Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Zero Access trojan

Started by Kolbe1 , Aug 19 2012 06:49 PM

  • Please log in to reply

#1
Kolbe1
Posted 19 August 2012 - 06:49 PM

Kolbe1

    New Member

  • Member
  • Pip
  • 8 posts
Hello,I have a Windows 7 64bit home premium I ended up with Zero Access trojan, found by McAfee. I attempted to remove it with McAfee rootkitremover/stinger these didn't help. So I then ran OTL fix by mistake without a custom scan/fix. So now I can't get online, do a system restore, or turn on any Widows related security. So I downloaded Zonealarm Free Antivirus + Firewall and removed McAfee. So lost any help would great. I just ran the OTL quick scan again a attached it below.Attached File  OTL.Txt   104.71KB   88 downloads

Thanks in advance,
Kolbe
  • 0

Advertisements

#2
WhiteHat
Posted 19 August 2012 - 06:53 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello Kolbe1 and welcome to GeeksToGo :)

My nickname is WhiteHat and I'm going to help you fix your problem.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • Do not put your logs inside <Quote> and/or <Code> *important*
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
    In light of this be prepared to back up your data. Have means of backing up your data available.

In order to be notified when your topic has been replied to:

Click My Settings at the top of the page. An Option page will open. In the left hand column click Notification Options. On the new page that opens under the Notification Preferences section click Watch every topic I reply to and set the notification type to Immediate Notification.


  • 0

#3
WhiteHat
Posted 19 August 2012 - 06:59 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
# Step 1 #
Do you have the Windows 7 DVD?

I need to know if you have the Recovery Console in your computer. To see this, follow these steps:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • See if the option Repair your computer exist:
    Posted Image

# Step 2 #
Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Files
C:\Windows\Installer\{7a7cef20-a745-418d-fbec-9f22943b73f1}\
C:\Users\Bob\AppData\Local\{7a7cef20-a745-418d-fbec-9f22943b73f1}\

:Commands
[CREATERESTOREPOINT]
[REBOOT]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

# Step 3 #
Please download Farbar Service Scanner and run it on the computer.
Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

  • 0

#4
Kolbe1
Posted 19 August 2012 - 07:48 PM

Kolbe1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks for the quick response. I had new devlopment after the OTL Restore Point reboot. I had two desktop.ini notepad icons appear on my desktop both are grayed out. Thanks again, I now feel progress is being made.

I have the recovery console in my computer.

Here are the requested logs

========== FILES ==========
C:\Windows\Installer\{7a7cef20-a745-418d-fbec-9f22943b73f1}\U folder moved successfully.
C:\Windows\Installer\{7a7cef20-a745-418d-fbec-9f22943b73f1}\L folder moved successfully.
C:\Windows\Installer\{7a7cef20-a745-418d-fbec-9f22943b73f1} folder moved successfully.
C:\Users\Bob\AppData\Local\{7a7cef20-a745-418d-fbec-9f22943b73f1}\U folder moved successfully.
C:\Users\Bob\AppData\Local\{7a7cef20-a745-418d-fbec-9f22943b73f1}\L folder moved successfully.
C:\Users\Bob\AppData\Local\{7a7cef20-a745-418d-fbec-9f22943b73f1} folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.58.0 log created on 08192012_212338

Farbar Service Scanner Version: 06-08-2012
Ran by Bob (administrator) on 19-08-2012 at 21:31:23
Running from "E:\"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Yahoo IP is offline
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
  • 0

#5
WhiteHat
Posted 20 August 2012 - 06:14 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
  • 0

#6
Kolbe1
Posted 20 August 2012 - 06:52 PM

Kolbe1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is the report you requested.

Scan result of Farbar Recovery Scan Tool Version: 19-08-2012
Ran by SYSTEM at 20-08-2012 20:45:43
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11444840 2010-09-21] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [649608 2010-04-12] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [196648 2010-10-27] (ActivIdentity)
HKLM\...\Run: [] [x]
HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [489512 2010-10-27] (ActivIdentity)
HKLM\...\Run: [lxdumon.exe] "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [676520 2010-02-04] ()
HKLM\...\Run: [lxduamon] "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe" [16040 2008-09-10] ()
HKLM\...\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" [1127592 2012-07-14] (Check Point Software Technologies)
HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [407920 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-10-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [masqform.exe] C:\Program Files (x86)\PureEdge\Viewer 6.5\masqform.exe -RunOnce [643072 2005-07-04] (PureEdge™ Solutions Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [Lexmark 5600-6600 Series] "C:\Program Files (x86)\Lexmark 5600-6600 Series\fm3032.exe" /s [311976 2008-09-10] ()
HKLM-x32\...\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [73392 2012-08-03] (Check Point Software Technologies LTD)
HKU\Bob\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Bob\...\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [288128 2012-05-28] (IObit)
HKU\Bob\...\Run: [Facebook Update] "C:\Users\Bob\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-08-02] (Facebook Inc.)
HKU\Bob\...\Run: [PCShowServer] "C:\Users\Bob\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [351888 2012-04-02] (NDS Technologies)
HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [1475584 2010-11-20] (Microsoft Corporation)
HKU\Mcx1-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer [115072 2011-05-23] (DivX, LLC)
HKLM\...\Winlogon: [Userinit] Userinit.exe [30208 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Startup: C:\Users\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\Users\Bob\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) ======

2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [913792 2012-05-26] (IObit)
2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [321104 2010-08-10] (Dritek System Inc.)
2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [821592 2012-01-09] (IObit)
2 IswSvc; "C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe" [827560 2012-07-14] (Check Point Software Technologies)
2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
2 lxdu_device; C:\Windows\system32\lxducoms.exe -service [1039360 2009-10-16] ( )
2 lxdu_device; C:\Windows\SysWow64\lxducoms.exe -service [589824 2009-10-16] ( )
2 MpfService; "C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe" [895696 2009-10-27] (McAfee, Inc.)
3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -service [2445880 2012-08-03] (Check Point Software Technologies LTD)

========================== Drivers (Whitelisted) =============

3 FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [21384 2012-01-05] (IObit)
2 ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-07-14] (Check Point Software Technologies)
0 KL1; C:\Windows\System32\Drivers\KL1.sys [460888 2012-01-09] (Kaspersky Lab ZAO)
1 kl2; C:\Windows\System32\Drivers\kl2.sys [11864 2012-01-09] (Kaspersky Lab ZAO)
1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [485680 2012-01-09] (Kaspersky Lab)
3 Nccidx64; C:\Windows\System32\Drivers\Nccidx64.sys [8192 2011-07-01] (SCM Microsystems Inc.)
3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2010-04-19] (NTI Corporation)
3 RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [33184 2011-09-20] (IObit.com)
3 S3XXx64; C:\Windows\System32\Drivers\S3XXx64.sys [68224 2010-01-07] (SCM Microsystems Inc.)
3 STCFUx64; C:\Windows\System32\Drivers\STCFUx64.sys [10368 2008-11-13] (SCM Microsystems Inc.)
3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [17408 2010-07-08] (NTI Corporation)
3 UrlFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [21872 2011-09-20] (IObit.com)
1 Vsdatant; C:\Windows\System32\Drivers\Vsdatant.sys [454232 2011-05-07] (Check Point Software Technologies LTD)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-19 18:47 - 2012-08-19 18:47 - 00000000 ____D C:\Users\Bob\AppData\Local\{8A282ED8-541D-42FD-B878-5669F1EB5604}
2012-08-19 12:16 - 2012-08-19 12:16 - 62029824 ____A C:\Windows\System32\config\SOFTWARE.iobit
2012-08-19 12:16 - 2012-08-19 12:16 - 18116608 ____A C:\Windows\System32\config\SYSTEM.iobit
2012-08-19 12:16 - 2012-08-19 12:16 - 00815104 ____A C:\Windows\System32\config\DEFAULT.iobit
2012-08-19 12:16 - 2012-08-19 12:16 - 00024576 ____A C:\Windows\System32\config\SECURITY.iobit
2012-08-19 12:16 - 2012-08-19 12:16 - 00024576 ____A C:\Windows\System32\config\SAM.iobit
2012-08-19 08:58 - 2012-08-19 09:08 - 00415877 ____A C:\Windows\System32\Drivers\vsconfig.xml
2012-08-19 08:58 - 2012-01-09 14:59 - 00460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kl1.sys
2012-08-19 08:58 - 2012-01-09 14:59 - 00011864 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kl2.sys
2012-08-19 08:57 - 2012-08-19 08:57 - 00000762 ____A C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2012-08-19 08:57 - 2012-01-09 14:59 - 00485680 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys
2012-08-19 08:56 - 2012-08-19 08:56 - 00000000 ____D C:\Users\Bob\Documents\ForceField Shared Files
2012-08-19 08:56 - 2012-08-19 08:56 - 00000000 ____D C:\Users\Bob\AppData\Roaming\CheckPoint
2012-08-19 08:56 - 2012-08-19 08:56 - 00000000 ____D C:\Program Files\CheckPoint
2012-08-19 08:54 - 2012-08-19 08:57 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2012-08-19 08:53 - 2012-08-19 08:53 - 00000000 ____D C:\Users\All Users\CheckPoint
2012-08-19 06:46 - 2012-08-19 06:47 - 00000000 ____D C:\Users\Bob\AppData\Local\{F695FF1C-AFFC-4D65-82AC-E58155FE28AF}
2012-08-19 05:40 - 2012-08-19 05:40 - 00016200 ____A (McAfee, Inc.) C:\Windows\stinger.sys
2012-08-19 05:38 - 2012-08-19 11:49 - 00000000 ____D C:\Program Files (x86)\stinger
2012-08-18 18:46 - 2012-08-18 18:46 - 00000000 ____D C:\Users\Bob\AppData\Local\{A4CC9031-0374-4821-BCA1-F1EA51735223}
2012-08-18 15:31 - 2012-08-18 15:31 - 00000000 ____D C:\Users\Bob\AppData\Local\{378A7284-3803-45D1-8DBB-539AF118A2DB}
2012-08-18 14:56 - 2012-08-18 14:56 - 00000000 ____D C:\Users\Bob\AppData\Local\{3BC0B842-2A16-4D11-84B7-FD875E20F110}
2012-08-18 02:16 - 2012-08-18 02:16 - 00000000 ____D C:\Users\Bob\AppData\Local\{821273CD-909B-4DB2-8070-12441CA963B6}
2012-08-17 17:43 - 2012-08-20 05:42 - 00001760 ____A C:\Windows\setupact.log
2012-08-17 17:43 - 2012-08-17 17:43 - 00000000 ____D C:\Users\Bob\AppData\Local\{755943BA-705C-4F63-96AC-285813FA409B}
2012-08-17 17:43 - 2012-08-17 17:43 - 00000000 ____A C:\Windows\setuperr.log
2012-08-17 17:42 - 2012-08-19 17:18 - 00006118 ____A C:\Windows\PFRO.log
2012-08-17 16:19 - 2012-08-17 16:19 - 00000000 ____D C:\Users\Bob\AppData\Local\{E253A0C7-0367-47DC-9BD4-F2C4D67BE0BD}
2012-08-17 14:07 - 2012-08-17 14:07 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2012-08-17 14:07 - 2012-08-17 14:07 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2012-08-17 04:18 - 2012-08-17 04:18 - 00000000 ____D C:\Users\Bob\AppData\Local\{03B220EE-40CD-4231-935F-F52857CF496C}
2012-08-16 10:59 - 2012-08-17 04:18 - 00000000 ____D C:\Users\Bob\AppData\Local\{97AD54EC-1C38-4F88-8D52-7F731216E7C2}
2012-08-16 10:59 - 2012-08-16 10:59 - 00000000 ____D C:\Users\Bob\AppData\Local\{2C52187F-D094-4E22-B8D4-B2CB40E64920}
2012-08-16 06:43 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-16 06:43 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-16 06:43 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-16 06:43 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-16 06:43 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-16 06:43 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-16 06:43 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-16 06:43 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-16 06:43 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-16 06:43 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-16 06:43 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-16 06:43 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-16 06:43 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-16 06:43 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-16 06:43 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-16 06:43 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-16 06:43 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-16 06:43 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-16 06:43 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-16 06:43 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-16 06:43 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-16 06:43 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-16 06:43 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-16 06:43 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-16 06:43 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-16 06:43 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-16 06:43 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-16 06:43 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-15 04:08 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-15 04:08 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-15 04:07 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-15 04:07 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-15 04:07 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-15 04:07 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-15 04:07 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-15 04:07 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-15 04:07 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-15 04:07 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-15 04:07 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-15 04:07 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-15 04:07 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-08-13 16:04 - 2012-08-16 07:03 - 00019043 ____A C:\Users\Bob\Documents\HRD.odt
2012-08-13 14:42 - 2012-08-13 14:42 - 00004348 ____A C:\Users\Bob\Desktop\CourseStart - Shortcut.lnk
2012-08-13 08:42 - 2012-08-13 08:46 - 00000000 ____D C:\Users\Bob\Desktop\Brayden
2012-08-13 05:12 - 2012-08-13 05:12 - 00000000 ____D C:\Users\Bob\AppData\Local\{488D26A2-8E21-4799-AF3F-3B34869D3623}
2012-08-12 17:11 - 2012-08-13 05:12 - 00000000 ____D C:\Users\Bob\AppData\Local\{99B9C3AF-E68D-4594-9BEC-42C79F6EE169}
2012-08-12 17:11 - 2012-08-12 17:11 - 00000000 ____D C:\Users\Bob\AppData\Local\{D79EED29-0A4A-4264-9E24-72E3CBAF4673}
2012-08-12 14:05 - 2012-08-12 14:05 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-08-12 11:15 - 2012-08-12 11:15 - 00000000 ____D C:\Users\Bob\Documents\Course 14
2012-08-12 11:13 - 2012-08-12 11:14 - 00000000 ____D C:\Users\Bob\Desktop\Course 14 Notes
2012-08-12 11:06 - 2012-08-12 11:06 - 00000000 ____D C:\Users\Bob\Documents\OLDS
2012-08-12 11:05 - 2012-08-12 11:05 - 00000000 ____D C:\Users\Bob\AppData\Roaming\Template
2012-08-12 11:05 - 2012-08-12 11:05 - 00000000 ____A C:\Users\Bob\AppData\Roaming\wklnhst.dat
2012-08-12 10:50 - 2012-08-19 11:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2012-08-12 04:36 - 2012-08-12 04:37 - 00000000 ____D C:\Users\Bob\AppData\Local\{964AADB1-7A4A-4B5B-8675-77885ED407C0}
2012-08-11 07:24 - 2012-08-11 07:24 - 00000000 ____D C:\Users\Bob\AppData\Local\{56DB7D26-E2F6-490C-9DDD-AF9E344608C8}
2012-08-10 11:27 - 2012-08-10 11:27 - 00000000 ____D C:\Users\Bob\AppData\Local\{3671FF44-C7DA-4306-B854-859541B5D2D8}
2012-08-09 13:52 - 2012-08-09 13:53 - 00000000 ____D C:\Users\Bob\AppData\Local\{4A9F59E8-E5B2-420A-9C93-0E0098AC3B60}
2012-08-09 01:52 - 2012-08-09 01:52 - 00000000 ____D C:\Users\Bob\AppData\Local\{F666172F-74B9-4C41-9579-62CE9BF9A8EA}
2012-08-08 01:46 - 2012-08-08 01:47 - 00000000 ____D C:\Users\Bob\AppData\Local\{EF243308-2C43-4210-8697-BD5E9FEDBCAC}
2012-08-07 01:49 - 2012-08-07 01:49 - 00000000 ____D C:\Users\Bob\AppData\Local\{A9F89F82-A645-452F-8AB9-B471D2190DE8}
2012-08-06 13:40 - 2012-08-06 13:40 - 00000000 ____D C:\Users\Bob\AppData\Local\{0424C1C9-8C93-4437-BE52-360792197AC7}
2012-08-06 01:39 - 2012-08-06 01:39 - 00000000 ____D C:\Users\Bob\AppData\Local\{2762979D-AB71-4B61-8455-CD309A293814}
2012-08-05 09:12 - 2012-08-05 09:12 - 00000000 ____D C:\Users\Bob\AppData\Local\{61BBF350-7AA0-4B23-874C-6656D804C215}
2012-08-05 09:11 - 2012-08-12 04:36 - 00000000 ____D C:\Users\Bob\AppData\Local\{9A7B0FA8-623F-44CF-BAC5-B90109C870AA}
2012-08-04 05:18 - 2012-08-04 05:18 - 00000000 ____D C:\Users\Bob\AppData\Local\{FCF59F1D-F881-4A8A-83CA-E9AB3F12FDE2}
2012-08-03 07:28 - 2012-08-04 05:18 - 00000000 ____D C:\Users\Bob\AppData\Local\{2625DF25-5D57-4994-83B5-B6F42D9C7CE7}
2012-08-03 02:19 - 2012-08-03 02:19 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-08-03 02:19 - 2012-08-03 02:19 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-08-03 02:19 - 2012-08-03 02:19 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-08-03 02:19 - 2012-08-03 02:19 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-08-02 17:17 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-08-02 17:17 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-08-02 17:17 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-08-02 17:16 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-08-02 17:16 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-08-02 17:16 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-08-02 17:16 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-08-02 17:15 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-08-02 17:14 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-08-02 17:14 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-08-02 17:14 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-08-02 17:14 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-08-02 17:14 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-08-02 17:14 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-08-02 17:14 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-08-02 17:14 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-08-02 17:14 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-08-02 16:18 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-08-02 16:18 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-08-02 16:18 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-08-02 16:18 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-08-02 16:17 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-08-02 16:17 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-08-02 16:17 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-08-02 16:17 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-08-02 16:17 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-08-02 16:14 - 2012-08-02 16:14 - 00000000 ____D C:\Users\Bob\AppData\Local\{8D9D69A5-8965-4E0D-BC49-2265A06D301E}
2012-08-02 16:13 - 2012-08-02 16:14 - 00000000 ____D C:\Users\Bob\AppData\Local\{2559E5BF-7E6B-40A2-B813-3B78740F4D5B}
2012-08-02 15:50 - 2012-08-02 15:51 - 00005018 ____A C:\Users\Bob\AppData\Local\HWVendorDetection.log
2012-08-02 12:29 - 2012-08-02 12:29 - 00000000 ____D C:\Users\Bob\AppData\Local\Innovative Solutions
2012-08-02 12:29 - 2012-08-02 12:29 - 00000000 ____D C:\Program Files (x86)\Innovative Solutions
2012-08-02 12:11 - 2012-08-02 12:11 - 00000000 ____D C:\Users\Bob\AppData\Local\{B3EFDFBB-CB38-45DA-9D2D-771EC751D3ED}
2012-08-02 12:11 - 2012-08-02 12:11 - 00000000 ____D C:\Users\Bob\AppData\Local\{A2DC59E1-5595-482D-BC97-AD639F0647C5}
2012-08-02 10:07 - 2012-08-02 10:07 - 00000000 ____D C:\Users\Bob\AppData\Local\{5A3FE966-175B-4021-AEAA-E50EB90F5F54}
2012-08-02 09:42 - 2012-08-02 09:42 - 00000000 ____D C:\Users\Bob\AppData\Local\{B95D0AAE-2B9F-40DD-A535-C9D8F83D471F}
2012-08-01 15:56 - 2012-08-01 15:56 - 00000000 ____D C:\Users\Bob\AppData\Local\{8DC624D6-EC22-4E43-9C85-778B4397B5E8}
2012-08-01 15:55 - 2012-08-01 15:56 - 00000000 ____D C:\Users\Bob\AppData\Local\{F5295F58-1547-46D8-9A30-60EB567CB757}
2012-07-31 17:56 - 2012-07-31 17:56 - 00000000 ____D C:\Users\Bob\AppData\Local\{5F2CDBB2-7CBE-4BE5-B1CA-FCEB8B93C7A1}
2012-07-31 04:50 - 2012-07-31 04:50 - 00000000 ____D C:\Users\Bob\AppData\Local\{2441B16D-F067-4E24-AB81-0662F68B9221}
2012-07-30 05:11 - 2012-07-30 05:11 - 00000000 ____D C:\Users\Bob\AppData\Local\{96DF1A27-B6AD-4470-9962-56D66FA4F6BC}
2012-07-29 07:31 - 2012-07-29 07:31 - 00000000 ____D C:\Users\Bob\AppData\Local\{8FBA694E-4F89-4EE3-B7CD-555B205C4205}
2012-07-28 19:20 - 2012-07-31 17:56 - 00000000 ____D C:\Users\Bob\AppData\Local\{A63D1D74-6B7A-4A3A-8C33-69E29ED078DD}
2012-07-28 19:20 - 2012-07-28 19:20 - 00000000 ____D C:\Users\Bob\AppData\Local\{C354538C-7725-454C-9A34-A058D34BC289}
2012-07-28 02:53 - 2012-07-28 02:53 - 00000000 ____D C:\Users\Bob\AppData\Local\{99EF2DAE-798C-4004-8E66-5F862B189C95}
2012-07-27 09:58 - 2012-07-31 07:47 - 00000000 ____D C:\Users\Bob\Documents\AFI
2012-07-27 09:28 - 2012-07-27 09:28 - 00000000 ____D C:\Users\Bob\AppData\Local\{4206595A-2052-41C6-A36C-A6847E599001}
2012-07-26 08:37 - 2012-07-26 08:37 - 00000000 ____D C:\Users\Bob\AppData\Local\{C6E208C5-8951-4193-8D52-BE43B6C586B0}
2012-07-25 05:43 - 2012-07-25 05:43 - 00000000 ____D C:\Users\Bob\AppData\Local\{2AFB556C-F736-4911-9CB0-2235E572D07E}
2012-07-24 17:43 - 2012-07-24 17:43 - 00000000 ____D C:\Users\Bob\AppData\Local\{407AD54A-C8CA-407A-A7AD-01AE3EC6B47C}
2012-07-24 05:42 - 2012-07-24 05:42 - 00000000 ____D C:\Users\Bob\AppData\Local\{26410484-F111-497E-A11B-74E18A496905}
2012-07-23 17:42 - 2012-07-23 17:42 - 00000000 ____D C:\Users\Bob\AppData\Local\{850FE8C0-E9DE-42EA-AFBC-332231CA519D}
2012-07-23 05:41 - 2012-07-23 05:41 - 00000000 ____D C:\Users\Bob\AppData\Local\{92339747-72F0-4823-B6C7-DD1686595CC4}
2012-07-22 17:40 - 2012-07-22 17:41 - 00000000 ____D C:\Users\Bob\AppData\Local\{32DBDE4E-474A-4D8D-B38A-58062CCDDB91}
2012-07-22 05:39 - 2012-07-22 05:39 - 00000000 ____D C:\Users\Bob\AppData\Local\{1567FD5C-1508-4F4B-9248-8AC53EFF416B}
2012-07-21 10:28 - 2012-07-28 02:53 - 00000000 ____D C:\Users\Bob\AppData\Local\{319B44E3-D5BB-49F8-A693-46C10F66E598}
2012-07-21 10:28 - 2012-07-21 10:28 - 00000000 ____D C:\Users\Bob\AppData\Local\{0718DAE0-FBB1-4B9B-916D-CAE0F5DBB5C6}


============ 3 Months Modified Files ========================

2012-08-20 16:39 - 2011-01-15 04:57 - 01290580 ____A C:\Windows\WindowsUpdate.log
2012-08-20 16:38 - 2011-12-24 15:58 - 00000898 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2051389330-1497990960-3423481376-1001Core.job
2012-08-20 16:35 - 2009-07-13 21:13 - 00006442 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-20 16:33 - 2012-04-04 06:39 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-20 16:33 - 2011-12-24 15:58 - 00000920 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2051389330-1497990960-3423481376-1001UA.job
2012-08-20 05:42 - 2012-08-17 17:43 - 00001760 ____A C:\Windows\setupact.log
2012-08-19 17:34 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-19 17:34 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-19 17:27 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-19 17:18 - 2012-08-17 17:42 - 00006118 ____A C:\Windows\PFRO.log
2012-08-19 12:16 - 2012-08-19 12:16 - 62029824 ____A C:\Windows\System32\config\SOFTWARE.iobit
2012-08-19 12:16 - 2012-08-19 12:16 - 18116608 ____A C:\Windows\System32\config\SYSTEM.iobit
2012-08-19 12:16 - 2012-08-19 12:16 - 00815104 ____A C:\Windows\System32\config\DEFAULT.iobit
2012-08-19 12:16 - 2012-08-19 12:16 - 00024576 ____A C:\Windows\System32\config\SECURITY.iobit
2012-08-19 12:16 - 2012-08-19 12:16 - 00024576 ____A C:\Windows\System32\config\SAM.iobit
2012-08-19 09:08 - 2012-08-19 08:58 - 00415877 ____A C:\Windows\System32\Drivers\vsconfig.xml
2012-08-19 08:57 - 2012-08-19 08:57 - 00000762 ____A C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2012-08-19 05:40 - 2012-08-19 05:40 - 00016200 ____A (McAfee, Inc.) C:\Windows\stinger.sys
2012-08-17 17:43 - 2012-08-17 17:43 - 00000000 ____A C:\Windows\setuperr.log
2012-08-17 14:02 - 2012-02-28 12:16 - 00000258 _RASH C:\Users\All Users\ntuser.pol
2012-08-17 05:54 - 2012-04-23 16:54 - 00001240 ____A C:\Users\Public\Desktop\Uninstaller.lnk
2012-08-17 05:54 - 2011-12-05 15:41 - 00001189 ____A C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
2012-08-16 10:57 - 2009-07-13 20:45 - 00335600 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-16 07:03 - 2012-08-13 16:04 - 00019043 ____A C:\Users\Bob\Documents\HRD.odt
2012-08-16 06:38 - 2011-06-26 08:15 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-14 11:36 - 2012-04-04 06:39 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-14 11:36 - 2011-07-29 08:10 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-13 14:42 - 2012-08-13 14:42 - 00004348 ____A C:\Users\Bob\Desktop\CourseStart - Shortcut.lnk
2012-08-12 12:01 - 2011-06-21 06:53 - 00078952 ____A C:\Users\Bob\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-12 11:05 - 2012-08-12 11:05 - 00000000 ____A C:\Users\Bob\AppData\Roaming\wklnhst.dat
2012-08-03 02:19 - 2012-08-03 02:19 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-08-03 02:19 - 2012-08-03 02:19 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-08-03 02:19 - 2012-08-03 02:19 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-08-03 02:19 - 2012-08-03 02:19 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-08-02 15:51 - 2012-08-02 15:50 - 00005018 ____A C:\Users\Bob\AppData\Local\HWVendorDetection.log
2012-07-23 11:59 - 2011-12-05 15:55 - 00024960 ____A (IObit) C:\Windows\System32\RegistryDefragBootTime.exe
2012-07-18 10:15 - 2012-08-15 04:07 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-04 14:16 - 2012-08-15 04:07 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-15 04:07 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-15 04:07 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-15 04:07 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-15 04:07 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-06-28 20:55 - 2012-08-16 06:43 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-16 06:43 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-16 06:43 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-16 06:43 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-08-16 06:43 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-08-16 06:43 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-16 06:43 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-16 06:43 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-16 06:43 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-16 06:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-16 06:43 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-16 06:43 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-16 06:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-16 06:43 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-16 06:43 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-08-16 06:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-16 06:43 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-16 06:43 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-08-16 06:43 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-08-16 06:43 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-16 06:43 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-16 06:43 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-16 06:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-08-16 06:43 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-08-16 06:43 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-16 06:43 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-16 06:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-16 06:43 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-15 11:09 - 2012-06-15 11:09 - 03526040 ____A (TeamViewer GmbH) C:\Users\Bob\Downloads\TeamViewer_Setup_en.exe
2012-06-12 17:59 - 2012-06-12 17:59 - 20006472 ____A (Apple Inc.) C:\Users\Bob\Downloads\QuickTimeInstaller.exe
2012-06-11 14:57 - 2011-08-03 13:18 - 00006424 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-11 14:52 - 2012-06-11 14:52 - 50618163 ____A (Chatlead Inc ) C:\Users\Bob\Downloads\CC24ChatConsole_0.9.0.7.exe
2012-06-11 13:57 - 2012-06-11 13:56 - 05772448 ____A C:\Users\Bob\Downloads\npp.6.1.Installer.exe
2012-06-09 14:10 - 2012-06-09 14:10 - 04518720 ____A (FileZilla Project) C:\Users\Bob\Downloads\FileZilla_3.5.3_win32-setup.exe
2012-06-09 11:23 - 2012-06-09 11:23 - 00944304 ____A (Skype Technologies S.A.) C:\Users\Bob\Downloads\SkypeSetup.exe
2012-06-09 09:04 - 2012-06-09 09:04 - 01534144 ____A (W3i, LLC) C:\Users\Bob\Downloads\7Zip.exe
2012-06-09 08:17 - 2012-06-09 08:17 - 17693184 ____A (POTI, Inc.) C:\Users\Bob\Downloads\Songbird_1.10.3-2288_windows-i686-msvc8.exe
2012-06-05 22:06 - 2012-08-02 17:16 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-08-02 17:16 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-08-02 17:15 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-08-02 17:17 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-08-02 17:17 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-08-02 17:16 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-08-02 16:18 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-08-02 16:18 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-08-02 16:18 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-08-02 16:17 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-08-02 16:17 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-08-02 16:18 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-08-02 16:17 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-08-02 16:17 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-08-02 16:17 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:50 - 2012-08-02 17:14 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-08-02 17:14 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-08-02 17:14 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-08-02 17:14 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-08-02 17:14 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-08-02 17:14 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-08-02 17:14 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-08-02 17:14 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-08-02 17:14 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3834.9 MB
Available physical RAM: 3135.04 MB
Total Pagefile: 3833.05 MB
Available Pagefile: 3130.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Acer) (Fixed) (Total:218.79 GB) (Free:18.6 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:14 GB) (Free:1.33 GB) NTFS
4 Drive g: () (Removable) (Total:7.45 GB) (Free:2.54 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 7633 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 14 GB 1024 KB
Partition 2 Primary 100 MB 14 GB
Partition 3 Primary 218 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 14 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Acer NTFS Partition 218 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 7633 MB Healthy

==================================================================================

Last Boot: 2012-08-17 16:44

======================= End Of Log ==========================
  • 0

#7
WhiteHat
Posted 21 August 2012 - 11:02 AM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Download the regs below and run.

NEXT

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Files
Net Start mpsdrv /c
Net Start MpsSvc /c
Net Start bfe /c
Net Start wscsvc /c

:Commands
[CREATERESTOREPOINT]
[EMPTYTEMP]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

FINALLY

Run Farbar Service Scanner again and post the log.
  • 0

#8
Kolbe1
Posted 21 August 2012 - 03:30 PM

Kolbe1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
WhiteHat

Thanks again for all that you are doing. Below are the requested reports.

Kolbe

All processes killed
========== FILES ==========
< Net Start mpsdrv /c >
The Windows Firewall Authorization Driver service was started successfully.
E:\cmd.bat deleted successfully.
E:\cmd.txt deleted successfully.
< Net Start MpsSvc /c >
E:\cmd.bat deleted successfully.
E:\cmd.txt deleted successfully.
< Net Start bfe /c >
E:\cmd.bat deleted successfully.
E:\cmd.txt deleted successfully.
< Net Start wscsvc /c >
E:\cmd.bat deleted successfully.
E:\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Administrator

User: All Users

User: Bob
->Temp folder emptied: 4100628 bytes
->Temporary Internet Files folder emptied: 518865 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 8033 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2636989 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2641404 bytes

Total Files Cleaned = 9.00 mb


OTL by OldTimer - Version 3.2.58.0 log created on 08212012_171605

Files\Folders moved on Reboot...
C:\Users\Bob\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Bob\AppData\Local\Temp\~DF923917F7517B3133.TMP moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
C:\Windows\temp\ZLT04093.TMP moved successfully.

PendingFileRenameOperations files...
File C:\Users\Bob\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Bob\AppData\Local\Temp\~DF923917F7517B3133.TMP not found!
[2012/08/21 17:19:21 | 000,000,000 | ---- | M] () C:\Windows\temp\dsiwmis.log : Unable to obtain MD5
File C:\Windows\temp\ZLT04093.TMP not found!

Registry entries deleted on Reboot...

Scan result of Farbar Recovery Scan Tool Version: 19-08-2012
Ran by Bob at 21-08-2012 17:22:06
Running from E:\Whitehat
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


============ One Month Created Files and Folders ==============

2012-08-21 00:45 - 2012-08-21 17:22 - 00000000 ____D C:\FRST
2012-08-20 21:29 - 2012-08-20 21:29 - 00000000 ____D C:\Users\Bob\AppData\Local\{AEAA9F75-D3EB-4C67-A2B7-F3967CC20C0A}
2012-08-19 22:47 - 2012-08-19 22:47 - 00000000 ____D C:\Users\Bob\AppData\Local\{8A282ED8-541D-42FD-B878-5669F1EB5604}
2012-08-19 16:16 - 2012-08-19 16:16 - 62029824 ____A C:\Windows\System32\config\SOFTWARE.iobit
2012-08-19 16:16 - 2012-08-19 16:16 - 18116608 ____A C:\Windows\System32\config\SYSTEM.iobit
2012-08-19 16:16 - 2012-08-19 16:16 - 00815104 ____A C:\Windows\System32\config\DEFAULT.iobit
2012-08-19 16:16 - 2012-08-19 16:16 - 00024576 ____A C:\Windows\System32\config\SECURITY.iobit
2012-08-19 16:16 - 2012-08-19 16:16 - 00024576 ____A C:\Windows\System32\config\SAM.iobit
2012-08-19 12:58 - 2012-08-19 13:08 - 00415877 ____A C:\Windows\System32\Drivers\vsconfig.xml
2012-08-19 12:58 - 2012-01-09 18:59 - 00460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kl1.sys
2012-08-19 12:58 - 2012-01-09 18:59 - 00011864 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kl2.sys
2012-08-19 12:57 - 2012-08-19 12:57 - 00000762 ____A C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2012-08-19 12:57 - 2012-01-09 18:59 - 00485680 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys
2012-08-19 12:56 - 2012-08-19 12:56 - 00000000 ____D C:\Users\Bob\Documents\ForceField Shared Files
2012-08-19 12:56 - 2012-08-19 12:56 - 00000000 ____D C:\Users\Bob\AppData\Roaming\CheckPoint
2012-08-19 12:56 - 2012-08-19 12:56 - 00000000 ____D C:\Program Files\CheckPoint
2012-08-19 12:54 - 2012-08-19 12:57 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2012-08-19 12:53 - 2012-08-19 12:53 - 00000000 ____D C:\Users\All Users\CheckPoint
2012-08-19 10:46 - 2012-08-19 10:47 - 00000000 ____D C:\Users\Bob\AppData\Local\{F695FF1C-AFFC-4D65-82AC-E58155FE28AF}
2012-08-19 09:40 - 2012-08-19 09:40 - 00016200 ____A (McAfee, Inc.) C:\Windows\stinger.sys
2012-08-19 09:38 - 2012-08-19 15:49 - 00000000 ____D C:\Program Files (x86)\stinger
2012-08-18 22:46 - 2012-08-18 22:46 - 00000000 ____D C:\Users\Bob\AppData\Local\{A4CC9031-0374-4821-BCA1-F1EA51735223}
2012-08-18 19:31 - 2012-08-18 19:31 - 00000000 ____D C:\Users\Bob\AppData\Local\{378A7284-3803-45D1-8DBB-539AF118A2DB}
2012-08-18 18:56 - 2012-08-18 18:56 - 00000000 ____D C:\Users\Bob\AppData\Local\{3BC0B842-2A16-4D11-84B7-FD875E20F110}
2012-08-18 06:16 - 2012-08-18 06:16 - 00000000 ____D C:\Users\Bob\AppData\Local\{821273CD-909B-4DB2-8070-12441CA963B6}
2012-08-17 21:43 - 2012-08-21 17:19 - 00001872 ____A C:\Windows\setupact.log
2012-08-17 21:43 - 2012-08-17 21:43 - 00000000 ____D C:\Users\Bob\AppData\Local\{755943BA-705C-4F63-96AC-285813FA409B}
2012-08-17 21:43 - 2012-08-17 21:43 - 00000000 ____A C:\Windows\setuperr.log
2012-08-17 21:42 - 2012-08-19 21:18 - 00006118 ____A C:\Windows\PFRO.log
2012-08-17 20:19 - 2012-08-17 20:19 - 00000000 ____D C:\Users\Bob\AppData\Local\{E253A0C7-0367-47DC-9BD4-F2C4D67BE0BD}
2012-08-17 18:07 - 2012-08-17 18:07 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2012-08-17 18:07 - 2012-08-17 18:07 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2012-08-17 08:18 - 2012-08-17 08:18 - 00000000 ____D C:\Users\Bob\AppData\Local\{03B220EE-40CD-4231-935F-F52857CF496C}
2012-08-16 14:59 - 2012-08-17 08:18 - 00000000 ____D C:\Users\Bob\AppData\Local\{97AD54EC-1C38-4F88-8D52-7F731216E7C2}
2012-08-16 14:59 - 2012-08-16 14:59 - 00000000 ____D C:\Users\Bob\AppData\Local\{2C52187F-D094-4E22-B8D4-B2CB40E64920}
2012-08-16 10:43 - 2012-06-29 00:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-16 10:43 - 2012-06-29 00:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-16 10:43 - 2012-06-28 23:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-16 10:43 - 2012-06-28 23:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-16 10:43 - 2012-06-28 23:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-16 10:43 - 2012-06-28 23:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-16 10:43 - 2012-06-28 23:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-16 10:43 - 2012-06-28 23:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-16 10:43 - 2012-06-28 23:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-16 10:43 - 2012-06-28 23:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-16 10:43 - 2012-06-28 23:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-16 10:43 - 2012-06-28 23:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-16 10:43 - 2012-06-28 23:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-16 10:43 - 2012-06-28 23:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-16 10:43 - 2012-06-28 20:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-16 10:43 - 2012-06-28 20:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-16 10:43 - 2012-06-28 20:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-16 10:43 - 2012-06-28 20:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-16 10:43 - 2012-06-28 20:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-16 10:43 - 2012-06-28 20:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-16 10:43 - 2012-06-28 20:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-16 10:43 - 2012-06-28 20:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-16 10:43 - 2012-06-28 20:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-16 10:43 - 2012-06-28 20:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-16 10:43 - 2012-06-28 20:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-16 10:43 - 2012-06-28 20:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-16 10:43 - 2012-06-28 20:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-16 10:43 - 2012-06-28 19:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-15 08:08 - 2012-05-05 04:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-15 08:08 - 2012-05-05 03:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-15 08:07 - 2012-07-18 14:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-15 08:07 - 2012-07-04 18:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-15 08:07 - 2012-07-04 18:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-15 08:07 - 2012-07-04 18:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-15 08:07 - 2012-07-04 17:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-15 08:07 - 2012-07-04 17:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-15 08:07 - 2012-05-14 01:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-15 08:07 - 2012-02-11 02:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-15 08:07 - 2012-02-11 02:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-15 08:07 - 2012-02-11 02:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-15 08:07 - 2012-02-11 01:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-08-13 20:04 - 2012-08-16 11:03 - 00019043 ____A C:\Users\Bob\Documents\HRD.odt
2012-08-13 18:42 - 2012-08-13 18:42 - 00004348 ____A C:\Users\Bob\Desktop\CourseStart - Shortcut.lnk
2012-08-13 12:42 - 2012-08-13 12:46 - 00000000 ____D C:\Users\Bob\Desktop\Brayden
2012-08-13 09:12 - 2012-08-13 09:12 - 00000000 ____D C:\Users\Bob\AppData\Local\{488D26A2-8E21-4799-AF3F-3B34869D3623}
2012-08-12 21:11 - 2012-08-13 09:12 - 00000000 ____D C:\Users\Bob\AppData\Local\{99B9C3AF-E68D-4594-9BEC-42C79F6EE169}
2012-08-12 21:11 - 2012-08-12 21:11 - 00000000 ____D C:\Users\Bob\AppData\Local\{D79EED29-0A4A-4264-9E24-72E3CBAF4673}
2012-08-12 18:05 - 2012-08-12 18:05 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-08-12 15:15 - 2012-08-12 15:15 - 00000000 ____D C:\Users\Bob\Documents\Course 14
2012-08-12 15:13 - 2012-08-12 15:14 - 00000000 ____D C:\Users\Bob\Desktop\Course 14 Notes
2012-08-12 15:06 - 2012-08-12 15:06 - 00000000 ____D C:\Users\Bob\Documents\OLDS
2012-08-12 15:05 - 2012-08-12 15:05 - 00000000 ____D C:\Users\Bob\AppData\Roaming\Template
2012-08-12 15:05 - 2012-08-12 15:05 - 00000000 ____A C:\Users\Bob\AppData\Roaming\wklnhst.dat
2012-08-12 14:50 - 2012-08-19 15:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2012-08-12 08:36 - 2012-08-12 08:37 - 00000000 ____D C:\Users\Bob\AppData\Local\{964AADB1-7A4A-4B5B-8675-77885ED407C0}
2012-08-11 11:24 - 2012-08-11 11:24 - 00000000 ____D C:\Users\Bob\AppData\Local\{56DB7D26-E2F6-490C-9DDD-AF9E344608C8}
2012-08-10 15:27 - 2012-08-10 15:27 - 00000000 ____D C:\Users\Bob\AppData\Local\{3671FF44-C7DA-4306-B854-859541B5D2D8}
2012-08-09 17:52 - 2012-08-09 17:53 - 00000000 ____D C:\Users\Bob\AppData\Local\{4A9F59E8-E5B2-420A-9C93-0E0098AC3B60}
2012-08-09 05:52 - 2012-08-09 05:52 - 00000000 ____D C:\Users\Bob\AppData\Local\{F666172F-74B9-4C41-9579-62CE9BF9A8EA}
2012-08-08 05:46 - 2012-08-08 05:47 - 00000000 ____D C:\Users\Bob\AppData\Local\{EF243308-2C43-4210-8697-BD5E9FEDBCAC}
2012-08-07 05:49 - 2012-08-07 05:49 - 00000000 ____D C:\Users\Bob\AppData\Local\{A9F89F82-A645-452F-8AB9-B471D2190DE8}
2012-08-06 17:40 - 2012-08-06 17:40 - 00000000 ____D C:\Users\Bob\AppData\Local\{0424C1C9-8C93-4437-BE52-360792197AC7}
2012-08-06 05:39 - 2012-08-06 05:39 - 00000000 ____D C:\Users\Bob\AppData\Local\{2762979D-AB71-4B61-8455-CD309A293814}
2012-08-05 13:12 - 2012-08-05 13:12 - 00000000 ____D C:\Users\Bob\AppData\Local\{61BBF350-7AA0-4B23-874C-6656D804C215}
2012-08-05 13:11 - 2012-08-12 08:36 - 00000000 ____D C:\Users\Bob\AppData\Local\{9A7B0FA8-623F-44CF-BAC5-B90109C870AA}
2012-08-04 09:18 - 2012-08-04 09:18 - 00000000 ____D C:\Users\Bob\AppData\Local\{FCF59F1D-F881-4A8A-83CA-E9AB3F12FDE2}
2012-08-03 11:28 - 2012-08-04 09:18 - 00000000 ____D C:\Users\Bob\AppData\Local\{2625DF25-5D57-4994-83B5-B6F42D9C7CE7}
2012-08-03 06:19 - 2012-08-03 06:19 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-08-03 06:19 - 2012-08-03 06:19 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-08-03 06:19 - 2012-08-03 06:19 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-08-03 06:19 - 2012-08-03 06:19 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-08-02 21:17 - 2012-06-06 01:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-08-02 21:17 - 2012-06-06 01:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-08-02 21:17 - 2010-06-25 23:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-08-02 21:16 - 2012-06-06 02:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-08-02 21:16 - 2012-06-06 02:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-08-02 21:16 - 2012-06-06 01:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-08-02 21:16 - 2010-06-25 23:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-08-02 21:15 - 2012-06-06 02:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-08-02 21:14 - 2012-06-02 01:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-08-02 21:14 - 2012-06-02 01:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-08-02 21:14 - 2012-06-02 01:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-08-02 21:14 - 2012-06-02 01:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-08-02 21:14 - 2012-06-02 01:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-08-02 21:14 - 2012-06-02 00:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-08-02 21:14 - 2012-06-02 00:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-08-02 21:14 - 2012-06-02 00:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-08-02 21:14 - 2012-06-02 00:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-08-02 20:18 - 2012-06-02 18:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-08-02 20:18 - 2012-06-02 18:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-08-02 20:18 - 2012-06-02 18:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-08-02 20:18 - 2012-06-02 18:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-08-02 20:17 - 2012-06-02 18:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-08-02 20:17 - 2012-06-02 18:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-08-02 20:17 - 2012-06-02 18:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-08-02 20:17 - 2012-06-02 15:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-08-02 20:17 - 2012-06-02 15:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-08-02 20:14 - 2012-08-02 20:14 - 00000000 ____D C:\Users\Bob\AppData\Local\{8D9D69A5-8965-4E0D-BC49-2265A06D301E}
2012-08-02 20:13 - 2012-08-02 20:14 - 00000000 ____D C:\Users\Bob\AppData\Local\{2559E5BF-7E6B-40A2-B813-3B78740F4D5B}
2012-08-02 19:50 - 2012-08-02 19:51 - 00005018 ____A C:\Users\Bob\AppData\Local\HWVendorDetection.log
2012-08-02 16:29 - 2012-08-02 16:29 - 00000000 ____D C:\Users\Bob\AppData\Local\Innovative Solutions
2012-08-02 16:29 - 2012-08-02 16:29 - 00000000 ____D C:\Program Files (x86)\Innovative Solutions
2012-08-02 16:11 - 2012-08-02 16:11 - 00000000 ____D C:\Users\Bob\AppData\Local\{B3EFDFBB-CB38-45DA-9D2D-771EC751D3ED}
2012-08-02 16:11 - 2012-08-02 16:11 - 00000000 ____D C:\Users\Bob\AppData\Local\{A2DC59E1-5595-482D-BC97-AD639F0647C5}
2012-08-02 14:07 - 2012-08-02 14:07 - 00000000 ____D C:\Users\Bob\AppData\Local\{5A3FE966-175B-4021-AEAA-E50EB90F5F54}
2012-08-02 13:42 - 2012-08-02 13:42 - 00000000 ____D C:\Users\Bob\AppData\Local\{B95D0AAE-2B9F-40DD-A535-C9D8F83D471F}
2012-08-01 19:56 - 2012-08-01 19:56 - 00000000 ____D C:\Users\Bob\AppData\Local\{8DC624D6-EC22-4E43-9C85-778B4397B5E8}
2012-08-01 19:55 - 2012-08-01 19:56 - 00000000 ____D C:\Users\Bob\AppData\Local\{F5295F58-1547-46D8-9A30-60EB567CB757}
2012-07-31 21:56 - 2012-07-31 21:56 - 00000000 ____D C:\Users\Bob\AppData\Local\{5F2CDBB2-7CBE-4BE5-B1CA-FCEB8B93C7A1}
2012-07-31 08:50 - 2012-07-31 08:50 - 00000000 ____D C:\Users\Bob\AppData\Local\{2441B16D-F067-4E24-AB81-0662F68B9221}
2012-07-30 09:11 - 2012-07-30 09:11 - 00000000 ____D C:\Users\Bob\AppData\Local\{96DF1A27-B6AD-4470-9962-56D66FA4F6BC}
2012-07-29 11:31 - 2012-07-29 11:31 - 00000000 ____D C:\Users\Bob\AppData\Local\{8FBA694E-4F89-4EE3-B7CD-555B205C4205}
2012-07-28 23:20 - 2012-07-31 21:56 - 00000000 ____D C:\Users\Bob\AppData\Local\{A63D1D74-6B7A-4A3A-8C33-69E29ED078DD}
2012-07-28 23:20 - 2012-07-28 23:20 - 00000000 ____D C:\Users\Bob\AppData\Local\{C354538C-7725-454C-9A34-A058D34BC289}
2012-07-28 06:53 - 2012-07-28 06:53 - 00000000 ____D C:\Users\Bob\AppData\Local\{99EF2DAE-798C-4004-8E66-5F862B189C95}
2012-07-27 13:58 - 2012-07-31 11:47 - 00000000 ____D C:\Users\Bob\Documents\AFI
2012-07-27 13:28 - 2012-07-27 13:28 - 00000000 ____D C:\Users\Bob\AppData\Local\{4206595A-2052-41C6-A36C-A6847E599001}
2012-07-26 12:37 - 2012-07-26 12:37 - 00000000 ____D C:\Users\Bob\AppData\Local\{C6E208C5-8951-4193-8D52-BE43B6C586B0}
2012-07-25 09:43 - 2012-07-25 09:43 - 00000000 ____D C:\Users\Bob\AppData\Local\{2AFB556C-F736-4911-9CB0-2235E572D07E}
2012-07-24 21:43 - 2012-07-24 21:43 - 00000000 ____D C:\Users\Bob\AppData\Local\{407AD54A-C8CA-407A-A7AD-01AE3EC6B47C}
2012-07-24 09:42 - 2012-07-24 09:42 - 00000000 ____D C:\Users\Bob\AppData\Local\{26410484-F111-497E-A11B-74E18A496905}
2012-07-23 21:42 - 2012-07-23 21:42 - 00000000 ____D C:\Users\Bob\AppData\Local\{850FE8C0-E9DE-42EA-AFBC-332231CA519D}
2012-07-23 09:41 - 2012-07-23 09:41 - 00000000 ____D C:\Users\Bob\AppData\Local\{92339747-72F0-4823-B6C7-DD1686595CC4}
2012-07-22 21:40 - 2012-07-22 21:41 - 00000000 ____D C:\Users\Bob\AppData\Local\{32DBDE4E-474A-4D8D-B38A-58062CCDDB91}
2012-07-22 09:39 - 2012-07-22 09:39 - 00000000 ____D C:\Users\Bob\AppData\Local\{1567FD5C-1508-4F4B-9248-8AC53EFF416B}


============ 3 Months Modified Files ========================

2012-08-21 17:19 - 2012-08-17 21:43 - 00001872 ____A C:\Windows\setupact.log
2012-08-21 17:19 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-21 17:18 - 2011-12-24 19:58 - 00000920 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2051389330-1497990960-3423481376-1001UA.job
2012-08-21 17:17 - 2011-01-15 08:57 - 01298300 ____A C:\Windows\WindowsUpdate.log
2012-08-21 17:16 - 2009-07-14 01:13 - 00006442 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-21 17:10 - 2012-04-04 10:39 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-20 21:35 - 2009-07-14 00:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-20 21:35 - 2009-07-14 00:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-20 20:38 - 2011-12-24 19:58 - 00000898 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2051389330-1497990960-3423481376-1001Core.job
2012-08-19 21:18 - 2012-08-17 21:42 - 00006118 ____A C:\Windows\PFRO.log
2012-08-19 16:16 - 2012-08-19 16:16 - 62029824 ____A C:\Windows\System32\config\SOFTWARE.iobit
2012-08-19 16:16 - 2012-08-19 16:16 - 18116608 ____A C:\Windows\System32\config\SYSTEM.iobit
2012-08-19 16:16 - 2012-08-19 16:16 - 00815104 ____A C:\Windows\System32\config\DEFAULT.iobit
2012-08-19 16:16 - 2012-08-19 16:16 - 00024576 ____A C:\Windows\System32\config\SECURITY.iobit
2012-08-19 16:16 - 2012-08-19 16:16 - 00024576 ____A C:\Windows\System32\config\SAM.iobit
2012-08-19 13:08 - 2012-08-19 12:58 - 00415877 ____A C:\Windows\System32\Drivers\vsconfig.xml
2012-08-19 12:57 - 2012-08-19 12:57 - 00000762 ____A C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2012-08-19 09:40 - 2012-08-19 09:40 - 00016200 ____A (McAfee, Inc.) C:\Windows\stinger.sys
2012-08-17 21:43 - 2012-08-17 21:43 - 00000000 ____A C:\Windows\setuperr.log
2012-08-17 18:02 - 2012-02-28 16:16 - 00000258 _RASH C:\Users\All Users\ntuser.pol
2012-08-17 09:54 - 2012-04-23 20:54 - 00001240 ____A C:\Users\Public\Desktop\Uninstaller.lnk
2012-08-17 09:54 - 2011-12-05 19:41 - 00001189 ____A C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
2012-08-16 14:57 - 2009-07-14 00:45 - 00335600 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-16 11:03 - 2012-08-13 20:04 - 00019043 ____A C:\Users\Bob\Documents\HRD.odt
2012-08-16 10:38 - 2011-06-26 12:15 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-14 15:36 - 2012-04-04 10:39 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-14 15:36 - 2011-07-29 12:10 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-13 18:42 - 2012-08-13 18:42 - 00004348 ____A C:\Users\Bob\Desktop\CourseStart - Shortcut.lnk
2012-08-12 16:01 - 2011-06-21 10:53 - 00078952 ____A C:\Users\Bob\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-12 15:05 - 2012-08-12 15:05 - 00000000 ____A C:\Users\Bob\AppData\Roaming\wklnhst.dat
2012-08-03 06:19 - 2012-08-03 06:19 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-08-03 06:19 - 2012-08-03 06:19 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-08-03 06:19 - 2012-08-03 06:19 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-08-03 06:19 - 2012-08-03 06:19 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-08-02 19:51 - 2012-08-02 19:50 - 00005018 ____A C:\Users\Bob\AppData\Local\HWVendorDetection.log
2012-07-23 15:59 - 2011-12-05 19:55 - 00024960 ____A (IObit) C:\Windows\System32\RegistryDefragBootTime.exe
2012-07-18 14:15 - 2012-08-15 08:07 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-04 18:16 - 2012-08-15 08:07 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 18:13 - 2012-08-15 08:07 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 18:13 - 2012-08-15 08:07 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 17:16 - 2012-08-15 08:07 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 17:14 - 2012-08-15 08:07 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-06-29 00:55 - 2012-08-16 10:43 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-29 00:09 - 2012-08-16 10:43 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 23:56 - 2012-08-16 10:43 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 23:49 - 2012-08-16 10:43 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 23:49 - 2012-08-16 10:43 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 23:48 - 2012-08-16 10:43 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 23:47 - 2012-08-16 10:43 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 23:45 - 2012-08-16 10:43 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 23:44 - 2012-08-16 10:43 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 23:43 - 2012-08-16 10:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 23:42 - 2012-08-16 10:43 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 23:40 - 2012-08-16 10:43 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 23:39 - 2012-08-16 10:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 23:35 - 2012-08-16 10:43 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 20:52 - 2012-08-16 10:43 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 20:27 - 2012-08-16 10:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 20:16 - 2012-08-16 10:43 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 20:09 - 2012-08-16 10:43 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 20:09 - 2012-08-16 10:43 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 20:08 - 2012-08-16 10:43 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 20:07 - 2012-08-16 10:43 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 20:06 - 2012-08-16 10:43 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 20:04 - 2012-08-16 10:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 20:04 - 2012-08-16 10:43 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 20:01 - 2012-08-16 10:43 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 20:01 - 2012-08-16 10:43 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 20:00 - 2012-08-16 10:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 19:57 - 2012-08-16 10:43 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-15 15:09 - 2012-06-15 15:09 - 03526040 ____A (TeamViewer GmbH) C:\Users\Bob\Downloads\TeamViewer_Setup_en.exe
2012-06-12 21:59 - 2012-06-12 21:59 - 20006472 ____A (Apple Inc.) C:\Users\Bob\Downloads\QuickTimeInstaller.exe
2012-06-11 18:57 - 2011-08-03 17:18 - 00006424 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-11 18:52 - 2012-06-11 18:52 - 50618163 ____A (Chatlead Inc ) C:\Users\Bob\Downloads\CC24ChatConsole_0.9.0.7.exe
2012-06-11 17:57 - 2012-06-11 17:56 - 05772448 ____A C:\Users\Bob\Downloads\npp.6.1.Installer.exe
2012-06-09 18:10 - 2012-06-09 18:10 - 04518720 ____A (FileZilla Project) C:\Users\Bob\Downloads\FileZilla_3.5.3_win32-setup.exe
2012-06-09 15:23 - 2012-06-09 15:23 - 00944304 ____A (Skype Technologies S.A.) C:\Users\Bob\Downloads\SkypeSetup.exe
2012-06-09 13:04 - 2012-06-09 13:04 - 01534144 ____A (W3i, LLC) C:\Users\Bob\Downloads\7Zip.exe
2012-06-09 12:17 - 2012-06-09 12:17 - 17693184 ____A (POTI, Inc.) C:\Users\Bob\Downloads\Songbird_1.10.3-2288_windows-i686-msvc8.exe
2012-06-06 02:06 - 2012-08-02 21:16 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 02:06 - 2012-08-02 21:16 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 02:02 - 2012-08-02 21:15 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-06 01:05 - 2012-08-02 21:17 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 01:05 - 2012-08-02 21:17 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-06 01:03 - 2012-08-02 21:16 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 18:19 - 2012-08-02 20:18 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 18:19 - 2012-08-02 20:18 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 18:19 - 2012-08-02 20:18 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 18:19 - 2012-08-02 20:17 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 18:19 - 2012-08-02 20:17 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 18:15 - 2012-08-02 20:18 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 18:15 - 2012-08-02 20:17 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:19 - 2012-08-02 20:17 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:15 - 2012-08-02 20:17 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:50 - 2012-08-02 21:14 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 01:48 - 2012-08-02 21:14 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 01:48 - 2012-08-02 21:14 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 01:45 - 2012-08-02 21:14 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 01:44 - 2012-08-02 21:14 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-02 00:40 - 2012-08-02 21:14 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-02 00:40 - 2012-08-02 21:14 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-02 00:39 - 2012-08-02 21:14 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-02 00:34 - 2012-08-02 21:14 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 42%
Total physical RAM: 3834.9 MB
Available physical RAM: 2190.07 MB
Total Pagefile: 7667.99 MB
Available Pagefile: 5911.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: (Acer) (Fixed) (Total:218.79 GB) (Free:18.51 GB) NTFS
3 Drive e: () (Removable) (Total:7.45 GB) (Free:2.54 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 7633 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 14 GB 1024 KB
Partition 2 Primary 100 MB 14 GB
Partition 3 Primary 218 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 PQSERVICE NTFS Partition 14 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM RESE NTFS Partition 100 MB Healthy System (partition with boot components)

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Acer NTFS Partition 218 GB Healthy Boot

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E FAT32 Removable 7633 MB Healthy

==================================================================================

Last Boot: 2012-08-17 20:44

======================= End Of Log ==========================
  • 0

#9
WhiteHat
Posted 22 August 2012 - 09:42 AM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

You ran the wrong tool. The log I want is generate by Farbar Service Scanner. :thumbsup:

Please download Farbar Service Scanner and run it on the computer.
Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

  • 0

#10
Kolbe1
Posted 22 August 2012 - 03:37 PM

Kolbe1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Sorry about the wrong report.


Farbar Service Scanner Version: 06-08-2012
Ran by Bob (administrator) on 22-08-2012 at 17:33:25
Running from "E:\"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Yahoo IP is offline
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#11
WhiteHat
Posted 22 August 2012 - 04:59 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Download the reg below and run:
NEXT

Download Windows Repair (all in one) from this site

Install the program then run

Posted Image

Go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab click start
Posted Image

Select the following items and tick restart system when finished
Posted Image
  • 0

#12
Kolbe1
Posted 23 August 2012 - 06:31 PM

Kolbe1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
WhiteHat,

All seems well with my computer now. Thank you so much for your time and fix.

Kolbe1
  • 0

#13
WhiteHat
Posted 23 August 2012 - 10:31 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Please, can you ran Farbar Service Scanner and send me the log (FSS.txt)?
  • 0

#14
Kolbe1
Posted 24 August 2012 - 12:44 PM

Kolbe1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Attached is the scan you requested.

Kolbe

Farbar Service Scanner Version: 06-08-2012
Ran by Bob (administrator) on 24-08-2012 at 14:40:39
Running from "E:\Whitehat"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#15
WhiteHat
Posted 24 August 2012 - 05:01 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Everything seems fine.

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

The following will implement some cleanup procedures as well as reset System Restore points:

Remove OTL

Run OTL and hit the Posted Image cleanup button. It will remove all the programmes we have used plus itself.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • (If you use Windows 7/Vista)
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

  • (If you use Windows XP)
  • Go to Start > All Programs > Acessories > System Tools > System Restore.
  • Select the option Create a restore point and click in Next.
  • Type in a name i.e. Clean
  • Select Create

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place??

Keep safe.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP