Help please, ZeroAccess trogan thanks

[ssff7826]

please help, cant update anything, comp is acting crazy.....thanks

here are the logs.....thanks

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

Run by Brian at 7:46:11 on 2012-08-10

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.6338 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

C:\Windows\system32\mfevtps.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\McAfee\MAT\McPvTray.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe

C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

mWinlogon: Userinit=userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120719091920.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

LSP: mswsock.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{49995928-16DF-49C4-A13D-6841F8708F24} : DhcpNameServer = 75.75.75.75 75.75.76.76

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120719091920.dll

BHO-X64: scriptproxy - No File

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\ef7s84f0.default\

FF - prefs.js: browser.startup.homepage - espn.com

FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll

FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll

FF - plugin: M:\Installed Programs\Reader\AIR\nppdf32.dll

FF - plugin: M:\Installed Programs\Reader\browser\nppdf32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R0 McPvDrv;McPvDrv Driver;C:\Windows\system32\drivers\McPvDrv.sys --> C:\Windows\system32\drivers\McPvDrv.sys [?]

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys --> C:\Windows\system32\DRIVERS\NBVol.sys [?]

R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys --> C:\Windows\system32\DRIVERS\NBVolUp.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 Sahdad64;HDD Filter Driver;C:\Windows\system32\Drivers\Sahdad64.sys --> C:\Windows\system32\Drivers\Sahdad64.sys [?]

R0 Saibad64;Volume Filter Driver;C:\Windows\system32\Drivers\Saibad64.sys --> C:\Windows\system32\Drivers\Saibad64.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 MOBKFilter;MOBKFilter;C:\Windows\system32\DRIVERS\MOBK.sys --> C:\Windows\system32\DRIVERS\MOBK.sys [?]

R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\system32\Drivers\SaibVdAd64.sys --> C:\Windows\system32\Drivers\SaibVdAd64.sys [?]

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-6-2 457200]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 BOT4Service;BOT4Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-8-31 39408]

R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-7-17 103472]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-14 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-14 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-3-14 199272]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-3-14 210584]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]

R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-4-20 92592]

R3 bbcap;bb_capture_driver;C:\Windows\system32\DRIVERS\bbcap.sys --> C:\Windows\system32\DRIVERS\bbcap.sys [?]

R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]

R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-14 249936]

S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-8 2348352]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-7-16 354288]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-8 250056]

S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-3-19 114144]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 RoxMediaDB13;RoxMediaDB13;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-7-16 1099248]

S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-08-08 20:09:33 -------- d-----w- C:\FRST

2012-08-07 01:39:30 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-07 01:29:31 16200 ----a-w- C:\Windows\stinger.sys

2012-08-07 01:29:18 -------- d-----w- C:\Program Files (x86)\stinger

2012-07-30 20:57:50 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-07-30 15:52:51 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0E5FA8EB-FA50-457F-A486-9B1BCFDC2074}\mpengine.dll

2012-07-29 07:21:45 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-29 01:35:00 -------- d-----w- C:\Program Files (x86)\WinWay Resume

2012-07-28 13:37:36 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2012-07-28 13:37:36 18912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll

2012-07-28 13:37:35 913888 ----a-w- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

2012-07-28 13:37:35 573920 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-07-28 13:37:35 258528 ----a-w- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll

2012-07-28 13:37:35 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll

2012-07-28 13:37:35 136672 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2012-07-28 13:37:35 117728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe

2012-07-28 13:37:34 82400 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll

2012-07-28 13:37:34 425952 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll

2012-07-28 13:37:34 113120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-07-11 17:05:54 -------- d--h--w- C:\Users\Brian\AppData\Roaming\7CFEC0DE

.

==================== Find3M ====================

.

2012-08-04 21:48:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-04 21:48:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-16 11:51:10 772552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

.

============= FINISH: 7:46:46.34 ===============

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.10.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Brian :: BRIAN-PC [administrator]

8/10/2012 7:43:22 AM

mbam-log-2012-08-10 (07-43-22).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 214835

Time elapsed: 2 minute(s), 18 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[MrCharlie]

Here you go......

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

services.exe

[*]Now press the Search button

[*]When the search is complete, search.txt will also be written to your USB

[*]Type exit and reboot the computer normally

[*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

[ssff7826]

Thanks for you help, here are the logs.........

Scan result of Farbar Recovery Scan Tool Version: 08-08-2012 02

Ran by SYSTEM at 10-08-2012 08:27:52

Running from E:\

Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [McPvTray_exe] "C:\Program Files\McAfee\MAT\McPvTray.exe" [436384 2011-04-08] (McAfee, Inc.)

HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)

HKU\Brian\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)

HKU\UpdatusUser\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)

HKU\UpdatusUser\...\Run: [KB00387427.exe] "C:\Users\Brian\AppData\Roaming\KB00387427.exe" [x]

HKU\UpdatusUser\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" [x]

HKU\UpdatusUser\...\Run: [Exent_SDM] C:\Users\UpdatusUser\AppData\Local\Temp\SDM143\Free Ride Games.exe "l 'Startup' u 'http://www.freeridegames.com/do/SDMC?action=config&type=FULLSTARTUP&contentId=586350&sId=w3i_us_ron_nolaunch' p '143' c '466550'" [x]

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

==================== Services (Whitelisted) ======

2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2009-06-02] ()

2 BOT4Service; "C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe" [39408 2010-09-13] ()

2 FolderSize; "C:\Program Files\FolderSize\FolderSizeSvc.exe" [167936 2010-04-05] (Brio)

2 McAfee SiteAdvisor Service; C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [103472 2012-06-15] (McAfee, Inc.)

2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502032 2012-04-19] (McAfee, Inc.)

2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)

2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)

2 mfevtp; "C:\Windows\system32\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)

2 MOBKbackup; "C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe" [231224 2010-04-13] (McAfee, Inc.)

2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)

3 RoxMediaDB13; "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe" [1099248 2010-07-16] (Sonic Solutions)

2 TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [92592 2012-04-19] (TomTom)

========================== Drivers (Whitelisted) =============

3 bbcap; C:\Windows\System32\Drivers\bbcap.sys [4608 2012-05-08] (Windows ® Codename Longhorn DDK provider)

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)

1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-03-08] (DT Soft Ltd)

3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-06] ()

3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-06] ()

0 McPvDrv; C:\Windows\System32\Drivers\McPvDrv.sys [71800 2011-04-11] (McAfee, Inc.)

3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)

3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)

3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)

0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)

1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)

3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)

0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)

1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)

0 NBVol; C:\Windows\System32\Drivers\NBVol.sys [72240 2011-12-01] (Nero AG)

0 NBVolUp; C:\Windows\System32\Drivers\NBVolUp.sys [15920 2011-12-01] (Nero AG)

3 mfeavfk01; [x]

3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-10 03:42 - 2012-08-10 03:42 - 00607260 ____R (Swearware) C:\Users\Brian\Desktop\dds.scr

2012-08-08 12:14 - 2012-08-08 12:14 - 00000488 ____A C:\Windows\WindowsUpdate.log

2012-08-08 12:12 - 2012-08-08 12:13 - 00063050 ____A C:\Users\Brian\Downloads\FRST.txt

2012-08-08 12:09 - 2012-08-08 12:12 - 00000000 ____D C:\FRST

2012-08-08 12:09 - 2012-08-08 12:09 - 01439705 ____A (Farbar) C:\Users\Brian\Downloads\FRST64.exe

2012-08-08 11:47 - 2012-08-08 11:47 - 00347424 ____A (Microsoft Corporation) C:\Users\Brian\Downloads\MicrosoftFixit.wu.MATSKB.Run.exe

2012-08-08 09:13 - 2012-08-08 09:13 - 00868245 ____A C:\Users\Brian\Downloads\pic.zip

2012-08-06 18:18 - 2012-08-06 18:25 - 58060164 ____A C:\Users\Brian\Downloads\ATB_580.rar

2012-08-06 17:40 - 2012-08-10 04:18 - 00002842 ____A C:\Windows\PFRO.log

2012-08-06 17:39 - 2012-08-06 17:49 - 00000000 ____D C:\TDSSKiller_Quarantine

2012-08-06 17:37 - 2012-08-06 17:37 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Brian\Downloads\tdsskiller.exe

2012-08-06 17:36 - 2012-08-06 17:36 - 00693235 ____A (Farbar) C:\Users\Brian\Downloads\FSS.exe

2012-08-06 17:35 - 2012-08-06 17:35 - 00000041 ___RH C:\Users\Brian\Downloads\stinger.opt

2012-08-06 17:29 - 2012-08-06 17:35 - 00000000 ____D C:\Program Files (x86)\stinger

2012-08-06 17:29 - 2012-08-06 17:29 - 09769576 ____A (McAfee Inc.) C:\Users\Brian\Downloads\stinger.exe

2012-08-06 17:29 - 2012-08-06 17:29 - 00016200 ____A (McAfee, Inc.) C:\Windows\stinger.sys

2012-08-06 17:11 - 2012-08-10 04:18 - 00001186 ____A C:\Windows\setupact.log

2012-08-06 17:11 - 2012-08-06 17:11 - 00291632 ____A C:\Windows\Minidump\080612-49842-01.dmp

2012-08-06 17:11 - 2012-08-06 17:11 - 00000000 ____A C:\Windows\setuperr.log

2012-08-06 17:10 - 2012-08-06 17:10 - 1790619185 ____A C:\Windows\MEMORY.DMP

2012-08-06 11:55 - 2012-08-06 11:55 - 00000000 ____D C:\Users\Brian\Downloads\13

2012-08-06 11:55 - 2012-08-06 11:55 - 00000000 ____D C:\Users\Brian\Downloads\07(1)

2012-08-06 11:55 - 2012-08-06 11:55 - 00000000 ____D C:\Users\Brian\Downloads\07

2012-08-06 11:54 - 2012-08-06 11:55 - 00000000 ____D C:\Users\Brian\Downloads\t.d.k.r.t.x.u.u46449.RMTeam

2012-08-06 11:54 - 2012-08-06 11:54 - 00000000 ____D C:\Users\Brian\Downloads\T.D.K.R

2012-08-06 11:53 - 2012-08-06 11:54 - 00000000 ____D C:\Users\Brian\Downloads\Nat493

2012-08-06 11:52 - 2012-08-06 11:52 - 00000000 ____D C:\Users\Brian\Downloads\LadOwn320.iZm420

2012-08-06 11:52 - 2012-08-06 11:52 - 00000000 ____D C:\Users\Brian\Downloads\Katerina520

2012-08-06 11:52 - 2012-08-06 11:52 - 00000000 ____D C:\Users\Brian\Downloads\k1e1l1l1y.mp4

2012-08-06 11:51 - 2012-08-06 11:51 - 00000000 ____D C:\Users\Brian\Downloads\h1o1l1l1y1.mp4

2012-08-06 11:50 - 2012-08-06 21:08 - 00000000 ____D C:\Users\Brian\Downloads\At.the.Concert.Hall.Lady.Antebellum.480p.HDTV.x264-mSD

2012-08-06 11:50 - 2012-08-06 11:51 - 00000000 ____D C:\Users\Brian\Downloads\Erica3675

2012-08-06 11:50 - 2012-08-06 11:50 - 00000000 ____D C:\Users\Brian\Downloads\a1v1a1a.mp4

2012-08-06 11:50 - 2012-08-06 11:50 - 00000000 ____D C:\Users\Brian\Downloads\A1s1h1l1e1y.mp4

2012-08-06 11:50 - 2012-08-06 11:50 - 00000000 ____D C:\Users\Brian\Downloads\14(1)

2012-08-06 11:50 - 2012-08-06 11:50 - 00000000 ____D C:\Users\Brian\Downloads\14

2012-08-06 11:50 - 2012-08-06 11:50 - 00000000 ____D C:\Users\Brian\Downloads\13(1)

2012-08-06 11:39 - 2012-08-06 11:47 - 74585124 ____A C:\Users\Brian\Downloads\Gr-My-Am-tr-Che-a-t-Wi-fe-An-d-2Bl-a-ck_xvid.avi

2012-08-06 09:28 - 2012-08-06 09:53 - 159400616 ____A C:\Users\Brian\Downloads\Gr-Bl-a-ck-Di-ck-Fo-r-Na-s-ty-Wh-i-teMa-tr-e-_xvid.avi

2012-08-06 06:08 - 2012-08-06 06:09 - 09125918 ____A C:\Users\Brian\Downloads\Gr-Ho-rny-Bi-g-Bu-tt-e-d-Wi-fe-Ta-ke-s-In-The--As-On-Pub-l_xvid.avi

2012-08-05 14:18 - 2012-08-05 14:29 - 00000000 ____D C:\Users\Brian\Desktop\New folder (2)

2012-08-05 12:59 - 2012-08-05 13:06 - 63852774 ____A C:\Users\Brian\Downloads\Gr-Am-tr-Ma-tr-e-Expo-s-e-Fo-r-Yo-u-n-g-Ne-i-gh-b-o-r_xvid.avi

2012-08-05 10:34 - 2012-08-05 10:47 - 1536656844 ____A C:\Users\Brian\Downloads\The Amazing Spider-man 2012 TS FULL NeW SOURCE READNFO XviD - ILLUMINATI.avi

2012-07-31 05:26 - 2012-07-31 05:26 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-30 12:57 - 2012-07-30 12:57 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-07-30 09:49 - 2012-07-30 09:54 - 121630352 ____A C:\Users\Brian\Downloads\video_26376.flv

2012-07-30 09:49 - 2012-07-30 09:52 - 70167151 ____A C:\Users\Brian\Downloads\video_26304.flv

2012-07-30 09:45 - 2012-07-30 09:46 - 36593106 ____A C:\Users\Brian\Downloads\video_26803.flv

2012-07-30 09:30 - 2012-07-30 09:30 - 10926080 ____A C:\Users\Brian\Downloads\1170 Only Tease.avi

2012-07-30 09:21 - 2012-07-30 09:21 - 00000000 ____D C:\Users\Brian\Downloads\New folder

2012-07-30 09:19 - 2012-07-30 09:20 - 11008144 ____A C:\Users\Brian\Downloads\1165 Only Tease.wmv

2012-07-30 09:19 - 2012-07-30 09:20 - 10993664 ____A C:\Users\Brian\Downloads\1166 Only Tease.avi

2012-07-30 09:19 - 2012-07-30 09:20 - 10850304 ____A C:\Users\Brian\Downloads\1172 Only Tease.avi

2012-07-30 09:19 - 2012-07-22 08:28 - 00000110 ____A C:\Users\Brian\Downloads\www.moyo.com.url

2012-07-30 09:19 - 2012-07-22 08:27 - 00000109 ____A C:\Users\Brian\Downloads\www.loofiles.com.url

2012-07-30 09:01 - 2012-07-30 09:01 - 09611264 ____A C:\Users\Brian\Downloads\1209 Only Tease.avi

2012-07-30 09:00 - 2012-07-30 09:01 - 09869312 ____A C:\Users\Brian\Downloads\1205 Only Tease.avi

2012-07-30 09:00 - 2012-07-30 09:01 - 09748480 ____A C:\Users\Brian\Downloads\1207 Only Tease.avi

2012-07-30 08:48 - 2012-07-30 09:17 - 224250619 ____A C:\Users\Brian\Downloads\k1o1r1t1n1e1yr.mp4

2012-07-30 08:44 - 2012-07-30 09:41 - 494745600 ____A C:\Users\Brian\Downloads\k1e1l1l1y.mp4.part1.rar.part

2012-07-29 08:45 - 2012-07-29 09:19 - 210754720 ____A C:\Users\Brian\Downloads\Nevena342(1).rar.part

2012-07-28 17:35 - 2012-07-28 17:36 - 00000000 ____D C:\Program Files (x86)\WinWay Resume

2012-07-28 17:12 - 2012-07-28 17:12 - 00001140 ____A C:\Users\UpdatusUser\Desktop\Grab & Burn.lnk

2012-07-28 17:12 - 2012-07-28 17:12 - 00000064 ____A C:\Windows\GPlrLanc.dat

2012-07-28 17:12 - 2012-07-28 17:12 - 00000000 ____D C:\Users\Brian\AppData\Roaming\ImgBurn

2012-07-28 16:59 - 2012-07-28 16:59 - 00000000 ____D C:\Users\Brian\Desktop\New folder

2012-07-28 16:53 - 2012-07-28 16:53 - 00087586 ____A C:\Users\Brian\Downloads\TS101953372.dotm

2012-07-28 16:53 - 2012-07-28 16:53 - 00087586 ____A C:\Users\Brian\Downloads\TS101953372(1).dotm

2012-07-28 11:41 - 2012-07-28 11:50 - 137983456 ____A C:\Users\Brian\Downloads\NTB_Cuckold_Wife.avi

2012-07-28 11:40 - 2012-07-28 11:45 - 97656511 ____A C:\Users\Brian\Downloads\NTB_IR_Tuesday_Night_BBC.flv

2012-07-24 17:39 - 2012-07-24 17:39 - 00000000 ____D C:\Users\Brian\Downloads\set745

2012-07-24 17:39 - 2012-07-24 17:39 - 00000000 ____D C:\Users\Brian\Downloads\s-166

2012-07-24 17:39 - 2012-07-24 17:39 - 00000000 ____D C:\Users\Brian\Downloads\p.456ytghj01178

2012-07-24 17:39 - 2012-07-24 17:39 - 00000000 ____D C:\Users\Brian\Downloads\Mother

2012-07-24 17:39 - 2012-07-24 17:39 - 00000000 ____D C:\Users\Brian\Downloads\HFP-317

2012-07-24 17:39 - 2012-07-24 17:39 - 00000000 ____D C:\Users\Brian\Downloads\HFP-313

2012-07-24 17:39 - 2012-07-24 17:39 - 00000000 ____D C:\Users\Brian\Downloads\HFP-304

2012-07-24 17:39 - 2012-07-24 17:39 - 00000000 ____D C:\Users\Brian\Downloads\HFP-299

2012-07-24 17:39 - 2012-07-24 17:39 - 00000000 ____D C:\Users\Brian\Downloads\HFP-298

2012-07-24 17:39 - 2012-07-24 17:39 - 00000000 ____D C:\Users\Brian\Downloads\HFP-278

2012-07-24 17:39 - 2012-07-24 17:39 - 00000000 ____D C:\Users\Brian\Downloads\HFP-268

2012-07-24 17:39 - 2012-07-24 17:39 - 00000000 ____D C:\Users\Brian\Downloads\HFP-264

2012-07-24 17:39 - 2012-07-24 17:39 - 00000000 ____D C:\Users\Brian\Downloads\aezp1383

2012-07-24 17:38 - 2012-07-24 17:38 - 00000000 ____D C:\Users\Brian\Downloads\HFP-258

2012-07-24 17:38 - 2012-07-24 17:38 - 00000000 ____D C:\Users\Brian\Downloads\HFP-246

2012-07-24 17:38 - 2012-07-24 17:38 - 00000000 ____D C:\Users\Brian\Downloads\HFP-241

2012-07-24 17:38 - 2012-07-24 17:38 - 00000000 ____D C:\Users\Brian\Downloads\HFP-234

2012-07-24 17:38 - 2012-07-24 17:38 - 00000000 ____D C:\Users\Brian\Downloads\HFP-232

2012-07-24 17:38 - 2012-07-24 17:38 - 00000000 ____D C:\Users\Brian\Downloads\HFP-223

2012-07-24 17:38 - 2012-07-24 17:38 - 00000000 ____D C:\Users\Brian\Downloads\HFP-220

2012-07-24 17:38 - 2012-07-24 17:38 - 00000000 ____D C:\Users\Brian\Downloads\HFP-218

2012-07-24 17:38 - 2012-07-24 17:38 - 00000000 ____D C:\Users\Brian\Downloads\HFP-217

2012-07-24 17:38 - 2012-07-24 17:38 - 00000000 ____D C:\Users\Brian\Downloads\HFP-215

2012-07-24 17:38 - 2012-07-24 17:38 - 00000000 ____D C:\Users\Brian\Downloads\HFP-213

2012-07-24 17:38 - 2012-07-24 17:38 - 00000000 ____D C:\Users\Brian\Downloads\HFP-212

2012-07-24 17:38 - 2012-07-24 17:38 - 00000000 ____D C:\Users\Brian\Downloads\HFP-209

2012-07-24 17:38 - 2012-07-24 17:38 - 00000000 ____D C:\Users\Brian\Downloads\HFP-198

2012-07-24 17:38 - 2012-07-24 17:38 - 00000000 ____D C:\Users\Brian\Downloads\HFP-197

2012-07-24 17:38 - 2012-07-24 17:38 - 00000000 ____D C:\Users\Brian\Downloads\HFP-185

2012-07-24 17:38 - 2012-07-24 17:38 - 00000000 ____D C:\Users\Brian\Downloads\Esme33

2012-07-24 17:38 - 2012-07-24 17:38 - 00000000 ____D C:\Users\Brian\Downloads\Emiliana65

2012-07-24 17:38 - 2012-07-24 17:38 - 00000000 ____D C:\Users\Brian\Downloads\Daria47

2012-07-24 17:38 - 2012-07-24 17:38 - 00000000 ____D C:\Users\Brian\Downloads\Daphne38

2012-07-24 17:35 - 2012-07-24 17:35 - 00000000 ____D C:\Users\Brian\Downloads\Ct & sx Tn GF

2012-07-24 17:34 - 2012-07-24 17:35 - 00000000 ____D C:\Users\Brian\Downloads\ATB_1049

2012-07-24 17:34 - 2012-07-24 17:34 - 00000000 ____D C:\Users\Brian\Downloads\up-skrt

2012-07-24 17:34 - 2012-07-24 17:34 - 00000000 ____D C:\Users\Brian\Downloads\ATB_1024

2012-07-24 17:34 - 2012-07-24 17:34 - 00000000 ____D C:\Users\Brian\Downloads\Anna167

2012-07-24 17:34 - 2012-07-24 17:34 - 00000000 ____D C:\Users\Brian\Downloads\Ams9dfc-668

2012-07-24 17:34 - 2012-07-24 17:34 - 00000000 ____D C:\Users\Brian\Downloads\Amature h@rdcore set 1225

2012-07-24 17:34 - 2012-07-24 17:34 - 00000000 ____D C:\Users\Brian\Downloads\Amature h@rdcore set 1209

2012-07-24 17:34 - 2012-07-24 17:34 - 00000000 ____D C:\Users\Brian\Downloads\Amature h@rdcore set 1197

2012-07-24 17:34 - 2012-07-24 17:34 - 00000000 ____D C:\Users\Brian\Downloads\Amature h@rdcore set 1196

2012-07-24 17:34 - 2012-07-24 17:34 - 00000000 ____D C:\Users\Brian\Downloads\Amature h@rdcore set 1151

2012-07-24 17:34 - 2012-07-24 17:34 - 00000000 ____D C:\Users\Brian\Downloads\Amature h@rdcore set 1141

2012-07-24 17:34 - 2012-07-24 17:34 - 00000000 ____D C:\Users\Brian\Downloads\Amature h@rdcore set 1137

2012-07-24 17:34 - 2012-07-24 17:34 - 00000000 ____D C:\Users\Brian\Downloads\Amature h@rdcore set 1136

2012-07-24 17:34 - 2012-07-24 17:34 - 00000000 ____D C:\Users\Brian\Downloads\Amature h@rdcore set 1123

2012-07-24 17:34 - 2012-07-24 17:34 - 00000000 ____D C:\Users\Brian\Downloads\Amature h@rdcore set 1101

2012-07-24 17:34 - 2012-07-24 17:34 - 00000000 ____D C:\Users\Brian\Downloads\Amature h@rdcore set 1082

2012-07-24 17:34 - 2012-07-24 17:34 - 00000000 ____D C:\Users\Brian\Downloads\amateurpics2

2012-07-24 17:34 - 2012-07-24 17:34 - 00000000 ____D C:\Users\Brian\Downloads\a-fun0987y6tr717

2012-07-24 17:34 - 2012-07-24 17:34 - 00000000 ____D C:\Users\Brian\Downloads\aezp1391

2012-07-24 17:34 - 2012-07-24 17:34 - 00000000 ____D C:\Users\Brian\Downloads\aezp1389

2012-07-24 17:34 - 2012-07-24 17:34 - 00000000 ____D C:\Users\Brian\Downloads\544

2012-07-24 17:34 - 2012-07-24 17:34 - 00000000 ____D C:\Users\Brian\Downloads\241

2012-07-24 17:34 - 2012-07-24 17:34 - 00000000 ____D C:\Users\Brian\Downloads\1213_2595

2012-07-24 17:34 - 2012-07-24 17:34 - 00000000 ____D C:\Users\Brian\Downloads\1133_plk.00019s+

2012-07-24 12:28 - 2012-07-24 12:34 - 67623808 ____A C:\Users\Brian\Downloads\HomeVideo287.wmv

2012-07-24 12:28 - 2012-07-24 12:32 - 45663396 ____A C:\Users\Brian\Downloads\HomeVideo270.avi

2012-07-24 12:27 - 2012-07-24 12:31 - 56201141 ____A C:\Users\Brian\Downloads\HomeVideo324.wmv

2012-07-24 12:27 - 2012-07-24 12:31 - 54097029 ____A C:\Users\Brian\Downloads\HomeVideo284.wmv

2012-07-24 12:26 - 2012-07-24 12:30 - 56759234 ____A C:\Users\Brian\Downloads\HomeVideo333.avi

2012-07-24 12:23 - 2012-07-24 12:55 - 684380240 ____A C:\Users\Brian\Downloads\Olga_-_When__tasy_Becomes_Reality.avi

2012-07-21 16:41 - 2012-07-21 17:15 - 407814755 ____A C:\Users\Brian\Downloads\153 FST(1).wmv

2012-07-20 17:16 - 2012-07-20 17:35 - 102578798 ____A C:\Users\Brian\Downloads\32_xvid.avi

2012-07-20 17:15 - 2012-07-20 17:32 - 142839554 ____A C:\Users\Brian\Downloads\27.avi

2012-07-20 17:13 - 2012-07-20 17:48 - 199889036 ____A C:\Users\Brian\Downloads\39.avi

2012-07-20 17:13 - 2012-07-20 17:42 - 169647702 ____A C:\Users\Brian\Downloads\52.avi

2012-07-20 17:12 - 2012-07-20 17:26 - 194888784 ____A C:\Users\Brian\Downloads\34.avi

2012-07-20 16:56 - 2012-07-20 17:35 - 407814755 ____A C:\Users\Brian\Downloads\153 FST.wmv

2012-07-20 10:40 - 2012-07-20 11:06 - 392510503 ____A C:\Users\Brian\Downloads\180 FST.wmv

2012-07-20 10:40 - 2012-07-20 11:00 - 394510449 ____A C:\Users\Brian\Downloads\176 FST.wmv

2012-07-20 09:34 - 2012-07-20 10:13 - 384062475 ____A C:\Users\Brian\Downloads\186 FST.wmv

2012-07-20 09:34 - 2012-07-20 10:07 - 383590284 ____A C:\Users\Brian\Downloads\187 FST.wmv

2012-07-20 09:34 - 2012-07-20 10:01 - 379310203 ____A C:\Users\Brian\Downloads\195 FST.wmv

2012-07-20 09:31 - 2012-07-20 10:11 - 378822173 ____A C:\Users\Brian\Downloads\197 FST.wmv

2012-07-20 09:31 - 2012-07-20 10:11 - 376950254 ____A C:\Users\Brian\Downloads\198 FST.wmv

2012-07-20 09:31 - 2012-07-20 10:10 - 338661279 ____A C:\Users\Brian\Downloads\242 FST.wmv

2012-07-20 09:29 - 2012-07-20 10:05 - 325316949 ____A C:\Users\Brian\Downloads\252 FST.wmv

2012-07-20 09:29 - 2012-07-20 09:58 - 325564877 ____A C:\Users\Brian\Downloads\251 FST.wmv

2012-07-20 09:28 - 2012-07-20 09:46 - 106797569 ____A C:\Users\Brian\Downloads\275 FST.wmv

2012-07-20 09:28 - 2012-07-20 09:45 - 115904498 ____A C:\Users\Brian\Downloads\269 FST.wmv

2012-07-20 09:28 - 2012-07-20 09:43 - 123648290 ____A C:\Users\Brian\Downloads\268 FST.wmv

2012-07-20 09:28 - 2012-07-20 09:37 - 140487412 ____A C:\Users\Brian\Downloads\267 FST.wmv

2012-07-20 09:27 - 2012-07-20 09:38 - 102754644 ____A C:\Users\Brian\Downloads\280 FST.wmv

2012-07-20 09:18 - 2012-07-20 09:49 - 376103093 ____A C:\Users\Brian\Downloads\10.wmv

2012-07-19 09:17 - 2012-06-18 08:50 - 257181849 ____A C:\Users\Brian\Downloads\Mother Knows Best (1).wmv

2012-07-19 07:50 - 2012-07-19 08:45 - 995022514 ____A C:\Users\Brian\Downloads\3617Am.avi

2012-07-19 07:50 - 2012-07-19 08:03 - 265107200 ____A C:\Users\Brian\Downloads\3612Am.avi

2012-07-19 07:49 - 2012-07-19 08:09 - 337979812 ____A C:\Users\Brian\Downloads\3642Am.avi

2012-07-19 07:48 - 2012-07-19 08:03 - 327384212 ____A C:\Users\Brian\Downloads\3657Am.avi

2012-07-19 03:12 - 2012-08-08 11:53 - 00000000 ____D C:\Users\Brian\Desktop\Brians Folder

2012-07-17 08:38 - 2012-07-17 08:38 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2012-07-17 08:38 - 2012-07-17 08:38 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat

2012-07-17 08:38 - 2012-07-17 08:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-07-17 08:38 - 2012-07-17 08:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-07-17 08:38 - 2012-07-17 08:38 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-07-17 08:38 - 2012-07-17 08:38 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-07-17 08:38 - 2012-07-17 08:38 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

2012-07-17 08:38 - 2012-07-17 08:38 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2012-07-17 08:38 - 2012-07-17 08:38 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-07-17 08:38 - 2012-07-17 08:38 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe

2012-07-17 08:38 - 2012-07-17 08:38 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe

2012-07-17 08:38 - 2012-07-17 08:38 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2012-07-17 08:38 - 2012-07-17 08:38 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2012-07-17 08:38 - 2012-07-17 08:38 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-07-17 08:38 - 2012-07-17 08:38 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe

2012-07-17 08:38 - 2012-07-17 08:38 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2012-07-17 08:38 - 2012-07-17 08:38 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2012-07-17 08:38 - 2012-07-17 08:38 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2012-07-17 08:38 - 2012-07-17 08:38 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx

2012-07-17 08:38 - 2012-07-17 08:38 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2012-07-17 08:38 - 2012-07-17 08:38 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe

2012-07-17 08:38 - 2012-07-17 08:38 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2012-07-17 08:38 - 2012-07-17 08:38 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe

2012-07-17 08:38 - 2012-07-17 08:38 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2012-07-17 08:38 - 2012-07-17 08:38 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2012-07-17 08:38 - 2012-07-17 08:38 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2012-07-17 03:18 - 2012-07-17 03:18 - 17392760 ____A (Mozilla) C:\Users\Brian\Desktop\Firefox Setup 14.0b12.exe

2012-07-15 12:14 - 2012-07-15 11:52 - 00036301 ____A C:\Users\Brian\Desktop\TS102806329 - Copy.dotx

2012-07-15 11:52 - 2012-07-15 11:52 - 00036301 ____A C:\Users\Brian\Desktop\TS102806329.dotx

2012-07-15 11:52 - 2012-07-15 11:52 - 00029959 ____A C:\Users\Brian\Desktop\TS101896176.dotx

2012-07-15 11:52 - 2012-07-15 11:52 - 00024729 ____A C:\Users\Brian\Desktop\TS102805643.dotx

2012-07-15 11:51 - 2012-07-15 11:51 - 00032576 ____A C:\Users\Brian\Desktop\TS030008068.dotx

2012-07-11 11:45 - 2012-07-11 12:23 - 288185950 ____A C:\Users\Brian\Downloads\amateur0047.avi

2012-07-11 09:38 - 2012-07-11 10:06 - 303120965 ____A C:\Users\Brian\Downloads\19.wmv

2012-07-11 09:38 - 2012-07-11 10:06 - 241682069 ____A C:\Users\Brian\Downloads\7.wmv

2012-07-11 09:38 - 2012-07-11 09:58 - 159450717 ____A C:\Users\Brian\Downloads\5.wmv

2012-07-11 09:38 - 2012-07-11 09:50 - 111751439 ____A C:\Users\Brian\Downloads\2.wmv

2012-07-11 09:38 - 2012-07-11 09:49 - 86382028 ____A C:\Users\Brian\Downloads\1.wmv

2012-07-11 09:37 - 2012-07-11 09:51 - 136574982 ____A C:\Users\Brian\Downloads\25.avi

2012-07-11 09:35 - 2012-07-11 10:15 - 232605456 ____A C:\Users\Brian\Downloads\amateur0047.avi.part

2012-07-11 09:34 - 2012-07-11 09:57 - 221704192 ____A C:\Users\Brian\Downloads\10.avi

2012-07-11 09:34 - 2012-07-11 09:54 - 148824802 ____A C:\Users\Brian\Downloads\79.avi

2012-07-11 09:33 - 2012-07-11 11:53 - 548241654 ____A C:\Users\Brian\Downloads\9.wmv

2012-07-11 09:30 - 2012-07-11 09:48 - 168210234 ____A C:\Users\Brian\Downloads\11_xvid.avi

2012-07-11 09:30 - 2012-07-11 09:31 - 31901928 ____A C:\Users\Brian\Downloads\10_xvid.avi

2012-07-11 09:23 - 2012-07-11 09:26 - 44713580 ____A C:\Users\Brian\Downloads\DSP_0124.wmv

2012-07-11 09:16 - 2012-07-31 05:18 - 00001134 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2012-07-11 09:05 - 2012-07-21 12:20 - 00000000 ___HD C:\Users\Brian\AppData\Roaming\7CFEC0DE

============ 3 Months Modified Files ========================

2012-08-10 04:19 - 2012-05-12 07:20 - 00000414 ____A C:\Windows\Tasks\PC Optimizer Pro64 startups.job

2012-08-10 04:18 - 2012-08-06 17:40 - 00002842 ____A C:\Windows\PFRO.log

2012-08-10 04:18 - 2012-08-06 17:11 - 00001186 ____A C:\Windows\setupact.log

2012-08-10 04:18 - 2012-05-08 18:47 - 00000031 ____A C:\Windows\System32\bbcap.err

2012-08-10 04:18 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-10 04:14 - 2009-07-13 21:13 - 00729642 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-10 03:48 - 2012-03-08 12:41 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-08-10 03:42 - 2012-08-10 03:42 - 00607260 ____R (Swearware) C:\Users\Brian\Desktop\dds.scr

2012-08-10 03:28 - 2009-07-13 20:45 - 00022736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-10 03:28 - 2009-07-13 20:45 - 00022736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-08 12:14 - 2012-08-08 12:14 - 00000488 ____A C:\Windows\WindowsUpdate.log

2012-08-08 12:13 - 2012-08-08 12:12 - 00063050 ____A C:\Users\Brian\Downloads\FRST.txt

2012-08-08 12:09 - 2012-08-08 12:09 - 01439705 ____A (Farbar) C:\Users\Brian\Downloads\FRST64.exe

2012-08-08 11:47 - 2012-08-08 11:47 - 00347424 ____A (Microsoft Corporation) C:\Users\Brian\Downloads\MicrosoftFixit.wu.MATSKB.Run.exe

2012-08-08 09:13 - 2012-08-08 09:13 - 00868245 ____A C:\Users\Brian\Downloads\pic.zip

2012-08-06 18:25 - 2012-08-06 18:18 - 58060164 ____A C:\Users\Brian\Downloads\ATB_580.rar

2012-08-06 17:37 - 2012-08-06 17:37 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Brian\Downloads\tdsskiller.exe

2012-08-06 17:36 - 2012-08-06 17:36 - 00693235 ____A (Farbar) C:\Users\Brian\Downloads\FSS.exe

2012-08-06 17:35 - 2012-08-06 17:35 - 00000041 ___RH C:\Users\Brian\Downloads\stinger.opt

2012-08-06 17:29 - 2012-08-06 17:29 - 09769576 ____A (McAfee Inc.) C:\Users\Brian\Downloads\stinger.exe

2012-08-06 17:29 - 2012-08-06 17:29 - 00016200 ____A (McAfee, Inc.) C:\Windows\stinger.sys

2012-08-06 17:11 - 2012-08-06 17:11 - 00291632 ____A C:\Windows\Minidump\080612-49842-01.dmp

2012-08-06 17:11 - 2012-08-06 17:11 - 00000000 ____A C:\Windows\setuperr.log

2012-08-06 17:10 - 2012-08-06 17:10 - 1790619185 ____A C:\Windows\MEMORY.DMP

2012-08-06 11:47 - 2012-08-06 11:39 - 74585124 ____A C:\Users\Brian\Downloads\Gr-My-Am-tr-Che-a-t-Wi-fe-An-d-2Bl-a-ck_xvid.avi

2012-08-06 09:53 - 2012-08-06 09:28 - 159400616 ____A C:\Users\Brian\Downloads\Gr-Bl-a-ck-Di-ck-Fo-r-Na-s-ty-Wh-i-teMa-tr-e-_xvid.avi

2012-08-06 06:09 - 2012-08-06 06:08 - 09125918 ____A C:\Users\Brian\Downloads\Gr-Ho-rny-Bi-g-Bu-tt-e-d-Wi-fe-Ta-ke-s-In-The--As-On-Pub-l_xvid.avi

2012-08-05 13:06 - 2012-08-05 12:59 - 63852774 ____A C:\Users\Brian\Downloads\Gr-Am-tr-Ma-tr-e-Expo-s-e-Fo-r-Yo-u-n-g-Ne-i-gh-b-o-r_xvid.avi

2012-08-05 10:47 - 2012-08-05 10:34 - 1536656844 ____A C:\Users\Brian\Downloads\The Amazing Spider-man 2012 TS FULL NeW SOURCE READNFO XviD - ILLUMINATI.avi

2012-08-04 13:48 - 2012-03-08 12:41 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-04 13:48 - 2012-03-08 10:02 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-31 06:53 - 2012-04-22 08:49 - 00327680 ____A C:\Windows\System32\Ikeext.etl

2012-07-31 05:26 - 2012-07-31 05:26 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-31 05:18 - 2012-07-11 09:16 - 00001134 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2012-07-30 12:46 - 2009-07-13 20:45 - 00459352 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-30 09:54 - 2012-07-30 09:49 - 121630352 ____A C:\Users\Brian\Downloads\video_26376.flv

2012-07-30 09:52 - 2012-07-30 09:49 - 70167151 ____A C:\Users\Brian\Downloads\video_26304.flv

2012-07-30 09:46 - 2012-07-30 09:45 - 36593106 ____A C:\Users\Brian\Downloads\video_26803.flv

2012-07-30 09:41 - 2012-07-30 08:44 - 494745600 ____A C:\Users\Brian\Downloads\k1e1l1l1y.mp4.part1.rar.part

2012-07-30 09:30 - 2012-07-30 09:30 - 10926080 ____A C:\Users\Brian\Downloads\1170 Only Tease.avi

2012-07-30 09:20 - 2012-07-30 09:19 - 11008144 ____A C:\Users\Brian\Downloads\1165 Only Tease.wmv

2012-07-30 09:20 - 2012-07-30 09:19 - 10993664 ____A C:\Users\Brian\Downloads\1166 Only Tease.avi

2012-07-30 09:20 - 2012-07-30 09:19 - 10850304 ____A C:\Users\Brian\Downloads\1172 Only Tease.avi

2012-07-30 09:17 - 2012-07-30 08:48 - 224250619 ____A C:\Users\Brian\Downloads\k1o1r1t1n1e1yr.mp4

2012-07-30 09:01 - 2012-07-30 09:01 - 09611264 ____A C:\Users\Brian\Downloads\1209 Only Tease.avi

2012-07-30 09:01 - 2012-07-30 09:00 - 09869312 ____A C:\Users\Brian\Downloads\1205 Only Tease.avi

2012-07-30 09:01 - 2012-07-30 09:00 - 09748480 ____A C:\Users\Brian\Downloads\1207 Only Tease.avi

2012-07-29 15:19 - 2012-06-17 11:53 - 00124672 ____A C:\Users\Brian\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-29 09:19 - 2012-07-29 08:45 - 210754720 ____A C:\Users\Brian\Downloads\Nevena342(1).rar.part

2012-07-28 17:12 - 2012-07-28 17:12 - 00001140 ____A C:\Users\UpdatusUser\Desktop\Grab & Burn.lnk

2012-07-28 17:12 - 2012-07-28 17:12 - 00000064 ____A C:\Windows\GPlrLanc.dat

2012-07-28 16:53 - 2012-07-28 16:53 - 00087586 ____A C:\Users\Brian\Downloads\TS101953372.dotm

2012-07-28 16:53 - 2012-07-28 16:53 - 00087586 ____A C:\Users\Brian\Downloads\TS101953372(1).dotm

2012-07-28 11:50 - 2012-07-28 11:41 - 137983456 ____A C:\Users\Brian\Downloads\NTB_Cuckold_Wife.avi

2012-07-28 11:45 - 2012-07-28 11:40 - 97656511 ____A C:\Users\Brian\Downloads\NTB_IR_Tuesday_Night_BBC.flv

2012-07-24 12:55 - 2012-07-24 12:23 - 684380240 ____A C:\Users\Brian\Downloads\Olga_-_When__tasy_Becomes_Reality.avi

2012-07-24 12:34 - 2012-07-24 12:28 - 67623808 ____A C:\Users\Brian\Downloads\HomeVideo287.wmv

2012-07-24 12:32 - 2012-07-24 12:28 - 45663396 ____A C:\Users\Brian\Downloads\HomeVideo270.avi

2012-07-24 12:31 - 2012-07-24 12:27 - 56201141 ____A C:\Users\Brian\Downloads\HomeVideo324.wmv

2012-07-24 12:31 - 2012-07-24 12:27 - 54097029 ____A C:\Users\Brian\Downloads\HomeVideo284.wmv

2012-07-24 12:30 - 2012-07-24 12:26 - 56759234 ____A C:\Users\Brian\Downloads\HomeVideo333.avi

2012-07-22 08:28 - 2012-07-30 09:19 - 00000110 ____A C:\Users\Brian\Downloads\www.moyo.com.url

2012-07-22 08:27 - 2012-07-30 09:19 - 00000109 ____A C:\Users\Brian\Downloads\www.loofiles.com.url

2012-07-21 17:15 - 2012-07-21 16:41 - 407814755 ____A C:\Users\Brian\Downloads\153 FST(1).wmv

2012-07-20 17:48 - 2012-07-20 17:13 - 199889036 ____A C:\Users\Brian\Downloads\39.avi

2012-07-20 17:42 - 2012-07-20 17:13 - 169647702 ____A C:\Users\Brian\Downloads\52.avi

2012-07-20 17:35 - 2012-07-20 17:16 - 102578798 ____A C:\Users\Brian\Downloads\32_xvid.avi

2012-07-20 17:35 - 2012-07-20 16:56 - 407814755 ____A C:\Users\Brian\Downloads\153 FST.wmv

2012-07-20 17:32 - 2012-07-20 17:15 - 142839554 ____A C:\Users\Brian\Downloads\27.avi

2012-07-20 17:26 - 2012-07-20 17:12 - 194888784 ____A C:\Users\Brian\Downloads\34.avi

2012-07-20 11:06 - 2012-07-20 10:40 - 392510503 ____A C:\Users\Brian\Downloads\180 FST.wmv

2012-07-20 11:00 - 2012-07-20 10:40 - 394510449 ____A C:\Users\Brian\Downloads\176 FST.wmv

2012-07-20 10:13 - 2012-07-20 09:34 - 384062475 ____A C:\Users\Brian\Downloads\186 FST.wmv

2012-07-20 10:11 - 2012-07-20 09:31 - 378822173 ____A C:\Users\Brian\Downloads\197 FST.wmv

2012-07-20 10:11 - 2012-07-20 09:31 - 376950254 ____A C:\Users\Brian\Downloads\198 FST.wmv

2012-07-20 10:10 - 2012-07-20 09:31 - 338661279 ____A C:\Users\Brian\Downloads\242 FST.wmv

2012-07-20 10:07 - 2012-07-20 09:34 - 383590284 ____A C:\Users\Brian\Downloads\187 FST.wmv

2012-07-20 10:05 - 2012-07-20 09:29 - 325316949 ____A C:\Users\Brian\Downloads\252 FST.wmv

2012-07-20 10:01 - 2012-07-20 09:34 - 379310203 ____A C:\Users\Brian\Downloads\195 FST.wmv

2012-07-20 09:58 - 2012-07-20 09:29 - 325564877 ____A C:\Users\Brian\Downloads\251 FST.wmv

2012-07-20 09:49 - 2012-07-20 09:18 - 376103093 ____A C:\Users\Brian\Downloads\10.wmv

2012-07-20 09:46 - 2012-07-20 09:28 - 106797569 ____A C:\Users\Brian\Downloads\275 FST.wmv

2012-07-20 09:45 - 2012-07-20 09:28 - 115904498 ____A C:\Users\Brian\Downloads\269 FST.wmv

2012-07-20 09:43 - 2012-07-20 09:28 - 123648290 ____A C:\Users\Brian\Downloads\268 FST.wmv

2012-07-20 09:38 - 2012-07-20 09:27 - 102754644 ____A C:\Users\Brian\Downloads\280 FST.wmv

2012-07-20 09:37 - 2012-07-20 09:28 - 140487412 ____A C:\Users\Brian\Downloads\267 FST.wmv

2012-07-19 08:45 - 2012-07-19 07:50 - 995022514 ____A C:\Users\Brian\Downloads\3617Am.avi

2012-07-19 08:09 - 2012-07-19 07:49 - 337979812 ____A C:\Users\Brian\Downloads\3642Am.avi

2012-07-19 08:03 - 2012-07-19 07:50 - 265107200 ____A C:\Users\Brian\Downloads\3612Am.avi

2012-07-19 08:03 - 2012-07-19 07:48 - 327384212 ____A C:\Users\Brian\Downloads\3657Am.avi

2012-07-17 08:38 - 2012-07-17 08:38 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2012-07-17 08:38 - 2012-07-17 08:38 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat

2012-07-17 08:38 - 2012-07-17 08:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-07-17 08:38 - 2012-07-17 08:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-07-17 08:38 - 2012-07-17 08:38 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-07-17 08:38 - 2012-07-17 08:38 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-07-17 08:38 - 2012-07-17 08:38 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

2012-07-17 08:38 - 2012-07-17 08:38 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2012-07-17 08:38 - 2012-07-17 08:38 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-07-17 08:38 - 2012-07-17 08:38 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe

2012-07-17 08:38 - 2012-07-17 08:38 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe

2012-07-17 08:38 - 2012-07-17 08:38 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2012-07-17 08:38 - 2012-07-17 08:38 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2012-07-17 08:38 - 2012-07-17 08:38 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll

2012-07-17 08:38 - 2012-07-17 08:38 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll

Farbar Recovery Scan Tool Version: 08-08-2012 02

Ran by SYSTEM at 2012-08-10 08:26:08

Running from E:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

[MrCharlie]

I'm not seeing any signs of it............

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[ssff7826]

thanks again ....here you go....

RogueKiller V7.6.5 [08/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Brian [Admin rights]

Mode: Scan -- Date: 08/10/2012 08:50:45

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{a2261181-7c57-0c29-8d4e-0f6307eb48dc}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{a2261181-7c57-0c29-8d4e-0f6307eb48dc}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{a2261181-7c57-0c29-8d4e-0f6307eb48dc}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD103SJ ATA Device +++++

--- User ---

[MBR] 23e18da31e92138a87475846472cb704

[bSP] cbc1d596e9e8904d8e011f0044e204d1 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 231900 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 475138048 | Size: 400000 Mo

3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1294338048 | Size: 321867 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive4: Generic- MS/MS-Pro/HG USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

There it is!

Run RogueKiller again and click Scan

When the scan completes > click on the Files tab

Put a check next to all of these and uncheck the rest:

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{a2261181-7c57-0c29-8d4e-0f6307eb48dc}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{a2261181-7c57-0c29-8d4e-0f6307eb48dc}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{a2261181-7c57-0c29-8d4e-0f6307eb48dc}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

Now click Delete on the right hand column under Options

------------------------------------

Then........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[ssff7826]

ComboFix 12-08-09.01 - Brian 08/10/2012 10:31:39.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.6570 [GMT -4:00]

Running from: c:\users\Brian\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

* Resident AV is active

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\iun6002.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))

.

.

2012-08-10 13:05 . 2012-08-10 13:05 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\840F.tmp

2012-08-10 13:05 . 2012-08-10 13:05 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\83FE.tmp

2012-08-08 20:09 . 2012-08-08 20:12 -------- d-----w- C:\FRST

2012-08-07 01:39 . 2012-08-07 01:49 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-07 01:29 . 2012-08-07 01:29 16200 ----a-w- c:\windows\stinger.sys

2012-08-07 01:29 . 2012-08-07 01:35 -------- d-----w- c:\program files (x86)\stinger

2012-07-30 20:57 . 2012-07-30 20:57 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-07-30 15:52 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0E5FA8EB-FA50-457F-A486-9B1BCFDC2074}\mpengine.dll

2012-07-29 07:21 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-29 01:35 . 2012-07-29 01:36 -------- d-----w- c:\program files (x86)\WinWay Resume

2012-07-29 01:12 . 2012-07-29 01:12 -------- d-----w- c:\users\Brian\AppData\Roaming\ImgBurn

2012-07-28 13:37 . 2012-07-10 23:06 18912 ----a-w- c:\program files (x86)\Mozilla Firefox\AccessibleMarshal.dll

2012-07-28 13:37 . 2012-07-10 23:05 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2012-07-28 13:37 . 2012-07-10 23:06 136672 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll

2012-07-28 13:37 . 2012-07-10 23:06 573920 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-07-28 13:37 . 2012-07-10 23:06 913888 ----a-w- c:\program files (x86)\Mozilla Firefox\firefox.exe

2012-07-28 13:37 . 2012-07-10 23:06 258528 ----a-w- c:\program files (x86)\Mozilla Firefox\freebl3.dll

2012-07-28 13:37 . 2012-07-10 23:06 117728 ----a-w- c:\program files (x86)\Mozilla Firefox\crashreporter.exe

2012-07-28 13:37 . 2012-07-10 23:05 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll

2012-07-28 13:37 . 2012-07-10 23:06 82400 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll

2012-07-28 13:37 . 2012-07-10 23:06 425952 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll

2012-07-28 13:37 . 2012-07-10 23:06 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-07-11 17:05 . 2012-07-21 20:20 -------- d--h--w- c:\users\Brian\AppData\Roaming\7CFEC0DE

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-04 21:48 . 2012-03-08 20:41 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-04 21:48 . 2012-03-08 18:02 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-11 07:02 . 2012-03-08 17:19 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-03 17:46 . 2012-03-08 20:45 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-12 03:08 . 2012-07-11 07:06 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-06-09 05:43 . 2012-07-11 04:39 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 06:06 . 2012-07-11 04:39 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-11 04:39 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-11 04:39 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-11 04:39 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-11 04:39 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-11 04:39 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-02 22:19 . 2012-06-22 01:23 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 01:24 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 01:24 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 01:24 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 01:23 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 01:24 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 01:23 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-22 01:23 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-22 01:23 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 05:50 . 2012-07-11 04:39 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-11 04:39 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:48 . 2012-07-11 04:39 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:45 . 2012-07-11 04:39 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-11 04:39 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-11 04:39 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-11 04:39 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-11 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-11 04:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-05-16 11:51 . 2012-05-16 11:51 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-07-16 354288]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-28 114144]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]

R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-07-16 1099248]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-08 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-04-11 71800]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]

S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]

S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [2009-06-02 27120]

S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [2009-06-02 19952]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-08 283200]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]

S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 66040]

S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [2009-06-02 27632]

S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-06-03 457200]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-09-13 39408]

S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-06-15 103472]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]

S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-04-20 92592]

S3 bbcap;bb_capture_driver;c:\windows\system32\DRIVERS\bbcap.sys [2012-05-08 4608]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]

S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2009-04-30 15896]

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-04-30 327576]

S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2008-07-26 50072]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2011-03-04 16:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-08 21:48]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]

@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"

[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]

2010-04-14 00:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]

@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"

[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]

2010-04-14 00:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]

@="{b4caf489-1eec-c617-49ad-8d7088598c06}"

[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]

2010-04-14 00:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 436384]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\ef7s84f0.default\

FF - prefs.js: browser.startup.homepage - espn.com

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{a8dbeac4-5f57-c394-05ad-43727e71ad63} - (no file)

SafeBoot-MsMpSvc

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,

eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c

"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,

0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70

"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,

06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,

79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25

"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,

b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:36,04,4c,f5,a1,68,cd,01

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

.

**************************************************************************

.

Completion time: 2012-08-10 10:44:43 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-10 14:44

.

Pre-Run: 50,823,663,616 bytes free

Post-Run: 50,630,791,168 bytes free

.

- - End Of File - - 860864219AA9174F6AD632009768D1FB

[MrCharlie]

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

* Resident AV is active

Looks like you're running two anti-virus programs:

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

------------------------------

Looks Good.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[ssff7826]

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.10.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Brian :: BRIAN-PC [administrator]

8/10/2012 11:20:11 AM

mbam-log-2012-08-10 (11-20-11).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 218043

Time elapsed: 2 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Thank you greatly for your help Brian

[MrCharlie]

How is it??? MrC

[ssff7826]

no signs after any scans

[MrCharlie]

Great

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!