Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

VLCMediaPlayer Spyware? [Reopened]

Started by newbreedsoftware , Apr 06 2013 10:39 PM

  • Please log in to reply

#1
newbreedsoftware
Posted 06 April 2013 - 10:39 PM

newbreedsoftware

    New Member

  • Member
  • Pip
  • 7 posts
I keep seeing the file 'VLCMediaPlayerSetup-eX8FhMn.exe' show up on my desktop. I delete it out and a few minutes later it shows up again. I have ran my ZoneAlarm Anti-Virus scan, MalwareBytes, Spybot Search & Destroy, and HijackThis and no suspicious items came up. I read a previous post someone put up about a 'BetterInstaller' spyware and I ran Adwcleaner. That program found several problems, removed them and rebooted my PC. A few minutes later the VLCMediaPlayerSetup file was back on my desktop once again. I ran another scan with Adwcleaner and everything came back clean. So now I am quite frustrated as what to do. I also ran the OTL program as also mentioned in someone elses post. I will post the results below. I will also post a picture of the file that shows it was made by 'BetterInstaller' as well.

OTL Extras logfile created on: 4/6/2013 8:38:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\TylerBrownfield\Desktop\Anti-Virus & Anti-Spyware software
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.60 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 55.73% Memory free
7.21 Gb Paging File | 4.93 Gb Available in Paging File | 68.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 274.54 Gb Total Space | 196.07 Gb Free Space | 71.42% Space Free | Partition Type: NTFS
Drive D: | 19.39 Gb Total Space | 2.11 Gb Free Space | 10.86% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.28% Space Free | Partition Type: FAT32

Computer Name: TYLERBPC | User Name: TylerBrownfield | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1726653532-586185113-1062955823-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07D33FDE-5B1D-40FB-8204-CFC2147E28CE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{09AEFF4D-3B08-42C9-8A92-4D53DFC45848}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0C0A491E-D336-4985-8C0D-05541DCA5DA4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1028729E-BA35-4348-97F5-6B72094A73D3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1092C0BF-64FA-49A8-BD8C-A33C0B520DB6}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{12485372-E6AD-4BE5-8C0C-4155A1E56ABA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{15C5AD19-BA4A-45D6-A103-0E28695F153F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1E8E5279-8B0C-4265-ADCA-CDF7451DE97F}" = lport=139 | protocol=6 | dir=in | app=system |
"{2D34DCB5-32E9-4970-9310-776AAE7D41B7}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{2E043CD8-48F7-47FE-B959-5B2BA263FB7C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{32754B8B-D03C-4FDD-B258-5FCE29605D56}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{333094B4-3E39-4972-8E6E-8D3E7096B152}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{33986ACD-9AA0-4A6D-8E01-F613871E44A4}" = lport=10244 | protocol=6 | dir=in | app=system |
"{35636A4D-A6DC-440B-B1E5-EE03E9619BA3}" = rport=137 | protocol=17 | dir=out | app=system |
"{3854F015-FC43-4D37-98A6-524F2F12713B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46BE090D-C5AA-4B0A-8ACC-187865C74C56}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{476790BE-0A24-47F3-9F4C-C11D3CFD365C}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{517AD569-B177-4ED3-97A4-B10F2841B582}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{51F9A8D0-C03B-4E4F-8E97-2F535B079C31}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5D387BA7-708E-4E83-ABE5-475F0139403B}" = lport=137 | protocol=17 | dir=in | app=system |
"{63583107-5083-426B-A7F6-2A0F9C54885C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{66FE4566-B8BE-464D-B27C-DDB0D798AE13}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6B0C9E05-7B57-48A0-BE6D-979C6EFC7F20}" = rport=10243 | protocol=6 | dir=out | app=system |
"{71C2EC04-9C30-4C19-8653-FA9D50B40950}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{743CAE49-D7C3-4416-9417-FBD58B615175}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{784F00BD-0E64-401E-8683-8E03A460F7F9}" = rport=445 | protocol=6 | dir=out | app=system |
"{80B55132-F7C8-40BD-9FE6-08D46D96EFDE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8E66EFB8-16F6-4DC3-9AA3-A3D5F5284AAB}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{8FB1D1FF-B321-4061-B6CA-6C66B4C87BF7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8FEAE6DB-E5AD-4A81-B665-AB50D1A9EB6D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{927FFA31-87D4-4945-A539-057D71F2C506}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{985D8BAA-F0A9-44AF-8845-734DA85ADE3A}" = lport=445 | protocol=6 | dir=in | app=system |
"{A750F188-32D0-48B3-9362-EF9C67281915}" = lport=3390 | protocol=6 | dir=in | app=system |
"{A7B753FB-E05F-45B0-B97D-9DF802790C8F}" = rport=139 | protocol=6 | dir=out | app=system |
"{C12C1BDC-743A-4057-B872-C89B2CFA5CD6}" = lport=3390 | protocol=6 | dir=in | app=system |
"{C6655F98-7AFF-4972-81A3-796933797450}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D3875090-2DAA-4664-8BEB-190AA8CDCBDE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D876D5C8-8E61-4D52-BAD8-90E5E279C6F1}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{DA3572A7-A484-440E-9FA8-02F97430463E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDAE26E3-9715-4056-AC29-46E00B04FF61}" = lport=10244 | protocol=6 | dir=in | app=system |
"{E67961B3-40E5-4E85-A1FD-13D7408F4B50}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ED411BF1-0FBA-4FFC-8850-3C5E06D1F79B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EFE7FED3-7C74-4179-8EA9-4A97716B6573}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F14AE09F-9286-4EDD-B901-BAB15CAC19D9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F6B83F53-29A4-42FA-B8A7-6ED0E44CA8FC}" = lport=138 | protocol=17 | dir=in | app=system |
"{FD33F5D7-C767-434F-AE6B-04D2778BFEB5}" = rport=138 | protocol=17 | dir=out | app=system |
"{FEDE2ED0-5FE6-4B90-89EA-DF3E4D4516AE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06D000CD-807A-4079-BEDD-8CECBBF7EC69}" = protocol=17 | dir=in | app=c:\users\tylerbrownfield\appdata\roaming\icqm\icq.exe |
"{114CF22E-59B2-474B-9C63-F8ADBF989AFA}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{17D38122-74B0-4A6D-A1D9-E55BE7175718}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{186C003B-5D80-46A0-AB15-A3BE51BEF2D3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1C1A67E6-3BC8-4834-80EB-0F5C3596EC0E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1C5089BE-30D6-485D-B23B-F00AA66E62F3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1F54DBFF-1455-461D-8322-758908EF8A57}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{20A1C840-A1F6-4AF8-9A08-196EAE0DE05C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{27E2AD31-D824-4E29-B7BE-68DF7061803B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2A80DDE9-ED1E-488F-936E-2940323D2498}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{2B1FCF85-66C2-4C46-91C8-06A9398DC1F1}" = protocol=1 | dir=out | [email protected],-28544 |
"{36030727-67AF-4810-BA8D-4522D321E943}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3EB61EFD-DF5D-40F4-8233-6FA2C13FBD9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{44CAB445-3292-4250-8718-33C201C4ACDC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{458D06B7-B749-49B1-9C44-335BB75835FF}" = protocol=6 | dir=in | app=c:\windows\system32\lxdccoms.exe |
"{4771D0A0-D5B7-467F-9E06-AA22CAACDD67}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{48E34E3F-A1CB-4688-9A5D-7C4F23372ADA}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{4E90B6FA-F13C-4F43-8800-22205EA6F41B}" = protocol=17 | dir=in | app=c:\windows\system32\lxdccoms.exe |
"{52E41CA0-41DE-41DA-9741-7EE294092218}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |
"{5AE24629-C98C-4F47-9633-4AD6422E71B7}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{6462E1DF-58F6-4B3B-8B95-C8B4B10EA285}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{6C069BE3-5986-43C3-AD95-C085EF325404}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{71D2AEF5-E4CD-4EA2-8B0E-18E1FE088E21}" = protocol=58 | dir=in | [email protected],-28545 |
"{7569ED16-551C-4A98-9CFD-4DC83BB264E1}" = protocol=6 | dir=in | app=c:\users\tylerbrownfield\appdata\roaming\icqm\icq.exe |
"{7774F6CE-7146-40A3-9324-3AE3C58BCC0E}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{791DF625-190F-48B5-B8EC-C45096D9D9CB}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{7B1D2D3D-D193-4B98-8A9C-D6D6709C8B57}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{8E2B64E6-EE8A-47F6-93BA-5E9ECFD25B61}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8FE2ECA4-7AFB-4D5D-A747-5D7B93E4C191}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{913C2504-B9E3-43D3-9A98-FDCD8CF9FF4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{92BEF041-5F66-4F80-8277-F6F62AD3E1F8}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{991D9510-2AEF-4C79-AAFD-7CA2549DE8AA}" = protocol=58 | dir=out | [email protected],-28546 |
"{9B58E967-9E6A-495A-B995-085301AB9DA6}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{9E2B567E-BE59-43F3-A74F-C456D01E9B9D}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{A6B7B72A-E8F0-4B2E-8FE0-2E9BD00F9B25}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AA72E4C8-2878-4FB5-852A-DAD825777B60}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent.exe |
"{AB4E4C9F-F548-4695-9CEB-A59E872A030B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ACEF84DB-2378-417A-A104-1802E70BCE33}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{ADDF4541-DC69-494D-8537-C0789BE709A7}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{B52FD68A-71B4-4DD4-9A26-C5FF3CC80872}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B986C0B9-0429-49AA-83E8-54CF7DE6AFA5}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent.exe |
"{BBE20946-1C3F-49D4-93D3-84D3AF2734F7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BF6C3D3F-018E-49C5-BDC5-C5FDA89D606A}" = protocol=6 | dir=out | app=system |
"{C19BE2FE-8B1E-4F2A-85F2-2AFD5B6029EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CC712F13-ADD6-4BF2-86FB-948A4C15577C}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D6C28F4D-1E54-47B8-8FB7-AE8BE6CE3B68}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DC3047AD-4FA9-4816-B7E8-507428985733}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{E518CFE4-7F2F-4204-8A7D-D494DA8D2325}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E7A3AAA3-EE63-48BA-BF19-5A054E1458DF}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |
"{EAEFA3C3-0CE5-400E-B72D-F4158243E8C1}" = protocol=1 | dir=in | [email protected],-28543 |
"{FD0E7DB7-97C5-47E5-918F-146F16617D34}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{4D50163D-82BD-4F43-A5B1-915FD9C1E4A5}C:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe |
"UDP Query User{1BC86873-79F5-467F-8C3A-3689CB592E37}C:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2180B33F-3225-423E-BBC1-7798CFD3CD1F}" = Microsoft SQL Server 2008 R2 Native Client
"{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{45DA9E62-D2BD-81D6-80FD-F57E2FEB00A8}" = AMD Fuel
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}" = WinPatrol
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{562608FE-2051-4488-BF22-8CE4C03046AC}" = HP Security Assistant
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6032497A-4479-462B-ADB8-A0A372BB9A23}" = HP Application Assistant
"{6292D514-17A4-403F-98F9-E150F10C043D}" = Microsoft SQL Server 2008 Setup Support Files
"{64A3A4F4-B792-11D6-A78A-00B0D0170110}" = Java SE Development Kit 7 Update 11 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B3C4ADC9-637E-DDD9-A66C-782AE5E2E667}" = ATI Catalyst Install Manager
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}" = HP Launch Box
"{C075E733-EA9C-AAAC-A95B-0D987A3C3266}" = ccc-utility64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}" = WinZip 16.5
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC27906A-5898-02B7-8D19-2617A7B85E09}" = AMD Media Foundation Decoders
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FD9C13F5-1BF8-4C63-89D2-FE955C9DABD8}" = Motorola Mobile Drivers Installation 5.6.0
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"PostgreSQL 9.2" = PostgreSQL 9.2
"SynTPDeinstKey" = Synaptics TouchPad Driver
"WinRAR archiver" = WinRAR 4.20 (64-bit)
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{05273A09-55BF-AB2D-DD22-D98690309C28}" = CCC Help Portuguese
"{0612A263-0976-324B-BEA9-82F01CA7370F}" = CCC Help Finnish
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 39
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}" = HP Quick Launch
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34866446-F784-B458-40BA-672A7D546591}" = CCC Help German
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{385E4236-B200-46E9-AB01-724676BD0F42}" = Ipswitch WhatsUp Gold
"{391E468C-D459-7278-D506-01A5CA340E97}" = CCC Help Swedish
"{39B1BCF0-5D12-A5F8-616F-F31B3355C913}" = CCC Help Danish
"{39FCC6B7-FFF5-4075-A5E8-B5CEBD54C331}" = HP Documentation
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3F71B6A1-B563-0FC9-12A0-D9897AC6BE45}" = CCC Help Czech
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = SQL Server 2008 R2 Database Engine Services
"{41298BF3-DF6B-449C-BFB7-83663ECB5108}" = HP QuickWeb
"{438DE441-C9B0-AEBB-907E-3D09E620FE62}" = CCC Help Japanese
"{45E31E25-3F02-AFF2-EBC8-ACECE264E126}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared
"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57BC1FEB-421D-469C-B07B-C8095596A224}" = XLink Kai
"{584413CB-336A-EC10-BDA1-210DC882895D}" = CCC Help Russian
"{59308225-510C-4492-A7E4-71625FAD545E}" = Simple Adblock
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{70C4E840-DAB4-11DF-5F90-014727066952}" = CommView
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English)
"{741006D1-7B2B-4E33-B2B0-831F282EEF64}" = Blio
"{741F5171-235B-F5B0-6590-F4BB53B76D36}" = CCC Help Dutch
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{7971B0A3-2A0E-C212-257C-DF308908E62E}" = CCC Help English
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{7DDBDDCD-651C-F923-DED6-7DA7049F06CA}" = Catalyst Control Center InstallProxy
"{83772A97-05A6-3528-897E-097CE0A92BFF}" = CCC Help Greek
"{83B3CCC5-4C76-9873-66AD-08FF11723C90}" = CCC Help Spanish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B3032B5-29F9-4528-8800-60D27577F13E}" = Ipswitch Nm.Web.UI v1.0
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EF417DB-7CAE-E311-06EE-DB828439677C}" = Catalyst Control Center Localization All
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A99968BE-C155-474C-0089-33239DEE1CE2}" = Need For Speed Underground
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9CE0266-6801-3B33-94AD-00520085CF4B}" = Google Talk Plugin
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI
"{AD7B5622-C999-C9C8-26E4-6EEAFEC3065C}" = Catalyst Control Center Graphics Previews Common
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF1B2B2E-03E3-458A-9DEB-32F8C7637374}" = ZoneAlarm Security
"{AF240B18-034B-4A82-B3FC-0B879C4BAE2E}" = HP Software Framework
"{B1BC0AC7-EFC8-930E-474E-6EE4FAD46367}" = CCC Help Chinese Standard
"{B1E51748-B432-20BF-D875-5BE7FCB9DD0C}" = CCC Help Polish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B559D794-F9B3-49C1-B98B-7B638E377ED7}" = OmniPeek
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B86CCC49-ED61-F1C2-47E2-9A817FAAABC8}" = CCC Help Thai
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = SQL Server 2008 R2 Database Engine Services
"{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C180FAEF-61D5-4A03-8328-A58D9CDD1C4C}" = ZoneAlarm Firewall
"{C376EBB6-4079-197E-1A15-005FDA8CACB3}" = CCC Help Chinese Traditional
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA4EECED-20F3-4C2B-8A93-F39CB2063E71}" = ZoneAlarm Antivirus
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{CC5878A9-FB51-90A0-633E-65123F136283}" = AMD VISION Engine Control Center
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD95F661-A5C4-11AF-B2CC-ABCD21A325B8}" = WinZip Courier
"{CDC1661D-4EEC-E4A8-4B57-96C89E97DAD7}" = CCC Help Norwegian
"{CDED9EF0-D072-11DF-2EA6-0104A00B0BB3}" = CommView for WiFi
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFB4E432-A339-1D85-1B5D-98572E65DE95}" = CCC Help French
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E60E35BD-8A1F-3CF9-5EB7-49DF5FACE9AD}" = CCC Help Korean
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EB4CD629-A912-6D02-B562-C43EFED96680}" = CCC Help Turkish
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 Database Engine Shared
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F30403FF-0146-4633-AAC5-D5CD5C50AE70}" = Catalyst Control Center - Branding
"{F4A393D3-A7C0-4771-8E1E-FC2F27ADFA71}" = WildPackets OmniPeek 5.0
"{F4F82474-C548-2814-32FD-34D372AC189E}" = CCC Help Italian
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"All Video Converter Pro_is1" = All Video Converter Pro 4.6.1
"Codecs for Windows 7 Pack" = Codecs for Windows 7 Pack 4.0.5
"EtherDetect Packet Sniffer v1.4" = EtherDetect Packet Sniffer v1.4
"Friendly Pinger" = Friendly Pinger
"FrostWire 5" = FrostWire 5.5.5
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"IObit Malware Fighter_is1" = IObit Malware Fighter
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.8.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Mozilla Firefox 20.0 (x86 en-US)" = Mozilla Firefox 20.0 (x86 en-US)
"Mozilla Thunderbird 17.0.2 (x86 en-US)" = Mozilla Thunderbird 17.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Overlook Fing 2.1" = Overlook Fing
"PokerStars.net" = PokerStars.net
"Secret Service" = Secret Service: In Harm's Way
"SMAC 2.0" = SMAC 2.0
"StreamTorrent 1.0" = StreamTorrent 1.0
"Tactical Ops" = Tactical Ops
"ToneThis" = ToneThis
"uTorrent" = µTorrent
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"VLC media player" = VLC media player 2.0.5
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"WinISO" = WinISO
"WinLiveSuite" = Windows Live Essentials
"Wireshark" = Wireshark 1.8.3 (64-bit)
"WSOP-USA.com" = WSOP-USA.com
"WTA-04d75abf-63ed-4d1f-9755-c39c658e343b" = Poker Superstars III
"WTA-18731067-0ebf-4f05-8a81-f1b909bd9bc6" = Bejeweled 3
"WTA-28f9d177-058b-4bc1-badf-5c567b2f981e" = Plants vs. Zombies - Game of the Year
"WTA-32f15186-31b3-49d7-82e2-51ecacb89e7c" = FATE
"WTA-34fe126c-f607-49c2-bef1-da4d89eae246" = John Deere Drive Green
"WTA-37a8a6c7-cc87-457b-9c87-e66364a41401" = Farm Frenzy
"WTA-3d1eb84a-acc1-4297-be4a-30da9c2580cf" = Polar Golfer
"WTA-4cd444fc-c44e-41f9-94e3-bfe4a473b3a1" = Virtual Villagers 4 - The Tree of Life
"WTA-4d4673cd-82ab-4d47-9fa2-26d012c035a1" = RollerCoaster Tycoon 3: Platinum
"WTA-4f8d6ce1-c3a1-4350-88f5-0f971b14fdd5" = Cradle of Rome 2
"WTA-4fb4bf30-5f9e-42d8-8927-33e9db7db9a8" = Torchlight
"WTA-641cee75-d9df-47ff-8390-82b05ec507b6" = Dora's World Adventure
"WTA-68130830-3f2e-4876-922f-33bb7c649597" = Zuma's Revenge
"WTA-7268b3d8-8f92-44cb-bf49-d452ddd37e3d" = Hoyle Card Games
"WTA-764b173b-40c4-4248-91eb-bc4a6772a32d" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-7a39f062-ad78-4681-8cba-1045fb524db2" = Chuzzle Deluxe
"WTA-97af4e4a-5905-4702-acd8-dadf83eb002d" = Farmscapes
"WTA-a45595e6-854a-44fe-a462-2186a2fad86e" = Luxor HD
"WTA-a6250714-9168-4318-bb4d-99f334c0b191" = Final Drive Fury
"WTA-b2666182-f787-4701-a8e8-e57bb7d368ab" = Mah Jong Medley
"WTA-c346b29c-0300-4bf7-b248-fcdef0ce3e30" = Jewel Match 3
"WTA-d9568f83-0331-482c-9671-67da1f1a67f1" = Letters from Nowhere 2
"WTA-e6542445-e145-4da9-b4db-fe4c5589ecb3" = Polar Bowler
"WTA-e99f12a0-14dc-43c6-9766-06f25d6f4a65" = Penguins!
"WTA-eba654d1-57ca-4b4b-9f5a-1ae4c37133fb" = The Treasures of Mystery Island: The Ghost Ship
"WTA-f21c7e79-6d63-431c-8123-6b2f86989d35" = Blackhawk Striker 2
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZoneAlarm Internet Security Suite" = ZoneAlarm Internet Security Suite

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1726653532-586185113-1062955823-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"ICQ" = ICQ 8.0 (build 5981, for the current user)
"NLOP" = NLOP
"Smilebox" = Smilebox
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/26/2013 3:20:57 AM | Computer Name = TylerBPC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 3/26/2013 3:21:08 AM | Computer Name = TylerBPC | Source = PostgreSQL | ID = 0
Description = Timed out waiting for server startup

Error - 3/26/2013 3:22:07 AM | Computer Name = TylerBPC | Source = WinMgmt | ID = 10
Description =

Error - 3/28/2013 9:09:45 PM | Computer Name = TylerBPC | Source = PostgreSQL | ID = 0
Description = Timed out waiting for server startup

Error - 3/28/2013 9:09:46 PM | Computer Name = TylerBPC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 3/28/2013 9:10:48 PM | Computer Name = TylerBPC | Source = WinMgmt | ID = 10
Description =

Error - 4/1/2013 2:48:59 AM | Computer Name = TylerBPC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 4/1/2013 2:49:22 AM | Computer Name = TylerBPC | Source = PostgreSQL | ID = 0
Description = Timed out waiting for server startup

Error - 4/1/2013 2:50:06 AM | Computer Name = TylerBPC | Source = WinMgmt | ID = 10
Description =

Error - 4/1/2013 3:40:25 AM | Computer Name = TylerBPC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

[ Hewlett-Packard Events ]
Error - 7/4/2012 2:27:47 AM | Computer Name = TylerBPC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/f3f084b4_a3ef_44a8_85f9_e364af50da72/uxjjmu6w9ficsxbrcoltktvy_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3690 Ram Utilization: 50 TargetSite: Void UpdateDetail(System.String)

Error - 7/25/2012 4:19:44 AM | Computer Name = TylerBPC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/0613b476_1e8f_4942_9153_2124eb4f149d/z8kb_fnhde7awyvqeamrayc7_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3690 Ram Utilization: 50 TargetSite: Void UpdateDetail(System.String)

Error - 8/3/2012 7:13:17 PM | Computer Name = TylerBPC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/6446cccb_0d34_4ce6_8697_1d5a9684cedd/fhitjkzgrrfcfkwmsuhhp_ez_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3690 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String)

Error - 8/9/2012 2:06:31 AM | Computer Name = TylerBPC | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467261 at HPSA_Messenger.MessengerPopUpWindow.btnStackPopUp_Click(Object
sender, RoutedEventArgs e) Message: Object reference not set to an instance of an
object. StackTrace: at HPSA_Messenger.MessengerPopUpWindow.btnStackPopUp_Click(Object
sender, RoutedEventArgs e) Source: HPSFMsgr Name: HPSFMsgr.exe Version: 01.00.00.00
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
Format:
en-US RAM: 3690 Ram Utilization: 50 TargetSite: Void btnStackPopUp_Click(System.Object,
System.Windows.RoutedEventArgs)

Error - 9/1/2012 3:07:14 AM | Computer Name = TylerBPC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/ffd07339_5350_4ffd_a0d5_d156273538b8/rhloajsvoqghvwzuod9d7isg_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3690 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String)

Error - 9/8/2012 4:14:47 AM | Computer Name = TylerBPC | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0] Message: The server did not provide a meaningful
reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 3690 Ram Utilization: 30 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

Error - 9/8/2012 4:15:07 AM | Computer Name = TylerBPC | Source = HPSF.exe | ID = 4000
Description =

Error - 9/8/2012 4:15:22 AM | Computer Name = TylerBPC | Source = HPSF.exe | ID = 4000
Description =

Error - 10/26/2012 8:58:09 PM | Computer Name = TylerBPC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/3f755ef1_7ca9_4e43_88fc_f79fa585e842/gm72wyrcytf47zsjzigsmv+2_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3690 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String)

Error - 12/9/2012 3:00:18 PM | Computer Name = TylerBPC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146233088 at HPSFConfigReader.ConfigHelper.loadXML()

at HPSFConfigReader.ConfigHelper..ctor() at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Message: Exception of type 'System.Exception' was thrown. StackTrace:
at HPSFConfigReader.ConfigHelper.loadXML() at HPSFConfigReader.ConfigHelper..ctor()

at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Source: HPSFConfigReader Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3690
Ram
Utilization: 40 TargetSite: Void loadXML()

[ HP Software Framework Events ]
Error - 10/12/2012 2:40:20 PM | Computer Name = TylerBPC | Source = CaslWmi | ID = 5
Description = 2012/10/12 11:40:20.789|00001320|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 10/12/2012 2:41:07 PM | Computer Name = TylerBPC | Source = CaslWmi | ID = 5
Description = 2012/10/12 11:41:07.666|00000E90|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 10/20/2012 5:56:31 AM | Computer Name = TylerBPC | Source = CaslWmi | ID = 5
Description = 2012/10/20 02:56:31.263|00000AE0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 10/26/2012 8:58:27 PM | Computer Name = TylerBPC | Source = CaslWmi | ID = 5
Description = 2012/10/26 17:58:27.615|00000490|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 11/3/2012 5:27:33 AM | Computer Name = TylerBPC | Source = CaslWmi | ID = 5
Description = 2012/11/03 02:27:33.170|000014FC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 11/3/2012 5:30:39 AM | Computer Name = TylerBPC | Source = CaslWmi | ID = 5
Description = 2012/11/03 02:30:39.051|0000021C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 11/3/2012 5:30:48 AM | Computer Name = TylerBPC | Source = CaslWmi | ID = 5
Description = 2012/11/03 02:30:48.186|00000894|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/9/2012 2:57:01 PM | Computer Name = TylerBPC | Source = CaslWmi | ID = 5
Description = 2012/12/09 10:57:01.168|00000888|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/9/2012 3:00:49 PM | Computer Name = TylerBPC | Source = CaslWmi | ID = 5
Description = 2012/12/09 11:00:49.537|00000B58|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/9/2012 3:01:04 PM | Computer Name = TylerBPC | Source = CaslWmi | ID = 5
Description = 2012/12/09 11:01:04.132|0000090C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

[ Media Center Events ]
Error - 9/30/2012 3:40:48 AM | Computer Name = TylerBPC | Source = MCUpdate | ID = 0
Description = 12:40:48 AM - Failed to retrieve Directory (Error: Unable to connect
to the remote server)

Error - 4/6/2013 10:37:37 PM | Computer Name = TylerBPC | Source = MCUpdate | ID = 0
Description = 7:37:36 PM - Error connecting to the internet. 7:37:37 PM - Unable
to contact server..

Error - 4/6/2013 10:38:13 PM | Computer Name = TylerBPC | Source = MCUpdate | ID = 0
Description = 7:37:47 PM - Error connecting to the internet. 7:37:47 PM - Unable
to contact server..

[ System Events ]
Error - 4/6/2013 11:18:46 PM | Computer Name = TylerBPC | Source = DCOM | ID = 10005
Description =

Error - 4/6/2013 11:18:46 PM | Computer Name = TylerBPC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 4/6/2013 11:18:46 PM | Computer Name = TylerBPC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 4/6/2013 11:18:46 PM | Computer Name = TylerBPC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 4/6/2013 11:18:46 PM | Computer Name = TylerBPC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 4/6/2013 11:18:46 PM | Computer Name = TylerBPC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 4/6/2013 11:18:46 PM | Computer Name = TylerBPC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 4/6/2013 11:19:10 PM | Computer Name = TylerBPC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 4/6/2013 11:20:29 PM | Computer Name = TylerBPC | Source = Service Control Manager | ID = 7001
Description = The PnP-X IP Bus Enumerator service depends on the Function Discovery
Provider Host service which failed to start because of the following error: %%1068

Error - 4/6/2013 11:21:47 PM | Computer Name = TylerBPC | Source = Service Control Manager | ID = 7000
Description = The ANIO Service service failed to start due to the following error:
%%577


< End of report >

Attached Thumbnails

  • wtf.jpg

  • 0

Advertisements

#2
godawgs
Posted 09 April 2013 - 10:19 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Tyler, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

When OTL runs the first time it creates a file named OTL.txt. It should be in the C:\Users\TylerBrownfield\Desktop\Anti-Virus & Anti-Spyware software directory. Please post the contents of that file.


Step-1.

Run RogueKiller

  • Download RogueKiller.
  • Click the English Webpage link.
  • Click the 64bits (x64) download link and save the RogueKiller.exe file to the desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs and close all browsers.
  • Right click the RogueKiller icon and click Run as Administrator to run the program.
  • Wait until Prescan has finished ...
  • Click on Scan

    Posted Image
  • Wait for the end of the scan.
  • DO NOT delete anything at this time.
  • The report has been created on the desktop.
Please post:
All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-2.

AdwCleaner by Xplode

Download AdwCleaner from here to your desktop.
Close all open windows and browsers.

  • (Vista and 7 users)right click The adwcleaner.exe, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    Posted Image
  • Click the Search button and wait for the scan to finish.
  • Once done it may ask to reboot, allow this. Do Not delete anything at this time.
  • On reboot a log will be produced please copy/paste that in your next reply. This report is also saved to C:\AdwCleaner[R1].txt

Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL .tx log
2. The RKreport.txt log
3. The AdwCleaner[R1].txt log
  • 0

#3
newbreedsoftware
Posted 09 April 2013 - 05:05 PM

newbreedsoftware

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ok i will run those programs and post the results when i get a chance
  • 0

#4
newbreedsoftware
Posted 09 April 2013 - 07:46 PM

newbreedsoftware

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
here are the results from RogueKiller:

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : TylerBrownfield [Admin rights]
Mode : Scan -- Date : 04/09/2013 18:44:07
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543232A7A384 SATA Disk Device +++++
--- User ---
[MBR] 2ce0d6afa66256cfb6ad4eed722a6b08
[BSP] 5958282f238c39e241c00f8994cc118e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 281124 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 576151552 | Size: 19857 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 616818688 | Size: 4063 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_04092013_02d1844.txt >>
RKreport[1]_S_04092013_02d1844.txt
  • 0

#5
newbreedsoftware
Posted 09 April 2013 - 07:51 PM

newbreedsoftware

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Results from Adwcleaner:

# AdwCleaner v2.200 - Logfile created 04/09/2013 at 18:48:16
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : TylerBrownfield - TYLERBPC
# Boot Mode : Normal
# Running from : C:\Users\TylerBrownfield\Desktop\Anti-Virus & Anti-Spyware software\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0 (en-US)

File : C:\Users\TylerBrownfield\AppData\Roaming\Mozilla\Firefox\Profiles\bds0ht88.default\prefs.js

Found : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,donottrackplus%40abine.com[...]

File : C:\Users\Mcx1-TYLERBPC\AppData\Roaming\Mozilla\Firefox\Profiles\59wl4rxj.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.43

File : C:\Users\TylerBrownfield\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.28] : icon_url = "hxxp://www.ask.com/favicon.ico",
Found [l.31] : keyword = "ask.com",
Found [l.35] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=FWV5&o=14193&locale=en_US&apn_uid=be99ffd0-94f2-4909-9581-dbb04ca45b2a&apn_ptnrs=%5EFM&apn_sauid=11ACBE7F-35EC-40FF-ADC9-60B1959556EB&apn_dtid=%5Epfm014%5EYY%5EUS&q={searchTerms}",
Found [l.36] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}"

*************************

AdwCleaner[R1].txt - [8847 octets] - [06/04/2013 19:29:45]
AdwCleaner[R2].txt - [1255 octets] - [06/04/2013 20:19:19]
AdwCleaner[R3].txt - [1466 octets] - [07/04/2013 00:43:24]
AdwCleaner[R4].txt - [1529 octets] - [08/04/2013 16:45:16]
AdwCleaner[R5].txt - [1555 octets] - [08/04/2013 16:49:25]
AdwCleaner[R6].txt - [1851 octets] - [09/04/2013 18:48:16]
AdwCleaner[S1].txt - [9087 octets] - [06/04/2013 19:31:34]
AdwCleaner[S2].txt - [1315 octets] - [06/04/2013 20:20:06]
AdwCleaner[S3].txt - [1591 octets] - [08/04/2013 16:46:22]

########## EOF - C:\AdwCleaner[R6].txt - [2091 octets] ##########
  • 0

#6
newbreedsoftware
Posted 09 April 2013 - 08:16 PM

newbreedsoftware

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
and the OTL log file:

OTL logfile created on: 4/9/2013 6:53:22 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\TylerBrownfield\Desktop\Anti-Virus & Anti-Spyware software
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.60 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 62.44% Memory free
7.21 Gb Paging File | 5.41 Gb Available in Paging File | 75.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 274.54 Gb Total Space | 195.16 Gb Free Space | 71.09% Space Free | Partition Type: NTFS
Drive D: | 19.39 Gb Total Space | 2.11 Gb Free Space | 10.86% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.28% Space Free | Partition Type: FAT32

Computer Name: TYLERBPC | User Name: TylerBrownfield | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/06 19:48:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TylerBrownfield\Desktop\Anti-Virus & Anti-Spyware software\OTL.exe
PRC - [2013/02/15 19:45:28 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Users\TylerBrownfield\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/10 16:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/01/09 21:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/10/06 19:19:16 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/07/22 09:44:44 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/07/22 09:43:08 | 000,072,336 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/12/27 16:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/12/04 02:55:10 | 000,089,600 | ---- | M] (PostgreSQL Global Development Group) [Auto | Stopped] -- C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe -- (postgresql-x64-9.2)
SRV:64bit: - [2011/07/25 05:57:30 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV:64bit: - [2011/07/06 00:08:26 | 000,204,288 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/07/05 11:27:04 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 18:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
SRV:64bit: - [2007/05/25 09:38:54 | 000,567,216 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdccoms.exe -- (lxdc_device)
SRV - [2013/04/06 20:03:29 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 13:48:57 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/10 16:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/09 21:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/07/22 09:44:44 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/12/27 16:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/11/20 20:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 20:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 20:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [1998/06/06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/06 09:42:12 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/11/28 10:42:06 | 001,866,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/09 19:48:18 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012/05/22 23:50:56 | 000,204,032 | ---- | M] (WinISO.com) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WinisoCDBus.sys -- (WinisoCDBus)
DRV:64bit: - [2012/05/15 18:10:14 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/25 14:58:02 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2012/01/25 14:57:50 | 000,030,720 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2012/01/25 14:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2012/01/25 14:57:38 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2011/10/14 13:11:03 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/14 13:11:03 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/22 21:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2011/07/25 05:57:10 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2011/07/06 00:50:28 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/05 23:32:20 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2011/04/16 03:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/04/16 03:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/02/15 11:37:10 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/12/16 12:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/14 17:08:38 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010/10/14 17:08:36 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/09/21 16:51:56 | 000,362,072 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/06/21 19:51:14 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 14:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/25 04:38:20 | 000,966,144 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/01/29 18:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2007/11/02 16:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2012/07/05 14:53:22 | 000,021,904 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2012/07/05 14:53:18 | 000,033,224 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2012/01/05 19:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/05/12 16:39:32 | 000,048,128 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Stopped] -- c:\Windows\SysWOW64\ANIO64.sys -- (ANIO)
DRV - [1998/05/07 00:00:00 | 000,000,111 | ---- | M] () [Adapter | On_Demand | Unknown] -- C:\Windows\SysWow64\WINSOCK.SRG -- (Winsock)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{BB1229D8-31A6-47AF-951A-BF556A3DA588}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CPNTDF
IE - HKLM\..\SearchScopes\{BB1229D8-31A6-47AF-951A-BF556A3DA588}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1726653532-586185113-1062955823-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-1726653532-586185113-1062955823-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1726653532-586185113-1062955823-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1726653532-586185113-1062955823-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1726653532-586185113-1062955823-1001\..\SearchScopes\{2D2E558D-DA35-4737-A4AA-1B791A8F0CFB}: "URL" = http://websearch.ask...C9-60B1959556EB
IE - HKU\S-1-5-21-1726653532-586185113-1062955823-1001\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = http://go.mail.ru/se...tf8in=1&fr=ietb
IE - HKU\S-1-5-21-1726653532-586185113-1062955823-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "google.com"
FF - prefs.js..browser.search.defaultenginename: "google.com"
FF - prefs.js..browser.search.order.1: "google.com"
FF - prefs.js..browser.search.selectedEngine: "google.com"
FF - prefs.js..browser.startup.homepage: "http://NewBreedSoftware.tk"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.8.307
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0039-ABCDEFFEDCBA%7D:6.0.39
FF - prefs.js..extensions.enabledAddons: browserprotect%40browserprotect.com:1.1.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - prefs.js..keyword.URL: "http://www.google.co...ceid=navclient"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\@winzip.com/Winzip Courier: C:\Program Files (x86)\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\TylerBrownfield\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\TylerBrownfield\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\TylerBrownfield\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\TylerBrownfield\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\TylerBrownfield\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/05/27 20:23:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{74c841e3-b59f-479e-8d7a-e26a942a87c8}: C:\Program Files (x86)\WinZip Courier\FFExt [2012/05/27 17:04:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/05/27 20:23:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/04 13:48:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/06 22:33:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/27 01:14:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/04 13:48:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/06 22:33:30 | 000,000,000 | ---D | M]

[2012/05/17 19:11:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TylerBrownfield\AppData\Roaming\Mozilla\Extensions
[2013/04/08 18:30:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TylerBrownfield\AppData\Roaming\Mozilla\Firefox\Profiles\bds0ht88.default\extensions
[2013/03/28 18:13:12 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\TylerBrownfield\AppData\Roaming\Mozilla\Firefox\Profiles\bds0ht88.default\extensions\[email protected]
[2013/04/08 18:30:23 | 000,047,822 | ---- | M] () (No name found) -- C:\Users\TylerBrownfield\AppData\Roaming\Mozilla\Firefox\Profiles\bds0ht88.default\extensions\[email protected]
[2012/07/12 01:36:09 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\TylerBrownfield\AppData\Roaming\Mozilla\Firefox\Profiles\bds0ht88.default\extensions\[email protected]
[2013/02/15 14:25:08 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\TylerBrownfield\AppData\Roaming\Mozilla\Firefox\Profiles\bds0ht88.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/03/06 17:06:18 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\TylerBrownfield\AppData\Roaming\Mozilla\Firefox\Profiles\bds0ht88.default\extensions\[email protected]\chrome\content\ff\view_expiry.js
[2013/03/08 17:08:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/08 17:08:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/03/08 17:08:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/03/08 17:08:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/03/08 17:08:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013/04/04 13:48:57 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/09 10:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/09/11 20:16:16 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/05/27 17:00:02 | 000,002,134 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
[2013/02/20 13:03:33 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = http://websearch.ask...q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch....q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\TylerBrownfield\AppData\Local\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\TylerBrownfield\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\TylerBrownfield\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\TylerBrownfield\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\TylerBrownfield\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\TylerBrownfield\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: WinZip Courier (Enabled) = C:\Program Files (x86)\WinZip Courier\npwzwmc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
CHR - plugin: Google Update (Enabled) = C:\Users\TylerBrownfield\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Linkclump = C:\Users\TylerBrownfield\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj\2.7.2_0\

O1 HOSTS File: ([2013/04/04 23:42:53 | 000,446,308 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15324 more lines...
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [EtherDetect] File not found
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1726653532-586185113-1062955823-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKU\S-1-5-21-1726653532-586185113-1062955823-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.205.192.61 24.205.224.36 68.116.46.115
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E1F2463-F5D7-474D-9451-9F9213DA57A2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77447C03-C987-4D4A-92BD-C16FC8EEBFE9}: DhcpNameServer = 24.205.192.61 24.205.224.36 68.116.46.115
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77447C03-C987-4D4A-92BD-C16FC8EEBFE9}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2426C95-74F6-43A6-AE6C-7A83595FE496}: DhcpNameServer = 24.205.192.61 24.205.224.36 68.116.46.115
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/09 18:40:35 | 000,000,000 | ---D | C] -- C:\Users\TylerBrownfield\Desktop\RK_Quarantine
[2013/04/06 22:33:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/04/06 22:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013/04/06 19:51:12 | 000,000,000 | ---D | C] -- C:\Users\TylerBrownfield\Desktop\Anti-Virus & Anti-Spyware software
[2013/04/05 02:26:39 | 000,000,000 | ---D | C] -- C:\Users\TylerBrownfield\AppData\Roaming\dvdcss
[2013/04/04 23:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/04/04 23:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/04/04 23:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013/04/03 20:14:21 | 001,043,536 | ---- | C] (BitTorrent Inc.) -- C:\Program Files (x86)\uTorrent.exe
[2013/04/03 20:12:33 | 000,000,000 | ---D | C] -- C:\Users\TylerBrownfield\AppData\Roaming\uTorrent
[2013/04/02 18:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecurityXploded
[2013/04/01 00:18:11 | 000,000,000 | ---D | C] -- C:\Users\TylerBrownfield\AppData\Roaming\WinPatrol
[2013/04/01 00:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2013/04/01 00:17:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2013/03/16 12:10:01 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/03/16 12:09:59 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/03/16 12:09:59 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/03/16 12:09:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/03/16 12:09:58 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/03/16 12:09:58 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/03/16 12:09:58 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/03/16 12:09:58 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/03/16 12:09:58 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/03/16 12:09:58 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/16 12:09:57 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/16 12:09:57 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/16 12:09:57 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/03/16 12:09:57 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/03/16 12:09:57 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/03/16 12:09:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/03/16 12:09:57 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/03/16 12:09:57 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/03/16 12:09:57 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/03/16 12:09:57 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/03/16 12:09:56 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/16 12:09:56 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/03/16 12:09:55 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/03/16 12:09:53 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/16 12:09:53 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/03/16 12:09:53 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/03/16 12:09:53 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/16 12:09:53 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/03/16 12:09:53 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/03/16 12:09:53 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/03/16 12:09:53 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/03/16 12:09:51 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/03/16 12:09:51 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/03/16 12:09:51 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/03/16 12:09:51 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/03/16 12:09:51 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/03/16 12:09:51 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/03/16 12:09:51 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/03/16 12:09:50 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/16 12:09:50 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/03/16 12:09:50 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/03/16 12:09:50 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/16 12:09:50 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/16 12:09:50 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/16 12:09:50 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/03/16 12:09:50 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/03/16 12:09:50 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/03/16 12:09:50 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/16 12:09:50 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/03/16 12:09:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/03/16 12:09:50 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/03/16 12:09:50 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/03/16 12:09:50 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/03/16 12:09:49 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/16 12:09:49 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/16 12:09:49 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/16 12:09:49 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/16 12:09:49 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/03/16 12:09:49 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/03/16 12:09:49 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/03/16 12:09:49 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/03/16 12:09:49 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/03/16 12:09:49 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/03/16 12:09:49 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/03/16 12:09:49 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/03/16 12:09:49 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/03/16 12:09:49 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/03/16 12:09:48 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/03/16 12:05:11 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013/03/16 12:05:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/03/16 12:05:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/03/16 12:04:54 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/03/16 12:04:54 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2013/03/16 12:04:54 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/03/16 12:04:51 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/03/16 12:04:50 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013/03/16 12:04:50 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/03/16 12:04:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/03/16 12:04:49 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/03/16 12:04:49 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/03/16 12:04:49 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/03/16 12:04:49 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/03/16 12:04:48 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/03/16 12:04:48 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/03/16 12:04:47 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/03/16 12:04:47 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013/03/16 12:04:47 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/03/16 12:04:46 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/03/16 12:04:46 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/03/16 12:04:46 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/03/16 12:04:45 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/03/16 12:04:45 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/03/16 12:04:44 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/03/16 11:44:08 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/03/16 11:44:08 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/03/16 11:44:08 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/03/16 11:44:08 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/03/16 11:41:39 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/03/16 11:41:39 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/03/16 11:40:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/03/16 11:40:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/03/16 11:40:26 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/03/16 11:40:26 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/03/16 11:40:26 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/03/16 11:40:26 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/03/16 11:40:25 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/03/16 11:40:25 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/03/16 11:40:24 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/03/16 11:40:20 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/03/16 11:40:20 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/03/16 11:40:18 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/03/16 11:40:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/03/16 11:40:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/03/16 11:40:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/03/16 11:40:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/03/16 11:40:16 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/03/16 11:40:16 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/03/16 11:40:16 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/03/16 11:40:16 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/03/16 11:40:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/03/16 11:40:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/03/16 11:40:15 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/03/16 11:40:15 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/03/16 11:40:15 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/03/16 11:40:14 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/03/16 11:40:14 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/03/16 11:40:13 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/03/16 11:40:13 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/03/16 11:40:12 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/03/16 11:40:12 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/03/16 11:40:11 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/03/16 11:40:10 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/03/16 11:40:09 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/03/16 11:40:08 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/03/16 11:32:13 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/03/16 11:30:29 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/03/14 19:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/14 19:12:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/14 19:12:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/09 18:52:34 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1726653532-586185113-1062955823-1001UA.job
[2013/04/09 18:52:26 | 000,002,414 | ---- | M] () -- C:\Users\TylerBrownfield\Desktop\Google Chrome.lnk
[2013/04/09 18:50:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1726653532-586185113-1062955823-1001Core.job
[2013/04/09 18:41:57 | 001,053,532 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/09 18:41:57 | 000,855,962 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/09 18:41:57 | 000,193,666 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/09 18:23:40 | 000,791,040 | ---- | M] () -- C:\Users\TylerBrownfield\Desktop\RogueKillerX64.exe
[2013/04/09 18:16:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/09 18:16:08 | 2902,646,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/09 04:06:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/08 17:55:18 | 000,036,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/08 17:55:18 | 000,036,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/06 20:03:27 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/04/06 20:03:27 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/04/04 23:42:53 | 000,446,308 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/04/04 03:07:12 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTylerBrownfield.job
[2013/04/03 20:14:21 | 001,043,536 | ---- | M] (BitTorrent Inc.) -- C:\Program Files (x86)\uTorrent.exe
[2013/04/02 18:07:34 | 001,112,580 | ---- | M] () -- C:\Users\TylerBrownfield\AppData\Local\census.cache
[2013/04/02 18:07:26 | 000,112,802 | ---- | M] () -- C:\Users\TylerBrownfield\AppData\Local\ars.cache
[2013/03/22 14:51:28 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/03/16 12:10:01 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/03/16 12:09:59 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/03/16 12:09:59 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/03/16 12:09:59 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/03/16 12:09:58 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/03/16 12:09:58 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/03/16 12:09:58 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/03/16 12:09:58 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/03/16 12:09:58 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/03/16 12:09:58 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/16 12:09:57 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/16 12:09:57 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/16 12:09:57 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/03/16 12:09:57 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/03/16 12:09:57 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/03/16 12:09:57 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/03/16 12:09:57 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/03/16 12:09:57 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/03/16 12:09:57 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/03/16 12:09:57 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/03/16 12:09:56 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/16 12:09:56 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/03/16 12:09:55 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/03/16 12:09:53 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/16 12:09:53 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/03/16 12:09:53 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/03/16 12:09:53 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/16 12:09:53 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/03/16 12:09:53 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/03/16 12:09:53 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/03/16 12:09:53 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/16 12:09:53 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/03/16 12:09:51 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/03/16 12:09:51 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/03/16 12:09:51 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/03/16 12:09:51 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/03/16 12:09:51 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/03/16 12:09:51 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/03/16 12:09:51 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/03/16 12:09:51 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/03/16 12:09:50 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/16 12:09:50 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/03/16 12:09:50 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/16 12:09:50 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/16 12:09:50 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/16 12:09:50 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/03/16 12:09:50 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/03/16 12:09:50 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/03/16 12:09:50 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/16 12:09:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/03/16 12:09:50 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/03/16 12:09:50 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/03/16 12:09:50 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/03/16 12:09:50 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/03/16 12:09:50 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/16 12:09:49 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/16 12:09:49 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/16 12:09:49 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/16 12:09:49 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/16 12:09:49 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/03/16 12:09:49 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/03/16 12:09:49 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/03/16 12:09:49 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/03/16 12:09:49 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/03/16 12:09:49 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/03/16 12:09:49 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/03/16 12:09:49 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/03/16 12:09:49 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/03/16 12:09:49 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/03/16 12:09:48 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/09 18:23:34 | 000,791,040 | ---- | C] () -- C:\Users\TylerBrownfield\Desktop\RogueKillerX64.exe
[2013/04/06 22:33:30 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/03/16 13:50:11 | 000,001,413 | ---- | C] () -- C:\Users\TylerBrownfield\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/03/16 12:09:53 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/16 12:09:50 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/02/19 00:20:03 | 000,000,017 | ---- | C] () -- C:\Users\TylerBrownfield\AppData\Local\resmon.resmoncfg
[2012/11/28 10:42:06 | 000,026,464 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2012/10/27 00:23:32 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\tsd32.dll
[2012/08/26 14:10:34 | 000,039,904 | ---- | C] () -- C:\Windows\SysWow64\dischandler.exe
[2012/08/20 20:15:22 | 003,978,240 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2012/08/20 20:14:04 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/08/20 20:12:48 | 000,271,360 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2012/08/20 20:12:34 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2012/08/20 20:12:32 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2012/08/20 20:12:30 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2012/08/20 20:12:28 | 001,525,760 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2012/08/20 20:12:28 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2012/08/20 20:12:28 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2012/08/20 20:12:24 | 000,330,240 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2012/08/19 23:22:42 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/07/19 11:56:08 | 000,172,544 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2012/07/19 11:56:02 | 006,894,331 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-54.dll
[2012/07/19 11:56:02 | 001,111,581 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-54.dll
[2012/07/19 11:56:02 | 000,401,685 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2012/07/19 11:56:02 | 000,232,895 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll
[2012/07/19 11:56:02 | 000,162,743 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-3.dll
[2012/07/19 11:56:02 | 000,101,820 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-0.dll
[2012/07/03 23:41:34 | 001,112,580 | ---- | C] () -- C:\Users\TylerBrownfield\AppData\Local\census.cache
[2012/07/03 23:39:39 | 000,112,802 | ---- | C] () -- C:\Users\TylerBrownfield\AppData\Local\ars.cache
[2012/07/03 23:21:38 | 000,000,036 | ---- | C] () -- C:\Users\TylerBrownfield\AppData\Local\housecall.guid.cache
[2012/06/01 19:41:00 | 000,003,584 | ---- | C] () -- C:\Users\TylerBrownfield\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/01 19:40:29 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/06/01 19:36:54 | 002,392,064 | ---- | C] () -- C:\Windows\SysWow64\videotrans.dll
[2012/06/01 19:36:54 | 000,215,040 | ---- | C] () -- C:\Windows\SysWow64\videoformat.dll
[2012/06/01 19:36:54 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\imgscaler.dll
[2012/06/01 19:36:54 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\img_utils.dll
[2012/06/01 19:36:54 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\videocore.dll
[2012/06/01 19:36:51 | 000,128,512 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2012/05/27 17:46:27 | 000,000,126 | ---- | C] () -- C:\Windows\mdm.ini
[2012/05/27 17:46:14 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/05/27 17:46:14 | 000,000,454 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/05/27 17:40:14 | 000,000,010 | ---- | C] () -- C:\Windows\MSJAVA.DLL
[2012/05/27 17:24:37 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2012/05/17 21:43:37 | 001,048,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/22 15:35:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/03/22 15:29:08 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/12/07 12:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll
[2011/09/08 07:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011/09/08 07:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011/09/08 07:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011/09/08 07:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011/09/08 07:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011/09/08 07:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011/09/08 07:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011/09/08 07:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011/09/08 06:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011/09/08 06:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2011/09/06 12:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/07/05 11:47:06 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/05/30 06:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/23 00:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

#7
godawgs
Posted 10 April 2013 - 10:40 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

Let me know if this round clears the problem. I have a question, did you have Kaspersky Antivirus on the system before you installed Zone Alarm?


Windows Sidebar Advice

Your log shows Windows sidebar running. I recommend that you disable the sidebar.

Microsoft has discovered a security vulnerability in Windows Sidebar and Gadgets. If you are not aware of this, Windows Sidebar(gadgets) has the potential to compromise the security of a machine it is running on as mentioned here. So it would be best to disable this feature.

Download the Disable Windows Sidebar and Gadgets Fix-it on this page to your desktop.

Once downloaded, double-click on MicrosoftFixit50906.msi >> follow the prompts >> reboot your machine if not advised to do so.


IOBIT Products

These products and all the IOBIT products consume resources unnecessarily and often try to get you to buy the paid version to fix any real issue.
We have alternates that we will use and recommend that do not do that.
The software that we use and recommend does not load at start up so it does not use system resources. It's free and we believe it works ws well as, or better than most other products.


You have the following Peer-to-Peer program(s) installed:

StreamTorrent 1.0
uTorrent

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing. We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

All programs, folders and files listed below in this color are optional removals, but if you uninstall the program(s) you must delete the folders and files in the corresponding colors. All programs in black are malware or viruses and must be deleted, along with the corresponding folders and files in black.


Step-1.

Malicious program uninstalls and Optional Removals


1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

VLC media player 2.0.5
IObit Malware Fighter
FrostWire 5.5.5
StreamTorrent 1.0
uTorrent

3. (Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files (x86)\VideoLAN
C:\Program Files (x86)\IObit
c:\program files (x86)\frostwire 5
C:\Program Files (x86)\uTorrent
C:\Users\TylerBrownfield\AppData\Roaming\uTorrent

2. Close Windows Explorer.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
IE - HKU\S-1-5-21-1726653532-586185113-1062955823-1001\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = http://go.mail.ru/se...tf8in=1&fr=ietb
FF - prefs.js..browser.startup.homepage: "http://NewBreedSoftware.tk"
FF - prefs.js..extensions.enabledAddons: browserprotect%40browserprotect.com:1.1.3
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0039-ABCDEFFEDCBA%7D:6.0.39
[2013/04/08 18:30:23 | 000,047,822 | ---- | M] () (No name found) -- C:\Users\TylerBrownfield\AppData\Roaming\Mozilla\Firefox\Profiles\bds0ht88.default\extensions\[email protected]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)

:FILES
ipconfig /flushdns /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

MGA Diagnostic Tool

  • Download the MGADiag Tool and save it to the desktop.
  • Double click the MGADiag.exe file to run the program
  • Right Click the MGADiag.exefile and click Run as Administrator to run the program. OK and UAC warnings
  • Click the Continue button
  • Wait for the system to finish loading your system information.
  • Wait for the Posted Image to finish loading with your system information
  • Click the Copy button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Open a notepad window. Right click inside the window and click Paste. That will put the report in a text file.
  • Click File on the menu bar, then Save.
  • Give the file a name like MGADiag and save it to the desktop.
  • Paste the MGA Diagnostic Report in your next reply.

Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my question about Kaspersky
2. Let me know how the uninstalls went.
3. The OTL fixes log
4. The MGADiagnostic report
  • 0

#8
newbreedsoftware
Posted 10 April 2013 - 01:06 PM

newbreedsoftware

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
No I have never installed any Kaspersky products on my computer.
I uninstalled the programs you mentioned and everything uninstalled correctly.

OTL Fixs Log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1726653532-586185113-1062955823-1001\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}\ not found.
Prefs.js: "http://NewBreedSoftware.tk" removed from browser.startup.homepage
Prefs.js: browserprotect%40browserprotect.com:1.1.3 removed from extensions.enabledAddons
Prefs.js: %7BCAFEEFAC-0016-0000-0039-ABCDEFFEDCBA%7D:6.0.39 removed from extensions.enabledAddons
C:\Users\TylerBrownfield\AppData\Roaming\Mozilla\Firefox\Profiles\bds0ht88.default\extensions\[email protected] moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\TylerBrownfield\Desktop\Anti-Virus & Anti-Spyware software\cmd.bat deleted successfully.
C:\Users\TylerBrownfield\Desktop\Anti-Virus & Anti-Spyware software\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Classic .NET AppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57616 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1-TYLERBPC
->Temp folder emptied: 1169127 bytes
->Temporary Internet Files folder emptied: 2727610 bytes
->FireFox cache emptied: 0 bytes

User: Public

User: TylerBrownfield
->Temp folder emptied: 19268466 bytes
->Temporary Internet Files folder emptied: 9216865 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 75543093 bytes
->Google Chrome cache emptied: 76835082 bytes
->Flash cache emptied: 58144 bytes

User: WhatsUpGold_User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6672386 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67758 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 183.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04102013_115139

Files\Folders moved on Reboot...
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ODFM9V5H\n5URmCqwfqS43Ak1EZhDYAAAAB%252FB%253DAExjyUwN7y4-%252FJ%253D1360626742426558%252FK%253DlWdmvP_O8TImPf5t0vKjwg%252FA%253D6652771416965165896%252FR%253D0%252FX%253D6%252F_[1].js not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ODFM9V5H\yMO.BYmyoa448OnNiXLiuDRKBWouxXTwTgHkUKPKlyH_PL2NL9HTUfH13xsYJPkeDmDY7fqAUsMbuABQSnlTr22n7PRHeJZTYyPjkrpVCPzAML5bbTgzku2vKcxg_1Lrfgzd7QXG_ZL8dGich2F1B8IUDGcE1jpMQKBEEh[1].jpg not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\BEX3OOMY\Lm5YYC.tftM2bXUiazYlqueEMLLQjDf73EEiKN869e.1VtSWlsRDA4hBVrBYbAj0wL7OsCYEgM2ZG1nYvc9Mht3Kmwdqpd7mndy.YOuSs3XU5KTh3f29NOGkgecHd84fe265FubnsViKLwrxLisjTVOKxVtWqP2ScOur4Cs-[1].jpg not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\BEX3OOMY\rbO7OwwuBTBjiQupH8ha4Y5PIagot1D9sCmoB9FYqarmsK0i7a6ORoflW0uayu9L4tFwiqK0Gme8mWnra_faNyN66.pJNe4KmTzjwQVkxh4IByl3dlnjhVZ6ESLiaVlznpNxn.yyBX2tBuJEmxhE7dQZzCXTBJpdDAwrG4qQ[1].jpg not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\BEX3OOMY\rbO_GgvLlq85cEFmQRPseUoLj_VW_ty6DtekrcC9LKvVhTerDs2VszHJGK9HSGHDaCHCOsy4FOHDhjM3yY0JeMBB1ZGbn8llTPobG6Zxz_MX9uAiZ_hLjAizJ5xBQwSn9cu5jFprVyXbfHX5nvLXN.KgfGceQuAZuI04idH.[1].jpg not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\BEX3OOMY\UWxKbGFxRU1nMmlKVVQ0MFQub0l2LmQwRU4xT2NUSkdaV1g3RmRITzh4T3kuYnFGTUZTOVZBMUJRUWZGOUQxQmRUMVVJSDhUTTd0NlFoU0VFWkVwNENLc01xQUpWWHZZVTViUTFGbkQzdnp2QXJUQlJWYy5RY1RGTkFBJTJD[1].htm not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\BEX3OOMY\ws_eaWuMfB0rbMHoGYHhjIxxYfNyfnx8tGZBNDg1H6eaC6tVeD6bwpQuMXbugl2REG3SpcYtoVsoEHtUASoWTfuPoUQ_yvNX1d3YrLSKdTkf0Zc4pK10WDIy.2xZDWLHbwwX9eio_KSZSDFHfGNsleRSe3QzqcCFQ--[1].jpg not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\BEX3OOMY\ws_MSkPnfB0rbNfDdiN.bQFtbPxpH4t.8iObEKIzIieYg6X91GzMFT7SPpxsCg8LLbVHRkcIzuXViG7_uS65n8nvwrYKq1G02xe6NyAXNEeHBm.0jsXWb_GvC_Vl_3RFjaJ074mssaaZj5t1Z7mWbj.vt16PFNo_RQ-[1].jpg not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\BEX3OOMY\ws_N4WOHPB0rbO1bl0lUiZ3zVKkfC7fb_r3urjUSdEi_Wvx6Gz.BuJ.AbC00czxuMji8qRK8CVB1sVkDcv24x76AfQHCDo2RLNCeQxv..1kgvD5GdrA_OZ6ja256ut_IzPtljT3s.hgYmQ5u6wgx3Ncn_F8n_k4Vok-[1].jpg not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\BEX3OOMY\ws_sGNXxvB0rbNeg9ysszB9pyPNehlK0EicHtdYJ6SpMKHK3B7iJOmJR7k48Pnq1aEgM9jneRBIU2p7UjcgW43uROB1V6c2shOQplrh6JOBbZynvbXW9Cl_49p6VaRYUVmYUvmHlTzn3brq6OW_1NjBbM2uFKQvupk-[1].jpg not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\BEX3OOMY\ws_SR9lqPB0rbMgBxgi8kco96qhSzQtEFXUVw4VUEGGYCLVAmmayBNPd_cjlWk_tsKM007..dOSYpnWSyWnbw0YMbRpgytnPllOB5BxplrN8q.HAlJAN7UNVWAouUU4ewtnQxLc1_cpCi36HkLddwPY2BXZnqGD854-[1].jpg not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\B82HVMJC\M0nnvYJJ8u0X_eWT9N.6SlkPdwNPa4_m5rgERxVIZb.ZQQcTrA7lsYF99iJAY7.GwVu5cx5i8zg6jorVxDde7TxSHnHTlG6TGN4vv5jBvz8a8xYiDxvvL7VGxEMOO7G82zUIqWB__bmjDFsUyrcGqVpsRAjPdMB_7HSzVNB5[1].jpg not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\B82HVMJC\NW.rYkUbZ..KhIcKOoUGPq5FLO43Xui5I8jif.NgCtQVCQQmtFtF_JVqRiaj10l.0PHecYE5vjnoJNq8ZawKPhC395N0OySCp8U5XPAYzTgm3IIaOCAJES_nJ.QjdTwH9S8Cju5MIT1uXpmqhvO2AIbeRWwM3squoy27huM-[1].jpg not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\B82HVMJC\rbMFCn974ID3I9xRXqAFRJ9IHdgdwjHfBGOSUMZ1X5RrWVqZIaUfa.uvZVTrsSUVGQMM2MFDURJg51sLU8jeOSGXlPO0TAV1OANg9jXhTHBaDY7BKaLMYg7GA0quuplOFDq4wuuuBAqSXv0lapD6ROhOvrijuoijC3Q2oYXl[1].jpg not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\B82HVMJC\rbMkeIRyHYlsaBsZ5tsDWAe7CVYle3wozuzCILr8vdCuHsN_XjYs9_GO.TLhjH9ilLnam8G9re2_DHfV41xU_zBJPlXk8VtqpxxINeKT4KpFyHASHYJmkCq8BcsNhnO3NUBqKBG72ttxonyN9uxNurJxVIGH_tmmeEET260-[1].jpg not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\B82HVMJC\rbNTdgb6KQZqAqF3YHYEJoN.xkMvtPlLcCsry9JNH5ZFnhPmfIGg79dmPUWuw25kW0NZlnzJZIfZZSyXq.bj31trGc8UjxTAUjtABx3XNHpAMAvo2pqTW33RgQPfmKYXjCefcUJY.EQW__G_1pIrsbwfGZcvd_Rw7UmJGA--[1].jpg not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\B82HVMJC\rhFUzlsz8M4jPtii00QZFi4DYrRH0aclf99vf6h9d1URPS.SZbeAss5LmrXN0i5cN3X6DX6c7H6TZ0CM2fB7y5YFtj8ddbWOHEc72Rg.q67RIJ4w7AcKEVpR2oT8B0dRTMQTkX9Asm.0eQR0Qfiyzw53tUeb7nq.4bzTC0o-[1].jpg not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\B82HVMJC\SlNaM3FoRElEb2hWRS1MRS55UEdmQ3oyVnQ5TWh2YUxpbHYuWWFJOU5zcUliblNJbzFVOWxyU0M0MzhDdmJ1QTFweExjUC1tMWV4MUJHc0tJRENrZ0ZaYzVzTFFjUE1SWkoxQlYucERYejFHWUJ0UDhCVWluemJBJTNEJTJD[1].htm not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\B82HVMJC\ws_4CiEA_B0rbOEhQSqGrkt3yKr9x.Cnh2clu8tA9t2KJhRMa2NE7I4LagxDKYdXWhhe_PPi0_0o9SbjoM_02F9XSGsWseB7o3eomm6_oAAubuHHHX8C4ee_ZY51qpwd3B6b2DdKUyrTilwEAmdukAOwOIT1S4Xx3w-[1].jpg not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\B82HVMJC\ws_fild4_B0rbMrNvvCexeXnPmMttCXk4XpJLCZPBh3wAKgYYDNWv5byLrZI..2dXJuXzEXf1HI9_W3d97J3HpOXDjO_i1jc6Ah79ThucDx.xd8cVCIogLHDiAYj0J6QbhDdACkeOYhzUABVgVriVrxV.gL24yxttM-[1].jpg not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\B82HVMJC\ws_IAh9u_B0rbNsLjxI5Pbxm_xuq79x6T4XpIkXmqtHMNPbepFXLSTAfxb5e641_CFe.JuTFGSzEDeywsDk0BqaQcubd32ba6tNfEOW9QB7bLlp9rQgFPhe4fv439oQPxGU1YRuoFg79Zl2F99rwLjHPWnoqQxnw9Vb[1].jpg not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\B82HVMJC\ws_iefFzvB0rbPOJD2JTwmXNpbnBXRyPQypiXsKEMED7J5I0T32XaoXswUiiE8mB3x85sGZdBJEW5f_uSPaNd9w7vNc0qx.XzyKTlgPE1YTzlsqd2J7B_xEJXD4C8sKEmyZJrcAkvaRHNtUpsxteGic96OLNrTpK4VA[1].jpg not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\B82HVMJC\ws_y48pDvB0rbNzyoCxIP4I28SM5Vlb.E1AOFi1pEp9P06o5v53eJmnrq1Ni_C2Isdjd_0fUyiwEtLU85avWveGsgXt9RpxnMKeRqBQZpqd9rZahfm9zc6kzTTmxGpKwYHOFXlvSHUaeBjCG0hWSLnRz5tApJb805x4[1].jpg not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\5C3PJ081\6DRt2NsJnIix3wMEI6Ao_EJufbMv.HIhJ.vQyM1m93uuetz5rrxh9hUq8ecLbzlUdi9ztvg2XF4jmwWv.zk5fd7..7OtiLNnTNarY2OhZlgymkc98GV_n08dpwPsQp_7i3zcXD8Hv.R7gpLZDy7C3hQC2nbISUcfb5ci3jJZ[1].jpg not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\5C3PJ081\ws_GQK6qvB0rbOa8zZIIazZvsUYd6UPN45v_dnHPMtpEyJbu6EoicBCVzvZPtM6YH0_98WXWezclgygMWWZkTfASSU0RAHSpDb1ToZr8ftDeymMGRA5wJBvCboWpyKrRhpgjgp4RwpO87qitWIDILjd083w94OtSg--[1].jpg not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\5C3PJ081\ws_hppHevB0rbPLegtaVIgfxIG.3pnVLsHpNqtGeovnMBgV_WNFvFd_LjMDTIklG_58iNtKwIlxiPHSGHsVQ8FxdBBSzjJ2roU_IeAztmPDuK.jTSYqmDXEwvFLF3Hm401dpalZ0Tz40.C3iOMaDeIOQc1RizIn9g--[1].jpg not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\4M8O7A9U\rbMXg_X9b.fpYkaCTCmccONzMsyVDmq33aSKGsT57dZ3_FMse2iCrSgOV7Wxc.xmKPJVe75DANVilbsUb7qAcHEd0CqKxqCUA9JMGsfoNveUDAcfR0pkTNIckzW6rIzf7teqNZDYntBmy6wka.mbxgzHz6n_1DOYmDNexClQ[1].jpg not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\4M8O7A9U\rbOF4nVMp9t0FsGBcraIg7VjhBXEhs2fBKvJ.ysmm8kOxH5yWQ0ZyZJhVZi77FSPcfbX4ayN_7R8MA9xawGczQE66RQH_myDw7Uo923f.kcXIs399_csRl2oMUi9FVyLXjUyegWbMo3IM_lccCntfv8sa67HUm05fC8mYhE-[1].jpg not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\4M8O7A9U\rbP9mnNyqLuqNsid31e2rFZMgCWzPsyfZKPdnJ4wOtzrv1LNkgqRouhd61l8znnvJSxLSNFu.lKRVnWjhaTEUPzQXgyKVYvjhZtQDiKPH.PGEMYhKnaPPGhSi4WVa9416BCu.QbjppF9b.4N_nnMy2ZK43LWnba1Ba.lx51.[1].jpg not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\4M8O7A9U\ws_3f1XnPB0rbMgSneauJnJDl79a80CiVacTg3gV5icCsE8nUWC5NGAX54s2sm0f6tB3Ae8K3aRKkW2xh5GvCfCgLRjah1QsyDK_AS3alpyXxYx5SHGVqFWCozu5RVONOTb0.MWgeayhlgDvCm94Pzd_BMttxVuL8A-[1].jpg not found!
File\Folder C:\Users\TylerBrownfield\AppData\Local\Temp\Temporary Internet Files\Content.IE5\4M8O7A9U\ws_7qLP2_B0rbNMgeiH9rR8CKA47Yn0wP2m44hFnnu3pQNkymMqvC5_ALVXOc0nUUGaKc7FCs6hM8VFno01MvwoHdt9wTUCTWWrM5VQsCKH4dTYQbTxLzowBrqY1yr15Ij4I4wPpE_IyV1OrKJYYIKsqVUm3Jpgtg--[1].jpg not found!
C:\Users\TylerBrownfield\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\TylerBrownfield\AppData\Local\Temp\~DFE00B664AF3422B9C.TMP moved successfully.
File move failed. C:\Users\TylerBrownfield\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File\Folder C:\Windows\temp\ZLT02b01.TMP not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



MGADiagnostic Report:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0xc004c4a2
Windows Product Key: *****-*****-YG69F-9M66D-PMJBM
Windows Product Key Hash: /kehptF9HHVxM5d8dUnqgcfndXw=
Windows Product ID: 00426-OEM-8992662-00497
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {74EC967C-7F39-4637-BCA8-59E545D9C74C}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130318-1533
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{74EC967C-7F39-4637-BCA8-59E545D9C74C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-PMJBM</PKey><PID>00426-OEM-8992662-00497</PID><PIDType>2</PIDType><SID>S-1-5-21-1726653532-586185113-1062955823</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP 2000 Notebook PC</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.43</Version><SMBIOSVersion major="2" minor="7"/><Date>20111213000000.000000+000</Date></BIOS><HWID>896F3107018400F2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Input Error: Can not find script file "C:\Windows\system32\slmgr.vbs".

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0xC004C4A2
HealthStatus: 0x0000000000000000
Event Time Stamp: 9:2:2012 00:33
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Not Registered - 0x80070005
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: LAAAAAEAAQABAAEAAAABAAAAAgABAAEA6GFI1AiajBt2sPJ0Hhx+7XLMUF4=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HP INSYDE
FACP HPQOEM SLIC-MPC
HPET HP INSYDE
BOOT HP INSYDE
MCFG HP INSYDE
ASF! HP INSYDE
SLIC HPQOEM SLIC-MPC
SSDT HP INSYDE
SSDT HP INSYDE
  • 0

#9
godawgs
Posted 11 April 2013 - 08:46 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
That should have uninstalled the VLC Media player. Do you still get the setup file on the desktop? Let's check for any residual malware files.

For Steps 1 and 2 I want you to disable any screen saver you might have running.


Step-1.

Posted ImageMalwarebytes' Anti-Malware

Close all programs and browsers on your computer.

(Windows Vista/7 users will need to right click on the MalwareBytes icon on the desktop and click Run As Administrator, then click the Continue button on the UAC window.) You will now be at the main program as shown below.

Posted Image

  • Click the Update tab and update the program if required.
  • Click the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
  • MBAM will now start scanning your computer for malware. This process can an hour or two, depending on the number of files on the system, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image
    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore, and click Remove Selected.<---Very Important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step-2.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Uncheck the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.

    When The Scan is Complete:
  • Do Not select Uninstall application on close
  • Make sure you copy the logfile.
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus and screen saver application after running the above scan!


Step-3.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
services.*
/md5stop
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console
  • Click the box beside Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The MalwareBytes log
2. The ESET scan (IF it found anything). If it didn't just tell me.
3. The new OTL.txt log
4. How is the computer running now?
  • 0

#10
godawgs
Posted 15 April 2013 - 08:55 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#11
newbreedsoftware
Posted 23 April 2013 - 03:34 AM

newbreedsoftware

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Just wanted to give you an update, I finally figured out what was causing the file to show up on my desktop even though my computer was coming back clean on all the scans. By using a program called Process Monitor, I was able to see that one of the components of ZoneAlarm, called vsmon, had become corrupted. So I simply disabled that component and all is well!

Attached Thumbnails

  • vsmon.jpg

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP