Solved Yet another sirefef victim

Status
Not open for further replies.

Nick7

Posts: 9   +0
It was the fake Adobe update that caused it, I believe. I am running Windows 64 bit and MSE mentions I have sirefef y and sirefef b. Like others here, I also encounter a critical error on starting windows and get a minute before it reboots.
Thanks so much for any help.

I took the liberty of assuming you might want me to download Farbar 64bit and run it from a flashdrive (from System recovery, not within Windows).
The results are below:





Scan result of Farbar Recovery Scan Tool Version: 11-07-2012
Ran by SYSTEM at 13-07-2012 07:56:17
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-05-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc)
HKLM-x32\...\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [x]
HKLM-x32\...\Run: [V0640Mon.exe] C:\Windows\V0640Mon.exe [28672 2009-09-22] (Creative Technology Ltd.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\Nick\Start Menu\Programs\Startup\Mozilla Firefox.lnk
ShortcutTarget: Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Startup: C:\Users\Nick\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Nick\Start Menu\Programs\Startup\Windows Live Mail.lnk
ShortcutTarget: Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)

==================== Services (Whitelisted) ======

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [976728 2012-06-08] (Trusteer Ltd.)
2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [x]

========================== Drivers (Whitelisted) =============

1 RapportCerberus_34302; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [397520 2011-12-15] ()
1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55096 2012-06-08] (Trusteer Ltd.)
0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [101400 2012-06-08] (Trusteer Ltd.)
1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [297048 2012-06-08] (Trusteer Ltd.)
3 V0640Vid; C:\Windows\System32\Drivers\V0640Vid.sys [319520 2009-12-03] (Creative Technology Ltd.)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-13 07:36 - 2012-07-13 07:36 - 00000000 ____D C:\Users\All Users\Recovery
2012-07-12 21:52 - 2012-07-12 21:52 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-12 21:52 - 2012-07-12 21:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-12 21:45 - 2012-07-12 21:45 - 12621696 ____A (Microsoft Corporation) C:\Users\Nick\Downloads\mseinstall.exe
2012-07-12 12:54 - 2012-07-12 12:54 - 00000000 ____D C:\Users\Nick\AppData\Local\{B90D9025-050E-49BE-87EE-6FF7C9542EEF}
2012-07-12 12:54 - 2012-07-12 12:54 - 00000000 ____D C:\Users\Nick\AppData\Local\{AE7D64B8-B404-40AE-AD7D-95077CDE4F52}
2012-07-12 12:10 - 2012-07-12 12:10 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-12 12:09 - 2012-07-12 22:34 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-12 12:09 - 2012-07-12 12:19 - 00002342 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-07-12 12:09 - 2012-07-12 12:19 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-12 12:08 - 2012-07-12 12:09 - 00000000 ____D C:\Users\Nick\AppData\Local\Google
2012-07-12 12:08 - 2012-07-12 12:09 - 00000000 ____D C:\Program Files (x86)\Google
2012-07-12 00:53 - 2012-07-12 00:53 - 00000000 ____D C:\Users\Nick\AppData\Local\{F825A961-913E-4A6E-AF6A-0EB31F7BC474}
2012-07-12 00:53 - 2012-07-12 00:53 - 00000000 ____D C:\Users\Nick\AppData\Local\{B1DB62FE-6BD6-4F00-A92F-21B7C743A24E}
2012-07-11 12:07 - 2012-07-11 12:07 - 00000000 ____D C:\Users\Nick\AppData\Local\{D8FF24A9-58D5-4BAE-9221-35147786B936}
2012-07-11 12:07 - 2012-07-11 12:07 - 00000000 ____D C:\Users\Nick\AppData\Local\{39F8F8FF-94AB-42E9-A350-9F26BAEE0417}
2012-07-10 23:14 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 23:11 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-10 23:11 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-10 23:11 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-10 23:11 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-10 23:11 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-10 23:11 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-10 23:11 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-10 23:11 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-10 23:11 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-10 23:11 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-10 23:11 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-10 23:11 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-10 23:11 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-10 23:11 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-10 23:11 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-10 23:11 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-10 23:11 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-10 23:11 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-10 23:11 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-10 23:11 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-10 23:11 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-10 23:11 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-10 23:11 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-10 23:11 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-10 23:11 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-10 23:11 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-10 23:11 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-10 23:11 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 22:40 - 2012-07-10 22:41 - 00000000 ____D C:\Users\Nick\AppData\Local\{584EB645-7094-4D2C-82F7-896D444407A0}
2012-07-10 22:40 - 2012-07-10 22:40 - 00000000 ____D C:\Users\Nick\AppData\Local\{8BB21673-994B-4652-9DC3-1B92DF24F620}
2012-07-10 21:49 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 21:49 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 21:49 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 21:49 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 21:49 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 21:49 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 21:49 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 21:49 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 21:49 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 21:49 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 21:49 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 21:49 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 21:49 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 21:49 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 21:49 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 21:49 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 21:49 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 21:49 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 21:49 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 10:40 - 2012-07-10 10:40 - 00000000 ____D C:\Users\Nick\AppData\Local\{C9C406DE-B88A-44EF-8105-1B71C2A5B491}
2012-07-10 10:39 - 2012-07-10 10:40 - 00000000 ____D C:\Users\Nick\AppData\Local\{0EE56A72-64FC-41C5-94A8-9D25A7A35AD9}
2012-07-09 22:39 - 2012-07-09 22:39 - 00000000 ____D C:\Users\Nick\AppData\Local\{FB960092-32DA-462A-9C25-42AA9A962B48}
2012-07-09 22:39 - 2012-07-09 22:39 - 00000000 ____D C:\Users\Nick\AppData\Local\{C0EAF565-7EF8-4724-9403-55C85CBBC30C}
2012-07-09 10:38 - 2012-07-09 10:38 - 00000000 ____D C:\Users\Nick\AppData\Local\{1BD48371-EAC0-42CA-8F77-A7574BC3217B}
2012-07-09 10:38 - 2012-07-09 10:38 - 00000000 ____D C:\Users\Nick\AppData\Local\{00D59B2A-79BB-4627-9E4E-738BE9ED2950}
2012-07-08 22:37 - 2012-07-08 22:37 - 00000000 ____D C:\Users\Nick\AppData\Local\{6F500260-0214-47B1-BB42-DB25C52684B6}
2012-07-08 22:37 - 2012-07-08 22:37 - 00000000 ____D C:\Users\Nick\AppData\Local\{5F013C15-F2A9-4CE6-8BA7-2353FE3BA719}
2012-07-08 02:07 - 2012-07-08 02:07 - 00000000 ____D C:\Users\Nick\AppData\Local\{D14185A6-1E41-48CE-9720-66817F2DF9D0}
2012-07-08 02:07 - 2012-07-08 02:07 - 00000000 ____D C:\Users\Nick\AppData\Local\{AF6AE319-DF7A-4189-AACC-99AA4FD6B6C4}
2012-07-07 14:06 - 2012-07-07 14:07 - 00000000 ____D C:\Users\Nick\AppData\Local\{8ADF0B2A-6A20-4518-B2B8-AA07525F36FE}
2012-07-07 14:06 - 2012-07-07 14:06 - 00000000 ____D C:\Users\Nick\AppData\Local\{E6CED18A-8164-4A89-968E-46FFBEB7FAA7}
2012-07-07 01:18 - 2012-07-07 01:19 - 00000000 ____D C:\Users\Nick\AppData\Local\{FAEFD1FF-AFF0-4D34-8389-184AA3B80016}
2012-07-07 01:18 - 2012-07-07 01:18 - 00000000 ____D C:\Users\Nick\AppData\Local\{15630BEB-AFF8-460F-A1E8-A53A4EE7F91B}
2012-07-06 13:18 - 2012-07-06 13:18 - 00000000 ____D C:\Users\Nick\AppData\Local\{A298EB6A-B924-490B-91F4-671769F06835}
2012-07-06 13:17 - 2012-07-06 13:18 - 00000000 ____D C:\Users\Nick\AppData\Local\{3B75D8BB-6519-4203-B245-ACC54D4F1BA8}
2012-07-05 22:24 - 2012-07-05 22:24 - 00000000 ____D C:\Users\Nick\AppData\Local\{CD9F5B98-8CBB-4682-9E03-0988B3926197}
2012-07-05 22:23 - 2012-07-05 22:24 - 00000000 ____D C:\Users\Nick\AppData\Local\{B22E9A96-A121-405F-BE9E-91E3539CB892}
2012-07-05 09:59 - 2012-07-05 09:59 - 00000000 ____D C:\Users\Nick\AppData\Local\{7E1F5C26-E9B3-41D7-A2F7-DBEF7226E6C5}
2012-07-05 09:59 - 2012-07-05 09:59 - 00000000 ____D C:\Users\Nick\AppData\Local\{535E5E57-55B8-4289-84C2-252A7B760B0E}
2012-07-04 21:59 - 2012-07-04 21:59 - 00000000 ____D C:\Users\Nick\AppData\Local\{76F34B1A-E2A7-4D45-9E50-CA639E4F4B14}
2012-07-04 21:58 - 2012-07-04 21:59 - 00000000 ____D C:\Users\Nick\AppData\Local\{BEB6DA39-9C51-44E0-947E-842D7ECF12E3}
2012-07-04 09:57 - 2012-07-04 09:57 - 00000000 ____D C:\Users\Nick\AppData\Local\{745D7808-5881-4AAA-9F2D-4BB8A489E6AD}
2012-07-04 09:56 - 2012-07-04 09:57 - 00000000 ____D C:\Users\Nick\AppData\Local\{334F9E18-4CA9-4012-804F-26388C7A83B4}
2012-07-03 21:56 - 2012-07-03 21:56 - 00000000 ____D C:\Users\Nick\AppData\Local\{C087C645-B59B-4CD7-B0DF-BC3413C66D51}
2012-07-03 21:56 - 2012-07-03 21:56 - 00000000 ____D C:\Users\Nick\AppData\Local\{0566AA2F-0D3C-4E28-A1CC-C08A979E3349}
2012-07-03 09:55 - 2012-07-03 09:55 - 00000000 ____D C:\Users\Nick\AppData\Local\{F6C08CF6-836D-47CF-A3EE-933C3DCC8D1C}
2012-07-03 09:55 - 2012-07-03 09:55 - 00000000 ____D C:\Users\Nick\AppData\Local\{14CAA059-26B3-4F51-A1B8-409350794CA4}
2012-07-02 21:54 - 2012-07-02 21:55 - 00000000 ____D C:\Users\Nick\AppData\Local\{2F4AA866-2A2C-40EF-8654-3C97805D70B3}
2012-07-02 21:54 - 2012-07-02 21:54 - 00000000 ____D C:\Users\Nick\AppData\Local\{748C527C-ACBA-48BC-9214-0D68442783CC}
2012-07-02 08:10 - 2012-07-02 08:10 - 00000000 ____D C:\Users\Nick\AppData\Local\{D9B9F882-7332-4AA7-857D-EFA39B243532}
2012-07-02 08:10 - 2012-07-02 08:10 - 00000000 ____D C:\Users\Nick\AppData\Local\{08854A89-B624-4ABD-A8F6-6CAF7205EC14}
2012-07-01 16:25 - 2012-07-01 16:26 - 00000000 ____D C:\Users\Nick\AppData\Local\{89271E75-F705-487F-BC50-4B8DD82D8D28}
2012-07-01 16:25 - 2012-07-01 16:25 - 00000000 ____D C:\Users\Nick\AppData\Local\{71C4BE19-5BD5-4A35-A4DF-D024C9498D41}
2012-07-01 03:26 - 2012-07-01 03:26 - 00000000 ____D C:\Users\Nick\AppData\Local\{D317A0B0-851B-4B8F-B45E-A6502F305FBD}
2012-07-01 03:26 - 2012-07-01 03:26 - 00000000 ____D C:\Users\Nick\AppData\Local\{7EAA9403-AEA8-4E2F-91A7-EB9CE5753D98}
2012-06-30 15:25 - 2012-06-30 15:25 - 00000000 ____D C:\Users\Nick\AppData\Local\{C477856A-D10E-4231-8BE0-DDCE7C02E449}
2012-06-30 15:25 - 2012-06-30 15:25 - 00000000 ____D C:\Users\Nick\AppData\Local\{321342B1-8703-47E1-BC7D-62A66D92D8D6}
2012-06-30 03:24 - 2012-06-30 03:25 - 00000000 ____D C:\Users\Nick\AppData\Local\{A2E8B310-D43A-4152-B972-20B3F6399F76}
2012-06-30 03:24 - 2012-06-30 03:24 - 00000000 ____D C:\Users\Nick\AppData\Local\{24A36B8E-6695-4000-80C0-58EAFB9024E0}
2012-06-29 10:06 - 2012-06-29 10:07 - 00000000 ____D C:\Users\Nick\AppData\Local\{EF10A2B5-471A-4C4C-A13E-E771935093D8}
2012-06-29 10:06 - 2012-06-29 10:06 - 00000000 ____D C:\Users\Nick\AppData\Local\{E55C73EF-37BA-439C-8227-FCA3D7CB1324}
2012-06-28 22:06 - 2012-06-28 22:06 - 00000000 ____D C:\Users\Nick\AppData\Local\{956D2391-025F-4357-9BD6-EFF77B7D0883}
2012-06-28 22:05 - 2012-06-28 22:06 - 00000000 ____D C:\Users\Nick\AppData\Local\{FF78CBEA-9AF2-4975-8940-9EAC0082C534}
2012-06-28 13:13 - 2012-06-28 13:13 - 00000148 ____A C:\Users\Nick\Downloads\staffportal.html
2012-06-28 10:05 - 2012-06-28 10:05 - 00000000 ____D C:\Users\Nick\AppData\Local\{7271320B-FA68-416A-B81D-F238BCA3B90A}
2012-06-28 10:05 - 2012-06-28 10:05 - 00000000 ____D C:\Users\Nick\AppData\Local\{2535CC88-4C61-4A8E-B1B9-95807946C879}
2012-06-27 22:04 - 2012-06-27 22:04 - 00000000 ____D C:\Users\Nick\AppData\Local\{DB131843-BFFA-422C-90BC-EA83F66F3F0C}
2012-06-27 22:04 - 2012-06-27 22:04 - 00000000 ____D C:\Users\Nick\AppData\Local\{2EC23E65-3F9D-40B0-9103-E3E967929B5C}
2012-06-27 09:56 - 2012-06-27 09:56 - 00000000 ____D C:\Users\Nick\AppData\Local\{F042E3ED-C605-46FF-A458-2FFED04F7AC4}
2012-06-27 09:55 - 2012-06-27 09:56 - 00000000 ____D C:\Users\Nick\AppData\Local\{4A7339EB-ADA6-4706-8843-377D706CDC63}
2012-06-26 21:55 - 2012-06-26 21:55 - 00000000 ____D C:\Users\Nick\AppData\Local\{C0AEF26D-9A75-4171-81D4-0C6CB8640416}
2012-06-26 21:55 - 2012-06-26 21:55 - 00000000 ____D C:\Users\Nick\AppData\Local\{4C7D55BD-DFC4-4296-AFE3-21DF71CCF5C9}
2012-06-26 07:49 - 2012-06-26 07:49 - 00000000 ____D C:\Users\Nick\AppData\Local\{295AC423-A8C4-461F-9712-240944F579B8}
2012-06-26 07:48 - 2012-06-26 07:49 - 00000000 ____D C:\Users\Nick\AppData\Local\{49D41160-4221-4FD0-ACCF-22E90DC02046}
2012-06-25 11:16 - 2012-06-25 11:16 - 00000000 ____D C:\Users\Nick\AppData\Local\{C381A0F9-5FB8-4B91-BD42-12F4D4F7EB01}
2012-06-25 11:15 - 2012-06-25 11:16 - 00000000 ____D C:\Users\Nick\AppData\Local\{145D473A-77F3-4302-8516-9E47E08F1D3E}
2012-06-24 23:15 - 2012-06-24 23:15 - 00000000 ____D C:\Users\Nick\AppData\Local\{838B1AA6-0D86-4889-9666-97669650B1CF}
2012-06-24 23:15 - 2012-06-24 23:15 - 00000000 ____D C:\Users\Nick\AppData\Local\{27748708-4F7A-4F8E-9620-10B797AE769F}
2012-06-24 11:14 - 2012-06-24 11:14 - 00000000 ____D C:\Users\Nick\AppData\Local\{3356CA5A-4B68-463D-BB24-44A656692D7C}
2012-06-24 11:14 - 2012-06-24 11:14 - 00000000 ____D C:\Users\Nick\AppData\Local\{2D90F4FC-DBFF-473C-91C1-2A416742601A}
2012-06-23 23:15 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-23 23:15 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-23 23:15 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-23 23:15 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-23 23:14 - 2012-06-23 23:14 - 00000000 ____D C:\Users\Nick\AppData\Local\{258DFD1E-3EB3-4EA8-BF10-6FC8E2C62AAA}
2012-06-23 23:14 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-23 23:14 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-23 23:14 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-23 23:14 - 2012-06-02 06:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-23 23:14 - 2012-06-02 06:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-23 23:13 - 2012-06-23 23:14 - 00000000 ____D C:\Users\Nick\AppData\Local\{1C6380F5-1559-4724-A538-BACFC129ED94}
2012-06-23 01:20 - 2012-06-23 01:20 - 00000000 ____D C:\Users\Nick\AppData\Local\{C8669A9D-BFFB-4B75-B1BB-28E3E8CBB9DD}
2012-06-23 01:20 - 2012-06-23 01:20 - 00000000 ____D C:\Users\Nick\AppData\Local\{B483488A-604E-4DD2-B698-38B4EE63DB07}
2012-06-22 13:19 - 2012-06-22 13:19 - 00000000 ____D C:\Users\Nick\AppData\Local\Macromedia
2012-06-22 13:19 - 2012-06-22 13:19 - 00000000 ____D C:\Users\Nick\AppData\Local\{A3F8F356-DDCB-4BF7-91D0-5BDD459488B1}
2012-06-22 13:19 - 2012-06-22 13:19 - 00000000 ____D C:\Users\Nick\AppData\Local\{6C9F7628-7458-4682-B89A-2C937A1847C7}
2012-06-21 21:39 - 2012-06-21 21:39 - 00000000 ____D C:\Users\Nick\AppData\Local\{B0CD499F-A032-480B-AF80-C1805B8C2D1D}
2012-06-21 21:39 - 2012-06-21 21:39 - 00000000 ____D C:\Users\Nick\AppData\Local\{5E8F5A10-A119-49EA-8650-E7A4D553711C}
2012-06-21 07:50 - 2012-06-21 07:50 - 00000000 ____D C:\Users\Nick\AppData\Local\{E53BC128-1E34-40FC-A19A-04EBBFDE2D26}
2012-06-21 07:50 - 2012-06-21 07:50 - 00000000 ____D C:\Users\Nick\AppData\Local\{8850ED6A-A5BE-492D-94C9-2AF64AAE6B96}
2012-06-20 12:09 - 2012-06-20 12:09 - 00000000 ____D C:\Users\Nick\AppData\Local\{B321C1A6-DABB-45E6-9B8E-7A780D8B8FF6}
2012-06-20 12:09 - 2012-06-20 12:09 - 00000000 ____D C:\Users\Nick\AppData\Local\{527B8C23-C80D-4609-818C-83EBF824794A}
2012-06-20 00:08 - 2012-06-20 00:08 - 00000000 ____D C:\Users\Nick\AppData\Local\{74F3A7A4-C642-4736-A763-A0710C9FB5CC}
2012-06-20 00:08 - 2012-06-20 00:08 - 00000000 ____D C:\Users\Nick\AppData\Local\{3721E10D-60BA-4940-9F43-B266505EFBAF}
2012-06-19 12:08 - 2012-06-19 12:08 - 00000000 ____D C:\Users\Nick\AppData\Local\{322DE805-F2E8-4D46-B278-8ADF23F3F0DA}
2012-06-19 12:07 - 2012-06-19 12:08 - 00000000 ____D C:\Users\Nick\AppData\Local\{C7B22371-46B1-4510-B29E-F71447F9E3A6}
2012-06-19 00:07 - 2012-06-19 00:07 - 00000000 ____D C:\Users\Nick\AppData\Local\{F3DD5FEA-6CAE-4DDA-8F00-9AE42A503A95}
2012-06-19 00:07 - 2012-06-19 00:07 - 00000000 ____D C:\Users\Nick\AppData\Local\{487779A3-73DA-46DD-B373-5F3F83C86833}
2012-06-18 12:06 - 2012-06-18 12:06 - 00000000 ____D C:\Users\Nick\AppData\Local\{523FD651-E2F8-4263-A676-C841B7B43CE9}
2012-06-18 00:06 - 2012-06-18 00:06 - 00000000 ____D C:\Users\Nick\AppData\Local\{F387DA99-1669-4430-A094-857BC51E2C36}
2012-06-17 12:05 - 2012-06-17 12:05 - 00000000 ____D C:\Users\Nick\AppData\Local\{0D23086E-2C3A-41F1-BEE5-903C749A93E0}
2012-06-17 00:05 - 2012-06-17 00:05 - 00000000 ____D C:\Users\Nick\AppData\Local\{B0ADB908-D9C1-4C7B-929E-C1707C23947D}
2012-06-16 09:46 - 2012-06-16 09:46 - 00000000 ____D C:\Users\Nick\AppData\Local\{FBC7EFDE-46CE-4D8A-BF7A-B508B3D0713A}
2012-06-15 21:46 - 2012-06-15 21:46 - 00000000 ____D C:\Users\Nick\AppData\Local\{690B3562-C6C2-4E21-A4F7-4F3B00A44A1D}
2012-06-15 09:45 - 2012-06-15 09:46 - 00000000 ____D C:\Users\Nick\AppData\Local\{0D7C3205-EEFA-4A4C-8F47-6D606DA9FFD2}
2012-06-14 21:45 - 2012-06-14 21:45 - 00000000 ____D C:\Users\Nick\AppData\Local\{A16466C6-81C1-4DCB-8E1E-CFAF341BD17B}
2012-06-14 09:45 - 2012-06-14 09:45 - 00000000 ____D C:\Users\Nick\AppData\Local\{74398816-F0A6-4ED3-8F4F-0A62B5AA9D1E}
2012-06-14 09:44 - 2012-06-14 09:45 - 00000000 ____D C:\Users\Nick\AppData\Local\{394FA640-90DA-45AE-95C6-D7BD8EF933AF}
2012-06-13 21:44 - 2012-06-13 21:44 - 00000000 ____D C:\Users\Nick\AppData\Local\{72C1B89C-3CC7-43C6-894C-B99B711DDAA3}
2012-06-13 21:44 - 2012-06-13 21:44 - 00000000 ____D C:\Users\Nick\AppData\Local\{03F838B3-4D7A-4EB3-A8D5-B01DC51811F3}
2012-06-13 09:18 - 2012-06-13 09:18 - 00000000 ____D C:\Users\Nick\AppData\Local\{AA54C897-1C94-4765-8082-6B462A541E00}
2012-06-13 09:17 - 2012-06-13 09:18 - 00000000 ____D C:\Users\Nick\AppData\Local\{FC4E9955-4E6A-4028-84D1-785D65CF773F}


============ 3 Months Modified Files ========================

2012-07-12 22:34 - 2012-07-12 12:09 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-12 22:34 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-12 22:34 - 2009-07-13 20:51 - 00084774 ____A C:\Windows\setupact.log
2012-07-12 22:32 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-12 22:23 - 2009-07-13 21:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-12 22:15 - 2012-04-26 23:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-12 21:55 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-12 21:55 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-12 21:53 - 2011-06-11 06:44 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-12 21:53 - 2011-05-16 06:56 - 01410291 ____A C:\Windows\WindowsUpdate.log
2012-07-12 21:52 - 2011-06-11 06:44 - 00787498 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-12 21:45 - 2012-07-12 21:45 - 12621696 ____A (Microsoft Corporation) C:\Users\Nick\Downloads\mseinstall.exe
2012-07-12 13:08 - 2011-05-16 09:19 - 00254290 ____A C:\Windows\PFRO.log
2012-07-12 12:19 - 2012-07-12 12:09 - 00002342 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-07-12 12:19 - 2012-07-12 12:09 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-12 12:08 - 2012-04-26 23:24 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-12 12:08 - 2011-06-11 07:34 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-11 05:04 - 2009-07-13 20:45 - 00302824 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 23:12 - 2011-06-14 10:00 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-03 12:31 - 2011-08-05 00:48 - 00000420 ____A C:\Users\Nick\Desktop\Films to watch.txt
2012-06-28 13:13 - 2012-06-28 13:13 - 00000148 ____A C:\Users\Nick\Downloads\staffportal.html
2012-06-12 13:09 - 2009-07-13 21:13 - 00787892 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-11 19:08 - 2012-07-10 23:14 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 11:33 - 2012-06-09 11:33 - 01203408 ____A C:\Users\Nick\Downloads\Promo 25 Fiesta Patria Gaucha 2011 - 20seg.avi
2012-06-09 11:29 - 2012-06-09 11:29 - 01928149 ____A C:\Users\Nick\Downloads\Promo 25 Fiesta Patria Gaucha 2011 - 20seg.mp4
2012-06-08 21:43 - 2012-07-10 21:49 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 21:49 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-08 12:42 - 2011-08-29 10:50 - 00101400 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKE64.sys
2012-06-05 22:06 - 2012-07-10 21:49 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 21:49 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 21:49 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 21:49 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 21:49 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 21:49 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-05 07:36 - 2012-06-01 11:22 - 00063488 __ASH C:\Users\Nick\Desktop\Thumbs.db
2012-06-02 14:19 - 2012-06-23 23:15 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-23 23:15 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-23 23:15 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-23 23:14 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-23 23:14 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-23 23:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-23 23:14 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-23 23:14 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:15 - 2012-06-23 23:14 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-10 23:11 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-10 23:11 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-10 23:11 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-10 23:11 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-10 23:11 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-10 23:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-10 23:11 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-10 23:11 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-10 23:11 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-10 23:11 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-10 23:11 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-10 23:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-10 23:11 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-10 23:11 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-10 23:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-10 23:11 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-10 23:11 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-10 23:11 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-10 23:11 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-10 23:11 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-10 23:11 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-10 23:11 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-10 23:11 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-10 23:11 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-10 23:11 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-10 23:11 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-10 23:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-10 23:11 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 21:49 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 21:49 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 21:49 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 21:49 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 21:49 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 21:49 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 21:49 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 21:49 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 21:49 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-01 11:22 - 2012-06-01 11:22 - 00001241 ____A C:\Users\Nick\Desktop\SEASON 5 - Shortcut.lnk
2012-05-04 03:06 - 2012-06-12 11:07 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-12 11:07 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-12 11:07 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 12:12 - 2012-05-03 12:12 - 01639789 ____A C:\Users\Nick\Downloads\winrar-x64-411.exe
2012-04-30 21:40 - 2012-06-12 11:07 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-12 11:07 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-12 11:07 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-12 11:07 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-12 11:07 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-12 11:06 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-12 11:06 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-12 11:06 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-12 11:06 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-12 11:06 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-12 11:06 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll


ZeroAccess:
C:\Windows\Installer\{f26f19f5-8055-2193-e125-44b55f27d338}
C:\Windows\Installer\{f26f19f5-8055-2193-e125-44b55f27d338}\@
C:\Windows\Installer\{f26f19f5-8055-2193-e125-44b55f27d338}\L
C:\Windows\Installer\{f26f19f5-8055-2193-e125-44b55f27d338}\n
C:\Windows\Installer\{f26f19f5-8055-2193-e125-44b55f27d338}\U
C:\Windows\Installer\{f26f19f5-8055-2193-e125-44b55f27d338}\U\00000001.@
C:\Windows\Installer\{f26f19f5-8055-2193-e125-44b55f27d338}\U\80000000.@
C:\Windows\Installer\{f26f19f5-8055-2193-e125-44b55f27d338}\U\800000cb.@

ZeroAccess:
C:\Users\Nick\AppData\Local\{f26f19f5-8055-2193-e125-44b55f27d338}
C:\Users\Nick\AppData\Local\{f26f19f5-8055-2193-e125-44b55f27d338}\@
C:\Users\Nick\AppData\Local\{f26f19f5-8055-2193-e125-44b55f27d338}\L
C:\Users\Nick\AppData\Local\{f26f19f5-8055-2193-e125-44b55f27d338}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 5887.29 MB
Available physical RAM: 4983.95 MB
Total Pagefile: 5885.43 MB
Available Pagefile: 4964.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:918.65 GB) (Free:710.68 GB) NTFS
2 Drive e: (HP_RECOVERY) (Fixed) (Total:12.76 GB) (Free:1.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
5 Drive h: () (Removable) (Total:7.47 GB) (Free:5.11 GB) FAT32
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
11 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 7657 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 918 GB 101 MB
Partition 3 Primary 12 GB 918 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y SYSTEM NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 918 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E HP_RECOVERY NTFS Partition 12 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7655 MB 22 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 7655 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-08 00:22

======================= End Of Log ==========================
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
.
Additional FRST scan
Once again, please boot to the System Recovery Options and run FRST, as done previously.

Type the following text in the blank box after Search:

services.exe

Click: Search file(s)

FRST2.gif


When done searching, FRST makes a log, Search.txt, on the C:\ drive.

Please provide the Search.txt in your reply.
 
Thanks so much for your help. The log you requested is below:



Farbar Recovery Scan Tool Version: 11-07-2012
Ran by SYSTEM at 2012-07-13 12:50:58
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2012-07-12 22:32] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======
 
You're welcome. Glad to be of assistance.

FRST64 Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{f26f19f5-8055-2193-e125-44b55f27d338}
C:\Users\Nick\AppData\Local\{f26f19f5-8055-2193-e125-44b55f27d338}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012
Ran by SYSTEM at 2012-07-14 13:31:08 Run:1
Running from H:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{f26f19f5-8055-2193-e125-44b55f27d338} moved successfully.
C:\Users\Nick\AppData\Local\{f26f19f5-8055-2193-e125-44b55f27d338} moved successfully.

==== End of Fixlog ====

The reboot seemed to go fine. I have Firefox configured to start at system startup and Firefox told me it was in safe mode and asked whether I wanted to continue in Firefox safe mode or use it normally. I did not answer.
The warning that the system would reboot in 1 minute had gone.
I didn't try to do anything significant for fear of messing up your good work.
Thanks so far!
 
Okay, good. Firefox should be fine to use at this point.

ComboFix

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.
After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:
  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
 
It seemed to run OK.
I had a difficult time getting the contents of ComboFix.txt pasted below - Firefox nor much of anything else would open after the scan had finished, giving me the error "Illegal operation attempted on a registry key that has been marked for deletion." In the end I was able to put a copy of the file ComboFix.txt in a shared folder which I then accessed on a different machine, on which I am now typing.


---------------------------------
ComboFix 12-07-14.01 - Nick 15/07/2012 20:13:50.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5887.4687 [GMT 1:00]
Running from: c:\users\Nick\Desktop\svhost.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\HP
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1025\1025.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1025\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1025\synonyms-1025.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1026\1026.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1026\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1026\synonyms-1026.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1028\1028.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1028\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1028\synonyms-1028.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1029\1029.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1029\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1029\synonyms-1029.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1030\1030.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1030\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1030\synonyms-1030.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1031\1031.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1031\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1031\synonyms-1031.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1032\1032.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1032\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1032\synonyms-1032.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1033\1033.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1033\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1033\synonyms-1033.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1034\1034.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1034\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1034\synonyms-1034.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1035\1035.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1035\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1035\synonyms-1035.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1036\1036.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1036\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1036\synonyms-1036.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1037\1037.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1037\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1037\synonyms-1037.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1038\1038.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1038\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1038\synonyms-1038.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1040\1040.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1040\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1040\synonyms-1040.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1042\1042.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1042\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1042\synonyms-1042.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1043\1043.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1043\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1043\synonyms-1043.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1044\1044.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1044\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1044\synonyms-1044.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1045\1045.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1045\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1045\synonyms-1045.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1046\1046.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1046\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1046\synonyms-1046.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1048\1048.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1048\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1048\synonyms-1048.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1049\1049.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1049\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1049\synonyms-1049.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1050\1050.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1050\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1050\synonyms-1050.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1051\1051.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1051\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1051\synonyms-1051.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1053\1053.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1053\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1053\synonyms-1053.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1054\1054.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1054\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1054\synonyms-1054.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1055\1055.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1055\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1055\synonyms-1055.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1057\1057.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1057\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1057\synonyms-1057.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1060\1060.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1060\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1060\synonyms-1060.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1061\1061.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1061\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1061\synonyms-1061.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1062\1062.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1062\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1062\synonyms-1062.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1063\1063.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1063\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\1063\synonyms-1063.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\2052\2052.cab
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\2052\dj3055_Animations.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\2052\synonyms-2052.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\Accessory\AC_RunActiveContent.js
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\Accessory\cueFunctions.js
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\Accessory\hubURL.js
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\Accessory\images\bullet.gif
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\Accessory\images\checkbox.PNG
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\Accessory\images\cmyk-color-bar.svg
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\Accessory\images\collapsed.gif
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\Accessory\images\expanded.gif
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\Accessory\images\hyphen.PNG
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\Accessory\images\icon_caution_color.gif
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\Accessory\images\icon_warning_color.gif
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\Accessory\images\projector_icon.jpg
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\Accessory\images\registration-circle.svg
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\Accessory\images\RightArrow.jpg
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\Accessory\images\spacer.gif
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\Accessory\images\well.jpg
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\Accessory\masterStyle.css
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\flash\dj3055_black_copy.swf
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\flash\dj3055_CGD.swf
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\flash\dj3055_color_copy.swf
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\flash\dj3055_Com.swf
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\flash\dj3055_com_load_Envelope.swf
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\flash\dj3055_com_load_LargePaper.swf
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\flash\dj3055_com_load_media.swf
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\flash\dj3055_com_load_SmallPhoto.swf
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\flash\dj3055_copy_text_or_mixed_docs.swf
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\flash\dj3055_gtk_control_panel.swf
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\flash\dj3055_gtk_printer_parts.swf
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\flash\dj3055_ink_replace_cartridges.swf
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\flash\dj3055_paper_jam_back.swf
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\flash\dj3055_paper_jam_bottom.swf
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\flash\dj3055_paper_jam_front.swf
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\flash\dj3055_paper_jam_inside.swf
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\flash\dj3055_Zoom.swf
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\flash\globalAnivewerParts_V2.swf
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\c_panel.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\cart_contacts.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\cartridge_number.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\cleanout_door.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\cleanout_door_close.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\clear_jam_back.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\clear_jam_bottom.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\clear_jam_front.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\clear_jam_inside.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\colorlok.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\diagnostics_page.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\eprint_light.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\fcvr_ajr.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\fcvr_close.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\globe.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\icon_document.gif
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\icon_envelope.gif
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\icon_photo_horizontal.gif
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\icon_quickforms.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\ink_blk1.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\ink_cart_date.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\inkcart4.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\input_tray_1.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\ld_env3.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\ld_papr2.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\ld_papr3.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\ld_papr4.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\ld_photo_in_tray.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\ld_scan.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\ld_scan_close.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\ld_scan_open.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\Model_number.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\output_tray_1.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\ph_contacts.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\printer_parts.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\projector_icon.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_ce.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_ce_nh.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_ar_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_bg_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_cs_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_da_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_de_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_el_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_en_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_es_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_et_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_fi_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_fr_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_he_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_hr_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_hu_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_id_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_it_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_jp_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_ko_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_lt_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_lv_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_ms_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_nl_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_no_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_pl_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_pt_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_ro_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_ru_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_sk_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_sl_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_sv_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_th_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_tr_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_uk_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_zh_cn.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_copyright_acknowledgements_no_bluetooth_zh_tw.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_energystar_logo_ww.jpg
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_fcc_statement_class_b_us.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_notice_to_users_ko_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_power_cord_notice_jp_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_rohs_table_generic_zh_cn.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_vcci_class_b_notice_jp_ww.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_weee_eu.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_wireless_notice_to_users_br.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_wireless_notice_to_users_ca.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_wireless_notice_zh_tw.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\reg_wireless_radio_frequency_radiation_us.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\release_pcart_no_co.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\top_up3.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\unpack_cart.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\graphics\online\wireless_light.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\images\global_product_bg_blue.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\images\global_product_bg_blue_gtk.jpg
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\images\global_product_bg_blue_hd.jpg
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\images\global_product_bg_blue_wide.png
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\sysparm.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Help\topicmap.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\HP Deskjet 3050A J611 series (USB)\XmlFileCache\CN18A4360405PJ\DevMgmt\DiscoveryTree.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\HP Deskjet 3050A J611 series (USB)\XmlFileCache\CN18A4360405PJ\Scan\ScanCaps.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\Installer\Help\1025\HP_Setup_Help.chm
c:\programdata\HP\HP Deskjet 3050A J611 series\Installer\Help\1028\HP_Setup_Help.chm
c:\programdata\HP\HP Deskjet 3050A J611 series\Installer\Help\1029\HP_Setup_Help.chm
c:\programdata\HP\HP Deskjet 3050A J611 series\Installer\Help\1030\HP_Setup_Help.chm
c:\programdata\HP\HP Deskjet 3050A J611 series\Installer\Help\1031\HP_Setup_Help.chm
c:\programdata\HP\HP Deskjet 3050A J611 series\Installer\Help\1032\HP_Setup_Help.chm
c:\programdata\HP\HP Deskjet 3050A J611 series\Installer\Help\1033\HP_Setup_Help.chm
c:\programdata\HP\HP Deskjet 3050A J611 series\Installer\Help\1034\HP_Setup_Help.chm
c:\programdata\HP\HP Deskjet 3050A J611 series\Installer\Help\1035\HP_Setup_Help.chm
c:\programdata\HP\HP Deskjet 3050A J611 series\Installer\Help\1036\HP_Setup_Help.chm
c:\programdata\HP\HP Deskjet 3050A J611 series\Installer\Help\1037\HP_Setup_Help.chm
c:\programdata\HP\HP Deskjet 3050A J611 series\Installer\Help\1038\HP_Setup_Help.chm
c:\programdata\HP\HP Deskjet 3050A J611 series\Installer\Help\1040\HP_Setup_Help.chm
c:\programdata\HP\HP Deskjet 3050A J611 series\Installer\Help\1041\HP_Setup_Help.chm
c:\programdata\HP\HP Deskjet 3050A J611 series\Installer\Help\1042\HP_Setup_Help.chm
c:\programdata\HP\HP Deskjet 3050A J611 series\Installer\Help\1043\HP_Setup_Help.chm
c:\programdata\HP\HP Deskjet 3050A J611 series\Installer\Help\1044\HP_Setup_Help.chm
c:\programdata\HP\HP Deskjet 3050A J611 series\Installer\Help\1045\HP_Setup_Help.chm
c:\programdata\HP\HP Deskjet 3050A J611 series\Installer\Help\1046\HP_Setup_Help.chm
c:\programdata\HP\HP Deskjet 3050A J611 series\Installer\Help\1049\HP_Setup_Help.chm
c:\programdata\HP\HP Deskjet 3050A J611 series\Installer\Help\1053\HP_Setup_Help.chm
c:\programdata\HP\HP Deskjet 3050A J611 series\Installer\Help\1055\HP_Setup_Help.chm
c:\programdata\HP\HP Deskjet 3050A J611 series\Installer\Help\2052\HP_Setup_Help.chm
c:\programdata\HP\HP Deskjet 3050A J611 series\NetworkDevices\CN18A4360405PJ.ini
c:\programdata\HP\HP Deskjet 3050A J611 series\XmlFileCache\CN18A4360405PJ\Calibration\CalibrationManifest.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\XmlFileCache\CN18A4360405PJ\DevMgmt\ConsumableConfigCap.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\XmlFileCache\CN18A4360405PJ\DevMgmt\DiscoveryTree.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\XmlFileCache\CN18A4360405PJ\DevMgmt\InternalPrintCap.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\XmlFileCache\CN18A4360405PJ\DevMgmt\ProductConfigCap.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\XmlFileCache\CN18A4360405PJ\ePrint\ePrintConfigCap.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\XmlFileCache\CN18A4360405PJ\ePrint\ePrintManifest.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\XmlFileCache\CN18A4360405PJ\IoMgmt\IoMgmtManifest.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\XmlFileCache\CN18A4360405PJ\Scan\ScanCaps.xml
c:\programdata\HP\HP Deskjet 3050A J611 series\XmlFileCache\CN18A4360405PJ\WebFirmwareUpdate\WebFirmwareUpdateManifest.xml
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-15 19:24 . 2012-07-15 19:24 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0346098-2EDF-4CF1-8C85-22458B72CDD1}\offreg.dll
2012-07-15 19:20 . 2012-07-15 19:20 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-15 19:20 . 2012-07-15 19:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 15:56 . 2012-07-13 15:56 -------- d-----w- C:\FRST
2012-07-13 15:36 . 2012-07-13 15:36 -------- d-----w- c:\programdata\Recovery
2012-07-13 05:54 . 2012-02-09 13:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{219F34CF-52D6-4BDD-A8DA-A61AC4EEC67A}\gapaengine.dll
2012-07-13 05:54 . 2012-06-18 02:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0346098-2EDF-4CF1-8C85-22458B72CDD1}\mpengine.dll
2012-07-13 05:52 . 2012-07-13 05:52 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-13 05:52 . 2012-07-13 05:52 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-12 20:10 . 2012-07-12 20:10 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-12 20:08 . 2012-07-12 20:09 -------- d-----w- c:\users\Nick\AppData\Local\Google
2012-07-12 20:08 . 2012-07-12 20:09 -------- d-----w- c:\program files (x86)\Google
2012-07-11 07:14 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-24 07:15 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 07:15 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 07:15 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 07:15 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 07:14 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-24 07:14 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 07:14 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 07:14 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 07:14 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 21:19 . 2012-06-22 21:19 -------- d-----w- c:\users\Nick\AppData\Local\Macromedia
2012-06-16 19:54 . 2012-06-16 19:54 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-16 19:54 . 2012-06-16 19:54 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 20:08 . 2012-04-27 07:24 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 20:08 . 2011-06-11 15:34 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-08 20:42 . 2011-08-29 18:50 101400 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-05-04 11:06 . 2012-06-12 19:07 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 19:07 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 19:07 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-12 19:07 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-12 19:07 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-12 19:07 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-12 19:07 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-12 19:07 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-12 19:06 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-12 19:06 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-12 19:06 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-12 19:06 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-12 19:06 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-12 19:06 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"V0640Mon.exe"="c:\windows\V0640Mon.exe" [2009-09-22 28672]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mozilla Firefox.lnk - c:\program files (x86)\Mozilla Firefox\firefox.exe [2011-6-11 913888]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Windows Live Mail.lnk - c:\program files (x86)\Windows Live\Mail\wlmail.exe [2012-3-8 92024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-12 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-12 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-12 1255736]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-08-13 75904]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-08-13 38016]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-06-08 101400]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-06-08 55096]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-06-08 297048]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-11 203264]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-06-08 976728]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-11 6790656]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-11 221184]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-11-05 1041760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 V0640Vid;Creative Live! Cam Socialize (VF0640) Driver;c:\windows\system32\DRIVERS\V0640Vid.sys [2009-12-03 319520]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 20:08]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-12 20:08]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-12 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6kwuz4cr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/news/
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\05\17\17\03\06V"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2012-07-15 20:29:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-15 19:29
.
Pre-Run: 778,784,239,616 bytes free
Post-Run: 779,311,976,448 bytes free
.
- - End Of File - - EC3529ED4572F470A57084341612E32B
 
OK, a system reboot sorted out the problem with registry keys marked for deletion (silly me for not realising this).
MSE real time scanning is still switched off. Let me know if and when you want it back on.

The infected machine now seems to be working OK, but I will avoid using it further until you say so.
Thanks for your continued support.
 
You're welcome. Glad it's working out so far!

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.


Scan for malware

bf_new.gif
Please download Malwarebytes Anti-Malware from HERE.


Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.


ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
 
The two requested logs are below:



Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.16.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Nick :: HP [administrator]

16/07/2012 10:13:32
mbam-log-2012-07-16 (10-13-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230066
Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b708737f183dee49bee282f62e9c5102
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-16 09:58:18
# local_time=2012-07-16 10:58:18 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 289 94895515 0 0
# compatibility_mode=8192 67108863 100 0 92 92 0 0
# scanned=155291
# found=4
# cleaned=4
# scan_time=2233
C:\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\FRST\Quarantine\{f26f19f5-8055-2193-e125-44b55f27d338}\n Win64/Sirefef.W trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\FRST\Quarantine\{f26f19f5-8055-2193-e125-44b55f27d338}\U\80000000.@ Win64/Sirefef.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Nick\Downloads\Dose.2.DiSC1+2.exe Win32/Adware.1ClickDownload application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
 
Good!

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death
 
Here is one problem:
I re-enabled real-time protection for MSE and tried to do an update. The update failed even though my internet connection is fine (MSE did not specify the reason for the failure). Updates have always worked fine before I got the malware.

Should I uninstall then reinstall MSE and see if that fixes things?
Thanks.
 
I have seen that reinstalling MSE has worked well in solving the issue.

If there are no other issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name I.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive I.e. C
  • For a few moments the system will make some calculations:
    diskcleanup1.png
  • Select the More Options tab
    moreoptions.png
  • In the System Restore and Shadow Backups select Clean up
    moreoptions2.png
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Tell me in your next reply, if you have completed these tasks:
  • Cleaned System Restore
  • Ran OTC
  • Ran TFC
  • Ran Security Check
Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.
 
I have done all of these four things:
  • Cleaned System Restore
  • Ran OTC
  • Ran TFC
  • Ran Security Check

The Security Check log is as follows:

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 31
Java version out of Date!
Mozilla Firefox (13.0.1)
Google Chrome 12.0.742.100
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````


Reinstalling MSE fixed the update problem referred to earlier.
My computer seems to be running fine.
Let me know when we are done as a donation is coming your way. You guys do a really awesome job. I can't thank you enough!
 
Thanks! :D

You did a good job following everything here, and your computer is nice and clean! :)

Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.


Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Any other questions before I mark this topic solved?
 
You can mark it solved.

A donation has been sent your way. I am amazed at the great work you people do.

Thanks and best wishes,
Nick
 
Status
Not open for further replies.
Back