Windows/Mcafee host process has stopped + no Internet?

Solved
By HummingTurtle
Jun 21, 2012
  1. Hi, I have been having some trouble with my laptop recently. I first noticed it about a week ago when I started to randomly recieve 'Windows Host Processes has stopped working'. A few days later, 'Mcafee host processes has stopped working' started to appear.

    Even more recently, I have been unable to browse the internet without constant lag. e.g. I will connect to my router from said laptop, but will be unable to load a page from on that laptop OR from my desktop PC. However if I disconnect my laptop's wireless connection, the desktop's internet works perfectly fine. I have had to download Malwarebytes, DDS and Gmer from my desktop and then transfer them to my laptop via flash drive.

    And I'm not sure if this is related or not, but also around a week ago I noticed that when I tried to sort my folders (say, by date created), that when I left the folder it would revert back to the original sort method, usually by name. It has not done this before.

    (Also, Gmer found nothing and as such there is no log.)
  2. HummingTurtle

    HummingTurtle Newcomer, in training Topic Starter Posts: 24

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.06.21.10
    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Zach :: ZACH-PC [administrator]
    6/21/2012 2:40:04 PM
    mbam-log-2012-06-21 (14-40-04).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 230660
    Time elapsed: 5 minute(s), 10 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Windows\Installer\{4ed00426-761c-ade8-3eda-60229d9845f4}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    (end)
  3. HummingTurtle

    HummingTurtle Newcomer, in training Topic Starter Posts: 24

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by Zach at 15:08:52 on 2012-06-21
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2517 [GMT -5:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files (x86)\SMINST\BLService.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio64.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files (x86)\DFX\DFX.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files (x86)\Hp\QuickPlay\QPService.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\ehome\mcupdate.EXE
    C:\Program Files\Common Files\McAfee\Core\mchost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\mcbuilder.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120429133016.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [Google Update] "C:\Users\Zach\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [PlusService] "C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DFX.lnk - C:\Program Files (x86)\DFX\DFX.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{0E98E87D-2B9E-4EE9-91B4-C640D7D3740C} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{9961ABBC-E3FB-4574-9D02-AD22FB31F15E} : DhcpNameServer = 192.168.0.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\McAfee\MSC\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\McAfee\SITEAD~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\McAfee\SITEAD~1\McIEPlg.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120429133016.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
    mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
    mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun-x64: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun-x64: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun-x64: [PlusService] "C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
    mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\3uw49nnd.default\
    FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/
    FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Users\Zach\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-8 249936]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-8 249936]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-8 249936]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-8 249936]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-4-8 199272]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-4-8 210584]
    R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
    R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-4-20 365952]
    R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-4-20 193840]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
    S3 ActionReplayDS;ActionReplayDS;C:\Windows\system32\Drivers\ActionReplayDS_x64.sys --> C:\Windows\system32\Drivers\ActionReplayDS_x64.sys [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 257696]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2012-4-9 89920]
    .
    =============== File Associations ===============
    .
    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2012-06-21 19:40:46 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-21 19:39:58 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-21 19:39:58 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
    2012-06-21 19:39:41 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-21 19:39:41 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
    2012-06-21 19:39:41 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-21 19:39:41 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
    2012-06-20 21:19:27 116016 ----a-w- C:\Windows\System32\drivers\24673136.sys
    2012-06-16 05:09:15 -------- d-----w- C:\Users\Zach\AppData\Local\Macromedia
    2012-06-15 20:36:44 -------- d-----w- C:\Program Files\iPod(113)
    2012-06-15 20:11:58 -------- d-----w- C:\Program Files (x86)\QuickTime(102)
    2012-06-10 06:38:56 -------- d-----w- C:\Users\Zach\AppData\Roaming\Malwarebytes
    2012-06-10 06:38:40 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-06-10 06:38:37 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-10 06:38:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-05 22:25:46 -------- d-----w- C:\Program Files (x86)\Datel
    2012-06-05 22:14:01 51600 ----a-w- C:\Windows\System32\drivers\ActionReplayDS_x64.sys
    2012-06-05 00:49:22 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{206E627B-C931-4374-BF0D-75407E6B8462}\mpengine.dll
    2012-05-28 09:46:04 1689600 ----a-w- C:\Windows\SysWow64\mprdin.dll
    .
    ==================== Find3M ====================
    .
    2012-05-05 13:19:30 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-05 13:19:30 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-05-05 13:19:23 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-17 22:17:45 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-04-09 17:59:57 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll
    2012-04-09 17:58:48 449024 ----a-w- C:\Windows\System32\WMPhoto.dll
    2012-04-08 17:06:24 505392 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2012-04-08 17:06:24 353840 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2012-04-08 17:06:24 1053232 ----a-w- C:\Windows\SysWow64\MFC71u.dll
    2012-04-08 17:06:23 1066544 ----a-w- C:\Windows\SysWow64\MFC71.dll
    2012-04-03 08:22:15 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-04-02 13:59:51 2766848 ----a-w- C:\Windows\System32\win32k.sys
    2012-03-30 12:45:03 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    .
    ============= FINISH: 15:10:03.18 ===============
  4. HummingTurtle

    HummingTurtle Newcomer, in training Topic Starter Posts: 24

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/8/2012 11:50:48 AM
    System Uptime: 6/21/2012 2:48:35 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 3612
    Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | CPU | 2000/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 221 GiB total, 55.322 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 1.865 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Action Replay Code Manager
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player ActiveX
    Adobe Media Player
    Adobe Photoshop CS5
    Apple Application Support
    Apple Software Update
    ASIO4ALL
    Atheros Driver Installation Program
    Combined Community Codec Pack 2011-11-11
    CyberLink DVD Suite
    DFX
    ESU for Microsoft Vista
    FastStone Image Viewer 4.6
    FL Studio 10
    Foxit Reader 5.1
    Google Chrome
    HandBrake 0.9.6
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP DVD Play 3.7
    HP Help and Support
    HP Quick Launch Buttons 6.40 H2
    HP Total Care Advisor
    HP Total Care Setup
    HP Update
    HP User Guides 0118
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    IL Download Manager
    IrfanView (remove only)
    Java Auto Updater
    Java(TM) 6 Update 31
    Java(TM) 6 Update 7
    Juno Preloader
    LabelPrint
    Last.fm 1.5.4.27091
    LightScribe System Software 1.14.17.1
    Malwarebytes Anti-Malware version 1.61.0.1400
    McAfee Internet Security Suite
    Messenger Plus! 5
    Microsoft Choice Guard
    Microsoft Live Search Toolbar
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox 11.0 (x86 en-US)
    MSVCRT
    MSVCRT Redists
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    muvee Reveal
    NetWaiting
    NetZero Preloader
    OpenOffice.org 3.3
    PDF Settings CS5
    Power2Go
    PowerDirector
    QuickTime
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    RocketDock 1.3.5
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Skype™ 5.8
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Vegas Pro 10.0
    VLC media player 2.0.1
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Xilisoft Audio Converter Pro
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/21/2012 2:54:14 PM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.
    6/21/2012 2:49:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP SRTSPX
    6/21/2012 2:49:57 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    6/21/2012 2:49:57 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    6/21/2012 2:49:57 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    6/21/2012 1:19:24 PM, Error: Service Control Manager [7031] - The Routing and Remote Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/20/2012 11:41:45 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
    6/20/2012 11:41:45 AM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/20/2012 11:41:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
    6/20/2012 11:36:23 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    6/19/2012 4:57:25 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.111 for the Network Card with network address 001F16EABE8D has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    6/18/2012 11:45:30 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Security with the following error: Access is denied.
    6/18/2012 11:44:27 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 4 time(s).
    6/18/2012 11:44:27 PM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/18/2012 11:44:27 PM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/18/2012 11:44:27 PM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/18/2012 11:44:27 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/18/2012 11:44:27 PM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/18/2012 11:44:27 PM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/18/2012 11:34:19 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 3 time(s).
    6/18/2012 11:34:19 PM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/18/2012 11:34:19 PM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/18/2012 11:34:19 PM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/18/2012 11:34:19 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/18/2012 11:34:19 PM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/18/2012 11:34:19 PM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/17/2012 5:52:11 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 2 time(s).
    6/17/2012 4:14:57 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
    6/17/2012 3:10:34 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    6/15/2012 6:46:24 PM, Error: Service Control Manager [7034] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 3 time(s).
    6/15/2012 6:46:24 PM, Error: Service Control Manager [7034] - The McAfee Services service terminated unexpectedly. It has done this 3 time(s).
    6/15/2012 6:46:24 PM, Error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 3 time(s).
    6/15/2012 6:46:24 PM, Error: Service Control Manager [7034] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 3 time(s).
    6/15/2012 6:46:24 PM, Error: Service Control Manager [7034] - The McAfee Network Agent service terminated unexpectedly. It has done this 3 time(s).
    6/15/2012 6:46:24 PM, Error: Service Control Manager [7034] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 3 time(s).
    6/15/2012 3:31:45 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/15/2012 2:55:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
    6/15/2012 2:55:25 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
  5. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  6. HummingTurtle

    HummingTurtle Newcomer, in training Topic Starter Posts: 24

    I was able to run Combofix, but it never produced a log. If it did, I do not see it.
  7. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Restart computer and re-run Combofix.
  8. HummingTurtle

    HummingTurtle Newcomer, in training Topic Starter Posts: 24

    Took quite a long time (2hrs at the least) and the log is very short. All files on my desktop disappeared as well.

    -----

    ComboFix 12-06-21.02 - Zach 06/21/2012 19:48:18.1.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2772 [GMT -5:00]
    Running from: C:\Users\Zach\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  9. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Something is blocking Combofix from performing correct scan.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  10. HummingTurtle

    HummingTurtle Newcomer, in training Topic Starter Posts: 24

    Scan result of Farbar Recovery Scan Tool Version: 21-06-2012 02
    Ran by SYSTEM at 21-06-2012 22:09:44
    Running from G:\
    Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1237288 2008-04-17] (Synaptics, Inc.)
    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [162328 2011-02-11] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2011-02-11] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [417304 2011-02-11] (Intel Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" [468264 2008-09-23] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [210216 2008-06-13] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2008-10-06] (CyberLink Corp.)
    HKLM-x32\...\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start [202032 2008-08-01] ( Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [210216 2008-06-13] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" [210216 2008-06-13] (CyberLink Corp.)
    HKLM-x32\...\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
    HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
    HKLM-x32\...\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
    HKLM-x32\...\Run: [PlusService] "C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [801792 2012-02-27] (Yuna Software)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
    HKLM-x32\...\Run: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKLM-x32\...\Run: [combofix] C:\ComboFix\CF19576.3XE /c C:\ComboFix\Combobatch.bat [8272 2012-06-21] ()
    HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
    HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard)
    HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
    HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard)
    HKU\Mcx1\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
    HKU\Mcx1\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard)
    HKU\Mcx1\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [196608 2009-04-10] (Microsoft Corporation)
    HKU\Zach\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKLM-x32\...\Runonce: [combofix] C:\ComboFix\CF19576.3XE /c C:\ComboFixCombobatch.bat [x]
    HKLM-x32\...\runonceex: [flags] 8
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\DFX.lnk
    ShortcutTarget: DFX.lnk -> C:\Program Files (x86)\DFX\DFX.exe ()
    ==================== Services (Whitelisted) ======
    2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502032 2012-03-22] (McAfee, Inc.)
    2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)
    2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)
    2 mfevtp; "C:\Windows\system32\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)
    2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-10-06] ()
    2 RemoteAccess; C:\Windows\SysWOW64\mprdin.dll [1689600 2012-05-28] ()
    2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [241734 2008-09-15] ()
    3 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]
    ========================== Drivers (Whitelisted) =============
    3 ActionReplayDS; C:\Windows\System32\Drivers\ActionReplayDS_x64.sys [51600 2007-02-08] (Thesycon GmbH, Germany)
    3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
    3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [126976 2008-06-29] (Intel(R) Corporation)
    3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
    3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
    3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
    0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
    1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
    3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
    1 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
    3 NETw3v64; C:\Windows\System32\Drivers\NETw3v64.sys [3154432 2008-01-20] (Intel Corporation)
    1 Beep; [x]
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    3 mfeavfk01; [x]
    3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\ENG64.SYS [x]
    3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\EX64.SYS [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
    1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [x]
    1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [x]
    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============
    2012-06-21 16:41 - 2012-06-21 17:55 - 00000000 ___SD C:\ComboFix
    2012-06-21 16:41 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-06-21 16:41 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-06-21 16:41 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-06-21 16:41 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-06-21 16:41 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-06-21 16:41 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2012-06-21 16:41 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2012-06-21 16:41 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2012-06-21 16:07 - 2012-06-21 17:55 - 00000000 ____D C:\Windows\erdnt
    2012-06-21 16:07 - 2012-06-21 16:41 - 00000000 ___SD C:\32788R22FWJFW
    2012-06-21 16:07 - 2012-06-21 16:41 - 00000000 ____D C:\Qoobox
    2012-06-21 16:05 - 2012-06-21 16:03 - 04564664 ____R (Swearware) C:\Users\Zach\Desktop\ComboFix.exe
    2012-06-21 12:12 - 2012-06-21 12:12 - 00020895 ____A C:\Users\Zach\Desktop\DDS.txt
    2012-06-21 12:12 - 2012-06-21 12:12 - 00011387 ____A C:\Users\Zach\Desktop\Attach.txt
    2012-06-21 12:08 - 2012-06-21 10:23 - 00607260 ____R (Swearware) C:\Users\Zach\Desktop\dds.scr
    2012-06-21 11:51 - 2011-09-20 00:02 - 00083968 ____A (Esage Lab) C:\Users\Zach\Desktop\boot_cleaner.exe
    2012-06-21 11:48 - 2012-06-21 11:48 - 00000392 ____A C:\Windows\PFRO.log
    2012-06-21 11:40 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-21 11:40 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-21 11:40 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-21 11:40 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-21 11:39 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-21 11:39 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2012-06-21 11:39 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-21 11:39 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2012-06-21 11:39 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-21 11:39 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2012-06-21 11:39 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-21 11:39 - 2012-06-02 12:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2012-06-21 11:39 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-21 11:39 - 2012-06-02 12:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2012-06-21 10:18 - 2012-06-19 16:12 - 00302592 ____A C:\Users\Zach\Desktop\j44d94q8.exe
    2012-06-20 13:19 - 2012-06-20 13:19 - 00116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\24673136.sys
    2012-06-16 09:25 - 2012-06-16 09:25 - 00028938 ____A C:\Users\Zach\Downloads\O-Demonoid.me-O_Hey_Ocean!_is.torrent
    2012-06-15 21:09 - 2012-06-15 21:09 - 00000000 ____D C:\Users\Zach\Local Settings\Macromedia
    2012-06-15 21:09 - 2012-06-15 21:09 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\Macromedia
    2012-06-15 21:09 - 2012-06-15 21:09 - 00000000 ____D C:\Users\Zach\AppData\Local\Macromedia
    2012-06-15 20:56 - 2012-06-20 13:06 - 00001496 ____A C:\Windows\setupact.log
    2012-06-15 20:56 - 2012-06-15 20:56 - 00000000 ____A C:\Windows\setuperr.log
    2012-06-15 12:36 - 2012-06-20 08:27 - 00000000 ____D C:\Program Files\iPod(113)
    2012-06-15 12:22 - 2012-06-15 12:23 - 01067600 ____A C:\Users\Zach\Downloads\Aero-2.zip
    2012-06-15 12:21 - 2012-06-15 12:21 - 00487316 ____A C:\Users\Zach\Downloads\Carbon-2.zip
    2012-06-15 12:18 - 2012-06-15 12:18 - 00349822 ____A C:\Users\Zach\Downloads\Cloud-2.zip
    2012-06-15 12:18 - 2012-06-15 12:18 - 00084003 ____A C:\Users\Zach\Downloads\Dark-Phoenix.zip
    2012-06-15 12:11 - 2012-06-15 12:13 - 00000000 ____D C:\Program Files (x86)\QuickTime(102)
    2012-06-13 07:07 - 2012-06-13 07:09 - 36491956 ____A C:\Users\Zach\Downloads\Pinkie Guy - In Seconds -Instrumental.zip
    2012-06-09 22:38 - 2012-06-09 22:38 - 00000000 ____D C:\Users\Zach\Application Data\Malwarebytes
    2012-06-09 22:38 - 2012-06-09 22:38 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Malwarebytes
    2012-06-09 22:38 - 2012-06-09 22:38 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-06-09 22:38 - 2012-06-09 22:38 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
    2012-06-09 22:38 - 2012-06-09 22:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-09 22:38 - 2012-04-04 12:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-09 22:11 - 2012-06-09 22:19 - 00001688 ____A C:\Windows\BitsRepairTool.log
    2012-06-05 14:25 - 2012-06-05 14:25 - 00000000 ____D C:\Program Files (x86)\Datel
    2012-06-05 14:14 - 2007-02-08 10:48 - 00051600 ____A (Thesycon GmbH, Germany) C:\Windows\System32\Drivers\ActionReplayDS_x64.sys
    2012-06-05 14:04 - 2012-06-05 14:04 - 00000539 ____A C:\Windows\KB893803v2.log
    2012-05-28 19:46 - 2012-05-28 19:48 - 55226910 ____A C:\Users\Zach\Downloads\Kicks, Snares, Blah.zip
    2012-05-28 01:46 - 2012-05-28 01:46 - 01689600 ____A C:\Windows\SysWOW64\mprdin.dll
    2012-05-28 01:46 - 2012-05-28 01:46 - 00000395 ____A C:\Windows\SysWOW64\mprdin.ocx
    2012-05-25 20:55 - 2012-06-20 08:24 - 00000000 ____D C:\Users\Zach\Downloads\Tor Browser
    2012-05-23 13:38 - 2012-05-23 13:38 - 00000000 ____D C:\Users\Mcx1\Local Settings\VirtualStore
    2012-05-23 13:38 - 2012-05-23 13:38 - 00000000 ____D C:\Users\Mcx1\Local Settings\Last.fm
    2012-05-23 13:38 - 2012-05-23 13:38 - 00000000 ____D C:\Users\Mcx1\Local Settings\Application Data\VirtualStore
    2012-05-23 13:38 - 2012-05-23 13:38 - 00000000 ____D C:\Users\Mcx1\Local Settings\Application Data\Last.fm
    2012-05-23 13:38 - 2012-05-23 13:38 - 00000000 ____D C:\Users\Mcx1\AppData\Local\VirtualStore
    2012-05-23 13:38 - 2012-05-23 13:38 - 00000000 ____D C:\Users\Mcx1\AppData\Local\Last.fm
    2012-05-23 13:37 - 2012-05-23 13:37 - 00000020 __ASH C:\Users\Mcx1\ntuser.ini
    2012-05-23 13:36 - 2012-06-20 08:25 - 00000000 ____D C:\users\Mcx1
    2012-05-23 13:36 - 2012-04-12 07:11 - 00000000 ____D C:\Users\Mcx1\Application Data\Macromedia
    2012-05-23 13:36 - 2012-04-12 07:11 - 00000000 ____D C:\Users\Mcx1\AppData\Roaming\Macromedia

    ============ 3 Months Modified Files and Folders =============
    2012-06-21 22:09 - 2012-06-21 22:09 - 00000000 ____D C:\FRST
    2012-06-21 19:04 - 2012-04-08 08:54 - 01919891 ____A C:\Windows\WindowsUpdate.log
    2012-06-21 19:04 - 2006-11-02 07:42 - 00023884 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-21 19:04 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-21 19:00 - 2006-11-02 07:22 - 00003344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-21 19:00 - 2006-11-02 07:22 - 00003344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-21 18:58 - 2012-04-08 11:53 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-979627399-1745000425-631789929-1000UA.job
    2012-06-21 18:19 - 2012-04-09 15:02 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-06-21 17:55 - 2012-06-21 16:41 - 00000000 ___SD C:\ComboFix
    2012-06-21 17:55 - 2012-06-21 16:07 - 00000000 ____D C:\Windows\erdnt
    2012-06-21 16:41 - 2012-06-21 16:07 - 00000000 ___SD C:\32788R22FWJFW
    2012-06-21 16:41 - 2012-06-21 16:07 - 00000000 ____D C:\Qoobox
    2012-06-21 16:37 - 2012-04-09 11:53 - 00000000 ____D C:\Users\Zach\Tracing
    2012-06-21 16:35 - 2012-04-08 09:06 - 00000290 ____A C:\Users\All Users\hpqp.ini
    2012-06-21 16:35 - 2012-04-08 09:06 - 00000290 ____A C:\Users\All Users\Application Data\hpqp.ini
    2012-06-21 16:03 - 2012-06-21 16:05 - 04564664 ____R (Swearware) C:\Users\Zach\Desktop\ComboFix.exe
    2012-06-21 15:09 - 2012-04-09 17:50 - 00000000 ____D C:\Users\Zach\Application Data\vlc
    2012-06-21 15:09 - 2012-04-09 17:50 - 00000000 ____D C:\Users\Zach\AppData\Roaming\vlc
    2012-06-21 12:13 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache
    2012-06-21 12:12 - 2012-06-21 12:12 - 00020895 ____A C:\Users\Zach\Desktop\DDS.txt
    2012-06-21 12:12 - 2012-06-21 12:12 - 00011387 ____A C:\Users\Zach\Desktop\Attach.txt
    2012-06-21 11:58 - 2012-04-08 11:53 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-979627399-1745000425-631789929-1000Core.job
    2012-06-21 11:54 - 2006-11-02 04:46 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-21 11:48 - 2012-06-21 11:48 - 00000392 ____A C:\Windows\PFRO.log
    2012-06-21 10:23 - 2012-06-21 12:08 - 00607260 ____R (Swearware) C:\Users\Zach\Desktop\dds.scr
    2012-06-20 13:19 - 2012-06-20 13:19 - 00116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\24673136.sys
    2012-06-20 13:06 - 2012-06-15 20:56 - 00001496 ____A C:\Windows\setupact.log
    2012-06-20 08:34 - 2012-04-08 10:23 - 00000000 ____D C:\users\Zach
    2012-06-20 08:27 - 2012-06-15 12:36 - 00000000 ____D C:\Program Files\iPod(113)
    2012-06-20 08:27 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\Msdtc
    2012-06-20 08:26 - 2006-11-02 04:33 - 67895296 ____A C:\Windows\System32\config\components_previous
    2012-06-20 08:26 - 2006-11-02 04:33 - 66060288 ____A C:\Windows\System32\config\software_previous
    2012-06-20 08:26 - 2006-11-02 04:33 - 22020096 ____A C:\Windows\System32\config\system_previous
    2012-06-20 08:26 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\security_previous
    2012-06-20 08:26 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\sam_previous
    2012-06-20 08:26 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\default_previous
    2012-06-20 08:25 - 2012-05-23 13:36 - 00000000 ____D C:\users\Mcx1
    2012-06-20 08:25 - 2006-11-02 05:33 - 00000000 __RSD C:\Windows\Media
    2012-06-20 08:24 - 2012-05-25 20:55 - 00000000 ____D C:\Users\Zach\Downloads\Tor Browser
    2012-06-20 08:24 - 2012-05-03 11:02 - 00000000 ____D C:\Users\Zach\Local Settings\QuickPlay
    2012-06-20 08:24 - 2012-05-03 11:02 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\QuickPlay
    2012-06-20 08:24 - 2012-05-03 11:02 - 00000000 ____D C:\Users\Zach\AppData\Local\QuickPlay
    2012-06-20 08:24 - 2012-04-18 18:18 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2012-06-20 08:24 - 2012-04-09 17:45 - 00000000 ____D C:\Program Files\iTunes
    2012-06-20 08:24 - 2012-04-09 17:45 - 00000000 ____D C:\Program Files\iPod
    2012-06-20 08:24 - 2012-04-09 17:45 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-06-20 08:24 - 2012-04-09 07:44 - 00000000 ____D C:\Users\Zach\Application Data\IrfanView
    2012-06-20 08:24 - 2012-04-09 07:44 - 00000000 ____D C:\Users\Zach\AppData\Roaming\IrfanView
    2012-06-20 08:24 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\spool
    2012-06-20 08:23 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\registration
    2012-06-19 16:12 - 2012-06-21 10:18 - 00302592 ____A C:\Users\Zach\Desktop\j44d94q8.exe
    2012-06-17 12:34 - 2012-04-09 17:46 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\Apple Computer
    2012-06-17 12:34 - 2012-04-09 17:46 - 00000000 ____D C:\Users\Zach\Local Settings\Apple Computer
    2012-06-17 12:34 - 2012-04-09 17:46 - 00000000 ____D C:\Users\Zach\AppData\Local\Apple Computer
    2012-06-17 09:21 - 2012-04-09 17:38 - 00000000 ____D C:\Users\Zach\Local Settings\Last.fm
    2012-06-17 09:21 - 2012-04-09 17:38 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\Last.fm
    2012-06-17 09:21 - 2012-04-09 17:38 - 00000000 ____D C:\Users\Zach\AppData\Local\Last.fm
    2012-06-17 09:10 - 2012-04-15 19:21 - 00000132 ____A C:\Users\Zach\Application Data\Adobe PNG Format CS5 Prefs
    2012-06-17 09:10 - 2012-04-15 19:21 - 00000132 ____A C:\Users\Zach\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2012-06-16 09:25 - 2012-06-16 09:25 - 00028938 ____A C:\Users\Zach\Downloads\O-Demonoid.me-O_Hey_Ocean!_is.torrent
    2012-06-15 21:09 - 2012-06-15 21:09 - 00000000 ____D C:\Users\Zach\Local Settings\Macromedia
    2012-06-15 21:09 - 2012-06-15 21:09 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\Macromedia
    2012-06-15 21:09 - 2012-06-15 21:09 - 00000000 ____D C:\Users\Zach\AppData\Local\Macromedia
    2012-06-15 20:56 - 2012-06-15 20:56 - 00000000 ____A C:\Windows\setuperr.log
    2012-06-15 12:23 - 2012-06-15 12:22 - 01067600 ____A C:\Users\Zach\Downloads\Aero-2.zip
    2012-06-15 12:21 - 2012-06-15 12:21 - 00487316 ____A C:\Users\Zach\Downloads\Carbon-2.zip
    2012-06-15 12:18 - 2012-06-15 12:18 - 00349822 ____A C:\Users\Zach\Downloads\Cloud-2.zip
    2012-06-15 12:18 - 2012-06-15 12:18 - 00084003 ____A C:\Users\Zach\Downloads\Dark-Phoenix.zip
    2012-06-15 12:13 - 2012-06-15 12:11 - 00000000 ____D C:\Program Files (x86)\QuickTime(102)
    2012-06-13 07:09 - 2012-06-13 07:07 - 36491956 ____A C:\Users\Zach\Downloads\Pinkie Guy - In Seconds -Instrumental.zip
    2012-06-12 20:51 - 2012-04-10 05:33 - 00000000 ____D C:\Users\Zach\My Documents\Vegas Pro 10.0 Projects
    2012-06-12 20:51 - 2012-04-10 05:33 - 00000000 ____D C:\Users\Zach\Documents\Vegas Pro 10.0 Projects
    2012-06-10 20:23 - 2012-04-10 05:35 - 00000000 ____D C:\Users\Zach\My Documents\Other
    2012-06-10 20:23 - 2012-04-10 05:35 - 00000000 ____D C:\Users\Zach\Documents\Other
    2012-06-09 22:38 - 2012-06-09 22:38 - 00000000 ____D C:\Users\Zach\Application Data\Malwarebytes
    2012-06-09 22:38 - 2012-06-09 22:38 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Malwarebytes
    2012-06-09 22:38 - 2012-06-09 22:38 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-06-09 22:38 - 2012-06-09 22:38 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
    2012-06-09 22:38 - 2012-06-09 22:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-09 22:19 - 2012-06-09 22:11 - 00001688 ____A C:\Windows\BitsRepairTool.log
    2012-06-05 14:25 - 2012-06-05 14:25 - 00000000 ____D C:\Program Files (x86)\Datel
    2012-06-05 14:04 - 2012-06-05 14:04 - 00000539 ____A C:\Windows\KB893803v2.log
    2012-06-04 17:57 - 2012-04-09 17:59 - 00000000 ____D C:\Users\Zach\Application Data\uTorrent
    2012-06-04 17:57 - 2012-04-09 17:59 - 00000000 ____D C:\Users\Zach\AppData\Roaming\uTorrent
    2012-06-04 10:39 - 2012-04-10 05:58 - 00028160 ____A C:\Users\Zach\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-06-04 10:39 - 2012-04-10 05:58 - 00028160 ____A C:\Users\Zach\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-06-04 10:39 - 2012-04-10 05:58 - 00028160 ____A C:\Users\Zach\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-06-02 14:19 - 2012-06-21 11:40 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-21 11:40 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-21 11:40 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-21 11:39 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 11:39 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 11:39 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:19 - 2012-06-21 11:39 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2012-06-02 14:15 - 2012-06-21 11:40 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-21 11:39 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 14:12 - 2012-06-21 11:39 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2012-06-02 12:19 - 2012-06-21 11:39 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 12:19 - 2012-06-21 11:39 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2012-06-02 12:15 - 2012-06-21 11:39 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 12:12 - 2012-06-21 11:39 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2012-05-28 19:48 - 2012-05-28 19:46 - 55226910 ____A C:\Users\Zach\Downloads\Kicks, Snares, Blah.zip
    2012-05-28 01:46 - 2012-05-28 01:46 - 01689600 ____A C:\Windows\SysWOW64\mprdin.dll
    2012-05-28 01:46 - 2012-05-28 01:46 - 00000395 ____A C:\Windows\SysWOW64\mprdin.ocx
    2012-05-23 13:38 - 2012-05-23 13:38 - 00000000 ____D C:\Users\Mcx1\Local Settings\VirtualStore
    2012-05-23 13:38 - 2012-05-23 13:38 - 00000000 ____D C:\Users\Mcx1\Local Settings\Last.fm
    2012-05-23 13:38 - 2012-05-23 13:38 - 00000000 ____D C:\Users\Mcx1\Local Settings\Application Data\VirtualStore
    2012-05-23 13:38 - 2012-05-23 13:38 - 00000000 ____D C:\Users\Mcx1\Local Settings\Application Data\Last.fm
    2012-05-23 13:38 - 2012-05-23 13:38 - 00000000 ____D C:\Users\Mcx1\AppData\Local\VirtualStore
    2012-05-23 13:38 - 2012-05-23 13:38 - 00000000 ____D C:\Users\Mcx1\AppData\Local\Last.fm
    2012-05-23 13:38 - 2006-11-02 07:07 - 00000000 ___RD C:\Users\Public\Recorded TV
    2012-05-23 13:37 - 2012-05-23 13:37 - 00000020 __ASH C:\Users\Mcx1\ntuser.ini
    2012-05-23 13:36 - 2006-11-02 05:34 - 00000000 ___HD C:\Windows\System32\GroupPolicy
    2012-05-22 10:16 - 2009-04-20 16:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-05-18 18:35 - 2012-05-18 18:35 - 00019808 ____A C:\Users\Zach\Downloads\Modestep_(2_Albums)-_=Demonoid.me=_.torrent
    2012-05-15 18:51 - 2012-05-15 15:57 - 00000371 ____A C:\Users\Zach\My Documents\survey.txt
    2012-05-15 18:51 - 2012-05-15 15:57 - 00000371 ____A C:\Users\Zach\Documents\survey.txt
    2012-05-15 05:06 - 2012-04-13 22:31 - 00001456 ____A C:\Users\Zach\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
    2012-05-15 05:06 - 2012-04-13 22:31 - 00001456 ____A C:\Users\Zach\Local Settings\Adobe Save for Web 12.0 Prefs
    2012-05-15 05:06 - 2012-04-13 22:31 - 00001456 ____A C:\Users\Zach\AppData\Local\Adobe Save for Web 12.0 Prefs
    2012-05-12 19:06 - 2012-04-09 12:30 - 00000000 ____D C:\Users\Zach\My Documents\My Received Files
    2012-05-12 19:06 - 2012-04-09 12:30 - 00000000 ____D C:\Users\Zach\Documents\My Received Files
    2012-05-08 16:10 - 2012-04-08 11:26 - 00000000 ____D C:\Program Files (x86)\McAfee
    2012-05-08 12:02 - 2006-11-02 07:21 - 04901608 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-05-08 11:57 - 2006-11-02 07:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
    2012-05-08 11:57 - 2006-11-02 07:07 - 00000000 ____D C:\Program Files\Windows Journal
    2012-05-07 18:59 - 2012-05-07 18:59 - 00069563 ____A C:\Users\Zach\Downloads\Disney_Recess_All_6_Seasons!_O-Demonoid.me-O_11733031.0102.torrent
    2012-05-07 18:51 - 2012-05-07 18:51 - 00021690 ____A C:\Users\Zach\Downloads\Disney's_Fillmore!_Complete_Series-[Demonoid.me]_11733031.0102.torrent
    2012-05-07 07:43 - 2012-05-07 07:43 - 00000000 ____D C:\Users\Zach\Application Data\Foxit Software
    2012-05-07 07:43 - 2012-05-07 07:43 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Foxit Software
    2012-05-07 06:00 - 2012-05-07 05:59 - 10871726 ____A C:\Users\Zach\Downloads\Ponymon Alpha0-21.zip
    2012-05-06 17:17 - 2012-04-09 17:46 - 00000000 ____D C:\Users\Zach\Application Data\Apple Computer
    2012-05-06 17:17 - 2012-04-09 17:46 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Apple Computer
    2012-05-06 16:28 - 2012-05-06 16:28 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    2012-05-05 05:19 - 2012-05-05 05:19 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-05-05 05:19 - 2012-04-09 15:02 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-05-05 05:19 - 2012-04-09 15:02 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-05-04 11:10 - 2012-04-08 10:33 - 00083496 ____A C:\Users\Zach\Local Settings\GDIPFONTCACHEV1.DAT
    2012-05-04 11:10 - 2012-04-08 10:33 - 00083496 ____A C:\Users\Zach\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2012-05-04 11:10 - 2012-04-08 10:33 - 00083496 ____A C:\Users\Zach\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-05-03 11:02 - 2012-05-03 11:02 - 00000021 ____A C:\Users\All Users\hpqp.txt
    2012-05-03 11:02 - 2012-05-03 11:02 - 00000021 ____A C:\Users\All Users\Application Data\hpqp.txt
    2012-05-03 11:02 - 2012-05-03 11:02 - 00000000 ____D C:\Users\Zach\Application Data\CyberLink
    2012-05-03 11:02 - 2012-05-03 11:02 - 00000000 ____D C:\Users\Zach\AppData\Roaming\CyberLink
    2012-05-03 11:02 - 2009-04-20 16:38 - 00000000 ____D C:\Users\All Users\CyberLink
    2012-05-03 11:02 - 2009-04-20 16:38 - 00000000 ____D C:\Users\All Users\Application Data\CyberLink
    2012-05-02 20:41 - 2012-05-02 20:34 - 07073240 ____A C:\Users\Zach\Downloads\NewYoutubeTemplate.psd
    2012-04-30 10:47 - 2012-04-10 05:33 - 00000000 ____D C:\Users\Zach\My Documents\School
    2012-04-30 10:47 - 2012-04-10 05:33 - 00000000 ____D C:\Users\Zach\Documents\School
    2012-04-29 10:30 - 2012-04-09 14:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-04-29 07:00 - 2012-04-14 07:40 - 00000680 ____A C:\Users\Zach\Local Settings\d3d9caps.dat
    2012-04-29 07:00 - 2012-04-14 07:40 - 00000680 ____A C:\Users\Zach\Local Settings\Application Data\d3d9caps.dat
    2012-04-29 07:00 - 2012-04-14 07:40 - 00000680 ____A C:\Users\Zach\AppData\Local\d3d9caps.dat
    2012-04-27 19:15 - 2012-04-27 19:15 - 00428298 ____A C:\Users\Zach\Downloads\Wut Is Mah Destiny Remix Files - 147bpm - TeiThePony.rar
    2012-04-27 16:55 - 2012-04-25 11:34 - 00000000 ____D C:\Users\Zach\Application Data\Media Player Classic
    2012-04-27 16:55 - 2012-04-25 11:34 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Media Player Classic
    2012-04-27 16:53 - 2012-04-09 15:50 - 00000000 ____D C:\Program Files\CCleaner
    2012-04-26 13:47 - 2012-04-12 12:06 - 00000000 ____D C:\Users\Zach\Downloads\vsti and vst presets updated 9,2011
    2012-04-26 13:43 - 2012-04-26 13:38 - 00000000 ____D C:\Users\Zach\Application Data\HandBrake
    2012-04-26 13:43 - 2012-04-26 13:38 - 00000000 ____D C:\Users\Zach\AppData\Roaming\HandBrake
    2012-04-26 13:37 - 2012-04-26 13:37 - 00000772 ____A C:\Users\Zach\My Documents\Handbrake.lnk
    2012-04-26 13:37 - 2012-04-26 13:37 - 00000772 ____A C:\Users\Zach\Documents\Handbrake.lnk
    2012-04-26 13:37 - 2012-04-26 13:37 - 00000000 ____D C:\Program Files\Handbrake
    2012-04-25 11:20 - 2012-04-25 11:20 - 00000000 ____D C:\Users\Zach\Application Data\Xilisoft
    2012-04-25 11:20 - 2012-04-25 11:20 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Xilisoft
    2012-04-25 11:19 - 2012-04-25 11:19 - 00001010 ____A C:\Users\Zach\My Documents\Xilisoft Audio Converter Pro.lnk
    2012-04-25 11:19 - 2012-04-25 11:19 - 00001010 ____A C:\Users\Zach\Documents\Xilisoft Audio Converter Pro.lnk
    2012-04-25 11:19 - 2012-04-25 11:19 - 00000000 ____D C:\Users\All Users\Xilisoft
    2012-04-25 11:19 - 2012-04-25 11:19 - 00000000 ____D C:\Users\All Users\Application Data\Xilisoft
    2012-04-25 11:19 - 2012-04-25 11:19 - 00000000 ____D C:\Program Files (x86)\Xilisoft
    2012-04-24 05:01 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\NDF
    2012-04-23 10:06 - 2012-04-23 10:06 - 00000000 ____D C:\Users\Zach\Application Data\SynthMaker
    2012-04-23 10:06 - 2012-04-23 10:06 - 00000000 ____D C:\Users\Zach\AppData\Roaming\SynthMaker
    2012-04-19 13:59 - 2012-04-19 13:59 - 00019619 ____A C:\Users\Zach\Downloads\((Demonoid.me))-Regular_Show_322_The_Best_Burger_in_the_World_(720p_Youtube).torrent
    2012-04-19 13:58 - 2012-04-19 13:58 - 00015319 ____A C:\Users\Zach\Downloads\[]Demonoid.me[]-Regular_Show_321_Big_Winner.torrent
    2012-04-19 13:57 - 2012-04-19 13:57 - 00014003 ____A C:\Users\Zach\Downloads\Regular_Show_320_Video_Game_Wizards_[449]-_=Demonoid.me=_.torrent
    2012-04-19 11:44 - 2012-04-09 18:13 - 00000000 ____D C:\Users\Zach\Application Data\Skype
    2012-04-19 11:44 - 2012-04-09 18:13 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Skype
    2012-04-19 11:44 - 2009-04-20 15:29 - 00000000 ____D C:\Windows\panther
    2012-04-19 11:31 - 2009-04-20 16:32 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-04-19 11:31 - 2009-04-20 16:32 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
    2012-04-19 11:31 - 2009-04-20 16:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2012-04-19 11:29 - 2006-11-02 07:07 - 00000000 ____D C:\Windows\ShellNew
    2012-04-19 11:28 - 2006-11-02 05:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2012-04-19 11:24 - 2012-04-08 10:35 - 00000000 ____D C:\Users\Zach\Local Settings\VirtualStore
    2012-04-19 11:24 - 2012-04-08 10:35 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\VirtualStore
    2012-04-19 11:24 - 2012-04-08 10:35 - 00000000 ____D C:\Users\Zach\AppData\Local\VirtualStore
    2012-04-17 14:17 - 2012-04-17 14:18 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-04-17 14:17 - 2012-04-17 14:18 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-04-17 14:17 - 2012-04-17 14:18 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-04-17 14:17 - 2012-04-09 06:45 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-04-17 14:17 - 2009-04-20 16:52 - 00000000 ____D C:\Program Files (x86)\Java
    2012-04-16 13:26 - 2012-04-16 13:26 - 00000000 ____D C:\Windows\System32\Macromed
    2012-04-16 08:15 - 2012-04-08 10:36 - 00000000 ____D C:\Users\Zach\Local Settings\Hewlett-Packard
    2012-04-16 08:15 - 2012-04-08 10:36 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\Hewlett-Packard
    2012-04-16 08:15 - 2012-04-08 10:36 - 00000000 ____D C:\Users\Zach\AppData\Local\Hewlett-Packard
    2012-04-14 20:23 - 2012-04-14 20:23 - 00000000 ____D C:\Users\Zach\dwhelper
    2012-04-13 20:21 - 2012-04-08 12:06 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\Adobe
    2012-04-13 20:21 - 2012-04-08 12:06 - 00000000 ____D C:\Users\Zach\Local Settings\Adobe
    2012-04-13 20:21 - 2012-04-08 12:06 - 00000000 ____D C:\Users\Zach\AppData\Local\Adobe
    2012-04-13 20:21 - 2012-04-08 11:04 - 00000000 ____D C:\Users\Zach\Application Data\Adobe
    2012-04-13 20:21 - 2012-04-08 11:04 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Adobe
    2012-04-13 12:05 - 2012-04-13 12:05 - 00000000 ____D C:\Users\Zach\Application Data\Image-Line
    2012-04-13 12:05 - 2012-04-13 12:05 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Image-Line
    2012-04-12 13:45 - 2012-04-12 13:45 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
    2012-04-12 13:43 - 2012-04-12 13:43 - 00000000 ____D C:\Users\Zach\My Documents\Image-Line
    2012-04-12 13:43 - 2012-04-12 13:43 - 00000000 ____D C:\Users\Zach\Documents\Image-Line
    2012-04-12 13:43 - 2012-04-12 13:43 - 00000000 ____D C:\Program Files (x86)\Vstplugins
    2012-04-12 13:43 - 2012-04-12 13:35 - 00000000 ____D C:\Program Files (x86)\Image-Line
    2012-04-12 13:42 - 2012-04-12 13:42 - 00000000 ____D C:\Program Files (x86)\Outsim
    2012-04-12 12:03 - 2012-04-12 12:03 - 00026265 ____A C:\Users\Zach\Downloads\fl_studio_10_8_reg_30_000_vsti_and_vst_presets_updated_9_2011_x-Demonoid.me-x_11733031.0102.torrent
    2012-04-12 08:24 - 2012-04-12 08:24 - 00000000 ____D C:\Users\Zach\Application Data\Publish Providers
    2012-04-12 08:24 - 2012-04-12 08:24 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Publish Providers
    2012-04-12 08:24 - 2012-04-11 19:39 - 00000000 ____D C:\Users\Zach\Application Data\Sony
    2012-04-12 08:24 - 2012-04-11 19:39 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Sony
    2012-04-12 08:21 - 2012-04-11 19:39 - 00000000 ____D C:\Users\Zach\Local Settings\Sony
    2012-04-12 08:21 - 2012-04-11 19:39 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\Sony
    2012-04-12 08:21 - 2012-04-11 19:39 - 00000000 ____D C:\Users\Zach\AppData\Local\Sony
    2012-04-12 08:15 - 2012-04-12 08:15 - 00000000 ____D C:\Users\All Users\Sony
    2012-04-12 08:15 - 2012-04-12 08:15 - 00000000 ____D C:\Users\All Users\Application Data\Sony
    2012-04-12 08:15 - 2012-04-12 08:15 - 00000000 ____D C:\Program Files (x86)\Sony
    2012-04-12 07:54 - 2012-04-12 07:54 - 00000000 ____D C:\Users\Zach\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2012-04-12 07:54 - 2012-04-12 07:54 - 00000000 ____D C:\Users\Zach\Application Data\Adobe Mini Bridge CS5
    2012-04-12 07:54 - 2012-04-12 07:54 - 00000000 ____D C:\Users\Zach\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2012-04-12 07:54 - 2012-04-12 07:54 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Adobe Mini Bridge CS5
    2012-04-12 07:24 - 2012-04-12 07:24 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
    2012-04-12 07:24 - 2012-04-12 07:24 - 00000000 ____D C:\Users\All Users\Application Data\regid.1986-12.com.adobe
    2012-04-12 07:24 - 2012-04-12 07:17 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2012-04-12 07:24 - 2009-04-20 16:37 - 00000000 ____D C:\Users\All Users\Application Data\Adobe
    2012-04-12 07:24 - 2009-04-20 16:37 - 00000000 ____D C:\Users\All Users\Adobe
    2012-04-12 07:23 - 2012-04-12 07:23 - 00000000 ____D C:\Program Files\Adobe
    2012-04-12 07:20 - 2009-04-20 16:37 - 00000000 ____D C:\Program Files (x86)\Adobe
    2012-04-12 07:15 - 2012-04-12 07:15 - 00000000 ____D C:\Program Files (x86)\Adobe Media Player
    2012-04-12 07:11 - 2012-05-23 13:36 - 00000000 ____D C:\Users\Mcx1\Application Data\Macromedia
    2012-04-12 07:11 - 2012-05-23 13:36 - 00000000 ____D C:\Users\Mcx1\AppData\Roaming\Macromedia
    2012-04-12 07:11 - 2012-04-12 07:11 - 00000000 ____D C:\Users\Default\Application Data\Macromedia
    2012-04-12 07:11 - 2012-04-12 07:11 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
    2012-04-12 07:11 - 2012-04-12 07:11 - 00000000 ____D C:\Users\Default User\Application Data\Macromedia
    2012-04-12 07:11 - 2012-04-12 07:11 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
    2012-04-11 14:36 - 2012-04-11 14:36 - 00000000 ____D C:\Users\Zach\Local Settings\DFX
    2012-04-11 14:36 - 2012-04-11 14:36 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\DFX
    2012-04-11 14:36 - 2012-04-11 14:36 - 00000000 ____D C:\Users\Zach\AppData\Local\DFX
    2012-04-11 14:35 - 2012-04-11 14:34 - 00000000 ____D C:\Program Files (x86)\DFX
    2012-04-11 14:34 - 2012-04-11 14:34 - 00000000 ____D C:\Users\All Users\DFX
    2012-04-11 14:34 - 2012-04-11 14:34 - 00000000 ____D C:\Users\All Users\Application Data\DFX
    2012-04-11 13:53 - 2012-04-11 12:59 - 00000000 ____D C:\Program Files (x86)\Winamp
    2012-04-10 19:16 - 2012-04-10 19:14 - 00001726 ___AH C:\Users\Zach\My Documents\Default.rdp
    2012-04-10 19:16 - 2012-04-10 19:14 - 00001726 ___AH C:\Users\Zach\Documents\Default.rdp
    2012-04-10 15:59 - 2012-04-10 15:59 - 00274798 ____A C:\Users\Zach\Downloads\MLPMusicArchive_FULL_v002.torrent
    2012-04-10 15:47 - 2012-04-10 15:48 - 00024880 ____A C:\Users\Zach\Downloads\77B8A2D3D94C275ABF29E9981349B04699BE699A.torrent
    2012-04-10 15:47 - 2012-04-10 15:47 - 00062025 ____A C:\Users\Zach\Downloads\4FA481019E6BB59325F4203C6FAD218E48DDC2DF.torrent
    2012-04-10 12:57 - 2012-04-10 12:57 - 00000000 ____D C:\Users\Zach\Application Data\FastStone
    2012-04-10 12:57 - 2012-04-10 12:57 - 00000000 ____D C:\Users\Zach\AppData\Roaming\FastStone
    2012-04-10 11:53 - 2012-04-10 11:53 - 00000000 ____D C:\Program Files (x86)\Ricochet Infinity
    2012-04-10 11:45 - 2012-04-10 11:45 - 00000000 ____D C:\Program Files (x86)\Acclaim
    2012-04-10 11:41 - 2012-04-10 11:41 - 00000000 ____D C:\Program Files (x86)\VideoLAN
    2012-04-10 06:05 - 2012-04-10 06:04 - 00466394 ____A C:\Windows\dd_vcredistMSI6BD0.txt
    2012-04-10 06:05 - 2012-04-10 06:04 - 00216082 ____A C:\Windows\dd_vcredistUI6BD0.txt
    2012-04-10 06:04 - 2012-04-10 06:03 - 00462130 ____A C:\Windows\dd_vcredistMSI6AE2.txt
    2012-04-10 06:04 - 2012-04-10 06:03 - 00216034 ____A C:\Windows\dd_vcredistUI6AE2.txt
    2012-04-10 06:03 - 2009-04-20 16:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
    2012-04-10 05:55 - 2012-04-10 05:55 - 00000000 ____D C:\Games
    2012-04-10 05:53 - 2012-04-10 05:53 - 00000000 ___HD C:\Windows\System32\CanonMF Uninstaller Information
    2012-04-10 05:49 - 2012-04-10 05:49 - 00000000 ____D C:\Program Files\Canon
    2012-04-10 05:37 - 2012-04-10 05:37 - 00000000 ____D C:\Users\Zach\Application Data\OpenOffice.org
    2012-04-10 05:37 - 2012-04-10 05:37 - 00000000 ____D C:\Users\Zach\AppData\Roaming\OpenOffice.org
    2012-04-10 05:34 - 2012-04-10 05:34 - 00000000 ____D C:\Users\Zach\My Documents\Shoddy Teams
    2012-04-10 05:34 - 2012-04-10 05:34 - 00000000 ____D C:\Users\Zach\My Documents\Datel
    2012-04-10 05:34 - 2012-04-10 05:34 - 00000000 ____D C:\Users\Zach\Documents\Shoddy Teams
    2012-04-10 05:34 - 2012-04-10 05:34 - 00000000 ____D C:\Users\Zach\Documents\Datel
    2012-04-09 18:26 - 2012-04-09 18:26 - 00000000 ____D C:\Users\Zach\My Documents\Messenger Plus!
    2012-04-09 18:26 - 2012-04-09 18:26 - 00000000 ____D C:\Users\Zach\Documents\Messenger Plus!
    2012-04-09 18:12 - 2012-04-09 18:12 - 00000000 ___RD C:\Program Files (x86)\Skype
    2012-04-09 18:12 - 2012-04-09 18:12 - 00000000 ____D C:\Users\All Users\Skype
    2012-04-09 18:12 - 2012-04-09 18:12 - 00000000 ____D C:\Users\All Users\Application Data\Skype
    2012-04-09 18:08 - 2012-04-09 18:07 - 00000000 ____D C:\Program Files (x86)\FastStone Image Viewer
    2012-04-09 17:59 - 2012-04-09 17:59 - 00000000 ____D C:\Program Files (x86)\uTorrent
    2012-04-09 17:58 - 2012-04-09 17:58 - 00000000 ____D C:\Program Files (x86)\Foxit Software
    2012-04-09 17:47 - 2012-04-09 17:47 - 00000000 ____D C:\Users\All Users\Last.fm
    2012-04-09 17:47 - 2012-04-09 17:47 - 00000000 ____D C:\Users\All Users\Application Data\Last.fm
    2012-04-09 17:46 - 2012-04-09 17:45 - 00000000 ____D C:\Users\All Users\Application Data\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
  11. HummingTurtle

    HummingTurtle Newcomer, in training Topic Starter Posts: 24

    2012-04-09 17:46 - 2012-04-09 17:45 - 00000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2012-04-09 17:45 - 2012-04-09 17:45 - 00000000 ____D C:\Users\All Users\Application Data\Apple Computer
    2012-04-09 17:45 - 2012-04-09 17:45 - 00000000 ____D C:\Users\All Users\Apple Computer
    2012-04-09 17:43 - 2012-04-09 17:43 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\Apple
    2012-04-09 17:43 - 2012-04-09 17:43 - 00000000 ____D C:\Users\Zach\Local Settings\Apple
    2012-04-09 17:43 - 2012-04-09 17:43 - 00000000 ____D C:\Users\Zach\AppData\Local\Apple
    2012-04-09 17:43 - 2012-04-09 17:43 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2012-04-09 17:43 - 2012-04-09 17:39 - 00000000 ____D C:\Users\All Users\Application Data\Apple
    2012-04-09 17:43 - 2012-04-09 17:39 - 00000000 ____D C:\Users\All Users\Apple
    2012-04-09 17:40 - 2012-04-09 17:40 - 00000000 ____D C:\Program Files\Common Files\Apple
    2012-04-09 17:40 - 2012-04-09 17:40 - 00000000 ____D C:\Program Files\Bonjour
    2012-04-09 17:40 - 2012-04-09 17:40 - 00000000 ____D C:\Program Files (x86)\Bonjour
    2012-04-09 17:38 - 2012-04-09 17:38 - 00000000 ____D C:\Program Files (x86)\Last.fm
    2012-04-09 16:03 - 2012-04-09 16:02 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack
    2012-04-09 16:01 - 2012-04-09 15:53 - 00000000 ____D C:\Windows\SysWOW64\directx
    2012-04-09 15:58 - 2012-04-09 15:53 - 00000000 ___HD C:\Windows\msdownld.tmp
    2012-04-09 14:57 - 2012-04-09 14:57 - 00000000 ____D C:\Users\Zach\Local Settings\Mozilla
    2012-04-09 14:57 - 2012-04-09 14:57 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\Mozilla
    2012-04-09 14:57 - 2012-04-09 14:57 - 00000000 ____D C:\Users\Zach\Application Data\Mozilla
    2012-04-09 14:57 - 2012-04-09 14:57 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Mozilla
    2012-04-09 14:57 - 2012-04-09 14:57 - 00000000 ____D C:\Users\Zach\AppData\Local\Mozilla
    2012-04-09 14:37 - 2012-04-09 14:38 - 00264271 ____A C:\Users\Zach\Downloads\FileHippoUpdateCheckerSetup.exe
    2012-04-09 13:43 - 2012-04-09 13:43 - 00000000 ____D C:\Users\All Users\Messenger Plus!
    2012-04-09 13:43 - 2012-04-09 13:43 - 00000000 ____D C:\Users\All Users\Application Data\Messenger Plus!
    2012-04-09 13:42 - 2012-04-09 13:42 - 00000000 ____D C:\Program Files (x86)\Yuna Software
    2012-04-09 12:55 - 2012-04-09 12:54 - 00000000 ____D C:\Users\Zach\Application Data\WinRAR
    2012-04-09 12:55 - 2012-04-09 12:54 - 00000000 ____D C:\Users\Zach\AppData\Roaming\WinRAR
    2012-04-09 12:54 - 2012-04-09 12:54 - 00000000 ____D C:\Program Files\WinRAR
    2012-04-09 12:14 - 2012-04-09 12:14 - 00000000 ____D C:\Program Files (x86)\Windows Live SkyDrive
    2012-04-09 12:14 - 2012-04-09 12:13 - 00000000 ____D C:\Program Files (x86)\Windows Live
    2012-04-09 12:08 - 2012-04-09 12:07 - 00000000 ____D C:\Program Files (x86)\RocketDock
    2012-04-09 12:04 - 2012-04-09 12:02 - 00000000 ____D C:\Users\Zach\Application Data\GetRightToGo
    2012-04-09 12:04 - 2012-04-09 12:02 - 00000000 ____D C:\Users\Zach\AppData\Roaming\GetRightToGo
    2012-04-09 11:54 - 2012-04-09 11:54 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\{74433A75-8A5B-4729-BE5D-AE693F676091}
    2012-04-09 11:54 - 2012-04-09 11:54 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\{03D8D790-4B64-4810-9E09-4868652E5414}
    2012-04-09 11:54 - 2012-04-09 11:54 - 00000000 ____D C:\Users\Zach\Local Settings\{74433A75-8A5B-4729-BE5D-AE693F676091}
    2012-04-09 11:54 - 2012-04-09 11:54 - 00000000 ____D C:\Users\Zach\Local Settings\{03D8D790-4B64-4810-9E09-4868652E5414}
    2012-04-09 11:54 - 2012-04-09 11:54 - 00000000 ____D C:\Users\Zach\AppData\Local\{74433A75-8A5B-4729-BE5D-AE693F676091}
    2012-04-09 11:54 - 2012-04-09 11:54 - 00000000 ____D C:\Users\Zach\AppData\Local\{03D8D790-4B64-4810-9E09-4868652E5414}
    2012-04-09 11:53 - 2012-04-09 11:46 - 00000000 ____D C:\Users\Zach\Local Settings\Windows Live
    2012-04-09 11:53 - 2012-04-09 11:46 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\Windows Live
    2012-04-09 11:53 - 2012-04-09 11:46 - 00000000 ____D C:\Users\Zach\AppData\Local\Windows Live
    2012-04-09 10:45 - 2012-04-09 10:45 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
    2012-04-09 10:45 - 2012-04-09 10:45 - 00000000 ____D C:\Windows\SysWOW64\spool
    2012-04-09 10:45 - 2012-04-09 10:45 - 00000000 ____D C:\Program Files\Windows Portable Devices
    2012-04-09 10:45 - 2012-04-09 10:45 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\uk-UA
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\th-TH
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\sl-SI
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\ro-RO
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\hr-HR
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\he-IL
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\et-EE
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\bg-BG
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\zh-HK
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\uk-UA
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\tr-TR
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\th-TH
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\sr-Latn-CS
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\sl-SI
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\sk-SK
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\ro-RO
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\lv-LV
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\lt-LT
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\hr-HR
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\he-IL
    2012-04-09 10:45 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\et-EE
    2012-04-09 10:45 - 2006-11-02 05:33 - 00000000 ___RD C:\Windows\Offline Web Pages
    2012-04-09 10:45 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\System32\bg-BG
    2012-04-09 10:45 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\System32\ar-SA
    2012-04-09 10:45 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\PolicyDefinitions
    2012-04-09 10:45 - 2006-11-02 05:33 - 00000000 ____D C:\Program Files\Common Files\System
    2012-04-09 10:01 - 2012-04-09 10:01 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 09705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2012-04-09 10:01 - 2012-04-09 10:01 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2012-04-09 10:01 - 2012-04-09 10:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-04-09 10:01 - 2012-04-09 10:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-04-09 10:01 - 2012-04-09 10:01 - 02308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 02144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 01798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 01792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 01493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-04-09 10:01 - 2012-04-09 10:01 - 01427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-04-09 10:01 - 2012-04-09 10:01 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 01345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 01127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 01103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2012-04-09 10:01 - 2012-04-09 10:01 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2012-04-09 10:01 - 2012-04-09 10:01 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-04-09 10:01 - 2012-04-09 10:01 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2012-04-09 10:01 - 2012-04-09 10:01 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2012-04-09 10:01 - 2012-04-09 10:01 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2012-04-09 10:01 - 2012-04-09 10:01 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2012-04-09 10:01 - 2012-04-09 10:01 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-04-09 10:01 - 2012-04-09 10:01 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00114176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2012-04-09 10:01 - 2012-04-09 10:01 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2012-04-09 10:01 - 2012-04-09 10:01 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2012-04-09 10:01 - 2012-04-09 10:01 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2012-04-09 10:01 - 2012-04-09 10:01 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2012-04-09 10:01 - 2012-04-09 10:01 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2012-04-09 10:01 - 2012-04-09 10:01 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
    2012-04-09 10:01 - 2012-04-09 10:01 - 00072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2012-04-09 10:01 - 2012-04-09 10:01 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2012-04-09 10:01 - 2012-04-09 10:01 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2012-04-09 10:01 - 2012-04-09 10:01 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2012-04-09 10:01 - 2012-04-09 10:01 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2012-04-09 10:01 - 2012-04-09 10:01 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2012-04-09 10:01 - 2006-11-02 04:16 - 00008798 ____A C:\Windows\SysWOW64\icrav03.rat
    2012-04-09 10:01 - 2006-11-02 04:16 - 00001988 ____A C:\Windows\SysWOW64\ticrf.rat
    2012-04-09 10:01 - 2006-11-01 22:36 - 00008798 ____A C:\Windows\System32\icrav03.rat
    2012-04-09 10:01 - 2006-11-01 22:36 - 00001988 ____A C:\Windows\System32\ticrf.rat
    2012-04-09 09:59 - 2012-04-09 09:59 - 03548672 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 03068416 ____A (Microsoft Corporation) C:\Windows\System32\xpsservices.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 02873344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 01554432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 01461760 ____A (Microsoft Corporation) C:\Windows\System32\OpcServices.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 01268224 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 01257984 ____A (Microsoft Corporation) C:\Windows\System32\MFH264Dec.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 01204224 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 01075712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 01032192 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
    2012-04-09 09:59 - 2012-04-09 09:59 - 01029120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 00979456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFH264Dec.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 00900480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
    2012-04-09 09:59 - 2012-04-09 09:59 - 00847360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 00748544 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 00625152 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 00586240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 00566272 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 00486400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 00478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 00428544 ____A (Microsoft Corporation) C:\Windows\System32\MFHEAACdec.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 00377344 ____A (Microsoft Corporation) C:\Windows\System32\mfmp4src.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\winspool.drv
    2012-04-09 09:59 - 2012-04-09 09:59 - 00357376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFHEAACdec.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 00345088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4src.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 00287232 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\mfplat.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 00261632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 00258048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
    2012-04-09 09:59 - 2012-04-09 09:59 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 00209920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 00195072 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 00189952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 00135680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 00098816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelineprxy.dll
    2012-04-09 09:59 - 2012-04-09 09:59 - 00034304 ____A (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
    2012-04-09 09:58 - 2012-04-09 09:58 - 01209856 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
    2012-04-09 09:58 - 2012-04-09 09:58 - 00974848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2012-04-09 09:58 - 2012-04-09 09:58 - 00792576 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
    2012-04-09 09:58 - 2012-04-09 09:58 - 00519680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
    2012-04-09 09:58 - 2012-04-09 09:58 - 00449024 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
    2012-04-09 09:58 - 2012-04-09 09:58 - 00411648 ____A (Microsoft Corporation) C:\Windows\System32\PhotoMetadataHandler.dll
    2012-04-09 09:58 - 2012-04-09 09:58 - 00369664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2012-04-09 09:58 - 2012-04-09 09:58 - 00328192 ____A (Microsoft Corporation) C:\Windows\System32\dxdiag.exe
    2012-04-09 09:58 - 2012-04-09 09:58 - 00321024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
    2012-04-09 09:58 - 2012-04-09 09:58 - 00262656 ____A (Microsoft Corporation) C:\Windows\System32\dxdiagn.dll
    2012-04-09 09:58 - 2012-04-09 09:58 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxdiag.exe
    2012-04-09 09:58 - 2012-04-09 09:58 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
    2012-04-09 09:58 - 2012-04-09 09:58 - 00195584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll
    2012-04-09 09:58 - 2012-04-09 09:58 - 00189440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
    2012-04-09 08:54 - 2012-04-09 08:53 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\{E783BF2C-2397-4051-A78F-935BE2B114BD}
    2012-04-09 08:54 - 2012-04-09 08:53 - 00000000 ____D C:\Users\Zach\Local Settings\{E783BF2C-2397-4051-A78F-935BE2B114BD}
    2012-04-09 08:54 - 2012-04-09 08:53 - 00000000 ____D C:\Users\Zach\AppData\Local\{E783BF2C-2397-4051-A78F-935BE2B114BD}
    2012-04-09 07:44 - 2012-04-09 07:44 - 00000000 ____D C:\Program Files (x86)\IrfanView
    2012-04-09 06:46 - 2012-04-09 06:46 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
    2012-04-09 06:45 - 2012-04-09 06:45 - 00000000 ____D C:\Users\All Users\Sun
    2012-04-09 06:45 - 2012-04-09 06:45 - 00000000 ____D C:\Users\All Users\Application Data\Sun
    2012-04-09 06:43 - 2012-04-09 06:42 - 00443080 ____A C:\Users\Zach\Local Settings\dd_vcredistMSI3AAD.txt
    2012-04-09 06:43 - 2012-04-09 06:42 - 00443080 ____A C:\Users\Zach\Local Settings\Application Data\dd_vcredistMSI3AAD.txt
    2012-04-09 06:43 - 2012-04-09 06:42 - 00443080 ____A C:\Users\Zach\AppData\Local\dd_vcredistMSI3AAD.txt
    2012-04-09 06:43 - 2012-04-09 06:42 - 00011696 ____A C:\Users\Zach\Local Settings\dd_vcredistUI3AAD.txt
    2012-04-09 06:43 - 2012-04-09 06:42 - 00011696 ____A C:\Users\Zach\Local Settings\Application Data\dd_vcredistUI3AAD.txt
    2012-04-09 06:43 - 2012-04-09 06:42 - 00011696 ____A C:\Users\Zach\AppData\Local\dd_vcredistUI3AAD.txt
    2012-04-09 06:42 - 2012-04-09 06:40 - 00439040 ____A C:\Users\Zach\Local Settings\dd_vcredistMSI3960.txt
    2012-04-09 06:42 - 2012-04-09 06:40 - 00439040 ____A C:\Users\Zach\Local Settings\Application Data\dd_vcredistMSI3960.txt
    2012-04-09 06:42 - 2012-04-09 06:40 - 00439040 ____A C:\Users\Zach\AppData\Local\dd_vcredistMSI3960.txt
    2012-04-09 06:42 - 2012-04-09 06:40 - 00011664 ____A C:\Users\Zach\Local Settings\dd_vcredistUI3960.txt
    2012-04-09 06:42 - 2012-04-09 06:40 - 00011664 ____A C:\Users\Zach\Local Settings\Application Data\dd_vcredistUI3960.txt
    2012-04-09 06:42 - 2012-04-09 06:40 - 00011664 ____A C:\Users\Zach\AppData\Local\dd_vcredistUI3960.txt
    2012-04-09 05:43 - 2012-04-09 05:43 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
    2012-04-09 05:28 - 2012-04-09 05:26 - 00000000 ____D C:\Windows\SysWOW64\vi-VN
    2012-04-09 05:28 - 2012-04-09 05:26 - 00000000 ____D C:\Windows\SysWOW64\eu-ES
    2012-04-09 05:28 - 2012-04-09 05:26 - 00000000 ____D C:\Windows\SysWOW64\ca-ES
    2012-04-09 05:28 - 2006-11-02 07:07 - 00000000 ____D C:\Program Files\Windows Sidebar
    2012-04-09 05:28 - 2006-11-02 07:07 - 00000000 ____D C:\Program Files\Windows Photo Gallery
    2012-04-09 05:28 - 2006-11-02 07:07 - 00000000 ____D C:\Program Files\Windows Defender
    2012-04-09 05:28 - 2006-11-02 07:07 - 00000000 ____D C:\Program Files\Windows Collaboration
    2012-04-09 05:28 - 2006-11-02 07:07 - 00000000 ____D C:\Program Files\Movie Maker
    2012-04-09 05:28 - 2006-11-02 07:07 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
    2012-04-09 05:28 - 2006-11-02 07:07 - 00000000 ____D C:\Program Files (x86)\Windows Photo Gallery
    2012-04-09 05:28 - 2006-11-02 07:07 - 00000000 ____D C:\Program Files (x86)\Windows Calendar
    2012-04-09 05:28 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\SLUI
    2012-04-09 05:28 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\setup
    2012-04-09 05:28 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\oobe
    2012-04-09 05:28 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\migwiz
    2012-04-09 05:28 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
    2012-04-09 05:28 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
    2012-04-09 05:28 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\servicing
    2012-04-09 05:27 - 2012-04-09 05:26 - 00000000 ____D C:\Windows\System32\vi-VN
    2012-04-09 05:27 - 2012-04-09 05:26 - 00000000 ____D C:\Windows\System32\eu-ES
    2012-04-09 05:27 - 2012-04-09 05:26 - 00000000 ____D C:\Windows\System32\ca-ES
    2012-04-09 05:27 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\SLUI
    2012-04-09 05:27 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\setup
    2012-04-09 05:27 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\oobe
    2012-04-09 05:27 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\migwiz
    2012-04-09 05:27 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\manifeststore
    2012-04-09 05:27 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
    2012-04-09 05:27 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\IME
    2012-04-09 05:23 - 2012-04-09 05:23 - 00000000 ____D C:\Windows\System32\SPReview
    2012-04-09 04:40 - 2012-04-09 04:40 - 00000000 ____D C:\Windows\System32\EventProviders
    2012-04-08 20:04 - 2012-04-08 20:04 - 00000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
    2012-04-08 20:04 - 2012-04-08 20:04 - 00000000 ____D C:\Windows\System32\WindowsPowerShell
    2012-04-08 14:27 - 2012-04-08 11:07 - 00000000 ____D C:\Users\All Users\McAfee
    2012-04-08 14:27 - 2012-04-08 11:07 - 00000000 ____D C:\Users\All Users\Application Data\McAfee
    2012-04-08 12:19 - 2006-11-02 07:37 - 00047092 ____A C:\Windows\System32\license.rtf
    2012-04-08 12:09 - 2012-04-08 12:09 - 00000000 ____D C:\Users\Zach\Local Settings\Seven Zip
    2012-04-08 12:09 - 2012-04-08 12:09 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\Seven Zip
    2012-04-08 12:09 - 2012-04-08 12:09 - 00000000 ____D C:\Users\Zach\AppData\Local\Seven Zip
    2012-04-08 12:00 - 2012-04-08 11:53 - 00000000 ____D C:\Users\Zach\Local Settings\Google
    2012-04-08 12:00 - 2012-04-08 11:53 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\Google
    2012-04-08 12:00 - 2012-04-08 11:53 - 00000000 ____D C:\Users\Zach\AppData\Local\Google
    2012-04-08 11:53 - 2012-04-08 11:53 - 00000000 ____D C:\Users\Zach\Local Settings\Deployment
    2012-04-08 11:53 - 2012-04-08 11:53 - 00000000 ____D C:\Users\Zach\Local Settings\Application Data\Deployment
    2012-04-08 11:53 - 2012-04-08 11:53 - 00000000 ____D C:\Users\Zach\AppData\Local\Deployment
    2012-04-08 11:53 - 2012-04-08 11:53 - 00000000 ____D C:\Users\Zach\AppData\Local\Apps\2.0
    2012-04-08 11:43 - 2009-04-20 15:51 - 00000000 ____D C:\Users\All Users\WildTangent
    2012-04-08 11:43 - 2009-04-20 15:51 - 00000000 ____D C:\Users\All Users\Application Data\WildTangent
    2012-04-08 11:33 - 2012-04-08 11:33 - 00000000 ____D C:\Users\Zach\Application Data\Macromedia
    2012-04-08 11:33 - 2012-04-08 11:33 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Macromedia
    2012-04-08 11:28 - 2012-04-08 11:26 - 00000000 ____D C:\Program Files\McAfee
    2012-04-08 11:27 - 2012-04-08 11:27 - 00000000 ____D C:\Program Files (x86)\McAfee.com
    2012-04-08 11:27 - 2012-04-08 11:26 - 00000000 ____D C:\Program Files\Common Files\McAfee
    2012-04-08 11:26 - 2012-04-08 11:26 - 00000000 ____D C:\Program Files\McAfee.com
    2012-04-08 11:13 - 2009-04-20 15:37 - 00000000 ____D C:\Users\All Users\Norton
    2012-04-08 11:13 - 2009-04-20 15:37 - 00000000 ____D C:\Users\All Users\Application Data\Norton
    2012-04-08 10:36 - 2012-04-08 10:36 - 00000000 ____D C:\Users\Zach\Application Data\Hewlett-Packard
    2012-04-08 10:36 - 2012-04-08 10:36 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Hewlett-Packard
    2012-04-08 10:36 - 2012-04-08 10:36 - 00000000 ____A C:\Users\Zach\Local Settings\QSwitch.txt
    2012-04-08 10:36 - 2012-04-08 10:36 - 00000000 ____A C:\Users\Zach\Local Settings\DSwitch.txt
    2012-04-08 10:36 - 2012-04-08 10:36 - 00000000 ____A C:\Users\Zach\Local Settings\AtStart.txt
    2012-04-08 10:36 - 2012-04-08 10:36 - 00000000 ____A C:\Users\Zach\Local Settings\Application Data\QSwitch.txt
    2012-04-08 10:36 - 2012-04-08 10:36 - 00000000 ____A C:\Users\Zach\Local Settings\Application Data\DSwitch.txt
    2012-04-08 10:36 - 2012-04-08 10:36 - 00000000 ____A C:\Users\Zach\Local Settings\Application Data\AtStart.txt
    2012-04-08 10:36 - 2012-04-08 10:36 - 00000000 ____A C:\Users\Zach\AppData\Local\QSwitch.txt
    2012-04-08 10:36 - 2012-04-08 10:36 - 00000000 ____A C:\Users\Zach\AppData\Local\DSwitch.txt
    2012-04-08 10:36 - 2012-04-08 10:36 - 00000000 ____A C:\Users\Zach\AppData\Local\AtStart.txt
    2012-04-08 10:35 - 2009-04-20 16:56 - 00000000 ____D C:\Program Files (x86)\SMINST
    2012-04-08 10:25 - 2012-04-08 10:25 - 00000000 ____D C:\Users\Zach\Application Data\HP TCS
    2012-04-08 10:25 - 2012-04-08 10:25 - 00000000 ____D C:\Users\Zach\AppData\Roaming\HP TCS
    2012-04-08 10:25 - 2009-04-20 15:51 - 00000000 ___RD C:\Program Files (x86)\Online Services
    2012-04-08 10:24 - 2012-04-08 10:24 - 00000000 _RASH C:\Windows\SysWOW64\Drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE93700YL_E509717-002_4A_I3612_SHP_V09.67_F.65_T101215_WV3-1_L409_M3999_J250_7Intel_867A_92.00_#120408_N10EC8136;168C001C_(FS683AV)_XMOBILE_CN10_Z_2PCID.MRK
    2012-04-08 10:24 - 2012-04-08 10:24 - 00000000 _RASH C:\Windows\System32\Drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE93700YL_E509717-002_4A_I3612_SHP_V09.67_F.65_T101215_WV3-1_L409_M3999_J250_7Intel_867A_92.00_#120408_N10EC8136;168C001C_(FS683AV)_XMOBILE_CN10_Z_2PCID.MRK
    2012-04-08 10:24 - 2008-06-09 05:44 - 00000000 ____D C:\SwSetup
    2012-04-08 10:24 - 2006-11-02 07:07 - 00000000 ____D C:\Windows\System32\restore
    2012-04-08 10:24 - 1999-03-30 10:17 - 00000000 ___HD C:\System.sav
    2012-04-08 10:23 - 2012-04-08 10:23 - 00000020 ___SH C:\Users\Zach\ntuser.ini
    2012-04-08 09:13 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\sysprep
    2012-04-08 09:10 - 2012-04-08 09:10 - 00000000 ____D C:\Program Files (x86)\muvee Technologies
    2012-04-08 09:10 - 2009-04-20 15:35 - 00000000 ____D C:\Users\All Users\Hewlett-Packard
    2012-04-08 09:10 - 2009-04-20 15:35 - 00000000 ____D C:\Users\All Users\Application Data\Hewlett-Packard
    2012-04-08 09:09 - 2012-04-08 09:09 - 00000105 ____A C:\Users\All Users\Application Data\{d36dd326-7280-11d8-97c8-000129760cbe}.log
    2012-04-08 09:09 - 2012-04-08 09:09 - 00000105 ____A C:\Users\All Users\{d36dd326-7280-11d8-97c8-000129760cbe}.log
    2012-04-08 09:09 - 2012-04-08 09:09 - 00000032 ____A C:\Users\All Users\Application Data\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    2012-04-08 09:09 - 2012-04-08 09:09 - 00000032 ____A C:\Users\All Users\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    2012-04-08 09:09 - 2009-04-20 15:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-04-08 09:08 - 2012-04-08 09:08 - 00000032 ____A C:\Users\All Users\Application Data\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    2012-04-08 09:08 - 2012-04-08 09:08 - 00000032 ____A C:\Users\All Users\Application Data\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    2012-04-08 09:08 - 2012-04-08 09:08 - 00000032 ____A C:\Users\All Users\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    2012-04-08 09:08 - 2012-04-08 09:08 - 00000032 ____A C:\Users\All Users\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    2012-04-08 09:06 - 2012-04-08 09:06 - 00000032 ____A C:\Users\All Users\Application Data\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    2012-04-08 09:06 - 2012-04-08 09:06 - 00000032 ____A C:\Users\All Users\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    2012-04-08 09:06 - 2009-04-20 16:38 - 01066544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.dll
    2012-04-08 09:06 - 2009-04-20 16:38 - 01053232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFC71u.dll
    2012-04-08 09:06 - 2009-04-20 16:38 - 00505392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
    2012-04-08 09:06 - 2009-04-20 16:38 - 00353840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
    2012-04-08 09:05 - 2009-04-20 16:59 - 00000000 ____D C:\Program Files (x86)\Hp
    2012-04-08 09:04 - 2009-04-20 15:20 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
    2012-04-08 09:03 - 2012-04-08 09:03 - 00016070 ____A C:\Windows\System32\results.xml
    2012-04-08 09:01 - 2012-04-08 08:58 - 00000000 ____D C:\Program Files\CONEXANT
    2012-04-08 09:01 - 2009-04-20 15:19 - 00000000 ___HD C:\HP
    2012-04-08 08:59 - 2012-04-08 08:59 - 00000000 ____D C:\Windows\SysWOW64\x64
    2012-04-08 08:59 - 2012-04-08 08:59 - 00000000 ____D C:\Windows\SysWOW64\Lang
    2012-04-08 08:59 - 2012-04-08 08:59 - 00000000 ____D C:\Intel
    2012-04-08 08:58 - 2012-04-08 08:58 - 00000000 ____D C:\Program Files (x86)\NetWaiting
    2012-04-08 08:57 - 2012-04-08 08:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01000.Wdf
    2012-04-08 08:57 - 2012-04-08 08:57 - 00000000 ____D C:\Program Files\Synaptics
    2012-04-08 08:57 - 2012-04-08 08:57 - 00000000 ____D C:\Program Files (x86)\Realtek
    2012-04-08 08:55 - 2012-04-08 08:55 - 00000000 ____D C:\Program Files (x86)\Intel
    2012-04-08 08:55 - 2012-04-08 08:55 - 00000000 ____D C:\Program Files (x86)\Atheros
    2012-04-08 08:55 - 2012-04-08 08:54 - 00000000 ____D C:\Users\All Users\Atheros
    2012-04-08 08:55 - 2012-04-08 08:54 - 00000000 ____D C:\Users\All Users\Application Data\Atheros
    2012-04-04 12:56 - 2012-06-09 22:38 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-04-03 00:22 - 2012-05-08 10:36 - 04699520 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-04-02 05:59 - 2012-05-08 10:36 - 02766848 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-03-30 04:45 - 2012-05-08 10:38 - 01423744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    ZeroAccess:
    C:\Windows\Installer\{4ed00426-761c-ade8-3eda-60229d9845f4}
    C:\Windows\Installer\{4ed00426-761c-ade8-3eda-60229d9845f4}\@
    C:\Windows\Installer\{4ed00426-761c-ade8-3eda-60229d9845f4}\L
    C:\Windows\Installer\{4ed00426-761c-ade8-3eda-60229d9845f4}\U
    ZeroAccess:
    C:\Users\Zach\AppData\Local\{4ed00426-761c-ade8-3eda-60229d9845f4}
    C:\Users\Zach\AppData\Local\{4ed00426-761c-ade8-3eda-60229d9845f4}\@
    C:\Users\Zach\AppData\Local\{4ed00426-761c-ade8-3eda-60229d9845f4}\L
    C:\Users\Zach\AppData\Local\{4ed00426-761c-ade8-3eda-60229d9845f4}\U
    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe BC81150939BD52DBC7A08C245F1FB229 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 16%
    Total physical RAM: 3998.25 MB
    Available physical RAM: 3330.66 MB
    Total Pagefile: 3675.45 MB
    Available Pagefile: 3307.37 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB
    ======================= Partitions =========================
    1 Drive c: () (Fixed) (Total:220.6 GB) (Free:55.03 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (RECOVERY) (Fixed) (Total:12.28 GB) (Free:1.87 GB) NTFS
    5 Drive g: () (Removable) (Total:0.24 GB) (Free:0.21 GB) FAT
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 233 GB 1024 KB
    Disk 1 No Media 0 B 0 B
    Disk 2 Online 244 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 221 GB 1024 KB
    Partition 2 Primary 12 GB 221 GB
    ======================================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 221 GB Healthy
    ======================================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D RECOVERY NTFS Partition 12 GB Healthy
    ======================================================================================================
    Partitions of Disk 2:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 244 MB 16 KB
    ======================================================================================================
    Disk: 2
    Partition 1
    Type : 0E
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G FAT Removable 244 MB Healthy
    ======================================================================================================
    ==========================================================
    Last Boot: 2012-06-21 16:39
    ======================= End Of Log ==========================
     
  12. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    OK, we have ZeroAccess rootkit.

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
  13. HummingTurtle

    HummingTurtle Newcomer, in training Topic Starter Posts: 24

    Farbar Recovery Scan Tool Version: 21-06-2012 02
    Ran by SYSTEM at 2012-06-21 22:27:10
    Running from G:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2012-04-09 04:57] - [2009-04-10 20:28] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
    [2012-04-09 04:57] - [2009-04-10 21:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
    [2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719
    C:\Windows\SysWOW64\services.exe
    [2012-04-09 04:57] - [2009-04-10 20:28] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
    C:\Windows\System32\services.exe
    [2012-04-09 04:57] - [2009-04-10 21:10] - 0384512 ____A (Microsoft Corporation) BC81150939BD52DBC7A08C245F1FB229
    ====== End Of Search ======
  14. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Boot normally and re-run Combofix.

    Attached Files:

  15. HummingTurtle

    HummingTurtle Newcomer, in training Topic Starter Posts: 24

    Here's the FRST log, and ComboFix is running right now.

    ---

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 21-06-2012 02
    Ran by SYSTEM at 2012-06-21 22:41:40 Run:1
    Running from G:\
    ==============================================
    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\Installer\{4ed00426-761c-ade8-3eda-60229d9845f4} moved successfully.
    C:\Users\Zach\AppData\Local\{4ed00426-761c-ade8-3eda-60229d9845f4} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe copied successfully to C:\Windows\System32\services.exe
    ==== End of Fixlog ====
  16. Broni

    Broni Malware Annihilator Posts: 46,179   +251

  17. HummingTurtle

    HummingTurtle Newcomer, in training Topic Starter Posts: 24

    ComboFix 12-06-21.02 - Zach 06/21/2012 19:48:18.1.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2772 [GMT -5:00]
    Running from: c:\users\Zach\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\Services.exe . . . is infected!!
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-22 06:09 . 2012-06-22 06:10 -------- d-----w- C:\FRST
    2012-06-22 01:55 . 2012-06-22 01:55 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-21 19:40 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-21 19:40 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-21 19:40 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-21 19:40 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 19:39 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-21 19:39 . 2012-06-02 22:19 35864 ----a-w- c:\windows\SysWow64\wups.dll
    2012-06-21 19:39 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-21 19:39 . 2012-06-02 22:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
    2012-06-21 19:39 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-21 19:39 . 2012-06-02 22:12 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
    2012-06-21 19:39 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 19:39 . 2012-06-02 20:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
    2012-06-21 19:39 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-21 19:39 . 2012-06-02 20:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
    2012-06-20 21:19 . 2012-06-20 21:19 116016 ----a-w- c:\windows\system32\drivers\24673136.sys
    2012-06-16 05:09 . 2012-06-16 05:09 -------- d-----w- c:\users\Zach\AppData\Local\Macromedia
    2012-06-15 20:36 . 2012-06-20 16:27 -------- d-----w- c:\program files\iPod(113)
    2012-06-15 20:11 . 2012-06-15 20:13 -------- d-----w- c:\program files (x86)\QuickTime(102)
    2012-06-10 06:38 . 2012-06-10 06:38 -------- d-----w- c:\users\Zach\AppData\Roaming\Malwarebytes
    2012-06-10 06:38 . 2012-06-10 06:38 -------- d-----w- c:\programdata\Malwarebytes
    2012-06-10 06:38 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-10 06:38 . 2012-06-10 06:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-06-05 22:25 . 2012-06-05 22:25 -------- d-----w- c:\program files (x86)\Datel
    2012-06-05 22:14 . 2007-02-08 18:48 51600 ----a-w- c:\windows\system32\drivers\ActionReplayDS_x64.sys
    2012-06-05 00:49 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{206E627B-C931-4374-BF0D-75407E6B8462}\mpengine.dll
    2012-05-28 09:46 . 2012-05-28 09:46 1689600 ----a-w- c:\windows\SysWow64\mprdin.dll
    2012-05-23 21:36 . 2012-06-20 16:25 -------- d-----w- c:\users\Mcx1
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-05 13:19 . 2012-04-09 23:02 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-05 13:19 . 2012-04-09 23:02 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-05 13:19 . 2012-05-05 13:19 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-17 22:17 . 2012-04-09 14:45 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-04-09 22:09 . 2012-04-09 22:09 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2012-04-09 22:09 . 2012-04-09 22:09 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-04-09 22:09 . 2012-04-09 22:09 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
    2012-04-09 18:01 . 2012-04-09 18:01 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-04-09 18:01 . 2012-04-09 18:01 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-04-09 18:01 . 2012-04-09 18:01 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-04-09 18:01 . 2012-04-09 18:01 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-04-09 18:01 . 2012-04-09 18:01 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-04-09 18:01 . 2012-04-09 18:01 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-04-09 18:01 . 2012-04-09 18:01 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-04-09 18:01 . 2012-04-09 18:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-04-09 18:01 . 2012-04-09 18:01 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-04-09 18:01 . 2012-04-09 18:01 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-04-09 18:01 . 2012-04-09 18:01 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-04-09 18:01 . 2012-04-09 18:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-04-09 18:01 . 2012-04-09 18:01 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-04-09 18:01 . 2012-04-09 18:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-04-09 18:01 . 2012-04-09 18:01 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-04-09 18:01 . 2012-04-09 18:01 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-04-09 18:01 . 2012-04-09 18:01 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-04-09 18:01 . 2012-04-09 18:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-04-09 18:01 . 2012-04-09 18:01 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-04-09 18:01 . 2012-04-09 18:01 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-04-09 18:01 . 2012-04-09 18:01 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-04-09 18:01 . 2012-04-09 18:01 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-04-09 18:01 . 2012-04-09 18:01 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-04-09 18:01 . 2012-04-09 18:01 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-04-09 18:01 . 2012-04-09 18:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-04-09 18:01 . 2012-04-09 18:01 2308096 ----a-w- c:\windows\system32\jscript9.dll
    2012-04-09 18:01 . 2012-04-09 18:01 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-04-09 18:01 . 2012-04-09 18:01 1390080 ----a-w- c:\windows\system32\wininet.dll
    2012-04-09 18:01 . 2012-04-09 18:01 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-04-09 18:01 . 2012-04-09 18:01 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-04-09 18:01 . 2012-04-09 18:01 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-04-09 18:01 . 2012-04-09 18:01 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2012-04-09 18:01 . 2012-04-09 18:01 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-04-09 18:01 . 2012-04-09 18:01 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-04-09 18:01 . 2012-04-09 18:01 603648 ----a-w- c:\windows\system32\vbscript.dll
    2012-04-09 18:01 . 2012-04-09 18:01 448512 ----a-w- c:\windows\system32\html.iec
    2012-04-09 18:01 . 2012-04-09 18:01 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-04-09 18:01 . 2012-04-09 18:01 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-04-09 18:01 . 2012-04-09 18:01 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-04-09 18:01 . 2012-04-09 18:01 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-04-09 18:01 . 2012-04-09 18:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-04-09 18:01 . 2012-04-09 18:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-04-09 17:59 . 2012-04-09 17:59 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
    2012-04-09 17:59 . 2012-04-09 17:59 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2012-04-09 17:59 . 2012-04-09 17:59 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll
    2012-04-09 17:59 . 2012-04-09 17:59 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll
    2012-04-09 17:59 . 2012-04-09 17:59 98816 ----a-w- c:\windows\SysWow64\mfps.dll
    2012-04-09 17:59 . 2012-04-09 17:59 377344 ----a-w- c:\windows\system32\mfmp4src.dll
    2012-04-09 17:59 . 2012-04-09 17:59 3548672 ----a-w- c:\windows\system32\mf.dll
    2012-04-09 17:59 . 2012-04-09 17:59 345088 ----a-w- c:\windows\system32\mfreadwrite.dll
    2012-04-09 17:59 . 2012-04-09 17:59 34304 ----a-w- c:\windows\system32\mfpmp.exe
    2012-04-09 17:59 . 2012-04-09 17:59 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll
    2012-04-09 17:59 . 2012-04-09 17:59 2873344 ----a-w- c:\windows\SysWow64\mf.dll
    2012-04-09 17:59 . 2012-04-09 17:59 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
    2012-04-09 17:59 . 2012-04-09 17:59 195072 ----a-w- c:\windows\system32\mfps.dll
    2012-04-09 17:59 . 2012-04-09 17:59 748544 ----a-w- c:\windows\system32\stobject.dll
    2012-04-09 17:59 . 2012-04-09 17:59 586240 ----a-w- c:\windows\SysWow64\stobject.dll
    2012-04-09 17:59 . 2012-04-09 17:59 278528 ----a-w- c:\windows\system32\mfplat.dll
    2012-04-09 17:59 . 2012-04-09 17:59 209920 ----a-w- c:\windows\SysWow64\mfplat.dll
    2012-04-09 17:59 . 2012-04-09 17:59 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
    2012-04-09 17:59 . 2012-04-09 17:59 566272 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-04-09 17:59 . 2012-04-09 17:59 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2012-04-09 17:59 . 2012-04-09 17:59 287232 ----a-w- c:\windows\system32\d3d10core.dll
    2012-04-09 17:59 . 2012-04-09 17:59 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll
    2012-04-09 17:59 . 2012-04-09 17:59 1268224 ----a-w- c:\windows\system32\d3d10.dll
    2012-04-09 17:59 . 2012-04-09 17:59 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll
    2012-04-09 17:59 . 2012-04-09 17:59 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2012-04-09 17:59 . 2012-04-09 17:59 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll
    2012-04-09 17:59 . 2012-04-09 17:59 625152 ----a-w- c:\windows\system32\dxgi.dll
    2012-04-09 17:59 . 2012-04-09 17:59 478720 ----a-w- c:\windows\SysWow64\dxgi.dll
    2012-04-09 17:59 . 2012-04-09 17:59 47104 ----a-w- c:\windows\system32\cdd.dll
    2012-04-09 17:59 . 2012-04-09 17:59 366592 ----a-w- c:\windows\system32\winspool.drv
    2012-04-09 17:59 . 2012-04-09 17:59 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2012-04-09 17:59 . 2012-04-09 17:59 3068416 ----a-w- c:\windows\system32\xpsservices.dll
    2012-04-09 17:59 . 2012-04-09 17:59 258048 ----a-w- c:\windows\SysWow64\winspool.drv
    2012-04-09 17:59 . 2012-04-09 17:59 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll
    2012-04-09 17:59 . 2012-04-09 17:59 1461760 ----a-w- c:\windows\system32\OpcServices.dll
    2012-04-09 17:59 . 2012-04-09 17:59 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
    2012-04-09 17:59 . 2012-04-09 17:59 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2012-04-09 17:58 . 2012-04-09 17:58 449024 ----a-w- c:\windows\system32\WMPhoto.dll
    2012-04-09 17:58 . 2012-04-09 17:58 369664 ----a-w- c:\windows\SysWow64\WMPhoto.dll
    2012-04-09 17:58 . 2012-04-09 17:58 328192 ----a-w- c:\windows\system32\dxdiag.exe
    2012-04-09 17:58 . 2012-04-09 17:58 262656 ----a-w- c:\windows\system32\dxdiagn.dll
    2012-04-09 17:58 . 2012-04-09 17:58 252928 ----a-w- c:\windows\SysWow64\dxdiag.exe
    2012-04-09 17:58 . 2012-04-09 17:58 195584 ----a-w- c:\windows\SysWow64\dxdiagn.dll
    2012-04-09 17:58 . 2012-04-09 17:58 974848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
    2012-04-09 17:58 . 2012-04-09 17:58 792576 ----a-w- c:\windows\system32\d3d11.dll
    2012-04-09 17:58 . 2012-04-09 17:58 519680 ----a-w- c:\windows\SysWow64\d3d11.dll
    2012-04-09 17:58 . 2012-04-09 17:58 411648 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2012-04-09 17:58 . 2012-04-09 17:58 321024 ----a-w- c:\windows\SysWow64\PhotoMetadataHandler.dll
    2012-04-09 17:58 . 2012-04-09 17:58 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2012-04-09 17:58 . 2012-04-09 17:58 189440 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
    2012-04-09 17:58 . 2012-04-09 17:58 1209856 ----a-w- c:\windows\system32\WindowsCodecs.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
    "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
    "PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    DFX.lnk - c:\program files (x86)\DFX\DFX.exe [2011-12-21 1054632]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R3 ActionReplayDS;ActionReplayDS;c:\windows\system32\Drivers\ActionReplayDS_x64.sys [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 13:19]
    .
    2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-979627399-1745000425-631789929-1000Core.job
    - c:\users\Zach\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-08 19:53]
    .
    2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-979627399-1745000425-631789929-1000UA.job
    - c:\users\Zach\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-08 19:53]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1237288]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.0.1
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\3uw49nnd.default\
    FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @SACL=
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @SACL=
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @SACL=
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @SACL=
    @="ShockwaveFlash.ShockwaveFlash.9"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @SACL=
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @SACL=
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @SACL=
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @SACL=
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @SACL=
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @SACL=
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @SACL=
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @SACL=
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @SACL=
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @SACL=
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @SACL=
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
    @Denied: (A 2) (Everyone)
    @SACL=
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
    @SACL=
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
    @SACL=
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
    @SACL=
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
    @Denied: (A 2) (Everyone)
    @SACL=
    @="IFlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
    @SACL=
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
    @SACL=
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @SACL=
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @SACL=
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @SACL=
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\program files (x86)\SMINST\BLService.exe
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    c:\program files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-21 22:51:47 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-22 03:51
    .
    Pre-Run: 58,997,985,280 bytes free
    Post-Run: 58,523,365,376 bytes free
    .
    - - End Of File - - B3F6CF98ADD9F7128D7422A9924F5679
  18. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
    NOTE. Make sure to reverse the above changes, when done with this step.
    Upload following files to http://www.virustotal.com/ for security check:
    - c:\windows\system32\Services.exe
    IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
  19. HummingTurtle

    HummingTurtle Newcomer, in training Topic Starter Posts: 24

    Detection ratio is 0 / 42 on services.exe. And I was able to connect to the internet on the laptop via 'The Internet' icon that is on the desktop.
  20. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Very good. False positive.

    Combofix log looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  21. HummingTurtle

    HummingTurtle Newcomer, in training Topic Starter Posts: 24

    I have not receieved a host or Mcafee process error. I can also access the internet just fine now through both IE and Firefox. Seems to be running smoothly.

    OTL and Extras log in a moment.
  22. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Cool beans :)
  23. HummingTurtle

    HummingTurtle Newcomer, in training Topic Starter Posts: 24

    OTL logfile created on: 6/21/2012 11:18:18 PM - Run 1
    OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Zach\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.90 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 55.08% Memory free
    11.64 Gb Paging File | 9.47 Gb Available in Paging File | 81.37% Paging File free
    Paging file location(s): c:\pagefile.sys 8000 10000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 220.60 Gb Total Space | 53.89 Gb Free Space | 24.43% Space Free | Partition Type: NTFS
    Drive D: | 12.28 Gb Total Space | 1.87 Gb Free Space | 15.23% Space Free | Partition Type: NTFS
    Drive G: | 243.73 Mb Total Space | 218.90 Mb Free Space | 89.81% Space Free | Partition Type: FAT

    Computer Name: ZACH-PC | User Name: Zach | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/06/21 23:13:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Zach\Desktop\OTL.exe
    PRC - [2012/02/27 14:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
    PRC - [2011/12/21 21:22:06 | 001,054,632 | ---- | M] () -- C:\Program Files (x86)\DFX\DFX.exe
    PRC - [2010/09/13 08:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    PRC - [2010/03/06 03:44:40 | 000,500,208 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    PRC - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/12/21 21:22:14 | 000,049,064 | ---- | M] () -- C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared.dll
    MOD - [2011/12/21 21:22:06 | 001,054,632 | ---- | M] () -- C:\Program Files (x86)\DFX\DFX.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/22 19:30:56 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV:64bit: - [2012/03/20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
    SRV:64bit: - [2012/03/20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
    SRV:64bit: - [2012/03/20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
    SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2007/10/17 18:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
    SRV - [2012/05/28 04:46:04 | 001,689,600 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\mprdin.dll -- (RemoteAccess)
    SRV - [2012/05/05 08:19:31 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
    DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
    DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
    DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
    DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
    DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
    DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys -- (mfenlfk)
    DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
    DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/12/20 02:03:08 | 001,344,000 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
    DRV:64bit: - [2008/10/03 03:40:12 | 000,264,704 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2008/06/29 09:52:44 | 000,126,976 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV:64bit: - [2008/06/10 14:58:48 | 000,170,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
    DRV:64bit: - [2008/04/17 13:05:20 | 000,324,656 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
    DRV:64bit: - [2008/01/20 21:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel(R)
    DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
    DRV:64bit: - [2007/10/31 21:22:50 | 001,481,216 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
    DRV:64bit: - [2007/10/31 21:19:46 | 000,293,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
    DRV:64bit: - [2007/10/31 21:18:32 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
    DRV:64bit: - [2007/10/17 18:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
    DRV:64bit: - [2007/06/18 19:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV:64bit: - [2007/02/08 13:48:04 | 000,051,600 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ActionReplayDS_x64.sys -- (ActionReplayDS)
    DRV:64bit: - [2006/10/03 20:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
    DRV:64bit: - [2006/06/18 17:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5A0CF0FD-87DC-460F-83D7-77C3A5680955}
    IE:64bit: - HKLM\..\SearchScopes\{5A0CF0FD-87DC-460F-83D7-77C3A5680955}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{800B35F9-A77F-4C65-BAD5-1D7309DD8780}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    IE - HKLM\..\SearchScopes,DefaultScope = {5A0CF0FD-87DC-460F-83D7-77C3A5680955}
    IE - HKLM\..\SearchScopes\{5A0CF0FD-87DC-460F-83D7-77C3A5680955}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
    IE - HKLM\..\SearchScopes\{800B35F9-A77F-4C65-BAD5-1D7309DD8780}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-979627399-1745000425-631789929-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    IE - HKU\S-1-5-21-979627399-1745000425-631789929-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-979627399-1745000425-631789929-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-21-979627399-1745000425-631789929-1000\..\SearchScopes,DefaultScope = {5A0CF0FD-87DC-460F-83D7-77C3A5680955}
    IE - HKU\S-1-5-21-979627399-1745000425-631789929-1000\..\SearchScopes\{5A0CF0FD-87DC-460F-83D7-77C3A5680955}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-979627399-1745000425-631789929-1000\..\SearchScopes\{800B35F9-A77F-4C65-BAD5-1D7309DD8780}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    IE - HKU\S-1-5-21-979627399-1745000425-631789929-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-979627399-1745000425-631789929-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://espn.go.com/"
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Zach\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Zach\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/04/09 22:39:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/04/29 15:14:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/15 15:13:05 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/20 11:24:17 | 000,000,000 | ---D | M]

    [2012/04/09 17:57:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Extensions
    [2012/06/15 12:04:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\3uw49nnd.default\extensions
    [2012/04/09 18:08:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\3uw49nnd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2012/06/20 11:24:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/06/20 11:24:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
    [2012/06/17 17:49:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2012/04/09 22:39:15 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
    [2012/04/11 11:19:40 | 000,079,135 | ---- | M] () (No name found) -- C:\USERS\ZACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3UW49NND.DEFAULT\EXTENSIONS\{1A2D0EC4-75F5-4C91-89C4-3656F6E44B68}.XPI
    [2012/06/13 12:03:50 | 000,525,301 | ---- | M] () (No name found) -- C:\USERS\ZACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3UW49NND.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
    [2012/04/09 18:08:18 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ZACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3UW49NND.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    [2012/05/18 20:36:29 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\ZACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3UW49NND.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
    [2012/06/15 12:04:27 | 000,082,896 | ---- | M] () (No name found) -- C:\USERS\ZACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3UW49NND.DEFAULT\EXTENSIONS\LDSI_PLASHCOR@GMAIL.COM.XPI
    [2012/04/09 18:08:17 | 000,025,950 | ---- | M] () (No name found) -- C:\USERS\ZACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3UW49NND.DEFAULT\EXTENSIONS\PBUPLOAD@PHOTOBUCKET.COM.XPI
    [2012/04/09 18:08:17 | 000,330,316 | ---- | M] () (No name found) -- C:\USERS\ZACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3UW49NND.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
    [2012/04/09 18:08:17 | 000,325,600 | ---- | M] () (No name found) -- C:\USERS\ZACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3UW49NND.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
    [2012/03/12 23:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/04/17 17:18:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Zach\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Zach\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Zach\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Zach\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
    CHR - Extension: Theme Creator = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc\2.4_0\
    CHR - Extension: Mini Notepad = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\apjhdoaiejppfmijnkopdcpjcngdlffj\5.0.5_0\
    CHR - Extension: Last.fm free music player = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbncpldmanoknoahidbgmkgobgmhnafh\2.9.68_0\
    CHR - Extension: Tab Position Customizer = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\cldflinjcjehpjddjkohganfpjlnbpem\2.8_0\
    CHR - Extension: Look of Disapproval = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmomlddchhdnchpieaalgkpgaafohlbn\2.2_0\
    CHR - Extension: Search by Image (by Google) = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.1.1_0\
    CHR - Extension: APNG = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehkepjiconegkhpodgoaeamnpckdbblp\0.7.1_0\
    CHR - Extension: SiteAdvisor = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
    CHR - Extension: AdBlock = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.36_0\
    CHR - Extension: TinEye Reverse Image Search = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.1_0\
    CHR - Extension: RSS Live Links = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcamnijgggppihioleoenjmlnakejdph\1.7.0.8_0\
    CHR - Extension: Reddit Enhancement Suite = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.1.2_0\
    CHR - Extension: Image Properties Context Menu = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon\0.7.5_0\
    CHR - Extension: Session Manager = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc\3.4.3_0\
    CHR - Extension: Google Dictionary (by Google) = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.12_0\
    CHR - Extension: Docs PDF/PowerPoint Viewer (by Google) = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.8_0\
    CHR - Extension: NotScripts = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0\
    CHR - Extension: Extensions = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcjgnoblamnidcmgdelefafojomojbba\1.0_0\
    CHR - Extension: Applejack = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\pihpeiicepcnffoplghjckjbcgiefope\1_0\

    O1 HOSTS File: ([2012/06/21 22:43:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120429133016.dll (McAfee, Inc.)
    O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120429133016.dll (McAfee, Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-21-979627399-1745000425-631789929-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil9f.exe (Adobe Systems, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-979627399-1745000425-631789929-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-979627399-1745000425-631789929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-979627399-1745000425-631789929-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E98E87D-2B9E-4EE9-91B4-C640D7D3740C}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9961ABBC-E3FB-4574-9D02-AD22FB31F15E}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
  24. HummingTurtle

    HummingTurtle Newcomer, in training Topic Starter Posts: 24

    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
    O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Silhouette.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Silhouette.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: Remoteaccess - C:\Windows\SysWOW64\mprdin.dll ()

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/22 01:09:35 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/06/21 23:14:59 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Zach\Desktop\OTL.exe
    [2012/06/21 22:52:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/06/21 22:51:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/06/21 22:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2012/06/21 19:41:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/06/21 19:41:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/06/21 19:41:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/06/21 19:07:33 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/06/21 19:07:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/06/21 15:08:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Zach\Desktop\dds.scr
    [2012/06/21 14:51:57 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Zach\Desktop\boot_cleaner.exe
    [2012/06/20 16:19:27 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\24673136.sys
    [2012/06/16 00:09:15 | 000,000,000 | ---D | C] -- C:\Users\Zach\AppData\Local\Macromedia
    [2012/06/15 15:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(113)
    [2012/06/15 15:11:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime(102)
    [2012/06/10 01:38:56 | 000,000,000 | ---D | C] -- C:\Users\Zach\AppData\Roaming\Malwarebytes
    [2012/06/10 01:38:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/06/10 01:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/06/10 01:38:37 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/06/10 01:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/06/05 17:25:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Datel
    [2012/06/05 17:14:01 | 000,051,600 | ---- | C] (Thesycon GmbH, Germany) -- C:\Windows\SysNative\drivers\ActionReplayDS_x64.sys
    [2012/06/05 17:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay Code Manager
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/06/21 23:19:17 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/21 23:13:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Zach\Desktop\OTL.exe
    [2012/06/21 22:58:12 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-979627399-1745000425-631789929-1000UA.job
    [2012/06/21 22:43:35 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
    [2012/06/21 22:43:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/06/21 22:42:50 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/06/21 22:42:50 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/06/21 22:42:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/06/21 22:42:27 | 4193,456,128 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/21 14:58:06 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-979627399-1745000425-631789929-1000Core.job
    [2012/06/21 14:54:08 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/06/21 14:54:07 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/06/21 14:54:07 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/06/21 13:23:34 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Zach\Desktop\dds.scr
    [2012/06/20 16:19:27 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\24673136.sys
    [2012/06/19 19:12:06 | 000,302,592 | ---- | M] () -- C:\Users\Zach\Desktop\j44d94q8.exe
    [2012/06/17 12:10:29 | 000,000,132 | ---- | M] () -- C:\Users\Zach\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2012/06/04 13:39:49 | 000,028,160 | ---- | M] () -- C:\Users\Zach\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/05/28 04:46:11 | 000,000,395 | ---- | M] () -- C:\Windows\SysWow64\mprdin.ocx
    [2012/05/28 04:46:04 | 001,689,600 | ---- | M] () -- C:\Windows\SysWow64\mprdin.dll
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    File not found -- C:\Users\Zach\Desktop\ComboFix.exe
    [2012/06/21 19:41:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/06/21 19:41:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/06/21 19:41:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/06/21 19:41:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/06/21 19:41:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/06/21 13:18:47 | 000,302,592 | ---- | C] () -- C:\Users\Zach\Desktop\j44d94q8.exe
    [2012/05/28 04:46:11 | 000,000,395 | ---- | C] () -- C:\Windows\SysWow64\mprdin.ocx
    [2012/05/28 04:46:04 | 001,689,600 | ---- | C] () -- C:\Windows\SysWow64\mprdin.dll
    [2012/04/15 22:21:40 | 000,000,132 | ---- | C] () -- C:\Users\Zach\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2012/04/14 10:40:55 | 000,000,680 | ---- | C] () -- C:\Users\Zach\AppData\Local\d3d9caps.dat
    [2012/04/14 01:31:02 | 000,001,456 | ---- | C] () -- C:\Users\Zach\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2012/04/10 08:58:38 | 000,028,160 | ---- | C] () -- C:\Users\Zach\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/04/09 08:00:45 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2012/04/09 08:00:04 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2012/04/09 07:59:14 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2012/04/08 12:06:28 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
    [2011/02/11 19:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
    [2011/02/11 19:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
    [2011/02/11 19:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

    ========== LOP Check ==========

    [2012/05/07 10:43:31 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\Foxit Software
    [2012/04/09 15:04:00 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\GetRightToGo
    [2012/04/26 16:43:05 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\HandBrake
    [2012/04/13 15:05:30 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\Image-Line
    [2012/06/20 11:24:43 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\IrfanView
    [2012/04/10 08:37:39 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\OpenOffice.org
    [2012/04/12 11:24:42 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\Publish Providers
    [2012/04/12 11:24:34 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\Sony
    [2012/04/12 10:54:14 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2012/04/23 13:06:23 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\SynthMaker
    [2012/06/04 20:57:49 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\uTorrent
    [2012/04/25 14:20:03 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\Xilisoft
    [2012/06/21 22:04:26 | 000,024,144 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2012/06/21 22:51:48 | 000,024,226 | ---- | M] () -- C:\ComboFix.txt
    [2012/06/21 22:42:27 | 4193,456,128 | -HS- | M] () -- C:\hiberfil.sys
    [2006/12/02 01:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2012/06/21 22:42:25 | 4093,640,703 | -HS- | M] () -- C:\pagefile.sys
    [2012/06/20 16:20:51 | 000,114,578 | ---- | M] () -- C:\TDSSKiller.2.7.40.0_20.06.2012_16.19.27_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 10:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 10:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 10:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2012/04/09 08:21:08 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 16:35:48 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 22:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/04/11 19:01:02 | 000,000,286 | -HS- | M] () -- C:\Users\Zach\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Zach\Desktop\boot_cleaner.exe
    [2012/06/19 19:12:06 | 000,302,592 | ---- | M] () -- C:\Users\Zach\Desktop\j44d94q8.exe
    [2012/06/21 23:13:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Zach\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/06/21 23:19:17 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/21 14:58:06 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-979627399-1745000425-631789929-1000Core.job
    [2012/06/21 22:58:12 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-979627399-1745000425-631789929-1000UA.job
    [2012/06/21 22:42:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/06/21 22:04:26 | 000,024,144 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/04/08 13:35:59 | 000,000,402 | -HS- | M] () -- C:\Users\Zach\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2012/06/21 22:43:35 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
    [2012/05/03 14:02:45 | 000,000,021 | ---- | M] () -- C:\ProgramData\hpqp.txt
    [2012/04/08 12:09:11 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    [2009/04/20 19:50:02 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    [2012/04/08 12:08:07 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    [2009/04/20 19:42:24 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    [2012/04/08 12:06:38 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    [2012/04/08 12:08:43 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    [2009/04/20 19:40:18 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    [2009/04/20 19:49:24 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    [2012/04/08 12:09:22 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >
    < End of report >
  25. HummingTurtle

    HummingTurtle Newcomer, in training Topic Starter Posts: 24

    OTL Extras logfile created on: 6/21/2012 11:18:18 PM - Run 1
    OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Zach\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.90 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 55.08% Memory free
    11.64 Gb Paging File | 9.47 Gb Available in Paging File | 81.37% Paging File free
    Paging file location(s): c:\pagefile.sys 8000 10000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 220.60 Gb Total Space | 53.89 Gb Free Space | 24.43% Space Free | Partition Type: NTFS
    Drive D: | 12.28 Gb Total Space | 1.87 Gb Free Space | 15.23% Space Free | Partition Type: NTFS
    Drive G: | 243.73 Mb Total Space | 218.90 Mb Free Space | 89.81% Space Free | Partition Type: FAT

    Computer Name: ZACH-PC | User Name: Zach | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = 46 07 99 89 55 16 CD 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{239A8D60-270B-42e8-82D3-60D70A2942E0}" = Canon MF4100 Series
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "CCleaner" = CCleaner
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinRAR archiver" = WinRAR 4.11 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
    "{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
    "{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
    "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
    "{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{6D592E30-11EC-11E0-859C-0013D3D69929}" = Vegas Pro 10.0
    "{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{96384578-C6A2-4EC6-92CD-B62A60713040}" = Microsoft Live Search Toolbar
    "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "Action Replay Code Manager_is1" = Action Replay Code Manager
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "ASIO4ALL" = ASIO4ALL
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
    "DFX" = DFX
    "FastStone Image Viewer" = FastStone Image Viewer 4.6
    "FL Studio 10" = FL Studio 10
    "Foxit Reader_is1" = Foxit Reader 5.1
    "HandBrake" = HandBrake 0.9.6
    "IL Download Manager" = IL Download Manager
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "IrfanView" = IrfanView (remove only)
    "LastFM_is1" = Last.fm 1.5.4.27091
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Messenger Plus!" = Messenger Plus! 5
    "Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
    "MSC" = McAfee Internet Security Suite
    "RocketDock_is1" = RocketDock 1.3.5
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 2.0.1
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "Xilisoft Audio Converter Pro" = Xilisoft Audio Converter Pro

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-979627399-1745000425-631789929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/19/2012 9:14:16 PM | Computer Name = Zach-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 6/20/2012 10:46:13 AM | Computer Name = Zach-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 6/20/2012 10:46:13 AM | Computer Name = Zach-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 39384995

    Error - 6/20/2012 10:46:13 AM | Computer Name = Zach-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 39384995

    Error - 6/20/2012 12:27:50 PM | Computer Name = Zach-PC | Source = McLogEvent | ID = 5022
    Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

    Error - 6/20/2012 12:27:54 PM | Computer Name = Zach-PC | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
    0x47918b89, faulting module mprdin.dll, version 0.0.0.0, time stamp 0x2a425e19,
    exception code 0xc0000005, fault offset 0x0000897a, process id 0x79c, application
    start time 0x01cd4f01a0b77e4c.

    Error - 6/20/2012 12:28:38 PM | Computer Name = Zach-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 6/20/2012 12:31:46 PM | Computer Name = Zach-PC | Source = McLogEvent | ID = 5022
    Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

    Error - 6/20/2012 4:42:35 PM | Computer Name = Zach-PC | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
    0x47918b89, faulting module mprdin.dll, version 0.0.0.0, time stamp 0x2a425e19,
    exception code 0xc0000005, fault offset 0x0000897a, process id 0x780, application
    start time 0x01cd4f252ec986bd.

    Error - 6/20/2012 4:43:44 PM | Computer Name = Zach-PC | Source = WinMgmt | ID = 10
    Description =

    [ Media Center Events ]
    Error - 5/20/2012 10:12:22 AM | Computer Name = Zach-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 5/20/2012 4:38:10 PM | Computer Name = Zach-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 5/21/2012 9:32:09 AM | Computer Name = Zach-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 5/21/2012 3:51:25 PM | Computer Name = Zach-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 5/22/2012 8:42:28 AM | Computer Name = Zach-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 5/22/2012 3:39:41 PM | Computer Name = Zach-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 5/23/2012 8:13:19 AM | Computer Name = Zach-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 5/23/2012 3:33:47 PM | Computer Name = Zach-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 5/23/2012 5:38:58 PM | Computer Name = Zach-PC | Source = McrMgr | ID = 107
    Description =

    Error - 6/8/2012 3:03:15 PM | Computer Name = Zach-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ System Events ]
    Error - 4/13/2012 7:27:25 AM | Computer Name = Zach-PC | Source = bowser | ID = 8003
    Description =

    Error - 4/14/2012 11:24:39 AM | Computer Name = Zach-PC | Source = bowser | ID = 8003
    Description =

    Error - 4/15/2012 4:20:52 PM | Computer Name = Zach-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 4/15/2012 4:20:52 PM | Computer Name = Zach-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 4/16/2012 5:25:40 PM | Computer Name = Zach-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 4/16/2012 5:25:40 PM | Computer Name = Zach-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 4/16/2012 5:43:08 PM | Computer Name = Zach-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 4/16/2012 5:43:08 PM | Computer Name = Zach-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 4/17/2012 9:20:17 AM | Computer Name = Zach-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 4/17/2012 9:20:17 AM | Computer Name = Zach-PC | Source = Service Control Manager | ID = 7026
    Description =


    < End of report >


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.