\Windows\SysWow64\MFC71u.dll
2012-04-08 17:06:23 1066544 ----a-w- C:\Windows\SysWow64\MFC71.dll
2012-04-03 08:22:15 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-02 13:59:51 2766848 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 12:45:03 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 15:10:03.18 ===============

HummingTurtle · Jun 21, 2012

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/8/2012 11:50:48 AM
System Uptime: 6/21/2012 2:48:35 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 3612
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | CPU | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 55.322 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.865 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
µTorrent
Action Replay Code Manager
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Community Help
Adobe Flash Player ActiveX
Adobe Media Player
Adobe Photoshop CS5
Apple Application Support
Apple Software Update
ASIO4ALL
Atheros Driver Installation Program
Combined Community Codec Pack 2011-11-11
CyberLink DVD Suite
DFX
ESU for Microsoft Vista
FastStone Image Viewer 4.6
FL Studio 10
Foxit Reader 5.1
Google Chrome
HandBrake 0.9.6
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Quick Launch Buttons 6.40 H2
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
IL Download Manager
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 6 Update 7
Juno Preloader
LabelPrint
Last.fm 1.5.4.27091
LightScribe System Software 1.14.17.1
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee Internet Security Suite
Messenger Plus! 5
Microsoft Choice Guard
Microsoft Live Search Toolbar
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT Redists
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee Reveal
NetWaiting
NetZero Preloader
OpenOffice.org 3.3
PDF Settings CS5
Power2Go
PowerDirector
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
RocketDock 1.3.5
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Skype™ 5.8
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Vegas Pro 10.0
VLC media player 2.0.1
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Xilisoft Audio Converter Pro
.
==== Event Viewer Messages From Past Week ========
.
6/21/2012 2:54:14 PM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.
6/21/2012 2:49:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP SRTSPX
6/21/2012 2:49:57 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
6/21/2012 2:49:57 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
6/21/2012 2:49:57 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
6/21/2012 1:19:24 PM, Error: Service Control Manager [7031] - The Routing and Remote Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/20/2012 11:41:45 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
6/20/2012 11:41:45 AM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/20/2012 11:41:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
6/20/2012 11:36:23 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
6/19/2012 4:57:25 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.111 for the Network Card with network address 001F16EABE8D has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
6/18/2012 11:45:30 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Security with the following error: Access is denied.
6/18/2012 11:44:27 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 4 time(s).
6/18/2012 11:44:27 PM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/18/2012 11:44:27 PM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/18/2012 11:44:27 PM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/18/2012 11:44:27 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/18/2012 11:44:27 PM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/18/2012 11:44:27 PM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/18/2012 11:34:19 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 3 time(s).
6/18/2012 11:34:19 PM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/18/2012 11:34:19 PM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/18/2012 11:34:19 PM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/18/2012 11:34:19 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/18/2012 11:34:19 PM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/18/2012 11:34:19 PM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/17/2012 5:52:11 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 2 time(s).
6/17/2012 4:14:57 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
6/17/2012 3:10:34 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/15/2012 6:46:24 PM, Error: Service Control Manager [7034] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 3 time(s).
6/15/2012 6:46:24 PM, Error: Service Control Manager [7034] - The McAfee Services service terminated unexpectedly. It has done this 3 time(s).
6/15/2012 6:46:24 PM, Error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 3 time(s).
6/15/2012 6:46:24 PM, Error: Service Control Manager [7034] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 3 time(s).
6/15/2012 6:46:24 PM, Error: Service Control Manager [7034] - The McAfee Network Agent service terminated unexpectedly. It has done this 3 time(s).
6/15/2012 6:46:24 PM, Error: Service Control Manager [7034] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 3 time(s).
6/15/2012 3:31:45 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/15/2012 2:55:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
6/15/2012 2:55:25 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

Broni · Jun 21, 2012

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

HummingTurtle · Jun 21, 2012

I was able to run Combofix, but it never produced a log. If it did, I do not see it.

Broni · Jun 21, 2012

Restart computer and re-run Combofix.

HummingTurtle · Jun 21, 2012

Took quite a long time (2hrs at the least) and the log is very short. All files on my desktop disappeared as well.

-----

ComboFix 12-06-21.02 - Zach 06/21/2012 19:48:18.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2772 [GMT -5:00]
Running from: C:\Users\Zach\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Broni · Jun 21, 2012

Something is blocking Combofix from performing correct scan.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

HummingTurtle · Jun 21, 2012

Scan result of Farbar Recovery Scan Tool Version: 21-06-2012 02
Ran by SYSTEM at 21-06-2012 22:09:44
Running from G:\
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1237288 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [162328 2011-02-11] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2011-02-11] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [417304 2011-02-11] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" [468264 2008-09-23] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2008-10-06] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start [202032 2008-08-01] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
HKLM-x32\...\Run: [PlusService] "C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [801792 2012-02-27] (Yuna Software)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [combofix] C:\ComboFix\CF19576.3XE /c C:\ComboFix\Combobatch.bat [8272 2012-06-21] ()
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard)
HKU\Mcx1\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Mcx1\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard)
HKU\Mcx1\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [196608 2009-04-10] (Microsoft Corporation)
HKU\Zach\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKLM-x32\...\Runonce: [combofix] C:\ComboFix\CF19576.3XE /c C:\ComboFixCombobatch.bat [x]
HKLM-x32\...\runonceex: [flags] 8
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\DFX.lnk
ShortcutTarget: DFX.lnk -> C:\Program Files (x86)\DFX\DFX.exe ()
==================== Services (Whitelisted) ======
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502032 2012-03-22] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-10-06] ()
2 RemoteAccess; C:\Windows\SysWOW64\mprdin.dll [1689600 2012-05-28] ()
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [241734 2008-09-15] ()
3 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]
========================== Drivers (Whitelisted) =============
3 ActionReplayDS; C:\Windows\System32\Drivers\ActionReplayDS_x64.sys [51600 2007-02-08] (Thesycon GmbH, Germany)
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [126976 2008-06-29] (Intel(R) Corporation)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
1 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
3 NETw3v64; C:\Windows\System32\Drivers\NETw3v64.sys [3154432 2008-01-20] (Intel Corporation)
1 Beep; [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 mfeavfk01; [x]
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\ENG64.SYS [x]
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\EX64.SYS [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [x]
1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-06-21 16:41 - 2012-06-21 17:55 - 00000000 ___SD C:\ComboFix
2012-06-21 16:41 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-21 16:41 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-21 16:41 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-21 16:41 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-21 16:41 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-21 16:41 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-21 16:41 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-21 16:41 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-21 16:07 - 2012-06-21 17:55 - 00000000 ____D C:\Windows\erdnt
2012-06-21 16:07 - 2012-06-21 16:41 - 00000000 ___SD C:\32788R22FWJFW
2012-06-21 16:07 - 2012-06-21 16:41 - 00000000 ____D C:\Qoobox
2012-06-21 16:05 - 2012-06-21 16:03 - 04564664 ____R (Swearware) C:\Users\Zach\Desktop\ComboFix.exe
2012-06-21 12:12 - 2012-06-21 12:12 - 00020895 ____A C:\Users\Zach\Desktop\DDS.txt
2012-06-21 12:12 - 2012-06-21 12:12 - 00011387 ____A C:\Users\Zach\Desktop\Attach.txt
2012-06-21 12:08 - 2012-06-21 10:23 - 00607260 ____R (Swearware) C:\Users\Zach\Desktop\dds.scr
2012-06-21 11:51 - 2011-09-20 00:02 - 00083968 ____A (Esage Lab) C:\Users\Zach\Desktop\boot_cleaner.exe
2012-06-21 11:48 - 2012-06-21 11:48 - 00000392 ____A C:\Windows\PFRO.log
2012-06-21 11:40 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 11:40 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 11:40 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 11:40 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 11:39 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 11:39 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-06-21 11:39 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 11:39 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-06-21 11:39 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 11:39 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-06-21 11:39 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 11:39 - 2012-06-02 12:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-06-21 11:39 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-21 11:39 - 2012-06-02 12:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-06-21 10:18 - 2012-06-19 16:12 - 00302592 ____A C:\Users\Zach\Desktop\j44d94q8.exe
2012-06-20 13:19 - 2012-06-20 13:19 - 00116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\24673136.sys
2012-06-16 09:25 - 2012-06-16 09:25 - 00028938 ____A C:\Users\Zach\Downloads\O-Demonoid.me-O_Hey_Ocean!_is.torrent
2012-06-15 21:09 - 2012-06-15 21:09 - 00000000 ____D C:\Users\Zach\Local Settings\Macromedia
2012-06-15 21:09 - 2012-06-15 21:09 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\Macromedia
2012-06-15 21:09 - 2012-06-15 21:09 - 00000000 ____D C:\Users\Zach\AppData\Local\Macromedia
2012-06-15 20:56 - 2012-06-20 13:06 - 00001496 ____A C:\Windows\setupact.log
2012-06-15 20:56 - 2012-06-15 20:56 - 00000000 ____A C:\Windows\setuperr.log
2012-06-15 12:36 - 2012-06-20 08:27 - 00000000 ____D C:\Program Files\iPod(113)
2012-06-15 12:22 - 2012-06-15 12:23 - 01067600 ____A C:\Users\Zach\Downloads\Aero-2.zip
2012-06-15 12:21 - 2012-06-15 12:21 - 00487316 ____A C:\Users\Zach\Downloads\Carbon-2.zip
2012-06-15 12:18 - 2012-06-15 12:18 - 00349822 ____A C:\Users\Zach\Downloads\Cloud-2.zip
2012-06-15 12:18 - 2012-06-15 12:18 - 00084003 ____A C:\Users\Zach\Downloads\Dark-Phoenix.zip
2012-06-15 12:11 - 2012-06-15 12:13 - 00000000 ____D C:\Program Files (x86)\QuickTime(102)
2012-06-13 07:07 - 2012-06-13 07:09 - 36491956 ____A C:\Users\Zach\Downloads\Pinkie Guy - In Seconds -Instrumental.zip
2012-06-09 22:38 - 2012-06-09 22:38 - 00000000 ____D C:\Users\Zach\Application Data\Malwarebytes
2012-06-09 22:38 - 2012-06-09 22:38 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Malwarebytes
2012-06-09 22:38 - 2012-06-09 22:38 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-09 22:38 - 2012-06-09 22:38 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-06-09 22:38 - 2012-06-09 22:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-09 22:38 - 2012-04-04 12:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-09 22:11 - 2012-06-09 22:19 - 00001688 ____A C:\Windows\BitsRepairTool.log
2012-06-05 14:25 - 2012-06-05 14:25 - 00000000 ____D C:\Program Files (x86)\Datel
2012-06-05 14:14 - 2007-02-08 10:48 - 00051600 ____A (Thesycon GmbH, Germany) C:\Windows\System32\Drivers\ActionReplayDS_x64.sys
2012-06-05 14:04 - 2012-06-05 14:04 - 00000539 ____A C:\Windows\KB893803v2.log
2012-05-28 19:46 - 2012-05-28 19:48 - 55226910 ____A C:\Users\Zach\Downloads\Kicks, Snares, Blah.zip
2012-05-28 01:46 - 2012-05-28 01:46 - 01689600 ____A C:\Windows\SysWOW64\mprdin.dll
2012-05-28 01:46 - 2012-05-28 01:46 - 00000395 ____A C:\Windows\SysWOW64\mprdin.ocx
2012-05-25 20:55 - 2012-06-20 08:24 - 00000000 ____D C:\Users\Zach\Downloads\Tor Browser
2012-05-23 13:38 - 2012-05-23 13:38 - 00000000 ____D C:\Users\Mcx1\Local Settings\VirtualStore
2012-05-23 13:38 - 2012-05-23 13:38 - 00000000 ____D C:\Users\Mcx1\Local Settings\Last.fm
2012-05-23 13:38 - 2012-05-23 13:38 - 00000000 ____D C:\Users\Mcx1\Local Settings\Application Data\VirtualStore
2012-05-23 13:38 - 2012-05-23 13:38 - 00000000 ____D C:\Users\Mcx1\Local Settings\Application Data\Last.fm
2012-05-23 13:38 - 2012-05-23 13:38 - 00000000 ____D C:\Users\Mcx1\AppData\Local\VirtualStore
2012-05-23 13:38 - 2012-05-23 13:38 - 00000000 ____D C:\Users\Mcx1\AppData\Local\Last.fm
2012-05-23 13:37 - 2012-05-23 13:37 - 00000020 __ASH C:\Users\Mcx1\ntuser.ini
2012-05-23 13:36 - 2012-06-20 08:25 - 00000000 ____D C:\users\Mcx1
2012-05-23 13:36 - 2012-04-12 07:11 - 00000000 ____D C:\Users\Mcx1\Application Data\Macromedia
2012-05-23 13:36 - 2012-04-12 07:11 - 00000000 ____D C:\Users\Mcx1\AppData\Roaming\Macromedia

============ 3 Months Modified Files and Folders =============
2012-06-21 22:09 - 2012-06-21 22:09 - 00000000 ____D C:\FRST
2012-06-21 19:04 - 2012-04-08 08:54 - 01919891 ____A C:\Windows\WindowsUpdate.log
2012-06-21 19:04 - 2006-11-02 07:42 - 00023884 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-21 19:04 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-21 19:00 - 2006-11-02 07:22 - 00003344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-21 19:00 - 2006-11-02 07:22 - 00003344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-21 18:58 - 2012-04-08 11:53 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-979627399-1745000425-631789929-1000UA.job
2012-06-21 18:19 - 2012-04-09 15:02 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-21 17:55 - 2012-06-21 16:41 - 00000000 ___SD C:\ComboFix
2012-06-21 17:55 - 2012-06-21 16:07 - 00000000 ____D C:\Windows\erdnt
2012-06-21 16:41 - 2012-06-21 16:07 - 00000000 ___SD C:\32788R22FWJFW
2012-06-21 16:41 - 2012-06-21 16:07 - 00000000 ____D C:\Qoobox
2012-06-21 16:37 - 2012-04-09 11:53 - 00000000 ____D C:\Users\Zach\Tracing
2012-06-21 16:35 - 2012-04-08 09:06 - 00000290 ____A C:\Users\All Users\hpqp.ini
2012-06-21 16:35 - 2012-04-08 09:06 - 00000290 ____A C:\Users\All Users\Application Data\hpqp.ini
2012-06-21 16:03 - 2012-06-21 16:05 - 04564664 ____R (Swearware) C:\Users\Zach\Desktop\ComboFix.exe
2012-06-21 15:09 - 2012-04-09 17:50 - 00000000 ____D C:\Users\Zach\Application Data\vlc
2012-06-21 15:09 - 2012-04-09 17:50 - 00000000 ____D C:\Users\Zach\AppData\Roaming\vlc
2012-06-21 12:13 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache
2012-06-21 12:12 - 2012-06-21 12:12 - 00020895 ____A C:\Users\Zach\Desktop\DDS.txt
2012-06-21 12:12 - 2012-06-21 12:12 - 00011387 ____A C:\Users\Zach\Desktop\Attach.txt
2012-06-21 11:58 - 2012-04-08 11:53 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-979627399-1745000425-631789929-1000Core.job
2012-06-21 11:54 - 2006-11-02 04:46 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-21 11:48 - 2012-06-21 11:48 - 00000392 ____A C:\Windows\PFRO.log
2012-06-21 10:23 - 2012-06-21 12:08 - 00607260 ____R (Swearware) C:\Users\Zach\Desktop\dds.scr
2012-06-20 13:19 - 2012-06-20 13:19 - 00116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\24673136.sys
2012-06-20 13:06 - 2012-06-15 20:56 - 00001496 ____A C:\Windows\setupact.log
2012-06-20 08:34 - 2012-04-08 10:23 - 00000000 ____D C:\users\Zach
2012-06-20 08:27 - 2012-06-15 12:36 - 00000000 ____D C:\Program Files\iPod(113)
2012-06-20 08:27 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\Msdtc
2012-06-20 08:26 - 2006-11-02 04:33 - 67895296 ____A C:\Windows\System32\config\components_previous
2012-06-20 08:26 - 2006-11-02 04:33 - 66060288 ____A C:\Windows\System32\config\software_previous
2012-06-20 08:26 - 2006-11-02 04:33 - 22020096 ____A C:\Windows\System32\config\system_previous
2012-06-20 08:26 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-06-20 08:26 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-06-20 08:26 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\default_previous
2012-06-20 08:25 - 2012-05-23 13:36 - 00000000 ____D C:\users\Mcx1
2012-06-20 08:25 - 2006-11-02 05:33 - 00000000 __RSD C:\Windows\Media
2012-06-20 08:24 - 2012-05-25 20:55 - 00000000 ____D C:\Users\Zach\Downloads\Tor Browser
2012-06-20 08:24 - 2012-05-03 11:02 - 00000000 ____D C:\Users\Zach\Local Settings\QuickPlay
2012-06-20 08:24 - 2012-05-03 11:02 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\QuickPlay
2012-06-20 08:24 - 2012-05-03 11:02 - 00000000 ____D C:\Users\Zach\AppData\Local\QuickPlay
2012-06-20 08:24 - 2012-04-18 18:18 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-06-20 08:24 - 2012-04-09 17:45 - 00000000 ____D C:\Program Files\iTunes
2012-06-20 08:24 - 2012-04-09 17:45 - 00000000 ____D C:\Program Files\iPod
2012-06-20 08:24 - 2012-04-09 17:45 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-06-20 08:24 - 2012-04-09 07:44 - 00000000 ____D C:\Users\Zach\Application Data\IrfanView
2012-06-20 08:24 - 2012-04-09 07:44 - 00000000 ____D C:\Users\Zach\AppData\Roaming\IrfanView
2012-06-20 08:24 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\spool
2012-06-20 08:23 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\registration
2012-06-19 16:12 - 2012-06-21 10:18 - 00302592 ____A C:\Users\Zach\Desktop\j44d94q8.exe
2012-06-17 12:34 - 2012-04-09 17:46 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\Apple Computer
2012-06-17 12:34 - 2012-04-09 17:46 - 00000000 ____D C:\Users\Zach\Local Settings\Apple Computer
2012-06-17 12:34 - 2012-04-09 17:46 - 00000000 ____D C:\Users\Zach\AppData\Local\Apple Computer
2012-06-17 09:21 - 2012-04-09 17:38 - 00000000 ____D C:\Users\Zach\Local Settings\Last.fm
2012-06-17 09:21 - 2012-04-09 17:38 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\Last.fm
2012-06-17 09:21 - 2012-04-09 17:38 - 00000000 ____D C:\Users\Zach\AppData\Local\Last.fm
2012-06-17 09:10 - 2012-04-15 19:21 - 00000132 ____A C:\Users\Zach\Application Data\Adobe PNG Format CS5 Prefs
2012-06-17 09:10 - 2012-04-15 19:21 - 00000132 ____A C:\Users\Zach\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-06-16 09:25 - 2012-06-16 09:25 - 00028938 ____A C:\Users\Zach\Downloads\O-Demonoid.me-O_Hey_Ocean!_is.torrent
2012-06-15 21:09 - 2012-06-15 21:09 - 00000000 ____D C:\Users\Zach\Local Settings\Macromedia
2012-06-15 21:09 - 2012-06-15 21:09 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\Macromedia
2012-06-15 21:09 - 2012-06-15 21:09 - 00000000 ____D C:\Users\Zach\AppData\Local\Macromedia
2012-06-15 20:56 - 2012-06-15 20:56 - 00000000 ____A C:\Windows\setuperr.log
2012-06-15 12:23 - 2012-06-15 12:22 - 01067600 ____A C:\Users\Zach\Downloads\Aero-2.zip
2012-06-15 12:21 - 2012-06-15 12:21 - 00487316 ____A C:\Users\Zach\Downloads\Carbon-2.zip
2012-06-15 12:18 - 2012-06-15 12:18 - 00349822 ____A C:\Users\Zach\Downloads\Cloud-2.zip
2012-06-15 12:18 - 2012-06-15 12:18 - 00084003 ____A C:\Users\Zach\Downloads\Dark-Phoenix.zip
2012-06-15 12:13 - 2012-06-15 12:11 - 00000000 ____D C:\Program Files (x86)\QuickTime(102)
2012-06-13 07:09 - 2012-06-13 07:07 - 36491956 ____A C:\Users\Zach\Downloads\Pinkie Guy - In Seconds -Instrumental.zip
2012-06-12 20:51 - 2012-04-10 05:33 - 00000000 ____D C:\Users\Zach\My Documents\Vegas Pro 10.0 Projects
2012-06-12 20:51 - 2012-04-10 05:33 - 00000000 ____D C:\Users\Zach\Documents\Vegas Pro 10.0 Projects
2012-06-10 20:23 - 2012-04-10 05:35 - 00000000 ____D C:\Users\Zach\My Documents\Other
2012-06-10 20:23 - 2012-04-10 05:35 - 00000000 ____D C:\Users\Zach\Documents\Other
2012-06-09 22:38 - 2012-06-09 22:38 - 00000000 ____D C:\Users\Zach\Application Data\Malwarebytes
2012-06-09 22:38 - 2012-06-09 22:38 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Malwarebytes
2012-06-09 22:38 - 2012-06-09 22:38 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-09 22:38 - 2012-06-09 22:38 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-06-09 22:38 - 2012-06-09 22:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-09 22:19 - 2012-06-09 22:11 - 00001688 ____A C:\Windows\BitsRepairTool.log
2012-06-05 14:25 - 2012-06-05 14:25 - 00000000 ____D C:\Program Files (x86)\Datel
2012-06-05 14:04 - 2012-06-05 14:04 - 00000539 ____A C:\Windows\KB893803v2.log
2012-06-04 17:57 - 2012-04-09 17:59 - 00000000 ____D C:\Users\Zach\Application Data\uTorrent
2012-06-04 17:57 - 2012-04-09 17:59 - 00000000 ____D C:\Users\Zach\AppData\Roaming\uTorrent
2012-06-04 10:39 - 2012-04-10 05:58 - 00028160 ____A C:\Users\Zach\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-04 10:39 - 2012-04-10 05:58 - 00028160 ____A C:\Users\Zach\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-04 10:39 - 2012-04-10 05:58 - 00028160 ____A C:\Users\Zach\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-02 14:19 - 2012-06-21 11:40 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 11:40 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 11:40 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 11:39 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 11:39 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-06-02 14:19 - 2012-06-21 11:39 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-21 11:39 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-06-02 14:15 - 2012-06-21 11:40 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 11:39 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-21 11:39 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-06-02 12:19 - 2012-06-21 11:39 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:19 - 2012-06-21 11:39 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-06-02 12:15 - 2012-06-21 11:39 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 12:12 - 2012-06-21 11:39 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-05-28 19:48 - 2012-05-28 19:46 - 55226910 ____A C:\Users\Zach\Downloads\Kicks, Snares, Blah.zip
2012-05-28 01:46 - 2012-05-28 01:46 - 01689600 ____A C:\Windows\SysWOW64\mprdin.dll
2012-05-28 01:46 - 2012-05-28 01:46 - 00000395 ____A C:\Windows\SysWOW64\mprdin.ocx
2012-05-23 13:38 - 2012-05-23 13:38 - 00000000 ____D C:\Users\Mcx1\Local Settings\VirtualStore
2012-05-23 13:38 - 2012-05-23 13:38 - 00000000 ____D C:\Users\Mcx1\Local Settings\Last.fm
2012-05-23 13:38 - 2012-05-23 13:38 - 00000000 ____D C:\Users\Mcx1\Local Settings\Application Data\VirtualStore
2012-05-23 13:38 - 2012-05-23 13:38 - 00000000 ____D C:\Users\Mcx1\Local Settings\Application Data\Last.fm
2012-05-23 13:38 - 2012-05-23 13:38 - 00000000 ____D C:\Users\Mcx1\AppData\Local\VirtualStore
2012-05-23 13:38 - 2012-05-23 13:38 - 00000000 ____D C:\Users\Mcx1\AppData\Local\Last.fm
2012-05-23 13:38 - 2006-11-02 07:07 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-05-23 13:37 - 2012-05-23 13:37 - 00000020 __ASH C:\Users\Mcx1\ntuser.ini
2012-05-23 13:36 - 2006-11-02 05:34 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2012-05-22 10:16 - 2009-04-20 16:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-18 18:35 - 2012-05-18 18:35 - 00019808 ____A C:\Users\Zach\Downloads\Modestep_(2_Albums)-_=Demonoid.me=_.torrent
2012-05-15 18:51 - 2012-05-15 15:57 - 00000371 ____A C:\Users\Zach\My Documents\survey.txt
2012-05-15 18:51 - 2012-05-15 15:57 - 00000371 ____A C:\Users\Zach\Documents\survey.txt
2012-05-15 05:06 - 2012-04-13 22:31 - 00001456 ____A C:\Users\Zach\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
2012-05-15 05:06 - 2012-04-13 22:31 - 00001456 ____A C:\Users\Zach\Local Settings\Adobe Save for Web 12.0 Prefs
2012-05-15 05:06 - 2012-04-13 22:31 - 00001456 ____A C:\Users\Zach\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-05-12 19:06 - 2012-04-09 12:30 - 00000000 ____D C:\Users\Zach\My Documents\My Received Files
2012-05-12 19:06 - 2012-04-09 12:30 - 00000000 ____D C:\Users\Zach\Documents\My Received Files
2012-05-08 16:10 - 2012-04-08 11:26 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-05-08 12:02 - 2006-11-02 07:21 - 04901608 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-08 11:57 - 2006-11-02 07:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2012-05-08 11:57 - 2006-11-02 07:07 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-07 18:59 - 2012-05-07 18:59 - 00069563 ____A C:\Users\Zach\Downloads\Disney_Recess_All_6_Seasons!_O-Demonoid.me-O_11733031.0102.torrent
2012-05-07 18:51 - 2012-05-07 18:51 - 00021690 ____A C:\Users\Zach\Downloads\Disney's_Fillmore!_Complete_Series-[Demonoid.me]_11733031.0102.torrent
2012-05-07 07:43 - 2012-05-07 07:43 - 00000000 ____D C:\Users\Zach\Application Data\Foxit Software
2012-05-07 07:43 - 2012-05-07 07:43 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Foxit Software
2012-05-07 06:00 - 2012-05-07 05:59 - 10871726 ____A C:\Users\Zach\Downloads\Ponymon Alpha0-21.zip
2012-05-06 17:17 - 2012-04-09 17:46 - 00000000 ____D C:\Users\Zach\Application Data\Apple Computer
2012-05-06 17:17 - 2012-04-09 17:46 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Apple Computer
2012-05-06 16:28 - 2012-05-06 16:28 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2012-05-05 05:19 - 2012-05-05 05:19 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-05 05:19 - 2012-04-09 15:02 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-05 05:19 - 2012-04-09 15:02 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-04 11:10 - 2012-04-08 10:33 - 00083496 ____A C:\Users\Zach\Local Settings\GDIPFONTCACHEV1.DAT
2012-05-04 11:10 - 2012-04-08 10:33 - 00083496 ____A C:\Users\Zach\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-05-04 11:10 - 2012-04-08 10:33 - 00083496 ____A C:\Users\Zach\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-03 11:02 - 2012-05-03 11:02 - 00000021 ____A C:\Users\All Users\hpqp.txt
2012-05-03 11:02 - 2012-05-03 11:02 - 00000021 ____A C:\Users\All Users\Application Data\hpqp.txt
2012-05-03 11:02 - 2012-05-03 11:02 - 00000000 ____D C:\Users\Zach\Application Data\CyberLink
2012-05-03 11:02 - 2012-05-03 11:02 - 00000000 ____D C:\Users\Zach\AppData\Roaming\CyberLink
2012-05-03 11:02 - 2009-04-20 16:38 - 00000000 ____D C:\Users\All Users\CyberLink
2012-05-03 11:02 - 2009-04-20 16:38 - 00000000 ____D C:\Users\All Users\Application Data\CyberLink
2012-05-02 20:41 - 2012-05-02 20:34 - 07073240 ____A C:\Users\Zach\Downloads\NewYoutubeTemplate.psd
2012-04-30 10:47 - 2012-04-10 05:33 - 00000000 ____D C:\Users\Zach\My Documents\School
2012-04-30 10:47 - 2012-04-10 05:33 - 00000000 ____D C:\Users\Zach\Documents\School
2012-04-29 10:30 - 2012-04-09 14:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-29 07:00 - 2012-04-14 07:40 - 00000680 ____A C:\Users\Zach\Local Settings\d3d9caps.dat
2012-04-29 07:00 - 2012-04-14 07:40 - 00000680 ____A C:\Users\Zach\Local Settings\Application Data\d3d9caps.dat
2012-04-29 07:00 - 2012-04-14 07:40 - 00000680 ____A C:\Users\Zach\AppData\Local\d3d9caps.dat
2012-04-27 19:15 - 2012-04-27 19:15 - 00428298 ____A C:\Users\Zach\Downloads\Wut Is Mah Destiny Remix Files - 147bpm - TeiThePony.rar
2012-04-27 16:55 - 2012-04-25 11:34 - 00000000 ____D C:\Users\Zach\Application Data\Media Player Classic
2012-04-27 16:55 - 2012-04-25 11:34 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Media Player Classic
2012-04-27 16:53 - 2012-04-09 15:50 - 00000000 ____D C:\Program Files\CCleaner
2012-04-26 13:47 - 2012-04-12 12:06 - 00000000 ____D C:\Users\Zach\Downloads\vsti and vst presets updated 9,2011
2012-04-26 13:43 - 2012-04-26 13:38 - 00000000 ____D C:\Users\Zach\Application Data\HandBrake
2012-04-26 13:43 - 2012-04-26 13:38 - 00000000 ____D C:\Users\Zach\AppData\Roaming\HandBrake
2012-04-26 13:37 - 2012-04-26 13:37 - 00000772 ____A C:\Users\Zach\My Documents\Handbrake.lnk
2012-04-26 13:37 - 2012-04-26 13:37 - 00000772 ____A C:\Users\Zach\Documents\Handbrake.lnk
2012-04-26 13:37 - 2012-04-26 13:37 - 00000000 ____D C:\Program Files\Handbrake
2012-04-25 11:20 - 2012-04-25 11:20 - 00000000 ____D C:\Users\Zach\Application Data\Xilisoft
2012-04-25 11:20 - 2012-04-25 11:20 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Xilisoft
2012-04-25 11:19 - 2012-04-25 11:19 - 00001010 ____A C:\Users\Zach\My Documents\Xilisoft Audio Converter Pro.lnk
2012-04-25 11:19 - 2012-04-25 11:19 - 00001010 ____A C:\Users\Zach\Documents\Xilisoft Audio Converter Pro.lnk
2012-04-25 11:19 - 2012-04-25 11:19 - 00000000 ____D C:\Users\All Users\Xilisoft
2012-04-25 11:19 - 2012-04-25 11:19 - 00000000 ____D C:\Users\All Users\Application Data\Xilisoft
2012-04-25 11:19 - 2012-04-25 11:19 - 00000000 ____D C:\Program Files (x86)\Xilisoft
2012-04-24 05:01 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\NDF
2012-04-23 10:06 - 2012-04-23 10:06 - 00000000 ____D C:\Users\Zach\Application Data\SynthMaker
2012-04-23 10:06 - 2012-04-23 10:06 - 00000000 ____D C:\Users\Zach\AppData\Roaming\SynthMaker
2012-04-19 13:59 - 2012-04-19 13:59 - 00019619 ____A C:\Users\Zach\Downloads\((Demonoid.me))-Regular_Show_322_The_Best_Burger_in_the_World_(720p_Youtube).torrent
2012-04-19 13:58 - 2012-04-19 13:58 - 00015319 ____A C:\Users\Zach\Downloads\[]Demonoid.me[]-Regular_Show_321_Big_Winner.torrent
2012-04-19 13:57 - 2012-04-19 13:57 - 00014003 ____A C:\Users\Zach\Downloads\Regular_Show_320_Video_Game_Wizards_[449]-_=Demonoid.me=_.torrent
2012-04-19 11:44 - 2012-04-09 18:13 - 00000000 ____D C:\Users\Zach\Application Data\Skype
2012-04-19 11:44 - 2012-04-09 18:13 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Skype
2012-04-19 11:44 - 2009-04-20 15:29 - 00000000 ____D C:\Windows\panther
2012-04-19 11:31 - 2009-04-20 16:32 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-04-19 11:31 - 2009-04-20 16:32 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-04-19 11:31 - 2009-04-20 16:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2012-04-19 11:29 - 2006-11-02 07:07 - 00000000 ____D C:\Windows\ShellNew
2012-04-19 11:28 - 2006-11-02 05:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-04-19 11:24 - 2012-04-08 10:35 - 00000000 ____D C:\Users\Zach\Local Settings\VirtualStore
2012-04-19 11:24 - 2012-04-08 10:35 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\VirtualStore
2012-04-19 11:24 - 2012-04-08 10:35 - 00000000 ____D C:\Users\Zach\AppData\Local\VirtualStore
2012-04-17 14:17 - 2012-04-17 14:18 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-17 14:17 - 2012-04-17 14:18 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-17 14:17 - 2012-04-17 14:18 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-17 14:17 - 2012-04-09 06:45 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-04-17 14:17 - 2009-04-20 16:52 - 00000000 ____D C:\Program Files (x86)\Java
2012-04-16 13:26 - 2012-04-16 13:26 - 00000000 ____D C:\Windows\System32\Macromed
2012-04-16 08:15 - 2012-04-08 10:36 - 00000000 ____D C:\Users\Zach\Local Settings\Hewlett-Packard
2012-04-16 08:15 - 2012-04-08 10:36 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\Hewlett-Packard
2012-04-16 08:15 - 2012-04-08 10:36 - 00000000 ____D C:\Users\Zach\AppData\Local\Hewlett-Packard
2012-04-14 20:23 - 2012-04-14 20:23 - 00000000 ____D C:\Users\Zach\dwhelper
2012-04-13 20:21 - 2012-04-08 12:06 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\Adobe
2012-04-13 20:21 - 2012-04-08 12:06 - 00000000 ____D C:\Users\Zach\Local Settings\Adobe
2012-04-13 20:21 - 2012-04-08 12:06 - 00000000 ____D C:\Users\Zach\AppData\Local\Adobe
2012-04-13 20:21 - 2012-04-08 11:04 - 00000000 ____D C:\Users\Zach\Application Data\Adobe
2012-04-13 20:21 - 2012-04-08 11:04 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Adobe
2012-04-13 12:05 - 2012-04-13 12:05 - 00000000 ____D C:\Users\Zach\Application Data\Image-Line
2012-04-13 12:05 - 2012-04-13 12:05 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Image-Line
2012-04-12 13:45 - 2012-04-12 13:45 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2012-04-12 13:43 - 2012-04-12 13:43 - 00000000 ____D C:\Users\Zach\My Documents\Image-Line
2012-04-12 13:43 - 2012-04-12 13:43 - 00000000 ____D C:\Users\Zach\Documents\Image-Line
2012-04-12 13:43 - 2012-04-12 13:43 - 00000000 ____D C:\Program Files (x86)\Vstplugins
2012-04-12 13:43 - 2012-04-12 13:35 - 00000000 ____D C:\Program Files (x86)\Image-Line
2012-04-12 13:42 - 2012-04-12 13:42 - 00000000 ____D C:\Program Files (x86)\Outsim
2012-04-12 12:03 - 2012-04-12 12:03 - 00026265 ____A C:\Users\Zach\Downloads\fl_studio_10_8_reg_30_000_vsti_and_vst_presets_updated_9_2011_x-Demonoid.me-x_11733031.0102.torrent
2012-04-12 08:24 - 2012-04-12 08:24 - 00000000 ____D C:\Users\Zach\Application Data\Publish Providers
2012-04-12 08:24 - 2012-04-12 08:24 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Publish Providers
2012-04-12 08:24 - 2012-04-11 19:39 - 00000000 ____D C:\Users\Zach\Application Data\Sony
2012-04-12 08:24 - 2012-04-11 19:39 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Sony
2012-04-12 08:21 - 2012-04-11 19:39 - 00000000 ____D C:\Users\Zach\Local Settings\Sony
2012-04-12 08:21 - 2012-04-11 19:39 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\Sony
2012-04-12 08:21 - 2012-04-11 19:39 - 00000000 ____D C:\Users\Zach\AppData\Local\Sony
2012-04-12 08:15 - 2012-04-12 08:15 - 00000000 ____D C:\Users\All Users\Sony
2012-04-12 08:15 - 2012-04-12 08:15 - 00000000 ____D C:\Users\All Users\Application Data\Sony
2012-04-12 08:15 - 2012-04-12 08:15 - 00000000 ____D C:\Program Files (x86)\Sony
2012-04-12 07:54 - 2012-04-12 07:54 - 00000000 ____D C:\Users\Zach\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-04-12 07:54 - 2012-04-12 07:54 - 00000000 ____D C:\Users\Zach\Application Data\Adobe Mini Bridge CS5
2012-04-12 07:54 - 2012-04-12 07:54 - 00000000 ____D C:\Users\Zach\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-04-12 07:54 - 2012-04-12 07:54 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Adobe Mini Bridge CS5
2012-04-12 07:24 - 2012-04-12 07:24 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-04-12 07:24 - 2012-04-12 07:24 - 00000000 ____D C:\Users\All Users\Application Data\regid.1986-12.com.adobe
2012-04-12 07:24 - 2012-04-12 07:17 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-04-12 07:24 - 2009-04-20 16:37 - 00000000 ____D C:\Users\All Users\Application Data\Adobe
2012-04-12 07:24 - 2009-04-20 16:37 - 00000000 ____D C:\Users\All Users\Adobe
2012-04-12 07:23 - 2012-04-12 07:23 - 00000000 ____D C:\Program Files\Adobe
2012-04-12 07:20 - 2009-04-20 16:37 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-04-12 07:15 - 2012-04-12 07:15 - 00000000 ____D C:\Program Files (x86)\Adobe Media Player
2012-04-12 07:11 - 2012-05-23 13:36 - 00000000 ____D C:\Users\Mcx1\Application Data\Macromedia
2012-04-12 07:11 - 2012-05-23 13:36 - 00000000 ____D C:\Users\Mcx1\AppData\Roaming\Macromedia
2012-04-12 07:11 - 2012-04-12 07:11 - 00000000 ____D C:\Users\Default\Application Data\Macromedia
2012-04-12 07:11 - 2012-04-12 07:11 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-04-12 07:11 - 2012-04-12 07:11 - 00000000 ____D C:\Users\Default User\Application Data\Macromedia
2012-04-12 07:11 - 2012-04-12 07:11 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-04-11 14:36 - 2012-04-11 14:36 - 00000000 ____D C:\Users\Zach\Local Settings\DFX
2012-04-11 14:36 - 2012-04-11 14:36 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\DFX
2012-04-11 14:36 - 2012-04-11 14:36 - 00000000 ____D C:\Users\Zach\AppData\Local\DFX
2012-04-11 14:35 - 2012-04-11 14:34 - 00000000 ____D C:\Program Files (x86)\DFX
2012-04-11 14:34 - 2012-04-11 14:34 - 00000000 ____D C:\Users\All Users\DFX
2012-04-11 14:34 - 2012-04-11 14:34 - 00000000 ____D C:\Users\All Users\Application Data\DFX
2012-04-11 13:53 - 2012-04-11 12:59 - 00000000 ____D C:\Program Files (x86)\Winamp
2012-04-10 19:16 - 2012-04-10 19:14 - 00001726 ___AH C:\Users\Zach\My Documents\Default.rdp
2012-04-10 19:16 - 2012-04-10 19:14 - 00001726 ___AH C:\Users\Zach\Documents\Default.rdp
2012-04-10 15:59 - 2012-04-10 15:59 - 00274798 ____A C:\Users\Zach\Downloads\MLPMusicArchive_FULL_v002.torrent
2012-04-10 15:47 - 2012-04-10 15:48 - 00024880 ____A C:\Users\Zach\Downloads\77B8A2D3D94C275ABF29E9981349B04699BE699A.torrent
2012-04-10 15:47 - 2012-04-10 15:47 - 00062025 ____A C:\Users\Zach\Downloads\4FA481019E6BB59325F4203C6FAD218E48DDC2DF.torrent
2012-04-10 12:57 - 2012-04-10 12:57 - 00000000 ____D C:\Users\Zach\Application Data\FastStone
2012-04-10 12:57 - 2012-04-10 12:57 - 00000000 ____D C:\Users\Zach\AppData\Roaming\FastStone
2012-04-10 11:53 - 2012-04-10 11:53 - 00000000 ____D C:\Program Files (x86)\Ricochet Infinity
2012-04-10 11:45 - 2012-04-10 11:45 - 00000000 ____D C:\Program Files (x86)\Acclaim
2012-04-10 11:41 - 2012-04-10 11:41 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2012-04-10 06:05 - 2012-04-10 06:04 - 00466394 ____A C:\Windows\dd_vcredistMSI6BD0.txt
2012-04-10 06:05 - 2012-04-10 06:04 - 00216082 ____A C:\Windows\dd_vcredistUI6BD0.txt
2012-04-10 06:04 - 2012-04-10 06:03 - 00462130 ____A C:\Windows\dd_vcredistMSI6AE2.txt
2012-04-10 06:04 - 2012-04-10 06:03 - 00216034 ____A C:\Windows\dd_vcredistUI6AE2.txt
2012-04-10 06:03 - 2009-04-20 16:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2012-04-10 05:55 - 2012-04-10 05:55 - 00000000 ____D C:\Games
2012-04-10 05:53 - 2012-04-10 05:53 - 00000000 ___HD C:\Windows\System32\CanonMF Uninstaller Information
2012-04-10 05:49 - 2012-04-10 05:49 - 00000000 ____D C:\Program Files\Canon
2012-04-10 05:37 - 2012-04-10 05:37 - 00000000 ____D C:\Users\Zach\Application Data\OpenOffice.org
2012-04-10 05:37 - 2012-04-10 05:37 - 00000000 ____D C:\Users\Zach\AppData\Roaming\OpenOffice.org
2012-04-10 05:34 - 2012-04-10 05:34 - 00000000 ____D C:\Users\Zach\My Documents\Shoddy Teams
2012-04-10 05:34 - 2012-04-10 05:34 - 00000000 ____D C:\Users\Zach\My Documents\Datel
2012-04-10 05:34 - 2012-04-10 05:34 - 00000000 ____D C:\Users\Zach\Documents\Shoddy Teams
2012-04-10 05:34 - 2012-04-10 05:34 - 00000000 ____D C:\Users\Zach\Documents\Datel
2012-04-09 18:26 - 2012-04-09 18:26 - 00000000 ____D C:\Users\Zach\My Documents\Messenger Plus!
2012-04-09 18:26 - 2012-04-09 18:26 - 00000000 ____D C:\Users\Zach\Documents\Messenger Plus!
2012-04-09 18:12 - 2012-04-09 18:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-04-09 18:12 - 2012-04-09 18:12 - 00000000 ____D C:\Users\All Users\Skype
2012-04-09 18:12 - 2012-04-09 18:12 - 00000000 ____D C:\Users\All Users\Application Data\Skype
2012-04-09 18:08 - 2012-04-09 18:07 - 00000000 ____D C:\Program Files (x86)\FastStone Image Viewer
2012-04-09 17:59 - 2012-04-09 17:59 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-04-09 17:58 - 2012-04-09 17:58 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2012-04-09 17:47 - 2012-04-09 17:47 - 00000000 ____D C:\Users\All Users\Last.fm
2012-04-09 17:47 - 2012-04-09 17:47 - 00000000 ____D C:\Users\All Users\Application Data\Last.fm
2012-04-09 17:46 - 2012-04-09 17:45 - 00000000 ____D C:\Users\All Users\Application Data\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

HummingTurtle · Jun 21, 2012

2012-04-09 17:46 - 2012-04-09 17:45 - 00000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-09 17:45 - 2012-04-09 17:45 - 00000000 ____D C:\Users\All Users\Application Data\Apple Computer
2012-04-09 17:45 - 2012-04-09 17:45 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-04-09 17:43 - 2012-04-09 17:43 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\Apple
2012-04-09 17:43 - 2012-04-09 17:43 - 00000000 ____D C:\Users\Zach\Local Settings\Apple
2012-04-09 17:43 - 2012-04-09 17:43 - 00000000 ____D C:\Users\Zach\AppData\Local\Apple
2012-04-09 17:43 - 2012-04-09 17:43 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-04-09 17:43 - 2012-04-09 17:39 - 00000000 ____D C:\Users\All Users\Application Data\Apple
2012-04-09 17:43 - 2012-04-09 17:39 - 00000000 ____D C:\Users\All Users\Apple
2012-04-09 17:40 - 2012-04-09 17:40 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-04-09 17:40 - 2012-04-09 17:40 - 00000000 ____D C:\Program Files\Bonjour
2012-04-09 17:40 - 2012-04-09 17:40 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-04-09 17:38 - 2012-04-09 17:38 - 00000000 ____D C:\Program Files (x86)\Last.fm
2012-04-09 16:03 - 2012-04-09 16:02 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack
2012-04-09 16:01 - 2012-04-09 15:53 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-04-09 15:58 - 2012-04-09 15:53 - 00000000 ___HD C:\Windows\msdownld.tmp
2012-04-09 14:57 - 2012-04-09 14:57 - 00000000 ____D C:\Users\Zach\Local Settings\Mozilla
2012-04-09 14:57 - 2012-04-09 14:57 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\Mozilla
2012-04-09 14:57 - 2012-04-09 14:57 - 00000000 ____D C:\Users\Zach\Application Data\Mozilla
2012-04-09 14:57 - 2012-04-09 14:57 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Mozilla
2012-04-09 14:57 - 2012-04-09 14:57 - 00000000 ____D C:\Users\Zach\AppData\Local\Mozilla
2012-04-09 14:37 - 2012-04-09 14:38 - 00264271 ____A C:\Users\Zach\Downloads\FileHippoUpdateCheckerSetup.exe
2012-04-09 13:43 - 2012-04-09 13:43 - 00000000 ____D C:\Users\All Users\Messenger Plus!
2012-04-09 13:43 - 2012-04-09 13:43 - 00000000 ____D C:\Users\All Users\Application Data\Messenger Plus!
2012-04-09 13:42 - 2012-04-09 13:42 - 00000000 ____D C:\Program Files (x86)\Yuna Software
2012-04-09 12:55 - 2012-04-09 12:54 - 00000000 ____D C:\Users\Zach\Application Data\WinRAR
2012-04-09 12:55 - 2012-04-09 12:54 - 00000000 ____D C:\Users\Zach\AppData\Roaming\WinRAR
2012-04-09 12:54 - 2012-04-09 12:54 - 00000000 ____D C:\Program Files\WinRAR
2012-04-09 12:14 - 2012-04-09 12:14 - 00000000 ____D C:\Program Files (x86)\Windows Live SkyDrive
2012-04-09 12:14 - 2012-04-09 12:13 - 00000000 ____D C:\Program Files (x86)\Windows Live
2012-04-09 12:08 - 2012-04-09 12:07 - 00000000 ____D C:\Program Files (x86)\RocketDock
2012-04-09 12:04 - 2012-04-09 12:02 - 00000000 ____D C:\Users\Zach\Application Data\GetRightToGo
2012-04-09 12:04 - 2012-04-09 12:02 - 00000000 ____D C:\Users\Zach\AppData\Roaming\GetRightToGo
2012-04-09 11:54 - 2012-04-09 11:54 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\{74433A75-8A5B-4729-BE5D-AE693F676091}
2012-04-09 11:54 - 2012-04-09 11:54 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\{03D8D790-4B64-4810-9E09-4868652E5414}
2012-04-09 11:54 - 2012-04-09 11:54 - 00000000 ____D C:\Users\Zach\Local Settings\{74433A75-8A5B-4729-BE5D-AE693F676091}
2012-04-09 11:54 - 2012-04-09 11:54 - 00000000 ____D C:\Users\Zach\Local Settings\{03D8D790-4B64-4810-9E09-4868652E5414}
2012-04-09 11:54 - 2012-04-09 11:54 - 00000000 ____D C:\Users\Zach\AppData\Local\{74433A75-8A5B-4729-BE5D-AE693F676091}
2012-04-09 11:54 - 2012-04-09 11:54 - 00000000 ____D C:\Users\Zach\AppData\Local\{03D8D790-4B64-4810-9E09-4868652E5414}
2012-04-09 11:53 - 2012-04-09 11:46 - 00000000 ____D C:\Users\Zach\Local Settings\Windows Live
2012-04-09 11:53 - 2012-04-09 11:46 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\Windows Live
2012-04-09 11:53 - 2012-04-09 11:46 - 00000000 ____D C:\Users\Zach\AppData\Local\Windows Live
2012-04-09 10:45 - 2012-04-09 10:45 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2012-04-09 10:45 - 2012-04-09 10:45 - 00000000 ____D C:\Windows\SysWOW64\spool
2012-04-09 10:45 - 2012-04-09 10:45 - 00000000 ____D C:\Program Files\Windows Portable Devices
2012-04-09 10:45 - 2012-04-09 10:45 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\uk-UA
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\th-TH
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\sl-SI
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\ro-RO
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\hr-HR
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\bg-BG
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\zh-HK
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\uk-UA
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\tr-TR
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\th-TH
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\sr-Latn-CS
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\sl-SI
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\sk-SK
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\ro-RO
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\lv-LV
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\lt-LT
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\hr-HR
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\he-IL
2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\et-EE
2012-04-09 10:45 - 2006-11-02 05:33 - 00000000 ___RD C:\Windows\Offline Web Pages
2012-04-09 10:45 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\System32\bg-BG
2012-04-09 10:45 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\System32\ar-SA
2012-04-09 10:45 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-04-09 10:45 - 2006-11-02 05:33 - 00000000 ____D C:\Program Files\Common Files\System
2012-04-09 10:01 - 2012-04-09 10:01 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 09705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-04-09 10:01 - 2012-04-09 10:01 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-04-09 10:01 - 2012-04-09 10:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-09 10:01 - 2012-04-09 10:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-09 10:01 - 2012-04-09 10:01 - 02308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 02144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 01798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 01792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 01493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-09 10:01 - 2012-04-09 10:01 - 01427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-09 10:01 - 2012-04-09 10:01 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 01345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 01127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 01103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-09 10:01 - 2012-04-09 10:01 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-09 10:01 - 2012-04-09 10:01 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-04-09 10:01 - 2012-04-09 10:01 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-04-09 10:01 - 2012-04-09 10:01 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-04-09 10:01 - 2012-04-09 10:01 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-04-09 10:01 - 2012-04-09 10:01 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-04-09 10:01 - 2012-04-09 10:01 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-04-09 10:01 - 2012-04-09 10:01 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00114176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-04-09 10:01 - 2012-04-09 10:01 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-04-09 10:01 - 2012-04-09 10:01 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-04-09 10:01 - 2012-04-09 10:01 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-04-09 10:01 - 2012-04-09 10:01 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-04-09 10:01 - 2012-04-09 10:01 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-04-09 10:01 - 2012-04-09 10:01 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-04-09 10:01 - 2012-04-09 10:01 - 00072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-04-09 10:01 - 2012-04-09 10:01 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-04-09 10:01 - 2012-04-09 10:01 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-04-09 10:01 - 2012-04-09 10:01 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-04-09 10:01 - 2012-04-09 10:01 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-04-09 10:01 - 2012-04-09 10:01 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-09 10:01 - 2006-11-02 04:16 - 00008798 ____A C:\Windows\SysWOW64\icrav03.rat
2012-04-09 10:01 - 2006-11-02 04:16 - 00001988 ____A C:\Windows\SysWOW64\ticrf.rat
2012-04-09 10:01 - 2006-11-01 22:36 - 00008798 ____A C:\Windows\System32\icrav03.rat
2012-04-09 10:01 - 2006-11-01 22:36 - 00001988 ____A C:\Windows\System32\ticrf.rat
2012-04-09 09:59 - 2012-04-09 09:59 - 03548672 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 03068416 ____A (Microsoft Corporation) C:\Windows\System32\xpsservices.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 02873344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 01554432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 01461760 ____A (Microsoft Corporation) C:\Windows\System32\OpcServices.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 01268224 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 01257984 ____A (Microsoft Corporation) C:\Windows\System32\MFH264Dec.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 01204224 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 01075712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 01032192 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
2012-04-09 09:59 - 2012-04-09 09:59 - 01029120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 00979456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFH264Dec.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 00900480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-04-09 09:59 - 2012-04-09 09:59 - 00847360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 00748544 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 00625152 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 00586240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 00566272 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 00486400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 00478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 00428544 ____A (Microsoft Corporation) C:\Windows\System32\MFHEAACdec.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 00377344 ____A (Microsoft Corporation) C:\Windows\System32\mfmp4src.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\winspool.drv
2012-04-09 09:59 - 2012-04-09 09:59 - 00357376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFHEAACdec.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 00345088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4src.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 00287232 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 00261632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 00258048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2012-04-09 09:59 - 2012-04-09 09:59 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 00209920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 00195072 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 00189952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 00135680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 00098816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelineprxy.dll
2012-04-09 09:59 - 2012-04-09 09:59 - 00034304 ____A (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
2012-04-09 09:58 - 2012-04-09 09:58 - 01209856 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2012-04-09 09:58 - 2012-04-09 09:58 - 00974848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2012-04-09 09:58 - 2012-04-09 09:58 - 00792576 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2012-04-09 09:58 - 2012-04-09 09:58 - 00519680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2012-04-09 09:58 - 2012-04-09 09:58 - 00449024 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2012-04-09 09:58 - 2012-04-09 09:58 - 00411648 ____A (Microsoft Corporation) C:\Windows\System32\PhotoMetadataHandler.dll
2012-04-09 09:58 - 2012-04-09 09:58 - 00369664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2012-04-09 09:58 - 2012-04-09 09:58 - 00328192 ____A (Microsoft Corporation) C:\Windows\System32\dxdiag.exe
2012-04-09 09:58 - 2012-04-09 09:58 - 00321024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2012-04-09 09:58 - 2012-04-09 09:58 - 00262656 ____A (Microsoft Corporation) C:\Windows\System32\dxdiagn.dll
2012-04-09 09:58 - 2012-04-09 09:58 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxdiag.exe
2012-04-09 09:58 - 2012-04-09 09:58 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2012-04-09 09:58 - 2012-04-09 09:58 - 00195584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll
2012-04-09 09:58 - 2012-04-09 09:58 - 00189440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2012-04-09 08:54 - 2012-04-09 08:53 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\{E783BF2C-2397-4051-A78F-935BE2B114BD}
2012-04-09 08:54 - 2012-04-09 08:53 - 00000000 ____D C:\Users\Zach\Local Settings\{E783BF2C-2397-4051-A78F-935BE2B114BD}
2012-04-09 08:54 - 2012-04-09 08:53 - 00000000 ____D C:\Users\Zach\AppData\Local\{E783BF2C-2397-4051-A78F-935BE2B114BD}
2012-04-09 07:44 - 2012-04-09 07:44 - 00000000 ____D C:\Program Files (x86)\IrfanView
2012-04-09 06:46 - 2012-04-09 06:46 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2012-04-09 06:45 - 2012-04-09 06:45 - 00000000 ____D C:\Users\All Users\Sun
2012-04-09 06:45 - 2012-04-09 06:45 - 00000000 ____D C:\Users\All Users\Application Data\Sun
2012-04-09 06:43 - 2012-04-09 06:42 - 00443080 ____A C:\Users\Zach\Local Settings\dd_vcredistMSI3AAD.txt
2012-04-09 06:43 - 2012-04-09 06:42 - 00443080 ____A C:\Users\Zach\Local Settings\Application Data\dd_vcredistMSI3AAD.txt
2012-04-09 06:43 - 2012-04-09 06:42 - 00443080 ____A C:\Users\Zach\AppData\Local\dd_vcredistMSI3AAD.txt
2012-04-09 06:43 - 2012-04-09 06:42 - 00011696 ____A C:\Users\Zach\Local Settings\dd_vcredistUI3AAD.txt
2012-04-09 06:43 - 2012-04-09 06:42 - 00011696 ____A C:\Users\Zach\Local Settings\Application Data\dd_vcredistUI3AAD.txt
2012-04-09 06:43 - 2012-04-09 06:42 - 00011696 ____A C:\Users\Zach\AppData\Local\dd_vcredistUI3AAD.txt
2012-04-09 06:42 - 2012-04-09 06:40 - 00439040 ____A C:\Users\Zach\Local Settings\dd_vcredistMSI3960.txt
2012-04-09 06:42 - 2012-04-09 06:40 - 00439040 ____A C:\Users\Zach\Local Settings\Application Data\dd_vcredistMSI3960.txt
2012-04-09 06:42 - 2012-04-09 06:40 - 00439040 ____A C:\Users\Zach\AppData\Local\dd_vcredistMSI3960.txt
2012-04-09 06:42 - 2012-04-09 06:40 - 00011664 ____A C:\Users\Zach\Local Settings\dd_vcredistUI3960.txt
2012-04-09 06:42 - 2012-04-09 06:40 - 00011664 ____A C:\Users\Zach\Local Settings\Application Data\dd_vcredistUI3960.txt
2012-04-09 06:42 - 2012-04-09 06:40 - 00011664 ____A C:\Users\Zach\AppData\Local\dd_vcredistUI3960.txt
2012-04-09 05:43 - 2012-04-09 05:43 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-04-09 05:28 - 2012-04-09 05:26 - 00000000 ____D C:\Windows\SysWOW64\vi-VN
2012-04-09 05:28 - 2012-04-09 05:26 - 00000000 ____D C:\Windows\SysWOW64\eu-ES
2012-04-09 05:28 - 2012-04-09 05:26 - 00000000 ____D C:\Windows\SysWOW64\ca-ES
2012-04-09 05:28 - 2006-11-02 07:07 - 00000000 ____D C:\Program Files\Windows Sidebar
2012-04-09 05:28 - 2006-11-02 07:07 - 00000000 ____D C:\Program Files\Windows Photo Gallery
2012-04-09 05:28 - 2006-11-02 07:07 - 00000000 ____D C:\Program Files\Windows Defender
2012-04-09 05:28 - 2006-11-02 07:07 - 00000000 ____D C:\Program Files\Windows Collaboration
2012-04-09 05:28 - 2006-11-02 07:07 - 00000000 ____D C:\Program Files\Movie Maker
2012-04-09 05:28 - 2006-11-02 07:07 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-04-09 05:28 - 2006-11-02 07:07 - 00000000 ____D C:\Program Files (x86)\Windows Photo Gallery
2012-04-09 05:28 - 2006-11-02 07:07 - 00000000 ____D C:\Program Files (x86)\Windows Calendar
2012-04-09 05:28 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\SLUI
2012-04-09 05:28 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\setup
2012-04-09 05:28 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\oobe
2012-04-09 05:28 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2012-04-09 05:28 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2012-04-09 05:28 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-04-09 05:28 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\servicing
2012-04-09 05:27 - 2012-04-09 05:26 - 00000000 ____D C:\Windows\System32\vi-VN
2012-04-09 05:27 - 2012-04-09 05:26 - 00000000 ____D C:\Windows\System32\eu-ES
2012-04-09 05:27 - 2012-04-09 05:26 - 00000000 ____D C:\Windows\System32\ca-ES
2012-04-09 05:27 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\SLUI
2012-04-09 05:27 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\setup
2012-04-09 05:27 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\oobe
2012-04-09 05:27 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\migwiz
2012-04-09 05:27 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\manifeststore
2012-04-09 05:27 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2012-04-09 05:27 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\IME
2012-04-09 05:23 - 2012-04-09 05:23 - 00000000 ____D C:\Windows\System32\SPReview
2012-04-09 04:40 - 2012-04-09 04:40 - 00000000 ____D C:\Windows\System32\EventProviders
2012-04-08 20:04 - 2012-04-08 20:04 - 00000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-04-08 20:04 - 2012-04-08 20:04 - 00000000 ____D C:\Windows\System32\WindowsPowerShell
2012-04-08 14:27 - 2012-04-08 11:07 - 00000000 ____D C:\Users\All Users\McAfee
2012-04-08 14:27 - 2012-04-08 11:07 - 00000000 ____D C:\Users\All Users\Application Data\McAfee
2012-04-08 12:19 - 2006-11-02 07:37 - 00047092 ____A C:\Windows\System32\license.rtf
2012-04-08 12:09 - 2012-04-08 12:09 - 00000000 ____D C:\Users\Zach\Local Settings\Seven Zip
2012-04-08 12:09 - 2012-04-08 12:09 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\Seven Zip
2012-04-08 12:09 - 2012-04-08 12:09 - 00000000 ____D C:\Users\Zach\AppData\Local\Seven Zip
2012-04-08 12:00 - 2012-04-08 11:53 - 00000000 ____D C:\Users\Zach\Local Settings\Google
2012-04-08 12:00 - 2012-04-08 11:53 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\Google
2012-04-08 12:00 - 2012-04-08 11:53 - 00000000 ____D C:\Users\Zach\AppData\Local\Google
2012-04-08 11:53 - 2012-04-08 11:53 - 00000000 ____D C:\Users\Zach\Local Settings\Deployment
2012-04-08 11:53 - 2012-04-08 11:53 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\Deployment
2012-04-08 11:53 - 2012-04-08 11:53 - 00000000 ____D C:\Users\Zach\AppData\Local\Deployment
2012-04-08 11:53 - 2012-04-08 11:53 - 00000000 ____D C:\Users\Zach\AppData\Local\Apps\2.0
2012-04-08 11:43 - 2009-04-20 15:51 - 00000000 ____D C:\Users\All Users\WildTangent
2012-04-08 11:43 - 2009-04-20 15:51 - 00000000 ____D C:\Users\All Users\Application Data\WildTangent
2012-04-08 11:33 - 2012-04-08 11:33 - 00000000 ____D C:\Users\Zach\Application Data\Macromedia
2012-04-08 11:33 - 2012-04-08 11:33 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Macromedia
2012-04-08 11:28 - 2012-04-08 11:26 - 00000000 ____D C:\Program Files\McAfee
2012-04-08 11:27 - 2012-04-08 11:27 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2012-04-08 11:27 - 2012-04-08 11:26 - 00000000 ____D C:\Program Files\Common Files\McAfee
2012-04-08 11:26 - 2012-04-08 11:26 - 00000000 ____D C:\Program Files\McAfee.com
2012-04-08 11:13 - 2009-04-20 15:37 - 00000000 ____D C:\Users\All Users\Norton
2012-04-08 11:13 - 2009-04-20 15:37 - 00000000 ____D C:\Users\All Users\Application Data\Norton
2012-04-08 10:36 - 2012-04-08 10:36 - 00000000 ____D C:\Users\Zach\Application Data\Hewlett-Packard
2012-04-08 10:36 - 2012-04-08 10:36 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Hewlett-Packard
2012-04-08 10:36 - 2012-04-08 10:36 - 00000000 ____A C:\Users\Zach\Local Settings\QSwitch.txt
2012-04-08 10:36 - 2012-04-08 10:36 - 00000000 ____A C:\Users\Zach\Local Settings\DSwitch.txt
2012-04-08 10:36 - 2012-04-08 10:36 - 00000000 ____A C:\Users\Zach\Local Settings\AtStart.txt
2012-04-08 10:36 - 2012-04-08 10:36 - 00000000 ____A C:\Users\Zach\Local Settings\Application Data\QSwitch.txt
2012-04-08 10:36 - 2012-04-08 10:36 - 00000000 ____A C:\Users\Zach\Local Settings\Application Data\DSwitch.txt
2012-04-08 10:36 - 2012-04-08 10:36 - 00000000 ____A C:\Users\Zach\Local Settings\Application Data\AtStart.txt
2012-04-08 10:36 - 2012-04-08 10:36 - 00000000 ____A C:\Users\Zach\AppData\Local\QSwitch.txt
2012-04-08 10:36 - 2012-04-08 10:36 - 00000000 ____A C:\Users\Zach\AppData\Local\DSwitch.txt
2012-04-08 10:36 - 2012-04-08 10:36 - 00000000 ____A C:\Users\Zach\AppData\Local\AtStart.txt
2012-04-08 10:35 - 2009-04-20 16:56 - 00000000 ____D C:\Program Files (x86)\SMINST
2012-04-08 10:25 - 2012-04-08 10:25 - 00000000 ____D C:\Users\Zach\Application Data\HP TCS
2012-04-08 10:25 - 2012-04-08 10:25 - 00000000 ____D C:\Users\Zach\AppData\Roaming\HP TCS
2012-04-08 10:25 - 2009-04-20 15:51 - 00000000 ___RD C:\Program Files (x86)\Online Services
2012-04-08 10:24 - 2012-04-08 10:24 - 00000000 _RASH C:\Windows\SysWOW64\Drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE93700YL_E509717-002_4A_I3612_SHP_V09.67_F.65_T101215_WV3-1_L409_M3999_J250_7Intel_867A_92.00_#120408_N10EC8136;168C001C_(FS683AV)_XMOBILE_CN10_Z_2PCID.MRK
2012-04-08 10:24 - 2012-04-08 10:24 - 00000000 _RASH C:\Windows\System32\Drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE93700YL_E509717-002_4A_I3612_SHP_V09.67_F.65_T101215_WV3-1_L409_M3999_J250_7Intel_867A_92.00_#120408_N10EC8136;168C001C_(FS683AV)_XMOBILE_CN10_Z_2PCID.MRK
2012-04-08 10:24 - 2008-06-09 05:44 - 00000000 ____D C:\SwSetup
2012-04-08 10:24 - 2006-11-02 07:07 - 00000000 ____D C:\Windows\System32\restore
2012-04-08 10:24 - 1999-03-30 10:17 - 00000000 ___HD C:\System.sav
2012-04-08 10:23 - 2012-04-08 10:23 - 00000020 ___SH C:\Users\Zach\ntuser.ini
2012-04-08 09:13 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\sysprep
2012-04-08 09:10 - 2012-04-08 09:10 - 00000000 ____D C:\Program Files (x86)\muvee Technologies
2012-04-08 09:10 - 2009-04-20 15:35 - 00000000 ____D C:\Users\All Users\Hewlett-Packard
2012-04-08 09:10 - 2009-04-20 15:35 - 00000000 ____D C:\Users\All Users\Application Data\Hewlett-Packard
2012-04-08 09:09 - 2012-04-08 09:09 - 00000105 ____A C:\Users\All Users\Application Data\{d36dd326-7280-11d8-97c8-000129760cbe}.log
2012-04-08 09:09 - 2012-04-08 09:09 - 00000105 ____A C:\Users\All Users\{d36dd326-7280-11d8-97c8-000129760cbe}.log
2012-04-08 09:09 - 2012-04-08 09:09 - 00000032 ____A C:\Users\All Users\Application Data\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2012-04-08 09:09 - 2012-04-08 09:09 - 00000032 ____A C:\Users\All Users\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2012-04-08 09:09 - 2009-04-20 15:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-04-08 09:08 - 2012-04-08 09:08 - 00000032 ____A C:\Users\All Users\Application Data\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2012-04-08 09:08 - 2012-04-08 09:08 - 00000032 ____A C:\Users\All Users\Application Data\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2012-04-08 09:08 - 2012-04-08 09:08 - 00000032 ____A C:\Users\All Users\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2012-04-08 09:08 - 2012-04-08 09:08 - 00000032 ____A C:\Users\All Users\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2012-04-08 09:06 - 2012-04-08 09:06 - 00000032 ____A C:\Users\All Users\Application Data\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2012-04-08 09:06 - 2012-04-08 09:06 - 00000032 ____A C:\Users\All Users\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2012-04-08 09:06 - 2009-04-20 16:38 - 01066544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.dll
2012-04-08 09:06 - 2009-04-20 16:38 - 01053232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFC71u.dll
2012-04-08 09:06 - 2009-04-20 16:38 - 00505392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-04-08 09:06 - 2009-04-20 16:38 - 00353840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-04-08 09:05 - 2009-04-20 16:59 - 00000000 ____D C:\Program Files (x86)\Hp
2012-04-08 09:04 - 2009-04-20 15:20 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-04-08 09:03 - 2012-04-08 09:03 - 00016070 ____A C:\Windows\System32\results.xml
2012-04-08 09:01 - 2012-04-08 08:58 - 00000000 ____D C:\Program Files\CONEXANT
2012-04-08 09:01 - 2009-04-20 15:19 - 00000000 ___HD C:\HP
2012-04-08 08:59 - 2012-04-08 08:59 - 00000000 ____D C:\Windows\SysWOW64\x64
2012-04-08 08:59 - 2012-04-08 08:59 - 00000000 ____D C:\Windows\SysWOW64\Lang
2012-04-08 08:59 - 2012-04-08 08:59 - 00000000 ____D C:\Intel
2012-04-08 08:58 - 2012-04-08 08:58 - 00000000 ____D C:\Program Files (x86)\NetWaiting
2012-04-08 08:57 - 2012-04-08 08:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01000.Wdf
2012-04-08 08:57 - 2012-04-08 08:57 - 00000000 ____D C:\Program Files\Synaptics
2012-04-08 08:57 - 2012-04-08 08:57 - 00000000 ____D C:\Program Files (x86)\Realtek
2012-04-08 08:55 - 2012-04-08 08:55 - 00000000 ____D C:\Program Files (x86)\Intel
2012-04-08 08:55 - 2012-04-08 08:55 - 00000000 ____D C:\Program Files (x86)\Atheros
2012-04-08 08:55 - 2012-04-08 08:54 - 00000000 ____D C:\Users\All Users\Atheros
2012-04-08 08:55 - 2012-04-08 08:54 - 00000000 ____D C:\Users\All Users\Application Data\Atheros
2012-04-04 12:56 - 2012-06-09 22:38 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 00:22 - 2012-05-08 10:36 - 04699520 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-02 05:59 - 2012-05-08 10:36 - 02766848 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 04:45 - 2012-05-08 10:38 - 01423744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
ZeroAccess:
C:\Windows\Installer\{4ed00426-761c-ade8-3eda-60229d9845f4}
C:\Windows\Installer\{4ed00426-761c-ade8-3eda-60229d9845f4}\@
C:\Windows\Installer\{4ed00426-761c-ade8-3eda-60229d9845f4}\L
C:\Windows\Installer\{4ed00426-761c-ade8-3eda-60229d9845f4}\U
ZeroAccess:
C:\Users\Zach\AppData\Local\{4ed00426-761c-ade8-3eda-60229d9845f4}
C:\Users\Zach\AppData\Local\{4ed00426-761c-ade8-3eda-60229d9845f4}\@
C:\Users\Zach\AppData\Local\{4ed00426-761c-ade8-3eda-60229d9845f4}\L
C:\Users\Zach\AppData\Local\{4ed00426-761c-ade8-3eda-60229d9845f4}\U
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe BC81150939BD52DBC7A08C245F1FB229 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 16%
Total physical RAM: 3998.25 MB
Available physical RAM: 3330.66 MB
Total Pagefile: 3675.45 MB
Available Pagefile: 3307.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:220.6 GB) (Free:55.03 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:12.28 GB) (Free:1.87 GB) NTFS
5 Drive g: () (Removable) (Total:0.24 GB) (Free:0.21 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 1024 KB
Disk 1 No Media 0 B 0 B
Disk 2 Online 244 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 221 GB 1024 KB
Partition 2 Primary 12 GB 221 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 221 GB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D RECOVERY NTFS Partition 12 GB Healthy
======================================================================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 244 MB 16 KB
======================================================================================================
Disk: 2
Partition 1
Type : 0E
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 244 MB Healthy
======================================================================================================
==========================================================
Last Boot: 2012-06-21 16:39
======================= End Of Log ==========================

Broni · Jun 21, 2012

OK, we have ZeroAccess rootkit.

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

HummingTurtle · Jun 21, 2012

Farbar Recovery Scan Tool Version: 21-06-2012 02
Ran by SYSTEM at 2012-06-21 22:27:10
Running from G:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2012-04-09 04:57] - [2009-04-10 20:28] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2012-04-09 04:57] - [2009-04-10 21:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719
C:\Windows\SysWOW64\services.exe
[2012-04-09 04:57] - [2009-04-10 20:28] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\System32\services.exe
[2012-04-09 04:57] - [2009-04-10 21:10] - 0384512 ____A (Microsoft Corporation) BC81150939BD52DBC7A08C245F1FB229
====== End Of Search ======

Broni · Jun 21, 2012

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next....

Boot normally and re-run Combofix.

HummingTurtle · Jun 21, 2012

Here's the FRST log, and ComboFix is running right now.

---

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 21-06-2012 02
Ran by SYSTEM at 2012-06-21 22:41:40 Run:1
Running from G:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Windows\System32\consrv.dll not found.
C:\Windows\Installer\{4ed00426-761c-ade8-3eda-60229d9845f4} moved successfully.
C:\Users\Zach\AppData\Local\{4ed00426-761c-ade8-3eda-60229d9845f4} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====

Broni · Jun 21, 2012

HummingTurtle · Jun 21, 2012

ComboFix 12-06-21.02 - Zach 06/21/2012 19:48:18.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2772 [GMT -5:00]
Running from: c:\users\Zach\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Services.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-22 06:09 . 2012-06-22 06:10 -------- d-----w- C:\FRST
2012-06-22 01:55 . 2012-06-22 01:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-21 19:40 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 19:40 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 19:40 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 19:40 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 19:39 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 19:39 . 2012-06-02 22:19 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-21 19:39 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 19:39 . 2012-06-02 22:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-21 19:39 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 19:39 . 2012-06-02 22:12 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-21 19:39 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 19:39 . 2012-06-02 20:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-21 19:39 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 19:39 . 2012-06-02 20:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-20 21:19 . 2012-06-20 21:19 116016 ----a-w- c:\windows\system32\drivers\24673136.sys
2012-06-16 05:09 . 2012-06-16 05:09 -------- d-----w- c:\users\Zach\AppData\Local\Macromedia
2012-06-15 20:36 . 2012-06-20 16:27 -------- d-----w- c:\program files\iPod(113)
2012-06-15 20:11 . 2012-06-15 20:13 -------- d-----w- c:\program files (x86)\QuickTime(102)
2012-06-10 06:38 . 2012-06-10 06:38 -------- d-----w- c:\users\Zach\AppData\Roaming\Malwarebytes
2012-06-10 06:38 . 2012-06-10 06:38 -------- d-----w- c:\programdata\Malwarebytes
2012-06-10 06:38 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-10 06:38 . 2012-06-10 06:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-05 22:25 . 2012-06-05 22:25 -------- d-----w- c:\program files (x86)\Datel
2012-06-05 22:14 . 2007-02-08 18:48 51600 ----a-w- c:\windows\system32\drivers\ActionReplayDS_x64.sys
2012-06-05 00:49 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{206E627B-C931-4374-BF0D-75407E6B8462}\mpengine.dll
2012-05-28 09:46 . 2012-05-28 09:46 1689600 ----a-w- c:\windows\SysWow64\mprdin.dll
2012-05-23 21:36 . 2012-06-20 16:25 -------- d-----w- c:\users\Mcx1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 13:19 . 2012-04-09 23:02 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 13:19 . 2012-04-09 23:02 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 13:19 . 2012-05-05 13:19 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-17 22:17 . 2012-04-09 14:45 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-09 22:09 . 2012-04-09 22:09 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-04-09 22:09 . 2012-04-09 22:09 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-09 22:09 . 2012-04-09 22:09 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2012-04-09 18:01 . 2012-04-09 18:01 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-04-09 18:01 . 2012-04-09 18:01 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-04-09 18:01 . 2012-04-09 18:01 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-04-09 18:01 . 2012-04-09 18:01 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-04-09 18:01 . 2012-04-09 18:01 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-04-09 18:01 . 2012-04-09 18:01 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-04-09 18:01 . 2012-04-09 18:01 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-04-09 18:01 . 2012-04-09 18:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-04-09 18:01 . 2012-04-09 18:01 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-04-09 18:01 . 2012-04-09 18:01 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-04-09 18:01 . 2012-04-09 18:01 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-04-09 18:01 . 2012-04-09 18:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-04-09 18:01 . 2012-04-09 18:01 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-04-09 18:01 . 2012-04-09 18:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-04-09 18:01 . 2012-04-09 18:01 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-04-09 18:01 . 2012-04-09 18:01 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-04-09 18:01 . 2012-04-09 18:01 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-04-09 18:01 . 2012-04-09 18:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-04-09 18:01 . 2012-04-09 18:01 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-04-09 18:01 . 2012-04-09 18:01 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-04-09 18:01 . 2012-04-09 18:01 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-04-09 18:01 . 2012-04-09 18:01 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-04-09 18:01 . 2012-04-09 18:01 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-04-09 18:01 . 2012-04-09 18:01 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-04-09 18:01 . 2012-04-09 18:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-04-09 18:01 . 2012-04-09 18:01 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-04-09 18:01 . 2012-04-09 18:01 222208 ----a-w- c:\windows\system32\msls31.dll
2012-04-09 18:01 . 2012-04-09 18:01 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-04-09 18:01 . 2012-04-09 18:01 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-04-09 18:01 . 2012-04-09 18:01 12288 ----a-w- c:\windows\system32\mshta.exe
2012-04-09 18:01 . 2012-04-09 18:01 114176 ----a-w- c:\windows\system32\admparse.dll
2012-04-09 18:01 . 2012-04-09 18:01 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-04-09 18:01 . 2012-04-09 18:01 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-04-09 18:01 . 2012-04-09 18:01 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-04-09 18:01 . 2012-04-09 18:01 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-04-09 18:01 . 2012-04-09 18:01 448512 ----a-w- c:\windows\system32\html.iec
2012-04-09 18:01 . 2012-04-09 18:01 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-04-09 18:01 . 2012-04-09 18:01 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-04-09 18:01 . 2012-04-09 18:01 160256 ----a-w- c:\windows\system32\wextract.exe
2012-04-09 18:01 . 2012-04-09 18:01 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-09 18:01 . 2012-04-09 18:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-09 18:01 . 2012-04-09 18:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-04-09 17:59 . 2012-04-09 17:59 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
2012-04-09 17:59 . 2012-04-09 17:59 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-04-09 17:59 . 2012-04-09 17:59 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll
2012-04-09 17:59 . 2012-04-09 17:59 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-04-09 17:59 . 2012-04-09 17:59 98816 ----a-w- c:\windows\SysWow64\mfps.dll
2012-04-09 17:59 . 2012-04-09 17:59 377344 ----a-w- c:\windows\system32\mfmp4src.dll
2012-04-09 17:59 . 2012-04-09 17:59 3548672 ----a-w- c:\windows\system32\mf.dll
2012-04-09 17:59 . 2012-04-09 17:59 345088 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-04-09 17:59 . 2012-04-09 17:59 34304 ----a-w- c:\windows\system32\mfpmp.exe
2012-04-09 17:59 . 2012-04-09 17:59 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll
2012-04-09 17:59 . 2012-04-09 17:59 2873344 ----a-w- c:\windows\SysWow64\mf.dll
2012-04-09 17:59 . 2012-04-09 17:59 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2012-04-09 17:59 . 2012-04-09 17:59 195072 ----a-w- c:\windows\system32\mfps.dll
2012-04-09 17:59 . 2012-04-09 17:59 748544 ----a-w- c:\windows\system32\stobject.dll
2012-04-09 17:59 . 2012-04-09 17:59 586240 ----a-w- c:\windows\SysWow64\stobject.dll
2012-04-09 17:59 . 2012-04-09 17:59 278528 ----a-w- c:\windows\system32\mfplat.dll
2012-04-09 17:59 . 2012-04-09 17:59 209920 ----a-w- c:\windows\SysWow64\mfplat.dll
2012-04-09 17:59 . 2012-04-09 17:59 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-04-09 17:59 . 2012-04-09 17:59 566272 ----a-w- c:\windows\system32\d3d10level9.dll
2012-04-09 17:59 . 2012-04-09 17:59 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-04-09 17:59 . 2012-04-09 17:59 287232 ----a-w- c:\windows\system32\d3d10core.dll
2012-04-09 17:59 . 2012-04-09 17:59 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll
2012-04-09 17:59 . 2012-04-09 17:59 1268224 ----a-w- c:\windows\system32\d3d10.dll
2012-04-09 17:59 . 2012-04-09 17:59 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll
2012-04-09 17:59 . 2012-04-09 17:59 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-04-09 17:59 . 2012-04-09 17:59 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll
2012-04-09 17:59 . 2012-04-09 17:59 625152 ----a-w- c:\windows\system32\dxgi.dll
2012-04-09 17:59 . 2012-04-09 17:59 478720 ----a-w- c:\windows\SysWow64\dxgi.dll
2012-04-09 17:59 . 2012-04-09 17:59 47104 ----a-w- c:\windows\system32\cdd.dll
2012-04-09 17:59 . 2012-04-09 17:59 366592 ----a-w- c:\windows\system32\winspool.drv
2012-04-09 17:59 . 2012-04-09 17:59 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-04-09 17:59 . 2012-04-09 17:59 3068416 ----a-w- c:\windows\system32\xpsservices.dll
2012-04-09 17:59 . 2012-04-09 17:59 258048 ----a-w- c:\windows\SysWow64\winspool.drv
2012-04-09 17:59 . 2012-04-09 17:59 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll
2012-04-09 17:59 . 2012-04-09 17:59 1461760 ----a-w- c:\windows\system32\OpcServices.dll
2012-04-09 17:59 . 2012-04-09 17:59 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2012-04-09 17:59 . 2012-04-09 17:59 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-04-09 17:58 . 2012-04-09 17:58 449024 ----a-w- c:\windows\system32\WMPhoto.dll
2012-04-09 17:58 . 2012-04-09 17:58 369664 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2012-04-09 17:58 . 2012-04-09 17:58 328192 ----a-w- c:\windows\system32\dxdiag.exe
2012-04-09 17:58 . 2012-04-09 17:58 262656 ----a-w- c:\windows\system32\dxdiagn.dll
2012-04-09 17:58 . 2012-04-09 17:58 252928 ----a-w- c:\windows\SysWow64\dxdiag.exe
2012-04-09 17:58 . 2012-04-09 17:58 195584 ----a-w- c:\windows\SysWow64\dxdiagn.dll
2012-04-09 17:58 . 2012-04-09 17:58 974848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2012-04-09 17:58 . 2012-04-09 17:58 792576 ----a-w- c:\windows\system32\d3d11.dll
2012-04-09 17:58 . 2012-04-09 17:58 519680 ----a-w- c:\windows\SysWow64\d3d11.dll
2012-04-09 17:58 . 2012-04-09 17:58 411648 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-04-09 17:58 . 2012-04-09 17:58 321024 ----a-w- c:\windows\SysWow64\PhotoMetadataHandler.dll
2012-04-09 17:58 . 2012-04-09 17:58 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-04-09 17:58 . 2012-04-09 17:58 189440 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2012-04-09 17:58 . 2012-04-09 17:58 1209856 ----a-w- c:\windows\system32\WindowsCodecs.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DFX.lnk - c:\program files (x86)\DFX\DFX.exe [2011-12-21 1054632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 ActionReplayDS;ActionReplayDS;c:\windows\system32\Drivers\ActionReplayDS_x64.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 13:19]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-979627399-1745000425-631789929-1000Core.job
- c:\users\Zach\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-08 19:53]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-979627399-1745000425-631789929-1000UA.job
- c:\users\Zach\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-08 19:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1237288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\3uw49nnd.default\
FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@SACL=
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
@SACL=
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\SMINST\BLService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Completion time: 2012-06-21 22:51:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-22 03:51
.
Pre-Run: 58,997,985,280 bytes free
Post-Run: 58,523,365,376 bytes free
.
- - End Of File - - B3F6CF98ADD9F7128D7422A9924F5679

Broni · Jun 22, 2012

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- c:\windows\system32\Services.exe
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

HummingTurtle · Jun 22, 2012

Detection ratio is 0 / 42 on services.exe. And I was able to connect to the internet on the laptop via 'The Internet' icon that is on the desktop.

Broni · Jun 22, 2012

Very good. False positive.

Combofix log looks good.

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

HummingTurtle · Jun 22, 2012

I have not receieved a host or Mcafee process error. I can also access the internet just fine now through both IE and Firefox. Seems to be running smoothly.

OTL and Extras log in a moment.

Broni · Jun 22, 2012

Cool beans

HummingTurtle · Jun 22, 2012

OTL logfile created on: 6/21/2012 11:18:18 PM - Run 1
OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Zach\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 55.08% Memory free
11.64 Gb Paging File | 9.47 Gb Available in Paging File | 81.37% Paging File free
Paging file location(s): c:\pagefile.sys 8000 10000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.60 Gb Total Space | 53.89 Gb Free Space | 24.43% Space Free | Partition Type: NTFS
Drive D: | 12.28 Gb Total Space | 1.87 Gb Free Space | 15.23% Space Free | Partition Type: NTFS
Drive G: | 243.73 Mb Total Space | 218.90 Mb Free Space | 89.81% Space Free | Partition Type: FAT

Computer Name: ZACH-PC | User Name: Zach | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/21 23:13:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Zach\Desktop\OTL.exe
PRC - [2012/02/27 14:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011/12/21 21:22:06 | 001,054,632 | ---- | M] () -- C:\Program Files (x86)\DFX\DFX.exe
PRC - [2010/09/13 08:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/03/06 03:44:40 | 000,500,208 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
PRC - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/12/21 21:22:14 | 000,049,064 | ---- | M] () -- C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared.dll
MOD - [2011/12/21 21:22:06 | 001,054,632 | ---- | M] () -- C:\Program Files (x86)\DFX\DFX.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/22 19:30:56 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/03/20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/03/20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/03/20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/17 18:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2012/05/28 04:46:04 | 001,689,600 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\mprdin.dll -- (RemoteAccess)
SRV - [2012/05/05 08:19:31 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/20 02:03:08 | 001,344,000 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/10/03 03:40:12 | 000,264,704 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2008/06/29 09:52:44 | 000,126,976 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2008/06/10 14:58:48 | 000,170,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/04/17 13:05:20 | 000,324,656 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/01/20 21:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel(R)
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/10/31 21:22:50 | 001,481,216 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2007/10/31 21:19:46 | 000,293,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2007/10/31 21:18:32 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2007/10/17 18:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2007/06/18 19:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2007/02/08 13:48:04 | 000,051,600 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ActionReplayDS_x64.sys -- (ActionReplayDS)
DRV:64bit: - [2006/10/03 20:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/06/18 17:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5A0CF0FD-87DC-460F-83D7-77C3A5680955}
IE:64bit: - HKLM\..\SearchScopes\{5A0CF0FD-87DC-460F-83D7-77C3A5680955}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{800B35F9-A77F-4C65-BAD5-1D7309DD8780}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {5A0CF0FD-87DC-460F-83D7-77C3A5680955}
IE - HKLM\..\SearchScopes\{5A0CF0FD-87DC-460F-83D7-77C3A5680955}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{800B35F9-A77F-4C65-BAD5-1D7309DD8780}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-979627399-1745000425-631789929-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-979627399-1745000425-631789929-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-979627399-1745000425-631789929-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-979627399-1745000425-631789929-1000\..\SearchScopes,DefaultScope = {5A0CF0FD-87DC-460F-83D7-77C3A5680955}
IE - HKU\S-1-5-21-979627399-1745000425-631789929-1000\..\SearchScopes\{5A0CF0FD-87DC-460F-83D7-77C3A5680955}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-979627399-1745000425-631789929-1000\..\SearchScopes\{800B35F9-A77F-4C65-BAD5-1D7309DD8780}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE - HKU\S-1-5-21-979627399-1745000425-631789929-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-979627399-1745000425-631789929-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://espn.go.com/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Zach\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Zach\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/04/09 22:39:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/04/29 15:14:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/15 15:13:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/20 11:24:17 | 000,000,000 | ---D | M]

[2012/04/09 17:57:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Extensions
[2012/06/15 12:04:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\3uw49nnd.default\extensions
[2012/04/09 18:08:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\3uw49nnd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/06/20 11:24:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/20 11:24:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/06/17 17:49:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/04/09 22:39:15 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2012/04/11 11:19:40 | 000,079,135 | ---- | M] () (No name found) -- C:\USERS\ZACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3UW49NND.DEFAULT\EXTENSIONS\{1A2D0EC4-75F5-4C91-89C4-3656F6E44B68}.XPI
[2012/06/13 12:03:50 | 000,525,301 | ---- | M] () (No name found) -- C:\USERS\ZACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3UW49NND.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/04/09 18:08:18 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ZACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3UW49NND.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/05/18 20:36:29 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\ZACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3UW49NND.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/06/15 12:04:27 | 000,082,896 | ---- | M] () (No name found) -- C:\USERS\ZACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3UW49NND.DEFAULT\EXTENSIONS\LDSI_PLASHCOR@GMAIL.COM.XPI
[2012/04/09 18:08:17 | 000,025,950 | ---- | M] () (No name found) -- C:\USERS\ZACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3UW49NND.DEFAULT\EXTENSIONS\PBUPLOAD@PHOTOBUCKET.COM.XPI
[2012/04/09 18:08:17 | 000,330,316 | ---- | M] () (No name found) -- C:\USERS\ZACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3UW49NND.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2012/04/09 18:08:17 | 000,325,600 | ---- | M] () (No name found) -- C:\USERS\ZACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3UW49NND.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
[2012/03/12 23:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/17 17:18:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Zach\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Zach\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Zach\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Zach\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: Theme Creator = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc\2.4_0\
CHR - Extension: Mini Notepad = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\apjhdoaiejppfmijnkopdcpjcngdlffj\5.0.5_0\
CHR - Extension: Last.fm free music player = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbncpldmanoknoahidbgmkgobgmhnafh\2.9.68_0\
CHR - Extension: Tab Position Customizer = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\cldflinjcjehpjddjkohganfpjlnbpem\2.8_0\
CHR - Extension: Look of Disapproval = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmomlddchhdnchpieaalgkpgaafohlbn\2.2_0\
CHR - Extension: Search by Image (by Google) = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.1.1_0\
CHR - Extension: APNG = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehkepjiconegkhpodgoaeamnpckdbblp\0.7.1_0\
CHR - Extension: SiteAdvisor = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: AdBlock = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.36_0\
CHR - Extension: TinEye Reverse Image Search = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.1_0\
CHR - Extension: RSS Live Links = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcamnijgggppihioleoenjmlnakejdph\1.7.0.8_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.1.2_0\
CHR - Extension: Image Properties Context Menu = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon\0.7.5_0\
CHR - Extension: Session Manager = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc\3.4.3_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.12_0\
CHR - Extension: Docs PDF/PowerPoint Viewer (by Google) = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.8_0\
CHR - Extension: NotScripts = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0\
CHR - Extension: Extensions = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcjgnoblamnidcmgdelefafojomojbba\1.0_0\
CHR - Extension: Applejack = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\pihpeiicepcnffoplghjckjbcgiefope\1_0\

O1 HOSTS File: ([2012/06/21 22:43:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120429133016.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120429133016.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-979627399-1745000425-631789929-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil9f.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-979627399-1745000425-631789929-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-979627399-1745000425-631789929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-979627399-1745000425-631789929-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E98E87D-2B9E-4EE9-91B4-C640D7D3740C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9961ABBC-E3FB-4574-9D02-AD22FB31F15E}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

HummingTurtle · Jun 22, 2012

O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Silhouette.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Silhouette.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: Remoteaccess - C:\Windows\SysWOW64\mprdin.dll ()

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/22 01:09:35 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/21 23:14:59 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Zach\Desktop\OTL.exe
[2012/06/21 22:52:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/21 22:51:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/21 22:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/06/21 19:41:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/21 19:41:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/21 19:41:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/21 19:07:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/21 19:07:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/21 15:08:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Zach\Desktop\dds.scr
[2012/06/21 14:51:57 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Zach\Desktop\boot_cleaner.exe
[2012/06/20 16:19:27 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\24673136.sys
[2012/06/16 00:09:15 | 000,000,000 | ---D | C] -- C:\Users\Zach\AppData\Local\Macromedia
[2012/06/15 15:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(113)
[2012/06/15 15:11:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime(102)
[2012/06/10 01:38:56 | 000,000,000 | ---D | C] -- C:\Users\Zach\AppData\Roaming\Malwarebytes
[2012/06/10 01:38:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/10 01:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/10 01:38:37 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/10 01:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/05 17:25:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Datel
[2012/06/05 17:14:01 | 000,051,600 | ---- | C] (Thesycon GmbH, Germany) -- C:\Windows\SysNative\drivers\ActionReplayDS_x64.sys
[2012/06/05 17:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay Code Manager
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/21 23:19:17 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/21 23:13:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Zach\Desktop\OTL.exe
[2012/06/21 22:58:12 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-979627399-1745000425-631789929-1000UA.job
[2012/06/21 22:43:35 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/06/21 22:43:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/21 22:42:50 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 22:42:50 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 22:42:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/21 22:42:27 | 4193,456,128 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/21 14:58:06 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-979627399-1745000425-631789929-1000Core.job
[2012/06/21 14:54:08 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/21 14:54:07 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/21 14:54:07 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/21 13:23:34 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Zach\Desktop\dds.scr
[2012/06/20 16:19:27 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\24673136.sys
[2012/06/19 19:12:06 | 000,302,592 | ---- | M] () -- C:\Users\Zach\Desktop\j44d94q8.exe
[2012/06/17 12:10:29 | 000,000,132 | ---- | M] () -- C:\Users\Zach\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/06/04 13:39:49 | 000,028,160 | ---- | M] () -- C:\Users\Zach\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/28 04:46:11 | 000,000,395 | ---- | M] () -- C:\Windows\SysWow64\mprdin.ocx
[2012/05/28 04:46:04 | 001,689,600 | ---- | M] () -- C:\Windows\SysWow64\mprdin.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Users\Zach\Desktop\ComboFix.exe
[2012/06/21 19:41:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/21 19:41:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/21 19:41:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/21 19:41:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/21 19:41:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/21 13:18:47 | 000,302,592 | ---- | C] () -- C:\Users\Zach\Desktop\j44d94q8.exe
[2012/05/28 04:46:11 | 000,000,395 | ---- | C] () -- C:\Windows\SysWow64\mprdin.ocx
[2012/05/28 04:46:04 | 001,689,600 | ---- | C] () -- C:\Windows\SysWow64\mprdin.dll
[2012/04/15 22:21:40 | 000,000,132 | ---- | C] () -- C:\Users\Zach\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/04/14 10:40:55 | 000,000,680 | ---- | C] () -- C:\Users\Zach\AppData\Local\d3d9caps.dat
[2012/04/14 01:31:02 | 000,001,456 | ---- | C] () -- C:\Users\Zach\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/04/10 08:58:38 | 000,028,160 | ---- | C] () -- C:\Users\Zach\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/09 08:00:45 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/04/09 08:00:04 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012/04/09 07:59:14 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012/04/08 12:06:28 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2011/02/11 19:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/02/11 19:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/02/11 19:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

========== LOP Check ==========

[2012/05/07 10:43:31 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\Foxit Software
[2012/04/09 15:04:00 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\GetRightToGo
[2012/04/26 16:43:05 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\HandBrake
[2012/04/13 15:05:30 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\Image-Line
[2012/06/20 11:24:43 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\IrfanView
[2012/04/10 08:37:39 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\OpenOffice.org
[2012/04/12 11:24:42 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\Publish Providers
[2012/04/12 11:24:34 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\Sony
[2012/04/12 10:54:14 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/04/23 13:06:23 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\SynthMaker
[2012/06/04 20:57:49 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\uTorrent
[2012/04/25 14:20:03 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\Xilisoft
[2012/06/21 22:04:26 | 000,024,144 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2012/06/21 22:51:48 | 000,024,226 | ---- | M] () -- C:\ComboFix.txt
[2012/06/21 22:42:27 | 4193,456,128 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 01:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2012/06/21 22:42:25 | 4093,640,703 | -HS- | M] () -- C:\pagefile.sys
[2012/06/20 16:20:51 | 000,114,578 | ---- | M] () -- C:\TDSSKiller.2.7.40.0_20.06.2012_16.19.27_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 10:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 10:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 10:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2012/04/09 08:21:08 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:35:48 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 22:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/04/11 19:01:02 | 000,000,286 | -HS- | M] () -- C:\Users\Zach\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Zach\Desktop\boot_cleaner.exe
[2012/06/19 19:12:06 | 000,302,592 | ---- | M] () -- C:\Users\Zach\Desktop\j44d94q8.exe
[2012/06/21 23:13:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Zach\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/21 23:19:17 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/21 14:58:06 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-979627399-1745000425-631789929-1000Core.job
[2012/06/21 22:58:12 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-979627399-1745000425-631789929-1000UA.job
[2012/06/21 22:42:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/06/21 22:04:26 | 000,024,144 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/04/08 13:35:59 | 000,000,402 | -HS- | M] () -- C:\Users\Zach\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2012/06/21 22:43:35 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/05/03 14:02:45 | 000,000,021 | ---- | M] () -- C:\ProgramData\hpqp.txt
[2012/04/08 12:09:11 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/04/20 19:50:02 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2012/04/08 12:08:07 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/04/20 19:42:24 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2012/04/08 12:06:38 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2012/04/08 12:08:43 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/04/20 19:40:18 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/04/20 19:49:24 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2012/04/08 12:09:22 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >
< End of report >

HummingTurtle · Jun 22, 2012

OTL Extras logfile created on: 6/21/2012 11:18:18 PM - Run 1
OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Zach\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 55.08% Memory free
11.64 Gb Paging File | 9.47 Gb Available in Paging File | 81.37% Paging File free
Paging file location(s): c:\pagefile.sys 8000 10000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.60 Gb Total Space | 53.89 Gb Free Space | 24.43% Space Free | Partition Type: NTFS
Drive D: | 12.28 Gb Total Space | 1.87 Gb Free Space | 15.23% Space Free | Partition Type: NTFS
Drive G: | 243.73 Mb Total Space | 218.90 Mb Free Space | 89.81% Space Free | Partition Type: FAT

Computer Name: ZACH-PC | User Name: Zach | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 46 07 99 89 55 16 CD 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{239A8D60-270B-42e8-82D3-60D70A2942E0}" = Canon MF4100 Series
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6D592E30-11EC-11E0-859C-0013D3D69929}" = Vegas Pro 10.0
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96384578-C6A2-4EC6-92CD-B62A60713040}" = Microsoft Live Search Toolbar
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"ASIO4ALL" = ASIO4ALL
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"DFX" = DFX
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"FL Studio 10" = FL Studio 10
"Foxit Reader_is1" = Foxit Reader 5.1
"HandBrake" = HandBrake 0.9.6
"IL Download Manager" = IL Download Manager
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IrfanView" = IrfanView (remove only)
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Messenger Plus!" = Messenger Plus! 5
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSC" = McAfee Internet Security Suite
"RocketDock_is1" = RocketDock 1.3.5
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xilisoft Audio Converter Pro" = Xilisoft Audio Converter Pro

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-979627399-1745000425-631789929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/19/2012 9:14:16 PM | Computer Name = Zach-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/20/2012 10:46:13 AM | Computer Name = Zach-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/20/2012 10:46:13 AM | Computer Name = Zach-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 39384995

Error - 6/20/2012 10:46:13 AM | Computer Name = Zach-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 39384995

Error - 6/20/2012 12:27:50 PM | Computer Name = Zach-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

Error - 6/20/2012 12:27:54 PM | Computer Name = Zach-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module mprdin.dll, version 0.0.0.0, time stamp 0x2a425e19,
exception code 0xc0000005, fault offset 0x0000897a, process id 0x79c, application
start time 0x01cd4f01a0b77e4c.

Error - 6/20/2012 12:28:38 PM | Computer Name = Zach-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/20/2012 12:31:46 PM | Computer Name = Zach-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

Error - 6/20/2012 4:42:35 PM | Computer Name = Zach-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module mprdin.dll, version 0.0.0.0, time stamp 0x2a425e19,
exception code 0xc0000005, fault offset 0x0000897a, process id 0x780, application
start time 0x01cd4f252ec986bd.

Error - 6/20/2012 4:43:44 PM | Computer Name = Zach-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 5/20/2012 10:12:22 AM | Computer Name = Zach-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/20/2012 4:38:10 PM | Computer Name = Zach-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/21/2012 9:32:09 AM | Computer Name = Zach-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/21/2012 3:51:25 PM | Computer Name = Zach-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 8:42:28 AM | Computer Name = Zach-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 3:39:41 PM | Computer Name = Zach-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2012 8:13:19 AM | Computer Name = Zach-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2012 3:33:47 PM | Computer Name = Zach-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2012 5:38:58 PM | Computer Name = Zach-PC | Source = McrMgr | ID = 107
Description =

Error - 6/8/2012 3:03:15 PM | Computer Name = Zach-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 4/13/2012 7:27:25 AM | Computer Name = Zach-PC | Source = bowser | ID = 8003
Description =

Error - 4/14/2012 11:24:39 AM | Computer Name = Zach-PC | Source = bowser | ID = 8003
Description =

Error - 4/15/2012 4:20:52 PM | Computer Name = Zach-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/15/2012 4:20:52 PM | Computer Name = Zach-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 4/16/2012 5:25:40 PM | Computer Name = Zach-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/16/2012 5:25:40 PM | Computer Name = Zach-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 4/16/2012 5:43:08 PM | Computer Name = Zach-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/16/2012 5:43:08 PM | Computer Name = Zach-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 4/17/2012 9:20:17 AM | Computer Name = Zach-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/17/2012 9:20:17 AM | Computer Name = Zach-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

Solved Windows/Mcafee host process has stopped + no Internet?

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 56,041 +516

Attachments

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Similar threads