Solved zeroaccess.ee and eh

rizzla · 2012/06/19

[Resolved] zeroaccess.ee and eh

I am getting continual messages from Mcafee real time scan. detected trojan no further action necessary.Always ZeroAccess and zeroaccess.ee and eh and other similar messages.Which it does quarantine but wont solve issue. Comes up with repaired/removed.
Started with the security shield which installed onto my system.Then i got hit with the zero access.Security shield i managed to remove .
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.12.05

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
jean :: JAMES-PC [limited]

12/06/2012 15:45:33
mbam-log-2012-06-12 (15-45-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191239
Time elapsed: 5 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|aadub (Trojan.FakeAlert) -> Data: C:\Users\jean\AppData\Local\aadub.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\jean\AppData\Local\aadub.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)
Heres another one.
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.12.05

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
jean :: JAMES-PC [limited]

16/06/2012 20:07:37
mbam-log-2012-06-16 (20-07-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190971
Time elapsed: 5 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCR\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Bad: (C:\Users\jean\AppData\Local\{93a668a7-6af6-2a40-13ab-1cfd8bb267d1}\n.) Good: (%SystemRoot%\system32\shell32.dll) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Tried all manner all things like TDDSSKILLLER .But any way.
GMBR wont work just crashes my computer with a blue screen.

aswmbr
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-20 00:20:45
-----------------------------
00:20:45.213 OS Version: Windows 6.0.6002 Service Pack 2
00:20:45.213 Number of processors: 2 586 0x4802
00:20:45.213 ComputerName: JAMES-PC UserName: james
00:21:04.572 Initialize success
00:21:49.180 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000073
00:21:49.195 Disk 0 Vendor: TOSHIBA_ DL03 Size: 152627MB BusType: 8
00:21:49.211 Disk 0 MBR read successfully
00:21:49.211 Disk 0 MBR scan
00:21:49.227 Disk 0 unknown MBR code
00:21:49.227 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 144255 MB offset 63
00:21:49.258 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8369 MB offset 295435350
00:21:49.273 Disk 0 scanning sectors +312576705
00:21:49.351 Disk 0 scanning C:\Windows\system32\drivers
00:21:59.647 Service scanning
00:22:33.079 Modules scanning
00:22:43.484 Disk 0 trace - called modules:
00:22:43.516 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor.sys
00:22:43.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865bd778]
00:22:43.547 3 CLASSPNP.SYS[88dab8b3] -> nt!IofCallDriver -> [0x84c0ed28]
00:22:43.547 5 acpi.sys[886176bc] -> nt!IofCallDriver -> \Device\00000073[0x8500caf0]
00:22:43.562 Scan finished successfully
00:23:19.895 Disk 0 MBR has been saved successfully to "C:\Users\jean\Desktop\MBR.dat "
00:23:19.926 The log file has been saved successfully to "C:\Users\jean\Desktop\aswMBR.txt "

Here is the dds
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by james at 14:35:44 on 2012-06-19
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.44.1033.18.1982.864 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\jean\AppData\Local\{0E3DFB9A-316D-DF29-16F5-F90AF6E1CA1D}\syshost.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Secunia\PSI\sua.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn8\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn8\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn8\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120428160751.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll "
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn6\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn8\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll "
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [HPAdvisor]
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [HPAdvisorDock]
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe "
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe "
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe "
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe "
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe "
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\users\james\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\users\james\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{770BD83B-E6B2-4185-AC61-DA89A8D16983} : NameServer = 192.168.1.254
TCP: Interfaces\{B629B98A-8FE1-41EF-AEA8-5E52EA729E0C} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{FB0CE8A0-641C-4E29-B299-66509994ACF1} : DhcpNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-16 464304]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-16 57600]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-9-21 180848]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-16 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-16 340920]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-3-20 23456]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-29 39272]
.
=============== Created Last 30 ================
.
2012-06-19 12:00:01 -------- d-----w- c:\users\james\appdata\roaming\SUPERAntiSpyware.com
2012-06-19 11:57:40 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-06-18 22:43:06 -------- d-----w- c:\users\james\appdata\roaming\FixZeroAccess
2012-06-18 22:37:23 -------- d-----w- c:\users\james\appdata\local\{62C5C8B9-FB49-47C9-8D46-098E24552E29}
2012-06-18 21:01:17 -------- d-----w- c:\program files\PC Tools
2012-06-18 20:54:10 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-06-18 20:54:09 -------- d-----w- c:\program files\common files\PC Tools
2012-06-18 20:53:32 -------- d-----w- c:\programdata\PC Tools
2012-06-18 20:53:26 -------- d-----w- c:\users\james\appdata\roaming\TestApp
2012-06-18 12:01:09 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-18 12:01:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-18 02:39:55 -------- d-----w- c:\program files\HitmanPro
2012-06-18 02:38:47 -------- d-----w- c:\programdata\HitmanPro
2012-06-18 00:50:03 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-17 16:58:38 -------- d-----w- c:\program files\iPod
2012-06-17 16:58:28 -------- d-----w- c:\program files\iTunes
2012-06-17 15:31:03 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-17 15:31:03 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-17 15:19:21 -------- d-----w- c:\users\james\appdata\local\{6B59B8EE-C923-45D8-B45C-5B578CE8439F}
2012-06-15 22:24:22 -------- d-----w- c:\users\james\appdata\local\Secunia PSI
2012-06-15 22:23:53 -------- d-----w- c:\program files\Secunia
2012-06-14 19:33:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-14 19:33:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-13 17:54:42 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 17:54:42 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 17:54:41 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 17:54:16 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 17:54:11 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 15:52:34 -------- d-----w- c:\users\james\appdata\roaming\DriverCure
2012-06-12 15:52:33 -------- d-----w- c:\users\james\appdata\roaming\SpeedyPC Software
2012-06-12 15:51:59 -------- d-----w- c:\program files\common files\SpeedyPC Software
2012-06-12 15:51:50 -------- d-----w- c:\programdata\SpeedyPC Software
2012-06-12 13:12:12 -------- d-----w- C:\sh4ldr
2012-06-12 13:12:12 -------- d-----w- c:\program files\Enigma Software Group
2012-06-12 13:11:59 -------- d-----w- c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP
2012-06-12 13:11:52 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-06-12 12:01:21 -------- d-----w- c:\users\james\appdata\roaming\Malwarebytes
2012-06-12 12:01:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
==================== Find3M ====================
.
2012-06-15 23:03:05 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-15 23:03:04 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-18 19:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 19:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39:11 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 14:40:39.87 ===============

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by james at 14:35:44 on 2012-06-19
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.44.1033.18.1982.864 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\jean\AppData\Local\{0E3DFB9A-316D-DF29-16F5-F90AF6E1CA1D}\syshost.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Secunia\PSI\sua.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn8\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn8\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn8\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120428160751.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll "
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn6\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn8\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll "
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [HPAdvisor]
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [HPAdvisorDock]
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe "
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe "
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe "
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe "
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe "
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\users\james\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\users\james\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{770BD83B-E6B2-4185-AC61-DA89A8D16983} : NameServer = 192.168.1.254
TCP: Interfaces\{B629B98A-8FE1-41EF-AEA8-5E52EA729E0C} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{FB0CE8A0-641C-4E29-B299-66509994ACF1} : DhcpNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-16 464304]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-16 57600]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-9-21 180848]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-16 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-16 340920]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-3-20 23456]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-29 39272]
.
=============== Created Last 30 ================
.
2012-06-19 12:00:01 -------- d-----w- c:\users\james\appdata\roaming\SUPERAntiSpyware.com
2012-06-19 11:57:40 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-06-18 22:43:06 -------- d-----w- c:\users\james\appdata\roaming\FixZeroAccess
2012-06-18 22:37:23 -------- d-----w- c:\users\james\appdata\local\{62C5C8B9-FB49-47C9-8D46-098E24552E29}
2012-06-18 21:01:17 -------- d-----w- c:\program files\PC Tools
2012-06-18 20:54:10 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-06-18 20:54:09 -------- d-----w- c:\program files\common files\PC Tools
2012-06-18 20:53:32 -------- d-----w- c:\programdata\PC Tools
2012-06-18 20:53:26 -------- d-----w- c:\users\james\appdata\roaming\TestApp
2012-06-18 12:01:09 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-18 12:01:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-18 02:39:55 -------- d-----w- c:\program files\HitmanPro
2012-06-18 02:38:47 -------- d-----w- c:\programdata\HitmanPro
2012-06-18 00:50:03 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-17 16:58:38 -------- d-----w- c:\program files\iPod
2012-06-17 16:58:28 -------- d-----w- c:\program files\iTunes
2012-06-17 15:31:03 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-17 15:31:03 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-17 15:19:21 -------- d-----w- c:\users\james\appdata\local\{6B59B8EE-C923-45D8-B45C-5B578CE8439F}
2012-06-15 22:24:22 -------- d-----w- c:\users\james\appdata\local\Secunia PSI
2012-06-15 22:23:53 -------- d-----w- c:\program files\Secunia
2012-06-14 19:33:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-14 19:33:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-13 17:54:42 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 17:54:42 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 17:54:41 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 17:54:16 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 17:54:11 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 15:52:34 -------- d-----w- c:\users\james\appdata\roaming\DriverCure
2012-06-12 15:52:33 -------- d-----w- c:\users\james\appdata\roaming\SpeedyPC Software
2012-06-12 15:51:59 -------- d-----w- c:\program files\common files\SpeedyPC Software
2012-06-12 15:51:50 -------- d-----w- c:\programdata\SpeedyPC Software
2012-06-12 13:12:12 -------- d-----w- C:\sh4ldr
2012-06-12 13:12:12 -------- d-----w- c:\program files\Enigma Software Group
2012-06-12 13:11:59 -------- d-----w- c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP
2012-06-12 13:11:52 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-06-12 12:01:21 -------- d-----w- c:\users\james\appdata\roaming\Malwarebytes
2012-06-12 12:01:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
==================== Find3M ====================
.
2012-06-15 23:03:05 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-15 23:03:04 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-18 19:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 19:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39:11 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 14:40:39.87 ===============
Might have explained this done this back to front.
Regards

broni · 2012/06/19

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================================

You posted DDS.txt twice.
I still need Attach.txt log.

=====================================================

Download Bootkit Remover to your desktop.

Unzip downloaded file to your Desktop.

Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.

===================================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

rizzla · 2012/06/20

re zeroaccess.ee and eh

Heres the bootkit
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: df1c10548966c4f16c540ebf80ffd180

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Done;
Press any key to quit...

Heres the combofix log
ComboFix 12-06-19.03 - james 20/06/2012 12:59:16.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1982.966 [GMT 1:00]
Running from: c:\users\james\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA277.tmp
c:\users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB2F0.tmp
c:\users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBDB4.tmp
c:\users\jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc786A.tmp
c:\users\jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8140.tmp
c:\users\jean\AppData\Roaming\002b48a9.dat
c:\users\jean\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-20 to 2012-06-20 )))))))))))))))))))))))))))))))
.
.
2012-06-20 12:22 . 2012-06-20 12:22 -------- d-----w- c:\users\james\AppData\Local\temp
2012-06-19 21:53 . 2012-06-19 21:53 17488 ----a-w- c:\windows\system32\drivers\rm.sys
2012-06-19 21:44 . 2012-06-19 21:44 -------- d-----w- c:\programdata\McAfee Security Scan
2012-06-19 21:43 . 2012-06-19 21:43 -------- d-----w- c:\program files\McAfee Security Scan
2012-06-19 17:37 . 2012-06-19 19:01 335504 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-06-19 17:05 . 2012-06-19 17:05 -------- d-----w- c:\windows\en
2012-06-19 16:59 . 2012-03-08 17:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-06-19 16:09 . 2012-06-19 16:09 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\e1d9b2851cd4e3503\MeshBetaRemover.exe
2012-06-19 16:09 . 2012-06-19 16:09 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\d9da1ed51cd4e3502\DSETUP.dll
2012-06-19 16:09 . 2012-06-19 16:09 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\d9da1ed51cd4e3502\DXSETUP.exe
2012-06-19 16:09 . 2012-06-19 16:09 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\d9da1ed51cd4e3502\dsetup32.dll
2012-06-19 12:00 . 2012-06-19 12:00 -------- d-----w- c:\users\james\AppData\Roaming\SUPERAntiSpyware.com
2012-06-19 11:57 . 2012-06-20 01:38 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-06-18 22:43 . 2012-06-18 22:43 -------- d-----w- c:\users\james\AppData\Roaming\FixZeroAccess
2012-06-18 21:01 . 2012-06-18 21:27 -------- d-----w- c:\program files\PC Tools
2012-06-18 20:54 . 2012-05-11 10:14 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-06-18 20:54 . 2012-06-18 21:27 -------- d-----w- c:\program files\Common Files\PC Tools
2012-06-18 20:53 . 2012-06-18 21:13 -------- d-----w- c:\programdata\PC Tools
2012-06-18 20:53 . 2012-06-18 20:53 -------- d-----w- c:\users\james\AppData\Roaming\TestApp
2012-06-18 12:01 . 2012-06-18 12:01 -------- d-----w- c:\users\jean\AppData\Roaming\SUPERAntiSpyware.com
2012-06-18 12:01 . 2012-06-18 12:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-18 12:01 . 2012-06-18 12:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-18 02:39 . 2012-06-18 02:39 -------- d-----w- c:\program files\HitmanPro
2012-06-18 02:38 . 2012-06-18 03:02 -------- d-----w- c:\programdata\HitmanPro
2012-06-18 00:50 . 2012-06-18 00:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-17 16:58 . 2012-06-17 16:58 -------- d-----w- c:\program files\iPod
2012-06-17 16:58 . 2012-06-17 17:03 -------- d-----w- c:\program files\iTunes
2012-06-17 15:31 . 2012-06-17 15:30 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-17 15:31 . 2012-06-17 15:30 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-16 18:18 . 2012-06-16 18:18 -------- d-----w- c:\users\jean\AppData\Local\{0E3DFB9A-316D-DF29-16F5-F90AF6E1CA1D}
2012-06-15 22:24 . 2012-06-15 22:24 -------- d-----w- c:\users\james\AppData\Local\Secunia PSI
2012-06-15 22:23 . 2012-06-15 22:23 -------- d-----w- c:\program files\Secunia
2012-06-14 19:33 . 2012-06-17 17:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-14 19:33 . 2012-06-14 19:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-13 17:54 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 17:54 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 17:54 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 17:54 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 17:54 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 15:52 . 2012-06-12 15:52 -------- d-----w- c:\users\james\AppData\Roaming\DriverCure
2012-06-12 15:52 . 2012-06-12 15:52 -------- d-----w- c:\users\james\AppData\Roaming\SpeedyPC Software
2012-06-12 15:51 . 2012-06-12 15:51 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2012-06-12 15:51 . 2012-06-12 15:52 -------- d-----w- c:\programdata\SpeedyPC Software
2012-06-12 13:12 . 2012-06-17 16:28 -------- d-----w- C:\sh4ldr
2012-06-12 13:12 . 2012-06-12 13:12 -------- d-----w- c:\program files\Enigma Software Group
2012-06-12 13:11 . 2012-06-12 13:42 -------- d-----w- c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP
2012-06-12 13:11 . 2012-06-12 13:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-06-12 12:01 . 2012-06-12 12:01 -------- d-----w- c:\users\james\AppData\Roaming\Malwarebytes
2012-06-12 12:01 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-15 23:03 . 2012-03-29 23:05 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-15 23:03 . 2011-05-25 16:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-03 08:16 . 2012-05-09 13:17 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-09 13:17 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39 . 2012-05-09 13:19 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} "= "c:\program files\Yahoo!\Companion\Installs\cpn8\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@= "{3c3f3c1a-9153-7c05-f938-622e7003894d} "
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@= "{e6ea1d7d-144e-b977-98c4-84c53c1a69d0} "
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@= "{b4caf489-1eec-c617-49ad-8d7088598c06} "
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Search Protection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"WindowsWelcomeCenter "= "oobefldr.dll" [2009-04-11 2153472]
"MobileDocuments "= "c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"LifeCam "= "c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"btbb_McciTrayApp "= "c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"YSearchProtection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YMailAdvisor "= "c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"WAWifiMessage "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"VX6000 "= "c:\windows\vVX6000.exe" [2007-04-10 996712]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
"mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
"QlbCtrl.exe "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"BCSSync "= "c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon "= "c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher "= "c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2012-03-08 4280184]
.
c:\users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [N/A]
.
c:\users\jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.271\SSScheduler.exe [2012-3-13 274328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 257696]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2011-03-31 19:09 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 23:03]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 20:21]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 20:21]
.
2011-05-21 c:\windows\Tasks\HPCeeScheduleForjames.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-20 21:23]
.
2012-06-19 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-01-30 22:17]
.
2012-06-16 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
2012-06-19 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3fda3a08-afdc-49ca-ac6b-0275e856fc8a.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-06-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c9320ecb-aeb5-46bd-b685-83e80ae6544b.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{770BD83B-E6B2-4185-AC61-DA89A8D16983}: NameServer = 192.168.1.254
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-HPAdvisor - (no file)
HKCU-Run-HPAdvisorDock - (no file)
SafeBoot-80767996.sys
SafeBoot-OneCareMP
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-20 13:22
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2012-06-20 13:32:20
ComboFix-quarantined-files.txt 2012-06-20 12:32
.
Pre-Run: 95,390,715,904 bytes free
Post-Run: 95,223,959,552 bytes free
.
- - End Of File - - 5D8F43100008A2E345ED34FD618393EA
Regards

broni · 2012/06/20

Is McAfee still complaining?

Give me fresh MBAM log.

rizzla · 2012/06/21

re zeroaccess.ee and eh

Does,nt seem to be today.
First day it has not since i first caught this malware.
But heres the MBAM log.

jean625@btinternet.com

Message flagged

Thursday, 21 June 2012, 13:50

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.19.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
jean :: JAMES-PC [limited]

21/06/2012 12:46:23
mbam-log-2012-06-21 (12-46-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197019
Time elapsed: 16 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\jean\AppData\Local\{93a668a7-6af6-2a40-13ab-1cfd8bb267d1}\n. -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Regards and thank you for your time.

broni · 2012/06/21

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

Double click on downloaded file to run it.

When the tool opens click Yes to disclaimer.

Press Scan button.

It will produce a log (FRST.txt) on your desktop.

Please copy and paste it to your reply.

rizzla · 2012/06/21

re zeroaccesss

Here is half the log-too long.Next half in following reply.
jean\AppData\Local\{9D68055C-1A4B-42FB-8EEB-3C25F5F8EEB5}
2012-05-28 13:41 - 2012-05-28 13:40 - 00000000 ____D C:\Users\jean\AppData\Local\{5DB4A436-56E8-4CFE-B715-113DC5F049C5}
2012-05-27 12:28 - 2012-05-27 12:28 - 00000000 ____D C:\Users\jean\AppData\Local\{DA0A1FDD-0FAC-49D2-8FA5-CE126571D98C}
2012-05-27 12:28 - 2012-05-27 12:28 - 00000000 ____D C:\Users\jean\AppData\Local\{7EA56000-9A22-4877-803A-5959ED52EE12}
2012-05-26 23:03 - 2012-05-26 23:03 - 00000000 ____D C:\Users\jean\AppData\Local\{CABAA9E8-1727-45B7-9858-122A0678031D}
2012-05-26 11:32 - 2012-05-26 11:32 - 00000000 ____D C:\Users\jean\AppData\Local\{F988C742-980F-4CF8-AD1A-89E2DF6AD8D6}
2012-05-26 11:32 - 2012-05-26 11:32 - 00000000 ____D C:\Users\jean\AppData\Local\{F22B8EB6-3EEE-4657-B412-1E60FAA74772}
2012-05-25 19:51 - 2012-05-25 19:51 - 00000000 ____D C:\Users\jean\AppData\Local\{036D30F3-920E-4C31-9F6B-711171794986}
2012-05-25 11:55 - 2012-05-25 11:55 - 00000000 ____D C:\Users\jean\AppData\Local\{FE954097-B717-45C7-A26C-7DC7BAF28615}
2012-05-25 11:55 - 2012-05-25 11:55 - 00000000 ____D C:\Users\jean\AppData\Local\{61B74586-65DB-4B6F-BCAA-C8D56F83A682}
2012-05-24 21:36 - 2012-05-24 21:36 - 00000000 ____D C:\Users\jean\AppData\Local\{ECA34B8E-8ADD-4F2A-889A-0FBA5A200F18}
2012-05-24 21:36 - 2012-05-24 21:35 - 00000000 ____D C:\Users\jean\AppData\Local\{2818E56C-3233-43C4-B862-D08CB0E01BA1}
2012-05-24 15:50 - 2012-05-24 15:50 - 00000000 ____D C:\Users\jean\AppData\Local\{F93F5B0D-8454-4071-96BD-1449E517458E}
2012-05-24 15:50 - 2012-05-24 15:49 - 00000000 ____D C:\Users\jean\AppData\Local\{223035AD-9FDC-40F7-A401-6A0432073AB0}
2012-05-23 23:44 - 2012-05-23 23:44 - 00000000 ____D C:\Users\jean\AppData\Local\{E7C4B246-7F55-49FC-8439-2AD7356400AC}
2012-05-23 23:44 - 2012-05-23 23:43 - 00000000 ____D C:\Users\jean\AppData\Local\{573340BE-4D62-4577-9826-46339360CEC3}
2012-05-23 22:35 - 2012-05-23 22:35 - 00000000 ____D C:\Users\jean\AppData\Local\{A2419FDC-68B5-4B3A-9E2B-0890056D3CB7}
2012-05-23 19:33 - 2012-05-23 19:32 - 00000000 ____D C:\Users\jean\AppData\Local\{D671E726-426F-4431-A21A-050BEEB28377}
2012-05-23 19:32 - 2012-05-23 19:31 - 00000000 ____D C:\Users\jean\AppData\Local\{FED7496E-729E-4C49-832A-D38630968874}
2012-05-23 16:39 - 2012-05-23 16:39 - 00000000 ____D C:\Users\jean\AppData\Local\{C0590043-069D-4928-808E-4A3B49AF4CF5}
2012-05-23 16:39 - 2012-05-23 16:39 - 00000000 ____D C:\Users\jean\AppData\Local\{46C9DD62-698B-4828-B560-A935DE00D253}
2012-05-23 16:08 - 2012-05-23 16:07 - 00000000 ____D C:\Users\jean\AppData\Local\{8B53BF76-4EF9-4812-8B3A-656BE01EED21}
2012-05-23 16:07 - 2012-05-23 16:06 - 00000000 ____D C:\Users\jean\AppData\Local\{832BB27C-0F9E-47AD-8CAB-6D554381B9B3}
2012-05-23 11:53 - 2012-05-23 11:53 - 00000000 ____D C:\Users\jean\AppData\Local\{159591A0-9CB7-4E60-9676-807DE368A402}
2012-05-23 11:53 - 2012-05-23 11:52 - 00000000 ____D C:\Users\jean\AppData\Local\{742596DD-D40A-4D0B-9563-B884B072E7DE}
2012-05-23 11:19 - 2012-05-23 11:19 - 00000000 ____D C:\Users\jean\AppData\Local\{609EFF7E-DAE2-44CA-BBED-EA7A91D3E2C9}
2012-05-22 23:55 - 2012-05-22 23:55 - 00000000 ____D C:\Users\jean\AppData\Local\{63A53D86-2D64-4B1D-8838-7E8453F23788}
2012-05-22 23:55 - 2012-05-22 23:55 - 00000000 ____D C:\Users\jean\AppData\Local\{611CA460-79AC-4AB0-B2B6-3E03D36E5D3B}
2012-05-22 23:09 - 2012-05-22 23:09 - 00000000 ____D C:\Users\jean\AppData\Local\{8ACF4B91-E6D5-4311-B8DF-9272D60ACA0A}
2012-05-22 23:09 - 2012-05-22 23:09 - 00000000 ____D C:\Users\jean\AppData\Local\{6776BA7F-424B-4D43-8370-630FBD9B033C}
2012-05-22 16:12 - 2012-05-22 16:11 - 00000000 ____D C:\Users\jean\AppData\Local\{A6F87544-EF55-4984-A513-49ACFC73B874}
2012-05-22 16:11 - 2012-05-22 16:10 - 00000000 ____D C:\Users\jean\AppData\Local\{87E07ADD-3460-4A34-B232-B9E322619111}
2012-05-22 11:21 - 2012-05-22 11:21 - 00000000 ____D C:\Users\jean\AppData\Local\{BB1DC373-41F1-486F-9D18-95B4207D3DC9}
2012-05-22 11:21 - 2012-05-22 11:20 - 00000000 ____D C:\Users\jean\AppData\Local\{A19065AD-53FB-48FA-B1A9-AB7F100DF178}
2012-05-21 22:04 - 2012-05-21 22:04 - 00000000 ____D C:\Users\jean\AppData\Local\{9318B3B4-DD5A-41D3-A556-B2D0C6371A44}
2012-05-21 22:04 - 2012-05-21 22:02 - 00000000 ____D C:\Users\jean\AppData\Local\{64B952E6-95F3-45FA-9772-0C1212937BAC}
2012-05-21 13:33 - 2012-05-21 13:33 - 00000000 ____D C:\Users\jean\AppData\Local\{63D77AE8-42DD-47E6-BBEB-7380DD558A04}
2012-05-21 13:33 - 2012-05-21 13:32 - 00000000 ____D C:\Users\jean\AppData\Local\{5969CB18-51D4-4029-9E20-BEC65CA9B43C}
2012-05-21 09:19 - 2012-05-21 09:19 - 00000000 ____D C:\Users\jean\AppData\Local\{EC316C93-F96D-4FCE-AAD8-B1DF9E1647F5}
2012-05-21 09:19 - 2012-05-21 09:18 - 00000000 ____D C:\Users\jean\AppData\Local\{BB15F72E-CF05-4385-9371-E25DD4F1DFCE}
2012-05-20 12:06 - 2012-05-20 12:06 - 00000000 ____D C:\Users\jean\AppData\Local\{96E8F430-5660-45DE-A50E-962451385EDB}
2012-05-20 12:06 - 2012-05-20 12:05 - 00000000 ____D C:\Users\jean\AppData\Local\{5E18D950-B7BB-40B3-857C-EB86C4E32CB5}
2012-05-19 13:01 - 2012-05-19 13:00 - 00000000 ____D C:\Users\jean\AppData\Local\{529E7CA4-E364-4CB5-B57A-65B283B28CB6}
2012-05-19 13:00 - 2012-05-19 12:59 - 00000000 ____D C:\Users\jean\AppData\Local\{BA08B3E9-0377-4C5C-9715-C5789F57B0A2}
2012-05-18 20:44 - 2012-05-18 20:44 - 00000000 ____D C:\Users\jean\AppData\Local\{55B1A5F1-93FD-47CB-BFCF-5A77191755BA}
2012-05-18 20:44 - 2012-05-18 20:43 - 00000000 ____D C:\Users\jean\AppData\Local\{82A732C6-9F01-4F26-9F59-CF78CE211054}
2012-05-18 18:18 - 2012-05-18 18:18 - 00000000 ____D C:\Users\jean\AppData\Local\{4BA22510-AF2B-45DA-A1C9-DDB1CA253117}
2012-05-18 18:18 - 2012-05-18 18:17 - 00000000 ____D C:\Users\jean\AppData\Local\{634C52CA-672B-4F38-81BF-5EB28A9DFA56}
2012-05-18 16:43 - 2012-05-18 16:43 - 00000000 ____D C:\Users\jean\AppData\Local\{6A7C0E0F-3EA8-48CB-8F9A-BC9952719211}
2012-05-18 16:43 - 2012-05-18 16:42 - 00000000 ____D C:\Users\jean\AppData\Local\{81F8E503-F96F-432D-BCAB-10F290FD9839}
2012-05-18 15:30 - 2012-05-18 15:30 - 00000000 ____D C:\Users\jean\AppData\Local\{D0DC4747-8E31-45CF-B280-1EEFBC15ED79}
2012-05-18 11:59 - 2007-04-20 06:50 - 00000000 ____D C:\Windows\panther
2012-05-18 11:51 - 2012-05-18 11:50 - 00243446 ____A C:\Users\james\Documents\cc_20120518_115019.reg
2012-05-18 11:42 - 2011-04-21 20:38 - 00000804 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-05-18 11:42 - 2011-04-21 20:38 - 00000000 ____D C:\Program Files\CCleaner
2012-05-18 11:38 - 2012-05-18 11:38 - 00000000 ____D C:\Users\jean\AppData\Local\{1517E828-DE20-4911-A90A-16B3DA9BF36E}
2012-05-18 00:11 - 2012-06-13 18:57 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 23:48 - 2012-06-13 18:57 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 23:45 - 2012-06-13 18:57 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 23:36 - 2012-06-13 18:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 23:35 - 2012-06-13 18:57 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 23:35 - 2012-06-13 18:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 23:33 - 2012-06-13 18:57 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 23:31 - 2012-06-13 18:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 23:29 - 2012-06-13 18:57 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 23:29 - 2012-06-13 18:57 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 23:27 - 2012-06-13 18:57 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 23:25 - 2012-06-13 18:57 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 23:24 - 2012-06-13 18:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 23:20 - 2012-06-13 18:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 17:58 - 2012-05-17 17:58 - 00000000 ____D C:\Users\jean\AppData\Local\{B68F2773-5E36-43A3-A88F-1DE9F068DD92}
2012-05-17 13:49 - 2012-05-17 13:49 - 00000000 ____D C:\Users\jean\AppData\Local\{E358AA89-9B30-4CC4-92A9-0A505DFF460C}
2012-05-17 13:49 - 2012-05-17 13:49 - 00000000 ____D C:\Users\jean\AppData\Local\{06C6A604-B4DB-44A2-88FE-09BB4684FADF}
2012-05-17 11:07 - 2012-05-17 11:07 - 00001726 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-17 11:07 - 2012-05-17 11:05 - 00000000 ____D C:\Program Files\QuickTime
2012-05-17 10:33 - 2012-05-17 10:33 - 00000000 ____D C:\Users\jean\AppData\Local\{08AA83BA-F1AD-4A9C-89E7-78ACFD50D0EC}
2012-05-17 10:33 - 2012-05-17 10:32 - 00000000 ____D C:\Users\jean\AppData\Local\{3C28957F-AEC6-4E5D-AC71-ABD34899038A}
2012-05-16 18:15 - 2012-05-16 18:15 - 00000000 ____D C:\Users\jean\AppData\Local\{22F729C4-77AE-4D2F-AF0A-211B9A62E486}
2012-05-16 18:15 - 2012-05-16 18:14 - 00000000 ____D C:\Users\jean\AppData\Local\{69D2F8DB-914B-45C2-9677-F443B033EA11}
2012-05-16 18:07 - 2008-03-16 23:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-16 12:32 - 2012-05-16 12:32 - 00000752 ____A C:\Users\Public\Desktop\SkyPoker.lnk
2012-05-16 12:32 - 2012-05-16 12:32 - 00000000 ____D C:\Program Files\SkyPoker
2012-05-16 12:24 - 2012-05-16 12:24 - 00000000 ____D C:\Users\jean\AppData\Local\{5EB72BA4-85B7-4C5A-8A5B-864115B58685}
2012-05-16 12:24 - 2012-05-16 12:23 - 00000000 ____D C:\Users\jean\AppData\Local\{695D3ED5-794B-43BD-A71C-8ADCDF60D6E4}
2012-05-15 20:51 - 2012-06-13 18:54 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-15 12:00 - 2012-05-15 12:00 - 00000000 ____D C:\Users\jean\AppData\Local\{5B0AF329-F7BE-4E4E-A984-3B7054C9BC7D}
2012-05-15 12:00 - 2012-05-15 11:59 - 00000000 ____D C:\Users\jean\AppData\Local\{8B5B7FE7-1C5A-46CC-B9D9-B5565B59A295}
2012-05-14 22:01 - 2012-05-14 22:01 - 00000000 ____D C:\Users\jean\AppData\Local\{D644E7F8-0245-4F1C-92A9-91AD8E249843}
2012-05-14 22:01 - 2012-05-14 22:01 - 00000000 ____D C:\Users\jean\AppData\Local\{5084C573-D342-4D17-8E5C-856148B982C2}
2012-05-14 21:52 - 2012-05-14 21:52 - 00000000 ____D C:\Users\jean\AppData\Local\{70F95D54-D519-4594-AE2F-97FCB5C35E49}
2012-05-14 21:52 - 2012-05-14 21:52 - 00000000 ____D C:\Users\jean\AppData\Local\{2C48B66A-65D2-4862-A345-1E89E1442832}
2012-05-14 13:44 - 2012-05-14 13:43 - 00000000 ____D C:\Users\jean\AppData\Local\{5379D7DE-2302-4240-B4A9-4EB2C495C6AF}
2012-05-14 13:43 - 2012-05-14 13:43 - 00000000 ____D C:\Users\jean\AppData\Local\{08694FA1-61E9-4879-855C-758A9AC6186C}
2012-05-14 13:35 - 2012-05-14 13:35 - 00000000 ____D C:\Users\jean\AppData\Local\{B1D64DAB-0092-4682-BC01-3458D634B0E0}
2012-05-13 11:18 - 2012-05-13 11:17 - 00000000 ____D C:\Users\jean\AppData\Local\{BDB4A17B-920D-4CBB-B88A-E28F878315DB}
2012-05-12 11:40 - 2012-05-12 11:39 - 00000000 ____D C:\Users\jean\AppData\Local\{7AC718DB-24DC-4367-AE6D-73D0C0F60D2D}
2012-05-12 11:39 - 2012-05-12 11:39 - 00000000 ____D C:\Users\jean\AppData\Local\{FE0E5647-D738-498C-B2DE-8F9D217F37E8}
2012-05-11 22:00 - 2012-05-11 22:00 - 00000000 ____D C:\Users\jean\AppData\Local\{E69047CD-5162-4A99-887F-181F608E1B92}
2012-05-11 22:00 - 2012-05-11 22:00 - 00000000 ____D C:\Users\jean\AppData\Local\{08BFFA55-64E3-46FA-95E6-58F8719FCD38}
2012-05-11 15:54 - 2012-05-11 15:54 - 00000000 ____D C:\Users\jean\AppData\Local\{63BBC69F-63A3-4CAD-AB60-7C191E134731}
2012-05-11 15:54 - 2012-05-11 15:53 - 00000000 ____D C:\Users\jean\AppData\Local\{7A43F854-7092-42FD-A0CC-22AAFA0744A9}
2012-05-11 11:14 - 2012-06-18 21:54 - 00203088 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD.sys
2012-05-10 22:56 - 2012-05-10 22:56 - 00000000 ____D C:\Users\jean\AppData\Local\{CA5E83C2-360F-4CFB-AD85-A065E12AF56F}
2012-05-10 16:39 - 2012-05-10 16:39 - 00000000 ____D C:\Users\jean\AppData\Local\{E0BFAD45-5FFD-4853-840C-9C17BA37896B}
2012-05-10 16:39 - 2012-05-10 16:37 - 00000000 ____D C:\Users\jean\AppData\Local\{478524D7-5B80-4377-8F02-3AA9365C15C6}
2012-05-10 16:26 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-10 15:35 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\System32\XPSViewer
2012-05-10 15:25 - 2012-05-10 15:25 - 00000000 ____D C:\Users\jean\AppData\Local\{C1BAC6F6-D721-4AB9-8A36-F471F3DD12CD}
2012-05-10 15:25 - 2012-05-10 15:25 - 00000000 ____D C:\Users\jean\AppData\Local\{4B545A4E-08A1-485C-B63C-D4F83A7F0D3E}
2012-05-09 13:56 - 2012-05-09 13:56 - 00000000 ____D C:\Users\jean\AppData\Local\{43541588-EADF-4992-B69A-88914A1FB631}
2012-05-09 13:56 - 2012-05-09 13:56 - 00000000 ____D C:\Users\jean\AppData\Local\{360A3C96-7111-4CC1-B725-03E776BA0BE5}
2012-05-07 23:32 - 2012-05-07 23:31 - 00000000 ____D C:\Users\jean\AppData\Local\{F891FDB5-EAED-4D9F-863C-8345A7568218}
2012-05-07 23:31 - 2012-05-07 23:31 - 00000000 ____D C:\Users\jean\AppData\Local\{0A54D37D-8641-4139-B155-800BACD01E08}
2012-05-07 19:22 - 2012-05-07 19:22 - 00000000 ____D C:\Users\jean\AppData\Local\{9315510A-7B7F-4573-AD5C-9E00DC270186}
2012-05-07 19:22 - 2012-05-07 19:22 - 00000000 ____D C:\Users\jean\AppData\Local\{1ED6CF70-D2DA-473E-B47D-13AD881E30B1}
2012-05-07 15:33 - 2012-05-07 15:33 - 00000000 ____D C:\Users\jean\AppData\Local\{329D5D7F-D97A-48AB-9D03-E575B9D7ECEA}
2012-05-06 15:27 - 2012-05-06 15:27 - 00000000 ____D C:\Users\jean\AppData\Local\{7A456CC5-2170-4B82-BB34-4CA7A5583FDF}
2012-05-06 15:26 - 2012-05-06 15:26 - 00000000 ____D C:\Users\jean\AppData\Local\{DFBC1031-EC93-4AE2-9487-4411DE86239B}
2012-05-06 12:55 - 2008-10-04 19:59 - 00000000 ____D C:\Users\jean\Documents\OneNote Notebooks
2012-05-06 12:38 - 2012-05-06 12:38 - 00000000 ____D C:\Users\jean\AppData\Local\{E84C57FF-FBD0-4048-9566-8B397377DBD0}
2012-05-05 15:23 - 2012-05-05 15:23 - 00000000 ____D C:\Users\jean\AppData\Local\{C9F46373-DEBB-440A-BE84-D9C82B959056}
2012-05-05 15:23 - 2012-05-05 15:22 - 00000000 ____D C:\Users\jean\AppData\Local\{35AF2BD2-CA2E-4CBA-A5D2-23D6FBD08C7B}
2012-05-05 11:33 - 2012-05-05 11:33 - 00000000 ____D C:\Users\jean\AppData\Local\{64D7FCF0-4DBD-4E0F-93FE-21CF83250307}
2012-05-04 22:25 - 2012-05-04 22:25 - 00000000 ____D C:\Users\jean\AppData\Local\{371605DD-0C14-4F69-9C44-57CAB9171208}
2012-05-04 22:25 - 2012-05-04 22:24 - 00000000 ____D C:\Users\jean\AppData\Local\{7952FD5B-8B38-4933-BC06-6D3002D0C856}
2012-05-04 14:49 - 2012-05-04 14:49 - 00000000 ____D C:\Users\jean\AppData\Local\{88D95010-8CBB-4F56-BEFC-CC10BEEDE366}
2012-05-04 14:49 - 2012-05-04 14:48 - 00000000 ____D C:\Users\jean\AppData\Local\{1802ED27-81ED-4693-9087-46D8E8EAC78E}
2012-05-03 18:58 - 2012-05-03 18:58 - 00000000 ____D C:\Users\jean\AppData\Local\{DEBEF29C-C1F4-42F0-8E08-367D370CA2B8}
2012-05-03 18:58 - 2012-05-03 18:57 - 00000000 ____D C:\Users\jean\AppData\Local\{66EA73BC-EA37-403F-BE65-FCD07B4FAA4E}
2012-05-03 13:52 - 2012-05-03 13:52 - 00000000 ____D C:\Users\jean\AppData\Local\{8DFED48E-08D8-4CE2-B41A-14CCA4A7EE64}
2012-05-03 13:51 - 2012-05-03 13:51 - 00000000 ____D C:\Users\jean\AppData\Local\{D6223CBA-49C4-4360-9A2D-8ADAA7D8F0F2}
2012-05-02 22:28 - 2012-05-02 22:28 - 00000000 ____D C:\Users\jean\AppData\Local\{39807BED-E392-4874-A915-294F30630C6A}
2012-05-02 11:46 - 2012-05-02 11:46 - 00000000 ____D C:\Users\jean\AppData\Local\{DE1A84C0-0FB7-4E8C-BFB3-648CB81F1D68}
2012-05-02 11:46 - 2012-05-02 11:45 - 00000000 ____D C:\Users\jean\AppData\Local\{21E3C011-C2DC-44E1-9ED9-342D079ECEC5}
2012-05-01 15:03 - 2012-06-13 18:54 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-30 20:28 - 2012-03-23 17:49 - 00000000 ____D C:\Users\jean\Documents\comms talk hnc
2012-04-30 18:20 - 2012-04-30 18:20 - 00000000 ____D C:\Users\jean\AppData\Local\{D94C8757-28C8-427C-9550-B47B8525DC9D}
2012-04-30 18:20 - 2012-04-30 18:20 - 00000000 ____D C:\Users\jean\AppData\Local\{C57E5D51-8F9D-472A-A924-99A8FFBD9363}
2012-04-28 21:37 - 2012-04-28 21:36 - 00000000 ____D C:\Users\jean\AppData\Local\{E2A2C2E3-3A2D-4708-9EE2-BB1DF93B723B}
2012-04-28 21:36 - 2012-04-28 21:36 - 00000000 ____D C:\Users\jean\AppData\Local\{33ABF000-60E4-4D87-824C-8A8BBEF8C7CA}
2012-04-28 17:18 - 2012-04-28 17:18 - 00000000 ____D C:\Users\jean\AppData\Local\{2CCD99C2-0DDD-449C-A0DD-889E3FF0ED65}
2012-04-28 17:18 - 2012-04-28 17:17 - 00000000 ____D C:\Users\jean\AppData\Local\{0A5DC74E-43A2-4EF9-A919-85417B5FE24B}
2012-04-28 16:20 - 2012-04-28 16:20 - 00000000 ____D C:\Users\jean\AppData\Local\{73CACEB3-D84A-4A60-9B2D-8503FF1497E4}
2012-04-28 16:20 - 2012-04-28 16:19 - 00000000 ____D C:\Users\jean\AppData\Local\{01806D2E-51C4-4652-BF7A-4A0ADC730E06}
2012-04-28 13:57 - 2012-04-28 13:57 - 00000000 ____D C:\Users\jean\AppData\Local\{1A3D8F16-9905-4F62-9BCC-537FA83C40F1}
2012-04-27 00:24 - 2012-04-27 00:24 - 00000000 ____D C:\Users\jean\AppData\Local\{F4D0E218-95B6-442C-BE6B-E22C7DA0267E}
2012-04-27 00:24 - 2012-04-27 00:24 - 00000000 ____D C:\Users\jean\AppData\Local\{8EDDED17-4BF3-4AA6-902D-DCD5BD7CA7AD}
2012-04-26 17:34 - 2012-04-26 17:34 - 00000000 ____D C:\Users\jean\AppData\Local\{21F59E8D-5B90-4A3A-8B2B-F0DB76C11552}
2012-04-26 17:33 - 2012-04-26 17:33 - 00000000 ____D C:\Users\jean\AppData\Local\{9C5A4DE9-238D-49A5-BA88-89CE53EBD25A}
2012-04-26 10:54 - 2012-04-26 10:54 - 00000000 ____D C:\Users\jean\AppData\Local\{9003349F-1AFC-4D7E-8D10-847C4189E1B1}
2012-04-26 10:54 - 2012-04-26 10:54 - 00000000 ____D C:\Users\jean\AppData\Local\{5C440BE4-A8E2-498E-9625-7128C5A1B178}
2012-04-26 00:04 - 2012-04-26 00:03 - 00000000 ____D C:\Users\jean\AppData\Local\{6733A0FD-2BA2-43A6-A33B-A9803B6981EC}
2012-04-26 00:03 - 2012-04-26 00:03 - 00000000 ____D C:\Users\jean\AppData\Local\{6D2F357D-6A82-4A80-8B2F-93A1E7E36742}
2012-04-25 13:56 - 2012-04-25 13:56 - 00000000 ____D C:\Users\jean\AppData\Local\{F1A17BA9-5CA1-4915-BEC6-5B98A7F3FC11}
2012-04-25 13:56 - 2012-04-25 13:56 - 00000000 ____D C:\Users\jean\AppData\Local\{497A928A-4092-4CBB-B2D7-A1682A65230B}
2012-04-24 20:08 - 2012-04-24 20:07 - 00000000 ____D C:\Users\jean\AppData\Local\{25A7FB3D-B9DE-45D0-BE10-D880D4C3FDD3}
2012-04-24 20:07 - 2012-04-24 20:07 - 00000000 ____D C:\Users\jean\AppData\Local\{CC9A8AFC-A910-4540-B51C-1E56870AC1AD}
2012-04-24 12:13 - 2012-04-24 12:13 - 00000000 ____D C:\Users\jean\AppData\Local\{50A3546D-90CC-4417-B5FE-CCA2A63AA977}
2012-04-24 12:13 - 2012-04-24 12:12 - 00000000 ____D C:\Users\jean\AppData\Local\{095F54C6-82E6-4D7E-88BB-12E939254998}
2012-04-23 17:00 - 2012-06-13 18:54 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 17:00 - 2012-06-13 18:54 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 17:00 - 2012-06-13 18:54 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 14:33 - 2012-04-23 14:33 - 00000000 ____D C:\Users\jean\AppData\Local\{64DDB9BE-2C5F-462A-A999-04AAEC53FEA8}
2012-04-22 19:26 - 2012-04-22 19:26 - 00000000 ____D C:\Users\jean\AppData\Local\{6969FDFC-D50B-4EFC-A1A8-BC0DE7414ED6}
2012-04-22 19:26 - 2012-04-22 19:25 - 00000000 ____D C:\Users\jean\AppData\Local\{4676608C-E1B0-4752-BECF-3A0E2B3FD10A}
2012-04-22 11:16 - 2012-04-22 11:16 - 00000000 ____D C:\Users\jean\AppData\Local\{C51B704D-78B8-4CBF-A940-B9EC0721B647}
2012-04-22 11:16 - 2012-04-22 11:16 - 00000000 ____D C:\Users\jean\AppData\Local\{045C8933-91CA-40BB-BA09-F378F39E999A}
2012-04-21 12:42 - 2012-04-21 12:42 - 00000000 ____D C:\Users\jean\AppData\Local\{DD1A2F14-6013-449A-A2E4-A5BE2B3929A4}
2012-04-21 12:42 - 2012-04-21 12:41 - 00000000 ____D C:\Users\jean\AppData\Local\{3FC880D6-4048-4113-AACA-184BC5F2CE44}
2012-04-20 23:17 - 2012-04-20 23:16 - 00000000 ____D C:\Users\jean\AppData\Local\{6B665026-3CE0-4285-9ECF-DBAC42261693}
2012-04-20 23:16 - 2012-04-20 23:16 - 00000000 ____D C:\Users\jean\AppData\Local\{7931D5FD-450D-4F38-9724-314A6D50FCB5}
2012-04-20 13:00 - 2012-04-20 13:00 - 00000000 ____D C:\Users\jean\AppData\Local\{19D5DEC1-5475-483B-9D55-8C86D6056C87}
2012-04-19 23:59 - 2012-04-19 23:59 - 00000000 ____D C:\Users\jean\AppData\Local\{43AB7CC8-1DFD-4D14-AA56-2708E4D3DC1D}
2012-04-19 23:59 - 2012-04-19 23:57 - 00000000 ____D C:\Users\jean\AppData\Local\{D660CADA-7DE6-4244-9DBB-1AB0C4248848}
2012-04-19 11:15 - 2012-04-19 11:14 - 00000000 ____D C:\Users\jean\AppData\Local\{7D4E62AE-1DEA-49F7-9453-BB217F1F9140}
2012-04-19 11:14 - 2012-04-19 11:13 - 00000000 ____D C:\Users\jean\AppData\Local\{6E8F403B-D008-45CB-9CC3-B0D679DF0BE2}
2012-04-18 23:07 - 2012-04-18 23:07 - 00000000 ____D C:\Users\jean\AppData\Local\{385B86D6-A5C3-479B-9D9F-6186EAB19A35}
2012-04-18 23:07 - 2012-04-18 23:06 - 00000000 ____D C:\Users\jean\AppData\Local\{1BEB2B1A-4F52-46CB-8D57-4F72E8FDEB4F}
2012-04-18 20:56 - 2012-04-18 20:56 - 00094208 ____A (Apple Inc.) C:\Windows\System32\QuickTimeVR.qtx
2012-04-18 20:56 - 2012-04-18 20:56 - 00069632 ____A (Apple Inc.) C:\Windows\System32\QuickTime.qts
2012-04-18 13:22 - 2012-04-18 13:22 - 00000000 ____D C:\Users\jean\AppData\Local\{B740AA0F-5243-476C-ACF6-D314F51B60C2}
2012-04-18 13:22 - 2012-04-18 13:21 - 00000000 ____D C:\Users\jean\AppData\Local\{E0B066E2-0705-4560-B7E0-BF1329249668}
2012-04-17 20:41 - 2012-04-17 20:40 - 00000000 ____D C:\Users\jean\AppData\Local\{5611B04C-B87E-445B-BD4E-7EB3AFE55213}
2012-04-17 20:40 - 2012-04-17 20:39 - 00000000 ____D C:\Users\jean\AppData\Local\{E29DA541-4C09-4014-AB9F-5C3DA5CF94CD}
2012-04-17 17:47 - 2012-04-17 17:47 - 00000000 ____D C:\Users\jean\AppData\Local\{678FF553-DD15-48A6-BCAC-A42F0CA8FB92}
2012-04-17 17:47 - 2012-04-17 17:46 - 00000000 ____D C:\Users\jean\AppData\Local\{7435B1A1-A68C-4AAB-94DE-A4DA59A7F67D}
2012-04-17 11:22 - 2012-04-17 11:22 - 00000000 ____D C:\Users\jean\AppData\Local\{7396315C-4759-4351-BC7F-D0B889F571AC}
2012-04-17 11:22 - 2012-04-17 11:21 - 00000000 ____D C:\Users\jean\AppData\Local\{7532F481-1C83-4619-B06F-F23DAE76913F}
2012-04-16 22:02 - 2012-04-16 22:01 - 00000000 ____D C:\Users\jean\AppData\Local\{B624BD76-3858-44FD-8EF6-72BE0EDF7C4F}
2012-04-16 22:01 - 2012-04-16 22:00 - 00000000 ____D C:\Users\jean\AppData\Local\{53F5E318-4294-4487-A29E-69F675F383DB}
2012-04-16 17:43 - 2012-04-16 17:43 - 00000000 ____D C:\Users\jean\AppData\Local\{F5AE754C-20E2-4961-915B-4B8B309F0D0F}
2012-04-16 17:43 - 2012-04-16 17:42 - 00000000 ____D C:\Users\jean\AppData\Local\{86258F51-DDF5-43EF-AF09-081533613F96}
2012-04-16 14:32 - 2012-04-16 14:32 - 00000000 ____D C:\Users\jean\AppData\Local\{6BE2032F-4E81-4EA9-9EA7-7E8EBC401D31}
2012-04-16 14:32 - 2012-04-16 14:31 - 00000000 ____D C:\Users\jean\AppData\Local\{111F5AB4-17C6-401B-8C18-65EEA6E79AB2}
2012-04-15 23:31 - 2012-04-15 23:30 - 00000000 ____D C:\Users\jean\AppData\Local\{87EAC82E-FCDD-4B8B-823C-E091BAC833A2}
2012-04-15 23:30 - 2012-04-15 23:30 - 00000000 ____D C:\Users\jean\AppData\Local\{143B937D-4ED2-4D6D-833A-DC99371D2696}
2012-04-15 19:59 - 2012-04-15 19:59 - 00000000 ____D C:\Users\jean\AppData\Local\{D6E1A78E-3E4F-4D23-923E-49B44CE12641}
2012-04-15 19:59 - 2012-04-15 19:58 - 00000000 ____D C:\Users\jean\AppData\Local\{9ECD6059-E1BB-4297-895F-D393453A1697}
2012-04-15 10:44 - 2012-04-15 10:44 - 00000000 ____D C:\Users\jean\AppData\Local\{F81A2143-CF39-4625-829A-FB0EA69DE172}
2012-04-15 10:44 - 2012-04-15 10:43 - 00000000 ____D C:\Users\jean\AppData\Local\{95E1910A-2759-4010-A99E-1D4B7003AFBD}
2012-04-14 23:47 - 2012-04-14 23:47 - 00000000 ____D C:\Users\jean\AppData\Local\{6B21D3BC-FA98-45DB-AFFF-293436D52CFF}
2012-04-14 23:47 - 2012-04-14 23:46 - 00000000 ____D C:\Users\jean\AppData\Local\{5CFF8DC8-8D28-4CFB-A909-78BB6D64AB9D}
2012-04-14 11:57 - 2012-04-14 11:56 - 00000000 ____D C:\Users\jean\AppData\Local\{7366F775-A43B-4C26-A16C-28F1F027DB63}
2012-04-14 11:56 - 2012-04-14 11:56 - 00000000 ____D C:\Users\jean\AppData\Local\{4FDB8B07-E5E8-4222-8972-B4E852029B54}
2012-04-12 23:36 - 2012-04-12 23:36 - 00000000 ____D C:\Users\jean\AppData\Local\{C6C92E91-0E0D-4503-B326-785C67748B29}
2012-04-12 11:54 - 2012-04-12 11:54 - 00000000 ____D C:\Users\jean\AppData\Local\{5E65B980-7812-4AF0-9003-71931395B49A}
2012-04-12 11:54 - 2012-04-12 11:54 - 00000000 ____D C:\Users\jean\AppData\Local\{3D7311D9-9C05-42E5-BC74-AB8852DBBE45}
2012-04-12 11:45 - 2012-04-12 11:45 - 00000000 ____D C:\Users\jean\AppData\Local\{830E144B-CA99-491E-9234-570798557DCC}
2012-04-12 11:45 - 2012-04-12 11:44 - 00000000 ____D C:\Users\jean\AppData\Local\{BB563120-1C14-4BA1-8627-57979F977794}
2012-04-12 03:44 - 2012-04-12 03:44 - 00000000 ____D C:\Users\jean\AppData\Local\{3345DC78-C9F3-4EC1-AB6F-C47051456AF0}
2012-04-12 03:23 - 2006-11-02 11:23 - 00000219 ____A C:\Windows\win.ini
2012-04-11 22:42 - 2012-04-11 22:41 - 00000000 ____D C:\Users\jean\AppData\Local\{55907615-A050-4D67-83A0-23531D16BA6D}
2012-04-11 22:41 - 2012-04-11 22:41 - 00000000 ____D C:\Users\jean\AppData\Local\{D30AF5B7-C01C-4217-AF85-4C810BB47C37}
2012-04-11 18:49 - 2012-04-11 18:49 - 00000000 ____D C:\Users\jean\AppData\Local\{931A3591-9980-4265-823E-CED3AA63B41E}
2012-04-11 18:49 - 2012-04-11 18:49 - 00000000 ____D C:\Users\jean\AppData\Local\{6B9D054D-C395-43A7-87C1-0B25EED8B449}
2012-04-11 11:11 - 2012-04-11 11:11 - 00000000 ____D C:\Users\jean\AppData\Local\{80606E86-3E2B-4727-A18D-7030ACEBE2BD}
2012-04-11 11:11 - 2012-04-11 11:10 - 00000000 ____D C:\Users\jean\AppData\Local\{D3617396-4614-4C72-827F-BF15697CAC83}
2012-04-10 22:14 - 2012-04-10 22:14 - 00000000 ____D C:\Users\jean\AppData\Local\{FE4E5E7A-9FEC-405C-ACC6-907F484B558D}
2012-04-10 22:14 - 2012-04-10 22:13 - 00000000 ____D C:\Users\jean\AppData\Local\{766E5CFB-DD62-42FB-A0C3-601E00FC0DAC}
2012-04-10 11:33 - 2012-04-10 11:32 - 00000000 ____D C:\Users\jean\AppData\Local\{10317045-3A61-4A75-A64F-F6E66CD8FCC3}
2012-04-10 11:32 - 2012-04-10 11:31 - 00000000 ____D C:\Users\jean\AppData\Local\{049ED2C5-EBA3-4079-99FF-2D52C97093A6}
2012-04-09 22:19 - 2012-04-09 22:19 - 00000000 ____D C:\Users\jean\AppData\Local\{D895831A-E6D5-40A7-BF55-873A79E4D5DD}
2012-04-09 22:19 - 2012-04-09 22:18 - 00000000 ____D C:\Users\jean\AppData\Local\{DB2C218F-9935-4ADC-9158-2AD411EEBD6B}
2012-04-09 14:26 - 2012-04-09 14:25 - 00000000 ____D C:\Users\jean\AppData\Local\{9D57B96E-C03F-415A-974C-A9E88E1EF537}
2012-04-09 14:25 - 2012-04-09 14:25 - 00000000 ____D C:\Users\jean\AppData\Local\{EB78E8D1-14A1-4106-8E75-FE2877E0C0A7}
2012-04-08 21:01 - 2012-04-08 21:01 - 00000000 ____D C:\Users\jean\AppData\Local\{687D698D-5878-424C-BD8F-54410F0DBB8A}
2012-04-08 21:01 - 2012-04-08 21:00 - 00000000 ____D C:\Users\jean\AppData\Local\{7AC7A622-25FF-4615-A3BB-54556749D5E9}
2012-04-08 11:34 - 2012-04-08 11:34 - 00000000 ____D C:\Users\jean\AppData\Local\{10261081-3830-4257-A1AE-94457086AC6C}
2012-04-08 11:34 - 2012-04-08 11:33 - 00000000 ____D C:\Users\jean\AppData\Local\{B6ECE4C6-1780-4F22-A669-9DEB852D3B6A}
2012-04-08 00:25 - 2012-04-08 00:24 - 00000000 ____D C:\Users\jean\AppData\Local\{216037E9-54A2-434B-B789-432377EFB3B8}
2012-04-08 00:24 - 2012-04-08 00:24 - 00000000 ____D C:\Users\jean\AppData\Local\{6705997E-0B98-41B1-8E7E-D47E9E691BDE}
2012-04-07 13:03 - 2012-04-07 13:03 - 00000000 ____D C:\Users\jean\AppData\Local\{CAD0315B-1658-4F24-A079-06046865E54F}
2012-04-07 13:03 - 2012-04-07 13:02 - 00000000 ____D C:\Users\jean\AppData\Local\{266DECBD-85EE-40AF-84E0-8847CFA5D995}
2012-04-06 23:07 - 2012-04-06 23:07 - 00000000 ____D C:\Users\jean\AppData\Local\{D1999FC8-CDC6-45A9-A08D-1BB5D2416B57}
2012-04-06 23:07 - 2012-04-06 23:07 - 00000000 ____D C:\Users\jean\AppData\Local\{98565709-CBB6-44D1-8BC9-A08109B96413}
2012-04-06 17:21 - 2012-04-06 17:20 - 00000000 ____D C:\Users\jean\AppData\Local\{E07F79DE-32B0-44FB-946B-FECD8E4701FC}
2012-04-06 17:20 - 2012-04-06 17:20 - 00000000 ____D C:\Users\jean\AppData\Local\{5EB68373-8E3E-4951-8512-7C36380B1CC3}
2012-04-06 12:44 - 2012-04-06 12:43 - 00000000 ____D C:\Users\jean\AppData\Local\{A7CA81AA-1AB7-497F-8DFC-AAA81B53D2F5}
2012-04-06 12:43 - 2012-04-06 12:42 - 00000000 ____D C:\Users\jean\AppData\Local\{3EF99B91-2D1C-4251-8E0F-BD303EC332C5}
2012-04-06 00:01 - 2012-04-06 00:01 - 00000000 ____D C:\Users\jean\AppData\Local\{5086EBBF-5974-48AE-A1D5-138D0CEEA229}
2012-04-06 00:01 - 2012-04-06 00:01 - 00000000 ____D C:\Users\jean\AppData\Local\{2AC76E90-9DEC-4FD8-A14B-9553BA3FD1B5}
2012-04-05 11:09 - 2012-04-05 11:09 - 00000000 ____D C:\Users\jean\AppData\Local\{7A3181D7-FEA2-4D09-A5B9-C605437F100C}
2012-04-05 11:09 - 2012-04-05 11:08 - 00000000 ____D C:\Users\jean\AppData\Local\{0B8E937A-165C-42BA-AC62-F1975503E4A6}
2012-04-04 22:33 - 2012-04-04 22:33 - 00000000 ____D C:\Users\jean\AppData\Local\{4B79C69F-FD73-44F9-99F4-EE410C2A07F2}
2012-04-04 22:33 - 2012-04-04 22:32 - 00000000 ____D C:\Users\jean\AppData\Local\{B9995D7F-9DA3-4128-A867-6A862852FD4C}
2012-04-04 15:56 - 2012-06-12 13:01 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 11:05 - 2012-04-04 11:04 - 00000000 ____D C:\Users\jean\AppData\Local\{83BB0C09-FA26-4F1A-84CC-7649939D610F}
2012-04-03 23:54 - 2012-04-03 23:54 - 00000000 ____D C:\Users\jean\AppData\Local\{7C8AD688-F786-4622-850D-3045AC97EDC5}
2012-04-03 23:54 - 2012-04-03 23:53 - 00000000 ____D C:\Users\jean\AppData\Local\{4FF20E8E-5A0F-4575-BA3B-FD891CE52B87}
2012-04-03 20:16 - 2012-04-03 20:16 - 00000000 ____D C:\Users\jean\AppData\Local\{B56DA276-F055-4CC8-804A-440366573E72}
2012-04-03 20:16 - 2012-04-03 20:15 - 00000000 ____D C:\Users\jean\AppData\Local\{1D33DF5B-6A60-4108-BA48-04964BE1F7B7}
2012-04-03 17:18 - 2012-04-03 17:17 - 00000000 ____D C:\Users\jean\AppData\Local\{FF4C83E5-056E-4BEA-8FE3-3DA13CA24C3F}
2012-04-03 17:17 - 2012-04-03 17:17 - 00000000 ____D C:\Users\jean\AppData\Local\{BF29BFD6-20A5-42DF-851D-85F49C8A5DFD}
2012-04-03 11:13 - 2012-04-03 11:13 - 00000000 ____D C:\Users\jean\AppData\Local\{0A0098D6-D034-4D99-B492-2373B82EF52C}
2012-04-03 11:13 - 2012-04-03 11:12 - 00000000 ____D C:\Users\jean\AppData\Local\{C1BF793A-2A53-407D-A5D1-894C022CF25B}
2012-04-03 09:16 - 2012-05-09 14:17 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-04-03 09:16 - 2012-05-09 14:17 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-02 22:06 - 2011-09-28 19:24 - 00000000 ____D C:\Users\jean\Documents\exel
2012-04-02 13:57 - 2012-04-02 13:57 - 00000000 ____D C:\Users\jean\AppData\Local\{4BD405E3-69D8-4003-A99A-6114339F3609}
2012-04-02 00:00 - 2012-04-02 00:00 - 00000000 ____D C:\Users\jean\AppData\Local\{CF9DA7C0-BD26-479A-90D9-FAFB85CE581D}
2012-04-01 22:48 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\ShellNew
2012-04-01 22:05 - 2012-04-01 22:04 - 00000000 ____D C:\Users\james\AppData\Local\{06C9CE1F-CB91-4F7D-A961-8FA28F6A242F}
2012-04-01 11:13 - 2012-04-01 11:12 - 00000000 ____D C:\Users\jean\AppData\Local\{3C3A0CE8-1C53-4D7D-9056-15D731ADF4CE}
2012-03-31 11:52 - 2012-03-31 11:51 - 00000000 ____D C:\Users\jean\AppData\Local\{8C4DEB29-376E-49A0-87A0-A7DF4036C477}
2012-03-30 15:55 - 2012-03-30 15:55 - 00000000 ____D C:\Users\jean\AppData\Local\{7CCC5E8A-5190-49C5-9C25-469C097F293E}
2012-03-30 13:39 - 2012-05-09 14:19 - 00905600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 16:59 - 2012-03-29 16:59 - 00000000 ____D C:\Users\jean\AppData\Local\{596A1296-B18B-4DB9-ACB1-8825DA265ED5}
2012-03-29 13:47 - 2012-03-29 13:47 - 00000000 ____D C:\Users\jean\AppData\Local\{B3EA2FAD-C0D4-4825-B230-0E60CB3ED300}
2012-03-29 12:11 - 2008-01-13 15:15 - 00000000 ____D C:\Users\james\AppData\Local\Google
2012-03-28 17:29 - 2012-03-28 17:29 - 00000000 ____D C:\Users\jean\AppData\Local\{212EFD27-A4A9-4AA7-9866-5BECFD096C9C}
2012-03-27 12:01 - 2012-03-27 12:01 - 00000000 ____D C:\Users\jean\AppData\Local\{FA04F002-EF09-4ABD-AC4A-C950DBE07930}
2012-03-27 12:01 - 2012-03-27 11:59 - 00000000 ____D C:\Users\jean\AppData\Local\{D7DECED8-F637-4D80-9826-F06970A2D7CB}
2012-03-26 14:21 - 2012-03-26 14:20 - 00000000 ____D C:\Users\jean\AppData\Local\{15C2F5F0-F18A-4325-9E46-2829E206042A}
2012-03-26 14:20 - 2012-03-26 14:20 - 00000000 ____D C:\Users\jean\AppData\Local\{1DF042A5-FA55-4B81-8C0E-A90B2B0AE4B8}
2012-03-25 12:15 - 2012-03-25 12:15 - 00000000 ____D C:\Users\jean\AppData\Local\{DBACC71B-E7B8-422B-BCB8-E66C113EB9FA}
2012-03-25 12:15 - 2012-03-25 12:15 - 00000000 ____D C:\Users\jean\AppData\Local\{713E8090-FB31-4841-9FDB-671A2138A6C8}

ZeroAccess:
C:\Users\jean\AppData\Local\{93a668a7-6af6-2a40-13ab-1cfd8bb267d1}
C:\Users\jean\AppData\Local\{93a668a7-6af6-2a40-13ab-1cfd8bb267d1}\@
C:\Users\jean\AppData\Local\{93a668a7-6af6-2a40-13ab-1cfd8bb267d1}\L
C:\Users\jean\AppData\Local\{93a668a7-6af6-2a40-13ab-1cfd8bb267d1}\U

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 50%
Total physical RAM: 1981.87 MB
Available physical RAM: 990 MB
Total Pagefile: 4208.24 MB
Available Pagefile: 2679.42 MB
Total Virtual: 2047.88 MB
Available Virtual: 1961.67 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:140.87 GB) (Free:89.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (HP_RECOVERY) (Fixed) (Total:8.17 GB) (Free:1.73 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 141 GB 32 KB
Partition 2 Primary 8 GB 141 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 141 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D HP_RECOVERY NTFS Partition 8 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-22 00:57

======================= End Of Log ==========================

broni · 2012/06/21

You posted only lower half of the log.

rizzla · 2012/06/21

top half

2012-06-22 01:25 - 2010-02-22 21:22 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-22 01:21 - 2012-06-22 01:21 - 00000000 ____A C:\Users\james\AppData\Local\FnF4.txt
2012-06-22 00:53 - 2009-03-08 14:44 - 00000000 ____D C:\Users\james\Tracing
2012-06-22 00:52 - 2007-04-20 09:28 - 00000000 ____D C:\Windows\SMINST
2012-06-22 00:49 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-22 00:49 - 2006-11-02 13:47 - 00003296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-22 00:49 - 2006-11-02 13:47 - 00003296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-22 00:43 - 2006-11-02 14:01 - 00032644 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-21 23:08 - 2010-08-16 19:13 - 00007620 ____A C:\Users\james\AppData\Local\d3d9caps.dat
2012-06-21 21:01 - 2012-06-21 21:01 - 00000000 ____A C:\Windows\setuperr.log
2012-06-21 21:01 - 2012-06-21 21:01 - 00000000 ____A C:\Windows\setupact.log
2012-06-21 20:37 - 2012-06-21 15:19 - 00000000 ____D C:\Users\james\Desktop\zeroaccess
2012-06-21 20:37 - 2008-01-12 18:20 - 00000000 ____D C:\Users\james\AppData\Roaming\Adobe
2012-06-21 18:00 - 2012-06-12 16:53 - 00000468 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
2012-06-21 16:06 - 2010-10-30 20:02 - 00000000 ____D C:\Users\james\AppData\Local\Windows Live
2012-06-21 16:05 - 2012-06-21 16:05 - 00000000 ____D C:\Users\james\AppData\Local\{DB10FC9C-0C28-4B44-83AB-A61CFFE6021E}
2012-06-21 16:05 - 2012-06-21 16:05 - 00000000 ____D C:\Users\james\AppData\Local\{78B24FEA-6D35-49AF-A3CA-8D01F0E33EDA}
2012-06-21 15:55 - 2011-09-23 23:27 - 00000000 ____D C:\Users\james\AppData\Roaming\HpUpdate
2012-06-21 15:52 - 2012-06-19 12:57 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2012-06-21 15:29 - 2008-01-12 18:12 - 00000000 ____D C:\users\james
2012-06-21 15:25 - 2012-06-21 15:25 - 00000000 ____D C:\Users\james\AppData\Local\{69284EF0-F5DF-4F08-9424-36207DC62B49}
2012-06-21 15:25 - 2012-06-21 15:24 - 00000000 ____D C:\Users\james\AppData\Local\{5B8EA301-0DCB-4339-A3C8-0F939C19AEF7}
2012-06-21 12:30 - 2012-06-21 12:30 - 00000632 _RASH C:\Users\jean\ntuser.pol
2012-06-21 12:30 - 2008-01-20 15:18 - 00000000 ____D C:\users\jean
2012-06-21 11:59 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2012-06-21 01:37 - 2012-06-16 19:18 - 00000000 ____D C:\Users\jean\AppData\Local\{0E3DFB9A-316D-DF29-16F5-F90AF6E1CA1D}
2012-06-21 01:37 - 2012-01-11 16:12 - 00000000 __SHD C:\Users\jean\AppData\Local\{93a668a7-6af6-2a40-13ab-1cfd8bb267d1}
2012-06-21 00:18 - 2012-06-21 00:18 - 00000632 _RASH C:\Users\james\ntuser.pol
2012-06-21 00:18 - 2006-11-02 12:18 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2012-06-20 21:34 - 2012-06-20 21:34 - 00000000 ____D C:\Program Files\ESET
2012-06-20 20:46 - 2012-06-11 11:03 - 00008394 ____A C:\Windows\PFRO.log
2012-06-20 13:32 - 2012-06-20 12:53 - 00000000 ____D C:\Qoobox
2012-06-20 13:32 - 2012-06-20 12:53 - 00000000 ____D C:\ComboFix
2012-06-20 13:32 - 2011-05-15 21:56 - 00000000 ____D C:\users\marsilio
2012-06-20 13:32 - 2006-11-02 12:18 - 00000000 __RHD C:\users\Default
2012-06-20 13:32 - 2006-11-02 12:18 - 00000000 ___RD C:\users\Public
2012-06-20 13:26 - 2012-06-20 12:51 - 00000000 ____D C:\Windows\erdnt
2012-06-20 13:22 - 2006-11-02 11:23 - 00000215 ____A C:\Windows\system.ini
2012-06-20 12:50 - 2012-06-20 12:50 - 04562361 ____R (Swearware) C:\Users\james\Downloads\ComboFix.exe
2012-06-20 12:34 - 2012-06-20 12:34 - 00000000 ____D C:\Users\james\AppData\Roaming\WinRAR
2012-06-20 12:33 - 2012-06-20 12:33 - 00044607 ____A C:\Users\james\Desktop\bootkit_remover.zip
2012-06-20 12:25 - 2012-06-20 12:25 - 00000000 ____D C:\Users\james\AppData\Local\{17A648AC-BFB3-4EFF-B65B-E7FB619A6018}
2012-06-20 12:18 - 2012-06-20 12:18 - 00044607 ____A C:\Users\jean\Desktop\bootkit_remover.zip
2012-06-20 12:02 - 2012-06-20 12:02 - 00000000 ____D C:\Users\jean\AppData\Local\{0E1F8AA5-7977-445D-8756-ACE0C458B960}
2012-06-20 12:02 - 2012-06-20 12:01 - 00000000 ____D C:\Users\jean\AppData\Local\{1691D4F9-8432-4322-8B8B-2661DDA43184}
2012-06-20 12:02 - 2010-10-30 16:18 - 00000000 ____D C:\Users\jean\AppData\Local\Windows Live
2012-06-20 02:38 - 2012-06-20 02:38 - 00001302 ____A C:\Users\james\Documents\log.xml
2012-06-20 01:19 - 2012-06-20 01:14 - 00001134 ____A C:\Users\jean\Desktop\DDS.lnk
2012-06-20 00:23 - 2012-06-20 00:23 - 00001578 ____A C:\Users\jean\Desktop\aswMBR.txt
2012-06-20 00:23 - 2012-06-20 00:23 - 00000512 ____A C:\Users\jean\Desktop\MBR.dat
2012-06-20 00:05 - 2012-06-12 13:01 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-20 00:05 - 2011-07-06 20:27 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-06-20 00:04 - 2012-06-20 00:03 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\jean\Desktop\mbam-setup-1.61.0.1400.exe
2012-06-19 23:18 - 2012-06-19 23:18 - 00475712 ____A (McAfee, Inc.) C:\Users\jean\Desktop\rootkitremover.exe
2012-06-19 23:18 - 2012-06-19 23:18 - 00000240 ____A C:\Users\jean\Desktop\RootkitRemover20120619231850.txt
2012-06-19 22:53 - 2012-06-19 22:53 - 00017488 ____A (AVG Technologies) C:\Windows\System32\Drivers\rm.sys
2012-06-19 22:51 - 2012-06-19 22:51 - 02506080 ____A C:\Users\jean\Desktop\avg_rem_zeroaccess_all_1_790.exe
2012-06-19 22:44 - 2012-06-19 22:44 - 00001947 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2012-06-19 22:44 - 2012-06-19 22:44 - 00000000 ____D C:\Users\All Users\McAfee Security Scan
2012-06-19 22:43 - 2012-06-19 22:43 - 00000000 ____D C:\Program Files\McAfee Security Scan
2012-06-19 22:09 - 2012-06-19 22:09 - 03503224 ____A (McAfee, Inc.) C:\Users\jean\Desktop\SecurityScan_Release.exe
2012-06-19 20:01 - 2012-06-19 18:37 - 00335504 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\TrufosAlt.sys
2012-06-19 19:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2012-06-19 19:25 - 2012-06-19 19:25 - 00000000 ____D C:\Users\jean\AppData\Local\{66E86A51-6B37-44C0-B1E0-7AA06D071CA9}
2012-06-19 19:25 - 2012-06-19 19:19 - 00000000 ____D C:\Users\jean\AppData\Local\{45460FC7-C0E7-471E-9966-DF91F8C26879}
2012-06-19 19:17 - 2012-06-19 19:17 - 00138000 ____A C:\Windows\Minidump\Mini061912-03.dmp
2012-06-19 19:17 - 2012-06-19 14:01 - 247703530 ____A C:\Windows\MEMORY.DMP
2012-06-19 19:17 - 2008-03-16 22:20 - 00000000 ____D C:\Windows\Minidump
2012-06-19 19:05 - 2012-06-19 19:06 - 01805736 ____A C:\Users\jean\Desktop\FixZeroAccess.exe.j73zmu8.partial
2012-06-19 18:30 - 2012-06-19 18:30 - 06161539 ____A C:\Users\jean\Desktop\ZeroAccess_Removal_Tool_-_32-bit_only.zip
2012-06-19 17:37 - 2012-06-19 17:37 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3fda3a08-afdc-49ca-ac6b-0275e856fc8a.job
2012-06-19 17:30 - 2008-01-12 21:41 - 00000000 ____D C:\Program Files\Windows Live
2012-06-19 17:05 - 2012-06-19 17:05 - 00000000 ____D C:\Users\jean\AppData\Local\{A06E2C6E-59AE-4E05-95FE-AD8D2D142AA6}
2012-06-19 17:05 - 2012-06-19 17:04 - 00000000 ____D C:\Users\jean\AppData\Local\{8FFEB4DD-E981-433E-A34A-A5C08AB2E5E5}
2012-06-19 16:44 - 2012-06-19 16:44 - 01805736 ____A (Symantec Corporation) C:\Users\jean\Desktop\FixZeroAccess.exe
2012-06-19 16:22 - 2012-06-19 16:22 - 00000000 ____D C:\Users\jean\AppData\Local\{0DE770A4-DAD7-4555-A400-74037ACA8BE2}
2012-06-19 16:20 - 2012-06-19 16:20 - 00138000 ____A C:\Windows\Minidump\Mini061912-02.dmp
2012-06-19 14:48 - 2012-06-19 14:48 - 00302592 ____A C:\Users\jean\Desktop\8xkux1x6.exe
2012-06-19 14:35 - 2012-06-19 14:35 - 00607260 ____R (Swearware) C:\Users\jean\Downloads\dds.scr
2012-06-19 14:04 - 2012-06-19 14:04 - 00000000 ____D C:\Users\jean\AppData\Local\{B70845EC-FF5D-4308-A993-50587D3FA288}
2012-06-19 14:04 - 2012-06-19 14:04 - 00000000 ____D C:\Users\jean\AppData\Local\{4867F9CA-5EDB-48B4-B68F-78A6106D554C}
2012-06-19 14:02 - 2009-01-26 07:16 - 00007620 ____A C:\Users\jean\AppData\Local\d3d9caps.dat
2012-06-19 14:01 - 2012-06-19 14:01 - 00138000 ____A C:\Windows\Minidump\Mini061912-01.dmp
2012-06-19 13:25 - 2012-06-19 13:25 - 00302592 ____A C:\Users\jean\Downloads\iwslrbz6123.exe
2012-06-19 13:14 - 2012-06-19 13:14 - 00000000 ____D C:\Users\jean\AppData\Local\{76794B1A-7780-44F4-9878-0AEBB6CB49BD}
2012-06-19 13:14 - 2012-06-19 13:13 - 00000000 ____D C:\Users\jean\AppData\Local\{A4A9F183-3319-4CD9-B5B9-F4B8360BB5CD}
2012-06-19 13:00 - 2012-06-19 13:00 - 00000000 ____D C:\Users\james\AppData\Roaming\SUPERAntiSpyware.com
2012-06-19 12:44 - 2012-06-19 12:44 - 00000000 ____D C:\Users\jean\AppData\Local\{3FC4DECF-9639-43F6-BC95-0E038A572AAB}
2012-06-19 12:44 - 2012-06-19 12:43 - 00000000 ____D C:\Users\jean\AppData\Local\{7C1116F5-88AB-4CE0-A0C4-D5B333D699C2}
2012-06-19 03:01 - 2012-06-19 02:59 - 00177792 ____A C:\Users\jean\Downloads\562354-5.zip
2012-06-19 02:56 - 2012-06-19 02:56 - 00302592 ____A C:\Users\jean\Downloads\bimylg9mgamer.exe
2012-06-18 23:43 - 2012-06-18 23:43 - 00000000 ____D C:\Users\james\AppData\Roaming\FixZeroAccess
2012-06-18 23:42 - 2012-06-18 23:42 - 01805736 ____A (Symantec Corporation) C:\Users\james\Downloads\FixZeroAccess123.exe
2012-06-18 23:38 - 2012-06-18 23:37 - 00000000 ____D C:\Users\james\AppData\Local\{62C5C8B9-FB49-47C9-8D46-098E24552E29}
2012-06-18 23:29 - 2012-06-18 23:07 - 01805736 ____A (Symantec Corporation) C:\Users\jean\Downloads\FixZeroAccess.exe
2012-06-18 22:30 - 2010-08-16 17:54 - 00000000 ____D C:\Program Files\McAfee
2012-06-18 22:27 - 2012-06-18 22:01 - 00000000 ____D C:\Program Files\PC Tools
2012-06-18 22:27 - 2012-06-18 21:54 - 00000000 ____D C:\Program Files\Common Files\PC Tools
2012-06-18 22:13 - 2012-06-18 21:53 - 00000000 ____D C:\Users\All Users\PC Tools
2012-06-18 22:00 - 2012-06-18 21:54 - 02377637 ____A C:\Windows\System32\Drivers\Cat.DB
2012-06-18 21:53 - 2012-06-18 21:53 - 00000000 ____D C:\Users\james\AppData\Roaming\TestApp
2012-06-18 21:50 - 2012-06-18 21:49 - 00187464 ____A (Webroot) C:\Users\jean\Downloads\antizeroaccess.exe
2012-06-18 19:48 - 2012-06-18 19:48 - 00000000 ____A C:\Users\jean\Downloads\Download.dv80udv.partial
2012-06-18 13:01 - 2012-06-18 13:01 - 00001800 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2012-06-18 13:01 - 2012-06-18 13:01 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c9320ecb-aeb5-46bd-b685-83e80ae6544b.job
2012-06-18 13:01 - 2012-06-18 13:01 - 00000000 ____D C:\Users\jean\AppData\Roaming\SUPERAntiSpyware.com
2012-06-18 13:01 - 2012-06-18 13:01 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-06-18 13:01 - 2012-06-18 13:01 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-18 04:02 - 2012-06-18 04:02 - 00009048 ____A C:\Windows\System32\.crusader
2012-06-18 04:02 - 2012-06-18 03:38 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-06-18 03:39 - 2012-06-18 03:39 - 00001732 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2012-06-18 03:39 - 2012-06-18 03:39 - 00000000 ____D C:\Program Files\HitmanPro
2012-06-18 02:15 - 2012-06-18 02:15 - 02109032 ____A C:\Users\jean\Downloads\tdsskiller.zip
2012-06-18 01:50 - 2012-06-18 01:50 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-17 18:23 - 2012-06-14 20:33 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-17 18:15 - 2012-06-17 18:15 - 00000000 ____D C:\Users\jean\AppData\Local\{36F5D036-631F-48E2-A27F-AAAAE4B428D2}
2012-06-17 18:03 - 2012-06-17 18:03 - 00001664 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-17 18:03 - 2012-06-17 17:58 - 00000000 ____D C:\Program Files\iTunes
2012-06-17 17:58 - 2012-06-17 17:58 - 00000000 ____D C:\Program Files\iPod
2012-06-17 17:58 - 2011-03-25 18:36 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-06-17 17:28 - 2012-06-12 14:12 - 00000000 ____D C:\sh4ldr
2012-06-17 17:04 - 2012-06-17 17:04 - 00000000 ____D C:\Users\james\Documents\OneNote Notebooks
2012-06-17 16:32 - 2012-06-17 16:32 - 00000000 ____D C:\Users\All Users\Sun
2012-06-17 16:30 - 2012-06-17 16:31 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-06-17 16:30 - 2012-06-17 16:31 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-06-17 16:19 - 2012-06-17 16:19 - 00000000 ____D C:\Users\james\AppData\Local\{6B59B8EE-C923-45D8-B45C-5B578CE8439F}
2012-06-17 16:17 - 2008-01-19 00:00 - 00000000 ____D C:\Users\james\AppData\Roaming\Apple Computer
2012-06-17 11:56 - 2012-06-17 11:56 - 00000396 ____A C:\Users\jean\Documents\cc_20120617_115603.reg
2012-06-17 10:56 - 2012-06-17 10:56 - 00000000 ____D C:\Users\jean\AppData\Local\{90F494DC-5781-461E-BC5F-4FB91CAF3C5A}
2012-06-16 21:20 - 2012-06-16 21:20 - 00037988 ____A C:\Users\jean\Documents\cc_20120616_212024.reg
2012-06-16 20:59 - 2012-06-12 12:33 - 00000370 ____A C:\rkill.log
2012-06-16 12:03 - 2012-06-16 12:03 - 00000000 ____D C:\Users\jean\AppData\Local\{76510193-9989-4E34-A5D8-FD5F775CF826}
2012-06-16 03:19 - 2012-06-12 16:52 - 00000440 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
2012-06-16 00:03 - 2012-03-30 00:05 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-16 00:03 - 2011-05-25 17:14 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-15 23:24 - 2012-06-15 23:24 - 00000000 ____D C:\Users\james\AppData\Local\Secunia PSI
2012-06-15 23:23 - 2012-06-15 23:23 - 00000000 ____D C:\Program Files\Secunia
2012-06-15 12:13 - 2012-06-15 12:13 - 00000000 ____D C:\Users\jean\AppData\Local\{3A9DE879-DA58-48BA-8BC0-08C36EE6015C}
2012-06-14 22:59 - 2012-06-14 22:59 - 00000000 ____D C:\Users\jean\AppData\Local\{78309313-033F-4099-B799-D546A3833FA9}
2012-06-14 21:47 - 2012-06-14 21:47 - 00000241 ____A C:\Windows\wininit.ini
2012-06-14 20:38 - 2012-06-14 20:33 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2012-06-14 20:33 - 2012-06-14 20:33 - 00001055 ____A C:\Users\james\Desktop\Spybot - Search & Destroy.lnk
2012-06-14 20:25 - 2012-06-14 20:25 - 00000647 ____A C:\Users\jean\Desktop\CBS - Shortcut.lnk
2012-06-14 19:26 - 2008-02-22 18:10 - 00000000 ____D C:\Users\jean\AppData\Roaming\Microgaming
2012-06-14 19:16 - 2008-01-12 22:56 - 00000000 ____D C:\Users\All Users\Yahoo! Companion
2012-06-14 19:13 - 2010-07-21 20:03 - 00000000 ____D C:\Users\jean\AppData\Local\Full Tilt Poker
2012-06-14 19:08 - 2012-06-14 19:08 - 00000000 ____D C:\Users\jean\AppData\Local\{1EC90F58-1E27-43F2-BDDD-A5060B59D39A}
2012-06-14 14:56 - 2012-06-14 14:56 - 00000000 ____D C:\Users\jean\AppData\Local\{042B017C-61C3-4A8A-81BA-5BA29E8BC3E2}
2012-06-14 14:56 - 2012-06-14 14:55 - 00000000 ____D C:\Users\jean\AppData\Local\{A86A610D-DDCB-4371-B3D9-312EA73F44AF}
2012-06-14 11:51 - 2009-03-03 15:53 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2012-06-14 11:15 - 2012-06-14 11:15 - 00000000 ____D C:\Users\jean\AppData\Local\{EBCBB7C0-E973-4A82-85C9-EAF596891CAD}
2012-06-14 11:15 - 2012-06-14 11:14 - 00000000 ____D C:\Users\jean\AppData\Local\{65D6E1A6-235E-419B-8180-992F6833151F}
2012-06-14 11:08 - 2006-11-02 13:47 - 00473624 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 19:23 - 2007-04-20 08:48 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-13 19:15 - 2006-11-02 11:33 - 00709998 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-13 19:06 - 2006-11-02 11:24 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-06-13 17:25 - 2012-06-13 17:25 - 00000000 ____D C:\Users\jean\AppData\Local\{A233E812-4AA8-4FEC-8A57-25DF1F7DD531}
2012-06-13 14:16 - 2012-06-13 14:16 - 00000000 ____D C:\Users\jean\AppData\Local\{FD60AE0E-59DB-4847-B7A0-BCB08B7CBDDA}
2012-06-13 14:16 - 2012-06-13 14:16 - 00000000 ____D C:\Users\jean\AppData\Local\{5A619025-98A7-4BC5-9EF9-896505436547}
2012-06-13 10:34 - 2012-06-13 10:33 - 00000000 ____D C:\Users\jean\AppData\Local\{BAF98E6A-D71C-42B2-B60D-7FE508B213EA}
2012-06-13 10:33 - 2012-06-13 10:33 - 00000000 ____D C:\Users\jean\AppData\Local\{B8DDECB3-26FF-4D7D-A641-EF168589599E}
2012-06-13 10:31 - 2007-04-20 09:08 - 00000000 ____D C:\Users\All Users\Adobe
2012-06-12 17:48 - 2012-06-12 17:48 - 00000515 ____A C:\Users\jean\Downloads\iExplore - Shortcut.lnk
2012-06-12 17:47 - 2012-06-12 17:47 - 01012656 ____A C:\Users\jean\Downloads\iExplore.exe
2012-06-12 16:52 - 2012-06-12 16:52 - 00000000 ____D C:\Users\james\AppData\Roaming\SpeedyPC Software
2012-06-12 16:52 - 2012-06-12 16:52 - 00000000 ____D C:\Users\james\AppData\Roaming\DriverCure
2012-06-12 16:52 - 2012-06-12 16:51 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-06-12 16:51 - 2012-06-12 16:51 - 00000000 ____D C:\Program Files\Common Files\SpeedyPC Software
2012-06-12 16:46 - 2012-06-12 16:46 - 00000000 ____D C:\Users\jean\AppData\Local\{D9A5548B-6A66-405A-920F-9E87DAC8E57A}
2012-06-12 16:46 - 2012-06-12 16:46 - 00000000 ____D C:\Users\jean\AppData\Local\{3186D742-06D8-4234-B0FA-A8A6311F70BE}
2012-06-12 14:42 - 2012-06-12 14:11 - 00000000 ____D C:\Windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP
2012-06-12 14:14 - 2011-09-21 18:28 - 00000841 ____A C:\Users\jean\Desktop\X17-22376 - Shortcut.lnk
2012-06-12 14:14 - 2011-05-03 21:08 - 00001175 ____A C:\Users\jean\Desktop\FSI - French Basic Course (Revised) - Volume 1 - Unit 01 1.1 - Shortcut.lnk
2012-06-12 14:14 - 2009-02-07 12:11 - 00001075 ____A C:\Users\jean\Desktop\Rock'em Poker.lnk
2012-06-12 14:12 - 2012-06-12 14:12 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-06-12 14:11 - 2012-06-12 14:11 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-06-12 13:15 - 2012-06-12 13:15 - 00000000 ____D C:\Users\jean\AppData\Local\{F3F7C503-6D4B-4679-9630-15D1A5B88756}
2012-06-12 13:15 - 2012-06-12 13:15 - 00000000 ____D C:\Users\jean\AppData\Local\{2C7422DD-EEAF-4DA1-B457-3A6C783B3FDC}
2012-06-12 13:01 - 2012-06-12 13:01 - 00000000 ____D C:\Users\james\AppData\Roaming\Malwarebytes
2012-06-12 12:14 - 2012-06-12 12:13 - 00000000 ____D C:\Users\jean\AppData\Local\{A1818FFE-9A51-4852-8554-C1FA99214BDD}
2012-06-12 12:13 - 2012-06-12 12:13 - 00000000 ____D C:\Users\jean\AppData\Local\{68BD0217-A224-4DD4-9A0B-7B3254A6D90C}
2012-06-12 11:17 - 2012-06-12 11:17 - 00000000 ____D C:\Users\jean\AppData\Local\{3EF1D25D-347A-4192-B0C8-457EC99B1488}
2012-06-12 11:16 - 2012-06-12 11:16 - 00000000 ____D C:\Users\jean\AppData\Local\{39389EC5-69D3-4D2A-8B3C-1CBBB4E99217}
2012-06-12 11:01 - 2012-06-12 11:01 - 00000000 ____D C:\Users\jean\AppData\Local\{69DCCB77-81D9-4109-B8BD-16BA221F4FCB}
2012-06-12 11:01 - 2012-06-12 11:00 - 00000000 ____D C:\Users\jean\AppData\Local\{E0E38462-596A-4FE3-8264-5DE280501A20}
2012-06-12 05:08 - 2012-06-12 05:08 - 36251324 ____A C:\Users\james\Downloads\msert.exe.grx0qfx.partial
2012-06-12 04:40 - 2012-06-12 04:40 - 00000000 ____D C:\Users\jean\AppData\Local\{AB4BA9C7-24DA-477A-AC68-305B04C0BD37}
2012-06-12 04:40 - 2012-06-12 04:38 - 00000000 ____D C:\Users\jean\AppData\Local\{B8BBAC88-2E6F-45D9-B099-9EE3FE76864D}
2012-06-12 03:55 - 2012-06-12 03:55 - 00000000 ____D C:\Users\jean\AppData\Local\{8AB0FEC3-A9C6-48BA-9294-97BCEA00279B}
2012-06-12 02:25 - 2012-06-12 02:25 - 00000000 ____D C:\Users\jean\AppData\Local\{857554D0-24E2-4685-8D8F-178792F3A55F}
2012-06-11 18:56 - 2012-06-11 18:56 - 00000000 ____D C:\Users\jean\AppData\Local\{D6FD52A2-7873-4445-B6E1-8CB7B0B74212}
2012-06-11 18:56 - 2012-06-11 18:55 - 00000000 ____D C:\Users\jean\AppData\Local\{8888DCE7-C575-4969-A413-A4D3DAE24539}
2012-06-11 11:06 - 2012-06-11 11:06 - 00000000 ____D C:\Users\jean\AppData\Local\{2A191DCE-425D-4F56-8A7E-AB139C649617}
2012-06-11 11:06 - 2012-06-11 11:05 - 00000000 ____D C:\Users\jean\AppData\Local\{C4796C1E-5C24-4531-A8AC-D469B10949D8}
2012-06-10 23:06 - 2008-01-20 15:19 - 00000000 ____D C:\Users\jean\AppData\Roaming\Adobe
2012-06-10 22:50 - 2012-06-10 22:50 - 00001892 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-06-10 22:50 - 2008-02-18 02:43 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-06-10 22:49 - 2007-04-20 09:08 - 00000000 ____D C:\Program Files\Adobe
2012-06-10 22:48 - 2008-01-25 03:32 - 00000000 ____D C:\Users\james\AppData\Local\Adobe
2012-06-10 20:36 - 2012-06-10 20:36 - 00000000 ____D C:\Users\jean\AppData\Local\{EFD3F31D-4E7F-4F59-85AB-3F6A8F3A50A3}
2012-06-10 20:36 - 2012-06-10 20:35 - 00000000 ____D C:\Users\jean\AppData\Local\{4947E37B-E4BE-415D-9E3A-E7C350B4C2FE}
2012-06-09 23:00 - 2012-06-09 23:00 - 00000000 ____D C:\Users\jean\AppData\Local\{48A8A870-42BE-4364-8E3B-312FEAD256EB}
2012-06-09 23:00 - 2012-06-09 22:59 - 00000000 ____D C:\Users\jean\AppData\Local\{607BB839-3DE1-4B14-8C75-1016327649E6}
2012-06-09 19:00 - 2012-06-09 18:59 - 00000000 ____D C:\Users\jean\AppData\Local\{B97048E3-AFCC-40B6-93F8-9837CD7F3A4A}
2012-06-09 18:59 - 2012-06-09 18:58 - 00000000 ____D C:\Users\jean\AppData\Local\{00CC84A5-0D9A-405D-9D9B-0BA9CF1409E1}
2012-06-09 16:13 - 2012-06-09 16:13 - 00000000 ____D C:\Users\jean\AppData\Local\{EF1A0B9F-8D2A-4890-A222-75C41F0AE384}
2012-06-09 16:13 - 2012-06-09 16:13 - 00000000 ____D C:\Users\jean\AppData\Local\{1A1841FE-7E53-4A2B-895C-9A80BD366AD5}
2012-06-08 17:48 - 2012-06-08 17:47 - 00000000 ____D C:\Users\jean\AppData\Local\{B7F3D745-F808-4A52-A6AA-59F652063A65}
2012-06-08 17:47 - 2012-06-08 17:47 - 00000000 ____D C:\Users\jean\AppData\Local\{6F3E3FB3-101E-42CC-92C1-CA892CC40B94}
2012-06-08 16:35 - 2012-06-08 16:35 - 00000000 ____D C:\Users\jean\AppData\Local\{6388CF50-75EF-4894-AD5D-185F3FDA773D}
2012-06-08 14:56 - 2012-06-08 14:55 - 00000000 ____D C:\Users\jean\AppData\Local\{EE1FA203-8096-4706-A188-3B9AECBB41CE}
2012-06-08 14:55 - 2012-06-08 14:55 - 00000000 ____D C:\Users\jean\AppData\Local\{438E0E69-314E-4A87-99EE-1E3465F5D5DC}
2012-06-08 11:53 - 2012-06-08 11:53 - 00000000 ____D C:\Users\jean\AppData\Local\{2BCA5C66-970C-4FB8-B94A-DF8F922E318E}
2012-06-08 11:53 - 2012-06-08 11:52 - 00000000 ____D C:\Users\jean\AppData\Local\{3F5E3C66-3EC0-4E84-BABE-B9CB7AC0DC74}
2012-06-07 18:42 - 2012-06-07 18:42 - 00000000 ____D C:\Users\jean\AppData\Local\{B55774C4-DB96-4C1D-9CD8-AB9652D0A338}
2012-06-07 18:42 - 2012-06-07 18:42 - 00000000 ____D C:\Users\jean\AppData\Local\{2276DAFC-BD82-4756-916F-D9584E17C84C}
2012-06-07 10:46 - 2012-06-07 10:46 - 00000000 ____D C:\Users\jean\AppData\Local\{882D7038-3A40-44B9-A319-B474CA8318A4}
2012-06-07 10:46 - 2012-06-07 10:46 - 00000000 ____D C:\Users\jean\AppData\Local\{5EA8914F-BFAB-42D5-BA3C-7B67D7AC8F67}
2012-06-06 22:47 - 2012-06-06 22:47 - 00000000 ____D C:\Users\jean\AppData\Local\{A079B404-9CF1-4B36-B22F-D5E1DE60E1D0}
2012-06-06 22:47 - 2012-06-06 22:47 - 00000000 ____D C:\Users\jean\AppData\Local\{483AB6C8-2567-4F60-9D24-C452CDD71FB6}
2012-06-06 18:34 - 2012-06-06 18:34 - 00000000 ____D C:\Users\jean\AppData\Local\{C06CFD45-CDA7-47B8-AED0-52B46BAB7A80}
2012-06-06 18:34 - 2012-06-06 18:34 - 00000000 ____D C:\Users\jean\AppData\Local\{78810931-B5CB-440C-8B5E-9857F5C41A36}
2012-06-06 17:45 - 2012-06-06 17:45 - 00000000 ____D C:\Users\jean\AppData\Local\{5D07DB13-A2E5-4E7C-A8C1-581F53E769E7}
2012-06-06 17:45 - 2012-06-06 17:44 - 00000000 ____D C:\Users\jean\AppData\Local\{CD3F963C-DFCE-4F9D-8D61-DF2E74B5838C}
2012-06-05 17:16 - 2012-06-05 17:16 - 00000000 ____D C:\Users\jean\AppData\Local\{09657DDD-2E11-4A68-98F6-CD26D8F281E8}
2012-06-05 17:16 - 2012-06-05 17:15 - 00000000 ____D C:\Users\jean\AppData\Local\{0C9F00F3-0C47-4605-93AA-EDB0F00BFB09}
2012-06-05 14:28 - 2012-06-05 14:28 - 00000000 ____D C:\Users\jean\AppData\Local\{2B9DF9BA-457B-4063-B2C6-A69B4B2D3E52}
2012-06-05 14:28 - 2012-06-05 14:28 - 00000000 ____D C:\Users\jean\AppData\Local\{0F6BECBF-1B0F-4BA8-AA5A-C85EE792417D}
2012-06-04 18:00 - 2012-06-04 18:00 - 00000000 ____D C:\Users\jean\AppData\Local\{82E39550-19FA-47E9-8431-9666C59CC251}
2012-06-03 22:58 - 2012-06-03 22:58 - 00000000 ____D C:\Users\jean\AppData\Local\{97FC385A-C082-40DF-9562-4CE3A8577D59}
2012-06-03 20:10 - 2012-06-03 20:10 - 00000000 ____D C:\Users\jean\AppData\Local\{F7E9F3A2-9D0D-46D9-8BAA-C4C4A059C0D2}
2012-06-03 20:10 - 2012-06-03 20:10 - 00000000 ____D C:\Users\jean\AppData\Local\{C2E953C9-49FC-4636-B963-036B2762C2F2}
2012-06-02 23:19 - 2012-06-21 10:03 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 23:19 - 2012-06-21 10:03 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 23:19 - 2012-06-21 10:03 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 23:19 - 2012-06-21 10:01 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 23:19 - 2012-06-21 10:01 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 23:12 - 2012-06-21 10:03 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 23:12 - 2012-06-21 10:01 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:19 - 2012-06-21 10:01 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:12 - 2012-06-21 10:01 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 10:05 - 2012-06-01 10:05 - 00000000 ____D C:\Users\jean\AppData\Local\{26CF40BD-E253-4AEB-B674-0BB93F735EF3}
2012-06-01 10:05 - 2012-06-01 10:04 - 00000000 ____D C:\Users\jean\AppData\Local\{9AB04190-B508-4458-84E6-A04B295C7713}
2012-05-31 14:51 - 2012-05-31 14:51 - 00000000 ____D C:\Users\jean\AppData\Local\{C948C1B1-AE27-43BA-B13B-3D68962218E2}
2012-05-31 14:51 - 2012-05-31 14:51 - 00000000 ____D C:\Users\jean\AppData\Local\{BB268D53-70AD-4012-B638-DCD2BDB077A7}
2012-05-31 11:39 - 2012-05-31 11:38 - 00000000 ____D C:\Users\jean\AppData\Local\{2E9CDF2C-93AC-45AD-ADF3-841B7BCFE0F6}
2012-05-31 11:38 - 2012-05-31 11:38 - 00000000 ____D C:\Users\jean\AppData\Local\{2278B59B-5863-4FFA-B915-495C62D56DAA}
2012-05-30 23:09 - 2012-05-30 23:09 - 00000000 ____D C:\Users\jean\AppData\Local\{15CCB007-90CD-43F8-8957-BE63D5E70D6F}
2012-05-30 23:09 - 2012-05-30 23:08 - 00000000 ____D C:\Users\jean\AppData\Local\{1731237E-BE6A-46BB-A964-106E7C559FA0}
2012-05-30 15:55 - 2012-05-30 15:55 - 00000000 ____D C:\Users\jean\AppData\Local\{BA370A31-C71D-4597-B027-EE33E19A913D}
2012-05-29 21:33 - 2012-05-29 21:33 - 00000000 ____D C:\Users\jean\AppData\Local\{ADA77EA7-EF5C-4E29-9950-ED25F82EEC97}
2012-05-29 17:43 - 2012-05-29 17:43 - 00000000 ____D C:\Users\jean\AppData\Local\{FBFAC693-84A8-492C-8A86-AEDF5E8D3B27}
2012-05-29 17:43 - 2012-05-29 17:43 - 00000000 ____D C:\Users\jean\AppData\Local\{DC9ADBDD-7D17-4893-9D8E-908B0B388115}
2012-05-29 12:11 - 2012-05-29 12:11 - 00000000 ____D C:\Users\jean\AppData\Local\{C17B9321-B083-4DEE-80CD-BE82A7EC683B}
2012-05-29 12:11 - 2012-05-29 12:11 - 00000000 ____D C:\Users\jean\AppData\Local\{38DABF5E-80A6-4682-BAFA-5DA5131565F9}
2012-05-28 17:28 - 2012-05-28 17:28 - 00000000 ____D C:\Users\jean\AppData\Local\{EA20EFE7-E8CE-4B37-BFA1-044703D65DE8}
2012-05-28 13:41 - 2012-05-28 13:41 - 00000000 ____D C:\Users\

broni · 2012/06/21

Still some part(s) missing.

rizzla · 2012/06/21

log

Too large to post here -too many words.
Hope you can understand it .Cant seem to find attach.
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-06-2012 01
Ran by james at 22-06-2012 02:08:32
Running from C:\Users\jean\Desktop
Service Pack 2 (X86) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.

============ One Month Created Files and Folders ==============

2012-06-22 01:50 - 2012-06-22 01:50 - 00876898 ____A C:\Users\jean\Desktop\FRST.exe
2012-06-22 01:34 - 2012-06-22 01:35 - 00093245 ____A C:\Users\james\Desktop\FRST.txt
2012-06-22 01:32 - 2012-06-22 02:08 - 00000000 ____D C:\FRST
2012-06-22 01:27 - 2012-06-22 01:32 - 00876898 ____A C:\Users\james\Desktop\FRST.exe
2012-06-22 01:21 - 2012-06-22 01:21 - 00000000 ____A C:\Users\james\AppData\Local\FnF4.txt
2012-06-21 21:01 - 2012-06-21 21:01 - 00000000 ____A C:\Windows\setuperr.log
2012-06-21 21:01 - 2012-06-21 21:01 - 00000000 ____A C:\Windows\setupact.log
2012-06-21 16:05 - 2012-06-21 16:05 - 00000000 ____D C:\Users\james\AppData\Local\{DB10FC9C-0C28-4B44-83AB-A61CFFE6021E}
2012-06-21 16:05 - 2012-06-21 16:05 - 00000000 ____D C:\Users\james\AppData\Local\{78B24FEA-6D35-49AF-A3CA-8D01F0E33EDA}
2012-06-21 15:25 - 2012-06-21 15:25 - 00000000 ____D C:\Users\james\AppData\Local\{69284EF0-F5DF-4F08-9424-36207DC62B49}
2012-06-21 15:24 - 2012-06-21 15:25 - 00000000 ____D C:\Users\james\AppData\Local\{5B8EA301-0DCB-4339-A3C8-0F939C19AEF7}
2012-06-21 15:19 - 2012-06-21 20:37 - 00000000 ____D C:\Users\james\Desktop\zeroaccess
2012-06-21 12:30 - 2012-06-21 12:30 - 00000632 _RASH C:\Users\jean\ntuser.pol
2012-06-21 10:03 - 2012-06-02 23:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 10:03 - 2012-06-02 23:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 10:03 - 2012-06-02 23:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 10:03 - 2012-06-02 23:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 10:01 - 2012-06-02 23:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 10:01 - 2012-06-02 23:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 10:01 - 2012-06-02 23:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 10:01 - 2012-06-02 15:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 10:01 - 2012-06-02 15:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-21 00:18 - 2012-06-21 00:18 - 00000632 _RASH C:\Users\james\ntuser.pol
2012-06-20 21:34 - 2012-06-20 21:34 - 00000000 ____D C:\Program Files\ESET
2012-06-20 12:53 - 2012-06-20 13:32 - 00000000 ____D C:\Qoobox
2012-06-20 12:53 - 2012-06-20 13:32 - 00000000 ____D C:\ComboFix
2012-06-20 12:53 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-20 12:53 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-20 12:53 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-20 12:53 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-20 12:53 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-20 12:53 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-20 12:53 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-20 12:53 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-20 12:51 - 2012-06-20 13:26 - 00000000 ____D C:\Windows\erdnt
2012-06-20 12:50 - 2012-06-20 12:50 - 04562361 ____R (Swearware) C:\Users\james\Downloads\ComboFix.exe
2012-06-20 12:34 - 2012-06-20 12:34 - 00000000 ____D C:\Users\james\AppData\Roaming\WinRAR
2012-06-20 12:33 - 2012-06-20 12:33 - 00044607 ____A C:\Users\james\Desktop\bootkit_remover.zip
2012-06-20 12:25 - 2012-06-20 12:25 - 00000000 ____D C:\Users\james\AppData\Local\{17A648AC-BFB3-4EFF-B65B-E7FB619A6018}
2012-06-20 12:18 - 2012-06-20 12:18 - 00044607 ____A C:\Users\jean\Desktop\bootkit_remover.zip
2012-06-20 12:02 - 2012-06-20 12:02 - 00000000 ____D C:\Users\jean\AppData\Local\{0E1F8AA5-7977-445D-8756-ACE0C458B960}
2012-06-20 12:01 - 2012-06-20 12:02 - 00000000 ____D C:\Users\jean\AppData\Local\{1691D4F9-8432-4322-8B8B-2661DDA43184}
2012-06-20 02:38 - 2012-06-20 02:38 - 00001302 ____A C:\Users\james\Documents\log.xml
2012-06-20 01:14 - 2012-06-20 01:19 - 00001134 ____A C:\Users\jean\Desktop\DDS.lnk
2012-06-20 00:23 - 2012-06-20 00:23 - 00001578 ____A C:\Users\jean\Desktop\aswMBR.txt
2012-06-20 00:23 - 2012-06-20 00:23 - 00000512 ____A C:\Users\jean\Desktop\MBR.dat
2012-06-20 00:03 - 2012-06-20 00:04 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\jean\Desktop\mbam-setup-1.61.0.1400.exe
2012-06-19 23:18 - 2012-06-19 23:18 - 00475712 ____A (McAfee, Inc.) C:\Users\jean\Desktop\rootkitremover.exe
2012-06-19 23:18 - 2012-06-19 23:18 - 00000240 ____A C:\Users\jean\Desktop\RootkitRemover20120619231850.txt
2012-06-19 22:53 - 2012-06-19 22:53 - 00017488 ____A (AVG Technologies) C:\Windows\System32\Drivers\rm.sys
2012-06-19 22:51 - 2012-06-19 22:51 - 02506080 ____A C:\Users\jean\Desktop\avg_rem_zeroaccess_all_1_790.exe
2012-06-19 22:44 - 2012-06-19 22:44 - 00001947 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2012-06-19 22:44 - 2012-06-19 22:44 - 00000000 ____D C:\Users\All Users\McAfee Security Scan
2012-06-19 22:43 - 2012-06-19 22:43 - 00000000 ____D C:\Program Files\McAfee Security Scan
2012-06-19 22:09 - 2012-06-19 22:09 - 03503224 ____A (McAfee, Inc.) C:\Users\jean\Desktop\SecurityScan_Release.exe
2012-06-19 19:25 - 2012-06-19 19:25 - 00000000 ____D C:\Users\jean\AppData\Local\{66E86A51-6B37-44C0-B1E0-7AA06D071CA9}
2012-06-19 19:19 - 2012-06-19 19:25 - 00000000 ____D C:\Users\jean\AppData\Local\{45460FC7-C0E7-471E-9966-DF91F8C26879}
2012-06-19 19:17 - 2012-06-19 19:17 - 00138000 ____A C:\Windows\Minidump\Mini061912-03.dmp
2012-06-19 19:06 - 2012-06-19 19:05 - 01805736 ____A C:\Users\jean\Desktop\FixZeroAccess.exe.j73zmu8.partial
2012-06-19 18:37 - 2012-06-19 20:01 - 00335504 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\TrufosAlt.sys
2012-06-19 18:30 - 2012-06-19 18:30 - 06161539 ____A C:\Users\jean\Desktop\ZeroAccess_Removal_Tool_-_32-bit_only.zip
2012-06-19 17:59 - 2012-03-08 18:32 - 00039272 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fssfltr.sys
2012-06-19 17:37 - 2012-06-19 17:37 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3fda3a08-afdc-49ca-ac6b-0275e856fc8a.job
2012-06-19 17:05 - 2012-06-19 17:05 - 00000000 ____D C:\Users\jean\AppData\Local\{A06E2C6E-59AE-4E05-95FE-AD8D2D142AA6}
2012-06-19 17:04 - 2012-06-19 17:05 - 00000000 ____D C:\Users\jean\AppData\Local\{8FFEB4DD-E981-433E-A34A-A5C08AB2E5E5}
2012-06-19 16:44 - 2012-06-19 16:44 - 01805736 ____A (Symantec Corporation) C:\Users\jean\Desktop\FixZeroAccess.exe
2012-06-19 16:22 - 2012-06-19 16:22 - 00000000 ____D C:\Users\jean\AppData\Local\{0DE770A4-DAD7-4555-A400-74037ACA8BE2}
2012-06-19 16:20 - 2012-06-19 16:20 - 00138000 ____A C:\Windows\Minidump\Mini061912-02.dmp
2012-06-19 14:48 - 2012-06-19 14:48 - 00302592 ____A C:\Users\jean\Desktop\8xkux1x6.exe
2012-06-19 14:35 - 2012-06-19 14:35 - 00607260 ____R (Swearware) C:\Users\jean\Downloads\dds.scr
2012-06-19 14:04 - 2012-06-19 14:04 - 00000000 ____D C:\Users\jean\AppData\Local\{B70845EC-FF5D-4308-A993-50587D3FA288}
2012-06-19 14:04 - 2012-06-19 14:04 - 00000000 ____D C:\Users\jean\AppData\Local\{4867F9CA-5EDB-48B4-B68F-78A6106D554C}
2012-06-19 14:01 - 2012-06-19 19:17 - 247703530 ____A C:\Windows\MEMORY.DMP
2012-06-19 14:01 - 2012-06-19 14:01 - 00138000 ____A C:\Windows\Minidump\Mini061912-01.dmp
2012-06-19 13:25 - 2012-06-19 13:25 - 00302592 ____A C:\Users\jean\Downloads\iwslrbz6123.exe
2012-06-19 13:14 - 2012-06-19 13:14 - 00000000 ____D C:\Users\jean\AppData\Local\{76794B1A-7780-44F4-9878-0AEBB6CB49BD}
2012-06-19 13:13 - 2012-06-19 13:14 - 00000000 ____D C:\Users\jean\AppData\Local\{A4A9F183-3319-4CD9-B5B9-F4B8360BB5CD}
2012-06-19 13:00 - 2012-06-19 13:00 - 00000000 ____D C:\Users\james\AppData\Roaming\SUPERAntiSpyware.com
2012-06-19 12:57 - 2012-06-21 15:52 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2012-06-19 12:44 - 2012-06-19 12:44 - 00000000 ____D C:\Users\jean\AppData\Local\{3FC4DECF-9639-43F6-BC95-0E038A572AAB}
2012-06-19 12:43 - 2012-06-19 12:44 - 00000000 ____D C:\Users\jean\AppData\Local\{7C1116F5-88AB-4CE0-A0C4-D5B333D699C2}
2012-06-19 02:59 - 2012-06-19 03:01 - 00177792 ____A C:\Users\jean\Downloads\562354-5.zip
2012-06-19 02:56 - 2012-06-19 02:56 - 00302592 ____A C:\Users\jean\Downloads\bimylg9mgamer.exe
2012-06-18 23:43 - 2012-06-18 23:43 - 00000000 ____D C:\Users\james\AppData\Roaming\FixZeroAccess
2012-06-18 23:42 - 2012-06-18 23:42 - 01805736 ____A (Symantec Corporation) C:\Users\james\Downloads\FixZeroAccess123.exe
2012-06-18 23:37 - 2012-06-18 23:38 - 00000000 ____D C:\Users\james\AppData\Local\{62C5C8B9-FB49-47C9-8D46-098E24552E29}
2012-06-18 23:07 - 2012-06-18 23:29 - 01805736 ____A (Symantec Corporation) C:\Users\jean\Downloads\FixZeroAccess.exe
2012-06-18 22:01 - 2012-06-18 22:27 - 00000000 ____D C:\Program Files\PC Tools
2012-06-18 21:54 - 2012-06-18 22:27 - 00000000 ____D C:\Program Files\Common Files\PC Tools
2012-06-18 21:54 - 2012-06-18 22:00 - 02377637 ____A C:\Windows\System32\Drivers\Cat.DB
2012-06-18 21:54 - 2012-05-11 11:14 - 00203088 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD.sys
2012-06-18 21:53 - 2012-06-18 22:13 - 00000000 ____D C:\Users\All Users\PC Tools
2012-06-18 21:53 - 2012-06-18 21:53 - 00000000 ____D C:\Users\james\AppData\Roaming\TestApp
2012-06-18 21:49 - 2012-06-18 21:50 - 00187464 ____A (Webroot) C:\Users\jean\Downloads\antizeroaccess.exe
2012-06-18 20:48 - 2012-06-22 02:05 - 00001691 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk
2012-06-18 19:48 - 2012-06-18 19:48 - 00000000 ____A C:\Users\jean\Downloads\Download.dv80udv.partial
2012-06-18 13:01 - 2012-06-18 13:01 - 00001800 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2012-06-18 13:01 - 2012-06-18 13:01 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c9320ecb-aeb5-46bd-b685-83e80ae6544b.job
2012-06-18 13:01 - 2012-06-18 13:01 - 00000000 ____D C:\Users\jean\AppData\Roaming\SUPERAntiSpyware.com
2012-06-18 13:01 - 2012-06-18 13:01 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-06-18 13:01 - 2012-06-18 13:01 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-18 04:02 - 2012-06-18 04:02 - 00009048 ____A C:\Windows\System32\.crusader
2012-06-18 03:39 - 2012-06-18 03:39 - 00001732 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2012-06-18 03:39 - 2012-06-18 03:39 - 00000000 ____D C:\Program Files\HitmanPro
2012-06-18 03:38 - 2012-06-18 04:02 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-06-18 02:15 - 2012-06-18 02:15 - 02109032 ____A C:\Users\jean\Downloads\tdsskiller.zip
2012-06-18 01:50 - 2012-06-18 01:50 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-17 18:15 - 2012-06-17 18:15 - 00000000 ____D C:\Users\jean\AppData\Local\{36F5D036-631F-48E2-A27F-AAAAE4B428D2}
2012-06-17 18:03 - 2012-06-17 18:03 - 00001664 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-17 17:58 - 2012-06-17 18:03 - 00000000 ____D C:\Program Files\iTunes
2012-06-17 17:58 - 2012-06-17 17:58 - 00000000 ____D C:\Program Files\iPod
2012-06-17 17:04 - 2012-06-17 17:04 - 00000000 ____D C:\Users\james\Documents\OneNote Notebooks
2012-06-17 16:32 - 2012-06-17 16:32 - 00000000 ____D C:\Users\All Users\Sun
2012-06-17 16:31 - 2012-06-17 16:30 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-06-17 16:31 - 2012-06-17 16:30 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-06-17 16:19 - 2012-06-17 16:19 - 00000000 ____D C:\Users\james\AppData\Local\{6B59B8EE-C923-45D8-B45C-5B578CE8439F}
2012-06-17 11:56 - 2012-06-17 11:56 - 00000396 ____A C:\Users\jean\Documents\cc_20120617_115603.reg
2012-06-17 10:56 - 2012-06-17 10:56 - 00000000 ____D C:\Users\jean\AppData\Local\{90F494DC-5781-461E-BC5F-4FB91CAF3C5A}
2012-06-16 21:20 - 2012-06-16 21:20 - 00037988 ____A C:\Users\jean\Documents\cc_20120616_212024.reg
2012-06-16 19:18 - 2012-06-21 01:37 - 00000000 ____D C:\Users\jean\AppData\Local\{0E3DFB9A-316D-DF29-16F5-F90AF6E1CA1D}
2012-06-16 12:03 - 2012-06-16 12:03 - 00000000 ____D C:\Users\jean\AppData\Local\{76510193-9989-4E34-A5D8-FD5F775CF826}
2012-06-15 23:24 - 2012-06-15 23:24 - 00000000 ____D C:\Users\james\AppData\Local\Secunia PSI
2012-06-15 23:23 - 2012-06-15 23:23 - 00000000 ____D C:\Program Files\Secunia
2012-06-15 12:13 - 2012-06-15 12:13 - 00000000 ____D C:\Users\jean\AppData\Local\{3A9DE879-DA58-48BA-8BC0-08C36EE6015C}
2012-06-14 22:59 - 2012-06-14 22:59 - 00000000 ____D C:\Users\jean\AppData\Local\{78309313-033F-4099-B799-D546A3833FA9}
2012-06-14 21:47 - 2012-06-14 21:47 - 00000241 ____A C:\Windows\wininit.ini
2012-06-14 20:42 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.20120614-204232.backup
2012-06-14 20:33 - 2012-06-17 18:23 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-14 20:33 - 2012-06-14 20:38 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2012-06-14 20:33 - 2012-06-14 20:33 - 00001055 ____A C:\Users\james\Desktop\Spybot - Search & Destroy.lnk
2012-06-14 20:25 - 2012-06-14 20:25 - 00000647 ____A C:\Users\jean\Desktop\CBS - Shortcut.lnk
2012-06-14 19:08 - 2012-06-14 19:08 - 00000000 ____D C:\Users\jean\AppData\Local\{1EC90F58-1E27-43F2-BDDD-A5060B59D39A}
2012-06-14 14:56 - 2012-06-14 14:56 - 00000000 ____D C:\Users\jean\AppData\Local\{042B017C-61C3-4A8A-81BA-5BA29E8BC3E2}
2012-06-14 14:55 - 2012-06-14 14:56 - 00000000 ____D C:\Users\jean\AppData\Local\{A86A610D-DDCB-4371-B3D9-312EA73F44AF}
2012-06-14 11:15 - 2012-06-14 11:15 - 00000000 ____D C:\Users\jean\AppData\Local\{EBCBB7C0-E973-4A82-85C9-EAF596891CAD}
2012-06-14 11:14 - 2012-06-14 11:15 - 00000000 ____D C:\Users\jean\AppData\Local\{65D6E1A6-235E-419B-8180-992F6833151F}
2012-06-13 18:57 - 2012-05-18 00:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 18:57 - 2012-05-17 23:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 18:57 - 2012-05-17 23:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-13 18:57 - 2012-05-17 23:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 18:57 - 2012-05-17 23:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-13 18:57 - 2012-05-17 23:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 18:57 - 2012-05-17 23:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 18:57 - 2012-05-17 23:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 18:57 - 2012-05-17 23:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 18:57 - 2012-05-17 23:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-13 18:57 - 2012-05-17 23:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 18:57 - 2012-05-17 23:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 18:57 - 2012-05-17 23:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 18:57 - 2012-05-17 23:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 18:54 - 2012-05-15 20:51 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 18:54 - 2012-05-01 15:03 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 18:54 - 2012-04-23 17:00 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 18:54 - 2012-04-23 17:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 18:54 - 2012-04-23 17:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 17:25 - 2012-06-13 17:25 - 00000000 ____D C:\Users\jean\AppData\Local\{A233E812-4AA8-4FEC-8A57-25DF1F7DD531}
2012-06-13 14:16 - 2012-06-13 14:16 - 00000000 ____D C:\Users\jean\AppData\Local\{FD60AE0E-59DB-4847-B7A0-BCB08B7CBDDA}
2012-06-13 14:16 - 2012-06-13 14:16 - 00000000 ____D C:\Users\jean\AppData\Local\{5A619025-98A7-4BC5-9EF9-896505436547}
2012-06-13 10:33 - 2012-06-13 10:34 - 00000000 ____D C:\Users\jean\AppData\Local\{BAF98E6A-D71C-42B2-B60D-7FE508B213EA}
2012-06-13 10:33 - 2012-06-13 10:33 - 00000000 ____D C:\Users\jean\AppData\Local\{B8DDECB3-26FF-4D7D-A641-EF168589599E}
2012-06-12 17:48 - 2012-06-12 17:48 - 00000515 ____A C:\Users\jean\Downloads\iExplore - Shortcut.lnk
2012-06-12 17:47 - 2012-06-12 17:47 - 01012656 ____A C:\Users\jean\Downloads\iExplore.exe
2012-06-12 16:53 - 2012-06-21 18:00 - 00000468 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
2012-06-12 16:52 - 2012-06-16 03:19 - 00000440 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
2012-06-12 16:52 - 2012-06-12 16:52 - 00000000 ____D C:\Users\james\AppData\Roaming\SpeedyPC Software
2012-06-12 16:52 - 2012-06-12 16:52 - 00000000 ____D C:\Users\james\AppData\Roaming\DriverCure
2012-06-12 16:51 - 2012-06-12 16:52 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-06-12 16:51 - 2012-06-12 16:51 - 00000000 ____D C:\Program Files\Common Files\SpeedyPC Software
2012-06-12 16:46 - 2012-06-12 16:46 - 00000000 ____D C:\Users\jean\AppData\Local\{D9A5548B-6A66-405A-920F-9E87DAC8E57A}
2012-06-12 16:46 - 2012-06-12 16:46 - 00000000 ____D C:\Users\jean\AppData\Local\{3186D742-06D8-4234-B0FA-A8A6311F70BE}
2012-06-12 14:12 - 2012-06-17 17:28 - 00000000 ____D C:\sh4ldr
2012-06-12 14:12 - 2012-06-12 14:12 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-06-12 14:11 - 2012-06-12 14:42 - 00000000 ____D C:\Windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP
2012-06-12 14:11 - 2012-06-12 14:11 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-06-12 13:15 - 2012-06-12 13:15 - 00000000 ____D C:\Users\jean\AppData\Local\{F3F7C503-6D4B-4679-9630-15D1A5B88756}
2012-06-12 13:15 - 2012-06-12 13:15 - 00000000 ____D C:\Users\jean\AppData\Local\{2C7422DD-EEAF-4DA1-B457-3A6C783B3FDC}
2012-06-12 13:01 - 2012-06-20 00:05 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-12 13:01 - 2012-06-12 13:01 - 00000000 ____D C:\Users\james\AppData\Roaming\Malwarebytes
2012-06-12 13:01 - 2012-04-04 15:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-12 12:33 - 2012-06-16 20:59 - 00000370 ____A C:\rkill.log
2012-06-12 12:13 - 2012-06-12 12:14 - 00000000 ____D C:\Users\jean\AppData\Local\{A1818FFE-9A51-4852-8554-C1FA99214BDD}
2012-06-12 12:13 - 2012-06-12 12:13 - 00000000 ____D C:\Users\jean\AppData\Local\{68BD0217-A224-4DD4-9A0B-7B3254A6D90C}
2012-06-12 11:17 - 2012-06-12 11:17 - 00000000 ____D C:\Users\jean\AppData\Local\{3EF1D25D-347A-4192-B0C8-457EC99B1488}
2012-06-12 11:16 - 2012-06-12 11:16 - 00000000 ____D C:\Users\jean\AppData\Local\{39389EC5-69D3-4D2A-8B3C-1CBBB4E99217}
2012-06-12 11:01 - 2012-06-12 11:01 - 00000000 ____D C:\Users\jean\AppData\Local\{69DCCB77-81D9-4109-B8BD-16BA221F4FCB}
2012-06-12 11:00 - 2012-06-12 11:01 - 00000000 ____D C:\Users\jean\AppData\Local\{E0E38462-596A-4FE3-8264-5DE280501A20}
2012-06-12 05:08 - 2012-06-12 05:08 - 36251324 ____A C:\Users\james\Downloads\msert.exe.grx0qfx.partial
2012-06-12 04:40 - 2012-06-12 04:40 - 00000000 ____D C:\Users\jean\AppData\Local\{AB4BA9C7-24DA-477A-AC68-305B04C0BD37}
2012-06-12 04:38 - 2012-06-12 04:40 - 00000000 ____D C:\Users\jean\AppData\Local\{B8BBAC88-2E6F-45D9-B099-9EE3FE76864D}
2012-06-12 03:55 - 2012-06-12 03:55 - 00000000 ____D C:\Users\jean\AppData\Local\{8AB0FEC3-A9C6-48BA-9294-97BCEA00279B}
2012-06-12 02:25 - 2012-06-12 02:25 - 00000000 ____D C:\Users\jean\AppData\Local\{857554D0-24E2-4685-8D8F-178792F3A55F}
2012-06-11 18:56 - 2012-06-11 18:56 - 00000000 ____D C:\Users\jean\AppData\Local\{D6FD52A2-7873-4445-B6E1-8CB7B0B74212}
2012-06-11 18:55 - 2012-06-11 18:56 - 00000000 ____D C:\Users\jean\AppData\Local\{8888DCE7-C575-4969-A413-A4D3DAE24539}
2012-06-11 11:06 - 2012-06-11 11:06 - 00000000 ____D C:\Users\jean\AppData\Local\{2A191DCE-425D-4F56-8A7E-AB139C649617}
2012-06-11 11:05 - 2012-06-11 11:06 - 00000000 ____D C:\Users\jean\AppData\Local\{C4796C1E-5C24-4531-A8AC-D469B10949D8}
2012-06-11 11:03 - 2012-06-20 20:46 - 00008394 ____A C:\Windows\PFRO.log
2012-06-10 22:50 - 2012-06-10 22:50 - 00001892 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-06-10 20:36 - 2012-06-10 20:36 - 00000000 ____D C:\Users\jean\AppData\Local\{EFD3F31D-4E7F-4F59-85AB-3F6A8F3A50A3}
2012-06-10 20:35 - 2012-06-10 20:36 - 00000000 ____D C:\Users\jean\AppData\Local\{4947E37B-E4BE-415D-9E3A-E7C350B4C2FE}
2012-06-09 23:00 - 2012-06-09 23:00 - 00000000 ____D C:\Users\jean\AppData\Local\{48A8A870-42BE-4364-8E3B-312FEAD256EB}
2012-06-09 22:59 - 2012-06-09 23:00 - 00000000 ____D C:\Users\jean\AppData\Local\{607BB839-3DE1-4B14-8C75-1016327649E6}
2012-06-09 18:59 - 2012-06-09 19:00 - 00000000 ____D C:\Users\jean\AppData\Local\{B97048E3-AFCC-40B6-93F8-9837CD7F3A4A}
2012-06-09 18:58 - 2012-06-09 18:59 - 00000000 ____D C:\Users\jean\AppData\Local\{00CC84A5-0D9A-405D-9D9B-0BA9CF1409E1}
2012-06-09 16:13 - 2012-06-09 16:13 - 00000000 ____D C:\Users\jean\AppData\Local\{EF1A0B9F-8D2A-4890-A222-75C41F0AE384}
2012-06-09 16:13 - 2012-06-09 16:13 - 00000000 ____D C:\Users\jean\AppData\Local\{1A1841FE-7E53-4A2B-895C-9A80BD366AD5}
2012-06-08 17:47 - 2012-06-08 17:48 - 00000000 ____D C:\Users\jean\AppData\Local\{B7F3D745-F808-4A52-A6AA-59F652063A65}
2012-06-08 17:47 - 2012-06-08 17:47 - 00000000 ____D C:\Users\jean\AppData\Local\{6F3E3FB3-101E-42CC-92C1-CA892CC40B94}
2012-06-08 16:35 - 2012-06-08 16:35 - 00000000 ____D C:\Users\jean\AppData\Local\{6388CF50-75EF-4894-AD5D-185F3FDA773D}
2012-06-08 14:55 - 2012-06-08 14:56 - 00000000 ____D C:\Users\jean\AppData\Local\{EE1FA203-8096-4706-A188-3B9AECBB41CE}
2012-06-08 14:55 - 2012-06-08 14:55 - 00000000 ____D C:\Users\jean\AppData\Local\{438E0E69-314E-4A87-99EE-1E3465F5D5DC}
2012-06-08 11:53 - 2012-06-08 11:53 - 00000000 ____D C:\Users\jean\AppData\Local\{2BCA5C66-970C-4FB8-B94A-DF8F922E318E}
2012-06-08 11:52 - 2012-06-08 11:53 - 00000000 ____D C:\Users\jean\AppData\Local\{3F5E3C66-3EC0-4E84-BABE-B9CB7AC0DC74}
2012-06-07 18:42 - 2012-06-07 18:42 - 00000000 ____D C:\Users\jean\AppData\Local\{B55774C4-DB96-4C1D-9CD8-AB9652D0A338}
2012-06-07 18:42 - 2012-06-07 18:42 - 00000000 ____D C:\Users\jean\AppData\Local\{2276DAFC-BD82-4756-916F-D9584E17C84C}
2012-06-07 10:46 - 2012-06-07 10:46 - 00000000 ____D C:\Users\jean\AppData\Local\{882D7038-3A40-44B9-A319-B474CA8318A4}
2012-06-07 10:46 - 2012-06-07 10:46 - 00000000 ____D C:\Users\jean\AppData\Local\{5EA8914F-BFAB-42D5-BA3C-7B67D7AC8F67}
2012-06-06 22:47 - 2012-06-06 22:47 - 00000000 ____D C:\Users\jean\AppData\Local\{A079B404-9CF1-4B36-B22F-D5E1DE60E1D0}
2012-06-06 22:47 - 2012-06-06 22:47 - 00000000 ____D C:\Users\jean\AppData\Local\{483AB6C8-2567-4F60-9D24-C452CDD71FB6}
2012-06-06 18:34 - 2012-06-06 18:34 - 00000000 ____D C:\Users\jean\AppData\Local\{C06CFD45-CDA7-47B8-AED0-52B46BAB7A80}
2012-06-06 18:34 - 2012-06-06 18:34 - 00000000 ____D C:\Users\jean\AppData\Local\{78810931-B5CB-440C-8B5E-9857F5C41A36}
2012-06-06 17:45 - 2012-06-06 17:45 - 00000000 ____D C:\Users\jean\AppData\Local\{5D07DB13-A2E5-4E7C-A8C1-581F53E769E7}
2012-06-06 17:44 - 2012-06-06 17:45 - 00000000 ____D C:\Users\jean\AppData\Local\{CD3F963C-DFCE-4F9D-8D61-DF2E74B5838C}
2012-06-05 17:16 - 2012-06-05 17:16 - 00000000 ____D C:\Users\jean\AppData\Local\{09657DDD-2E11-4A68-98F6-CD26D8F281E8}
2012-06-05 17:15 - 2012-06-05 17:16 - 00000000 ____D C:\Users\jean\AppData\Local\{0C9F00F3-0C47-4605-93AA-EDB0F00BFB09}
2012-06-05 14:28 - 2012-06-05 14:28 - 00000000 ____D C:\Users\jean\AppData\Local\{2B9DF9BA-457B-4063-B2C6-A69B4B2D3E52}
2012-06-05 14:28 - 2012-06-05 14:28 - 00000000 ____D C:\Users\jean\AppData\Local\{0F6BECBF-1B0F-4BA8-AA5A-C85EE792417D}
2012-06-04 18:00 - 2012-06-04 18:00 - 00000000 ____D C:\Users\jean\AppData\Local\{82E39550-19FA-47E9-8431-9666C59CC251}
2012-06-03 22:58 - 2012-06-03 22:58 - 00000000 ____D C:\Users\jean\AppData\Local\{97FC385A-C082-40DF-9562-4CE3A8577D59}
2012-06-03 20:10 - 2012-06-03 20:10 - 00000000 ____D C:\Users\jean\AppData\Local\{F7E9F3A2-9D0D-46D9-8BAA-C4C4A059C0D2}
2012-06-03 20:10 - 2012-06-03 20:10 - 00000000 ____D C:\Users\jean\AppData\Local\{C2E953C9-49FC-4636-B963-036B2762C2F2}
2012-06-01 10:05 - 2012-06-01 10:05 - 00000000 ____D C:\Users\jean\AppData\Local\{26CF40BD-E253-4AEB-B674-0BB93F735EF3}
2012-06-01 10:04 - 2012-06-01 10:05 - 00000000 ____D C:\Users\jean\AppData\Local\{9AB04190-B508-4458-84E6-A04B295C7713}
2012-05-31 14:51 - 2012-05-31 14:51 - 00000000 ____D C:\Users\jean\AppData\Local\{C948C1B1-AE27-43BA-B13B-3D68962218E2}
2012-05-31 14:51 - 2012-05-31 14:51 - 00000000 ____D C:\Users\jean\AppData\Local\{BB268D53-70AD-4012-B638-DCD2BDB077A7}
2012-05-31 11:38 - 2012-05-31 11:39 - 00000000 ____D C:\Users\jean\AppData\Local\{2E9CDF2C-93AC-45AD-ADF3-841B7BCFE0F6}
2012-05-31 11:38 - 2012-05-31 11:38 - 00000000 ____D C:\Users\jean\AppData\Local\{2278B59B-5863-4FFA-B915-495C62D56DAA}
2012-05-30 23:09 - 2012-05-30 23:09 - 00000000 ____D C:\Users\jean\AppData\Local\{15CCB007-90CD-43F8-8957-BE63D5E70D6F}
2012-05-30 23:08 - 2012-05-30 23:09 - 00000000 ____D C:\Users\jean\AppData\Local\{1731237E-BE6A-46BB-A964-106E7C559FA0}
2012-05-30 15:55 - 2012-05-30 15:55 - 00000000 ____D C:\Users\jean\AppData\Local\{BA370A31-C71D-4597-B027-EE33E19A913D}
2012-05-29 21:33 - 2012-05-29 21:33 - 00000000 ____D C:\Users\jean\AppData\Local\{ADA77EA7-EF5C-4E29-9950-ED25F82EEC97}
2012-05-29 17:43 - 2012-05-29 17:43 - 00000000 ____D C:\Users\jean\AppData\Local\{FBFAC693-84A8-492C-8A86-AEDF5E8D3B27}
2012-05-29 17:43 - 2012-05-29 17:43 - 00000000 ____D C:\Users\jean\AppData\Local\{DC9ADBDD-7D17-4893-9D8E-908B0B388115}
2012-05-29 12:11 - 2012-05-29 12:11 - 00000000 ____D C:\Users\jean\AppData\Local\{C17B9321-B083-4DEE-80CD-BE82A7EC683B}
2012-05-29 12:11 - 2012-05-29 12:11 - 00000000 ____D C:\Users\jean\AppData\Local\{38DABF5E-80A6-4682-BAFA-5DA5131565F9}
2012-05-28 17:28 - 2012-05-28 17:28 - 00000000 ____D C:\Users\jean\AppData\Local\{EA20EFE7-E8CE-4B37-BFA1-044703D65DE8}
2012-05-28 13:41 - 2012-05-28 13:41 - 00000000 ____D C:\Users\jean\AppData\Local\{9D68055C-1A4B-42FB-8EEB-3C25F5F8EEB5}
2012-05-28 13:40 - 2012-05-28 13:41 - 00000000 ____D C:\Users\jean\AppData\Local\{5DB4A436-56E8-4CFE-B715-113DC5F049C5}
2012-05-27 12:28 - 2012-05-27 12:28 - 00000000 ____D C:\Users\jean\AppData\Local\{DA0A1FDD-0FAC-49D2-8FA5-CE126571D98C}
2012-05-27 12:28 - 2012-05-27 12:28 - 00000000 ____D C:\Users\jean\AppData\Local\{7EA56000-9A22-4877-803A-5959ED52EE12}
2012-05-26 23:03 - 2012-05-26 23:03 - 00000000 ____D C:\Users\jean\AppData\Local\{CABAA9E8-1727-45B7-9858-122A0678031D}
2012-05-26 11:32 - 2012-05-26 11:32 - 00000000 ____D C:\Users\jean\AppData\Local\{F988C742-980F-4CF8-AD1A-89E2DF6AD8D6}
2012-05-26 11:32 - 2012-05-26 11:32 - 00000000 ____D C:\Users\jean\AppData\Local\{F22B8EB6-3EEE-4657-B412-1E60FAA74772}
2012-05-25 19:51 - 2012-05-25 19:51 - 00000000 ____D C:\Users\jean\AppData\Local\{036D30F3-920E-4C31-9F6B-711171794986}
2012-05-25 11:55 - 2012-05-25 11:55 - 00000000 ____D C:\Users\jean\AppData\Local\{FE954097-B717-45C7-A26C-7DC7BAF28615}
2012-05-25 11:55 - 2012-05-25 11:55 - 00000000 ____D C:\Users\jean\AppData\Local\{61B74586-65DB-4B6F-BCAA-C8D56F83A682}
2012-05-24 21:36 - 2012-05-24 21:36 - 00000000 ____D C:\Users\jean\AppData\Local\{ECA34B8E-8ADD-4F2A-889A-0FBA5A200F18}
2012-05-24 21:35 - 2012-05-24 21:36 - 00000000 ____D C:\Users\jean\AppData\Local\{2818E56C-3233-43C4-B862-D08CB0E01BA1}
2012-05-24 15:50 - 2012-05-24 15:50 - 00000000 ____D C:\Users\jean\AppData\Local\{F93F5B0D-8454-4071-96BD-1449E517458E}
2012-05-24 15:49 - 2012-05-24 15:50 - 00000000 ____D C:\Users\jean\AppData\Local\{223035AD-9FDC-40F7-A401-6A0432073AB0}
2012-05-23 23:44 - 2012-05-23 23:44 - 00000000 ____D C:\Users\jean\AppData\Local\{E7C4B246-7F55-49FC-8439-2AD7356400AC}
2012-05-23 23:43 - 2012-05-23 23:44 - 00000000 ____D C:\Users\jean\AppData\Local\{573340BE-4D62-4577-9826-46339360CEC3}
2012-05-23 22:35 - 2012-05-23 22:35 - 00000000 ____D C:\Users\jean\AppData\Local\{A2419FDC-68B5-4B3A-9E2B-0890056D3CB7}
2012-05-23 19:32 - 2012-05-23 19:33 - 00000000 ____D C:\Users\jean\AppData\Local\{D671E726-426F-4431-A21A-050BEEB28377}
2012-05-23 19:31 - 2012-05-23 19:32 - 00000000 ____D C:\Users\jean\AppData\Local\{FED7496E-729E-4C49-832A-D38630968874}
2012-05-23 16:39 - 2012-05-23 16:39 - 00000000 ____D C:\Users\jean\AppData\Local\{C0590043-069D-4928-808E-4A3B49AF4CF5}
2012-05-23 16:39 - 2012-05-23 16:39 - 00000000 ____D C:\Users\jean\AppData\Local\{46C9DD62-698B-4828-B560-A935DE00D253}
2012-05-23 16:07 - 2012-05-23 16:08 - 00000000 ____D C:\Users\jean\AppData\Local\{8B53BF76-4EF9-4812-8B3A-656BE01EED21}
2012-05-23 16:06 - 2012-05-23 16:07 - 00000000 ____D C:\Users\jean\AppData\Local\{832BB27C-0F9E-47AD-8CAB-6D554381B9B3}
2012-05-23 11:53 - 2012-05-23 11:53 - 00000000 ____D C:\Users\jean\AppData\Local\{159591A0-9CB7-4E60-9676-807DE368A402}
2012-05-23 11:52 - 2012-05-23 11:53 - 00000000 ____D C:\Users\jean\AppData\Local\{742596DD-D40A-4D0B-9563-B884B072E7DE}
2012-05-23 11:19 - 2012-05-23 11:19 - 00000000 ____D C:\Users\jean\AppData\Local\{609EFF7E-DAE2-44CA-BBED-EA7A91D3E2C9}

============ 3 Months Modified Files and Folders ===============

2012-06-22 02:08 - 2012-06-22 01:32 - 00000000 ____D C:\FRST
2012-06-22 02:06 - 2009-10-22 13:47 - 00099108 ____A C:\Users\All Users\nvModes.dat
2012-06-22 02:06 - 2009-10-22 13:47 - 00099108 ____A C:\Users\All Users\nvModes.001
2012-06-22 02:05 - 2012-06-18 20:48 - 00001691 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk
2012-06-22 02:02 - 2012-03-30 00:05 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-22 01:59 - 2007-07-24 02:10 - 01704747 ____A C:\Windows\WindowsUpdate.log
2012-06-22 01:50 - 2012-06-22 01:50 - 00876898 ____A C:\Users\jean\Desktop\FRST.exe
2012-06-22 01:38 - 2009-03-01 14:27 - 00000000 ____D C:\Users\jean\Tracing
2012-06-22 01:38 - 2007-04-20 08:54 - 00000147 ____A C:\Users\Public\Documents\hpqp.ini
2012-06-22 01:37 - 2010-02-22 21:21 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-22 01:35 - 2012-06-22 01:34 - 00093245 ____A C:\Users\james\Desktop\FRST.txt
2012-06-22 01:32 - 2012-06-22 01:27 - 00876898 ____A C:\Users\james\Desktop\FRST.exe

broni · 2012/06/21

Upload the file(s) here: http://uploadmb.com/
Copy the link inside the Direct Link box and post it in your next reply.

rizzla · 2012/06/22

re log

http://www.uploadmb.com/dw.php?id=1340370030
Heres the link.
I think.

broni · 2012/06/22

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
Folder::
C:\Users\jean\AppData\Local\{93a668a7-6af6-2a40-13ab-1cfd8bb267d1}

ClearJavaCache::
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

rizzla · 2012/06/23

re log

Here is the log.

ComboFix 12-06-19.03 - james 23/06/2012 15:41:42.2.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.44.1033.18.1982.902 [GMT 1:00]
Running from: c:\users\james\Downloads\ComboFix.exe
Command switches used :: c:\users\james\Desktop\cfscript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3FBE.tmp
c:\users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAB9B.tmp
c:\users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE4E3.tmp
c:\users\jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9118.tmp
c:\users\jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE437.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 15:00 . 2012-06-23 15:01 -------- d-----w- c:\users\james\AppData\Local\temp
2012-06-23 15:00 . 2012-06-23 15:00 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-06-23 15:00 . 2012-06-23 15:00 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-06-23 15:00 . 2012-06-23 15:00 -------- d-----w- c:\users\jean\AppData\Local\temp
2012-06-23 15:00 . 2012-06-23 15:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 15:00 . 2012-06-23 15:00 -------- d-----w- c:\users\andy\AppData\Local\temp
2012-06-22 23:31 . 2012-06-22 23:31 -------- d-----w- c:\users\james\AppData\Roaming\HP
2012-06-22 00:32 . 2012-06-22 01:10 -------- d-----w- C:\FRST
2012-06-21 09:03 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 09:03 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 09:03 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 09:03 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 09:01 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 09:01 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 09:01 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 09:01 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 09:01 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 20:34 . 2012-06-20 20:34 -------- d-----w- c:\program files\ESET
2012-06-19 21:53 . 2012-06-19 21:53 17488 ----a-w- c:\windows\system32\drivers\rm.sys
2012-06-19 21:44 . 2012-06-19 21:44 -------- d-----w- c:\programdata\McAfee Security Scan
2012-06-19 21:43 . 2012-06-19 21:43 -------- d-----w- c:\program files\McAfee Security Scan
2012-06-19 17:37 . 2012-06-19 19:01 335504 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-06-19 17:05 . 2012-06-19 17:05 -------- d-----w- c:\windows\en
2012-06-19 16:59 . 2012-03-08 17:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-06-19 16:09 . 2012-06-19 16:09 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\e1d9b2851cd4e3503\MeshBetaRemover.exe
2012-06-19 16:09 . 2012-06-19 16:09 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\d9da1ed51cd4e3502\DSETUP.dll
2012-06-19 16:09 . 2012-06-19 16:09 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\d9da1ed51cd4e3502\DXSETUP.exe
2012-06-19 16:09 . 2012-06-19 16:09 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\d9da1ed51cd4e3502\dsetup32.dll
2012-06-19 12:00 . 2012-06-19 12:00 -------- d-----w- c:\users\james\AppData\Roaming\SUPERAntiSpyware.com
2012-06-19 11:57 . 2012-06-21 14:52 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-06-18 22:43 . 2012-06-18 22:43 -------- d-----w- c:\users\james\AppData\Roaming\FixZeroAccess
2012-06-18 21:01 . 2012-06-18 21:27 -------- d-----w- c:\program files\PC Tools
2012-06-18 20:54 . 2012-05-11 10:14 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-06-18 20:54 . 2012-06-18 21:27 -------- d-----w- c:\program files\Common Files\PC Tools
2012-06-18 20:53 . 2012-06-18 21:13 -------- d-----w- c:\programdata\PC Tools
2012-06-18 20:53 . 2012-06-18 20:53 -------- d-----w- c:\users\james\AppData\Roaming\TestApp
2012-06-18 12:01 . 2012-06-18 12:01 -------- d-----w- c:\users\jean\AppData\Roaming\SUPERAntiSpyware.com
2012-06-18 12:01 . 2012-06-18 12:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-18 12:01 . 2012-06-18 12:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-18 02:39 . 2012-06-18 02:39 -------- d-----w- c:\program files\HitmanPro
2012-06-18 02:38 . 2012-06-18 03:02 -------- d-----w- c:\programdata\HitmanPro
2012-06-18 00:50 . 2012-06-18 00:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-17 16:58 . 2012-06-17 16:58 -------- d-----w- c:\program files\iPod
2012-06-17 16:58 . 2012-06-17 17:03 -------- d-----w- c:\program files\iTunes
2012-06-17 15:31 . 2012-06-17 15:30 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-17 15:31 . 2012-06-17 15:30 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-15 22:24 . 2012-06-15 22:24 -------- d-----w- c:\users\james\AppData\Local\Secunia PSI
2012-06-15 22:23 . 2012-06-15 22:23 -------- d-----w- c:\program files\Secunia
2012-06-14 19:33 . 2012-06-17 17:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-14 19:33 . 2012-06-14 19:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-13 17:54 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 17:54 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 17:54 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 17:54 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 17:54 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 15:52 . 2012-06-12 15:52 -------- d-----w- c:\users\james\AppData\Roaming\DriverCure
2012-06-12 15:52 . 2012-06-12 15:52 -------- d-----w- c:\users\james\AppData\Roaming\SpeedyPC Software
2012-06-12 15:51 . 2012-06-12 15:51 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2012-06-12 15:51 . 2012-06-12 15:52 -------- d-----w- c:\programdata\SpeedyPC Software
2012-06-12 13:12 . 2012-06-17 16:28 -------- d-----w- C:\sh4ldr
2012-06-12 13:12 . 2012-06-12 13:12 -------- d-----w- c:\program files\Enigma Software Group
2012-06-12 13:11 . 2012-06-12 13:42 -------- d-----w- c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP
2012-06-12 13:11 . 2012-06-12 13:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-06-12 12:01 . 2012-06-12 12:01 -------- d-----w- c:\users\james\AppData\Roaming\Malwarebytes
2012-06-12 12:01 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 00:02 . 2012-03-29 23:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 00:02 . 2011-05-25 16:14 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-03 08:16 . 2012-05-09 13:17 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-09 13:17 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39 . 2012-05-09 13:19 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} "= "c:\program files\Yahoo!\Companion\Installs\cpn8\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@= "{3c3f3c1a-9153-7c05-f938-622e7003894d} "
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@= "{e6ea1d7d-144e-b977-98c4-84c53c1a69d0} "
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@= "{b4caf489-1eec-c617-49ad-8d7088598c06} "
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"WindowsWelcomeCenter "= "oobefldr.dll" [2009-04-11 2153472]
"MobileDocuments "= "c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"LifeCam "= "c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"btbb_McciTrayApp "= "c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"YSearchProtection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YMailAdvisor "= "c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"WAWifiMessage "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"VX6000 "= "c:\windows\vVX6000.exe" [2007-04-10 996712]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
"mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
"QlbCtrl.exe "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"BCSSync "= "c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon "= "c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher "= "c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2012-03-08 4280184]
.
c:\users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [N/A]
.
c:\users\jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.271\SSScheduler.exe [2012-3-13 274328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@= "Service "
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2011-03-31 19:09 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 00:02]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 20:21]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 20:21]
.
2011-05-21 c:\windows\Tasks\HPCeeScheduleForjames.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-20 21:23]
.
2012-06-21 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-01-30 22:17]
.
2012-06-23 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
2012-06-19 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3fda3a08-afdc-49ca-ac6b-0275e856fc8a.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-06-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c9320ecb-aeb5-46bd-b685-83e80ae6544b.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/?p=us
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{770BD83B-E6B2-4185-AC61-DA89A8D16983}: NameServer = 192.168.1.254
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-23 16:01
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2012-06-23 16:11:43
ComboFix-quarantined-files.txt 2012-06-23 15:11
.
Pre-Run: 96,523,501,568 bytes free
Post-Run: 96,491,028,480 bytes free
.
- - End Of File - - 31C3B765F60C93E6F940783E3263E04B

broni · 2012/06/23

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

rizzla · 2012/06/24

re otl

Computer seems to be doing fine-Mcaffe has not been popping up up every 30 seconds with trojan detected alerts.?
Here are the links to the logs.(too large to post)
http://www.uploadmb.com/dw.php?id=1340556376
http://www.uploadmb.com/dw.php?id=1340556095

rizzla · 2012/06/24

re log

Dont see my reply to previous post.
Did you get it.
Regards.

broni · 2012/06/24

Please observe forum rules.

If any log is too long for a single post split it between couple of replies.

rizzla · 2012/06/24

re otl

here is half the log.

OTL logfile created on: 24/06/2012 00:57:27 - Run 1
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\jean\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 49.64% Memory free
4.11 Gb Paging File | 2.55 Gb Available in Paging File | 62.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.87 Gb Total Space | 90.14 Gb Free Space | 63.99% Space Free | Partition Type: NTFS
Drive D: | 8.17 Gb Total Space | 1.73 Gb Free Space | 21.11% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: JAMES-PC | User Name: james | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/24 00:35:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\jean\Desktop\OTL.exe
PRC - [2012/04/04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2012/03/13 17:17:38 | 000,274,328 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.271\SSScheduler.exe
PRC - [2012/02/29 23:20:17 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/10/14 07:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/14 07:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/12/21 01:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2009/12/07 12:50:52 | 001,584,640 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/02/03 14:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/05 23:06:32 | 000,125,208 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
PRC - [2007/05/17 22:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/04/10 22:46:43 | 000,996,712 | ---- | M] (Microsoft Corporation
) -- C:\WINDOWS\vVX6000.exe
PRC - [2007/03/29 01:45:34 | 000,270,431 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2007/03/29 01:45:38 | 000,339,968 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007/03/29 01:45:28 | 000,114,783 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007/03/29 01:45:26 | 000,233,573 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007/03/29 01:45:26 | 000,032,768 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvcps.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/06/23 01:02:26 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/19 08:21:16 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/03/13 17:17:38 | 000,237,272 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.271\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/10/14 07:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 07:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2009/12/10 03:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Stopped] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/17 22:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2007/03/29 01:45:38 | 000,118,877 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/03/29 01:45:34 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2004/10/22 11:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\james\AppData\Local\Temp\mfe_rr.sys -- (MFE_RR)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\james\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\james\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 13:29:46 | 000,169,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 13:29:46 | 000,064,912 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/03/20 20:55:50 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/09/01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/04/13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2010/02/25 01:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2009/12/30 12:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/06/24 07:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2008/10/29 15:05:28 | 000,655,872 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2008/08/01 20:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/03/03 05:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/07/10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/10 22:46:44 | 002,385,896 | ---- | M] (Microsoft Corporation
) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VX6000Xp.sys -- (VX6000)
DRV - [2007/02/22 17:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/02/16 09:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/12/22 22:28:56 | 000,100,648 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2006/11/15 18:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 13:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 11:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{11B23299-074B-41FC-B4D0-2EC3F9999451}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
IE - HKLM\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm195YYgb&ptb=74F182BE-A879-483D-8E45-BB69127F0A08&ind=2011042113&ptnrS=RGxdm195YYgb&si=&n=77de1141&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?p=us
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\..\SearchScopes,DefaultScope = {11B23299-074B-41FC-B4D0-2EC3F9999451}
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\..\SearchScopes\{11B23299-074B-41FC-B4D0-2EC3F9999451}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\..\SearchScopes\{1CBC6459-5529-4914-A092-F0E14A1FF270}: "URL" = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm195YYgb&ptb=74F182BE-A879-483D-8E45-BB69127F0A08&ind=2011042113&ptnrS=RGxdm195YYgb&si=&n=77de1141&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNA
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\..\SearchScopes\{9D4D1118-1591-4115-A77D-C525D90B6271}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\..\SearchScopes\{B8F38734-0EB6-4227-B128-7884091520BF}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80135&lng=en
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\..\SearchScopes\{C3F5D901-0134-4239-80D0-929BF00F92E7}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\..\SearchScopes\{DDD8CF2D-6F9A-4BA1-B4B4-321308EC7BEA}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60180
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\..\SearchScopes\{570933CE-53C1-4B36-A497-96E6474EAC3E}: "URL" = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\..\SearchScopes\{7ABC0DCC-A1ED-45AC-AE56-92BDC1AB8617}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\..\SearchScopes\{9D8D9823-D57A-40C6-BFD1-FB96031217A7}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\..\SearchScopes\{AD15E79C-D482-47EA-82C3-8D22FD0A91BF}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\..\SearchScopes\{E6D4929A-25FB-419F-8CE1-DF0D72BC7242}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/10/11 05:10:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2zffxtbr@Retrogamer_2z.com: C:\Program Files\Retrogamer_2z\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/22 19:21:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/06/24 00:54:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/10/11 05:10:59 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/06/23 16:00:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120623025240.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\..\Toolbar\WebBrowser: (no name) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - No CLSID value found.
O3 - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [VX6000] C:\WINDOWS\vVX6000.exe (Microsoft Corporation
)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-1463654619-1418921739-826426995-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1463654619-1418921739-826426995-1000..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-1463654619-1418921739-826426995-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1463654619-1418921739-826426995-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1463654619-1418921739-826426995-1003..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-1463654619-1418921739-826426995-1003..\Run: [syshost32] C:\Users\jean\AppData\Local\{0E3DFB9A-316D-DF29-16F5-F90AF6E1CA1D}\syshost.exe File not found
O4 - HKU\S-1-5-21-1463654619-1418921739-826426995-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1463654619-1418921739-826426995-1003..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = File not found
O4 - Startup: C:\Users\jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{770BD83B-E6B2-4185-AC61-DA89A8D16983}: NameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B629B98A-8FE1-41EF-AEA8-5E52EA729E0C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB0CE8A0-641C-4E29-B299-66509994ACF1}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\james\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\james\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/20 09:22:06 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

Log in or Sign up

Solved zeroaccess.ee and eh

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

Share This Page

Log in or Sign up

Solved zeroaccess.ee and eh

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

Share This Page

Useful Searches