kk4flyer

Tried again to boot from Recovery Disk. This time I selected the "continue with recovery disk" option. It gave me 2 options: "Restore computer and preserve my new or changed files (recommended)" and "select other system backup and more options". I tried the first one. It went to an Emergency File & Folder Backup screen and scanned my computer for new or changed files since the last backup; it saved them in an Emergency folder on the C: drive. It looked like it saved just about every file. Then it went to "Restore my computer", which formatted the partition. Oops, I didn't know it was going to do that. Then it started "reinstalling your original content", which took a long time. Then it restarted, and yes.. it got to Windows! Looks like a clean re-install of Windows; it asked me for a bunch of setup stuff. Windows is working, but lots of things need to be set up, like internet connection. I'll try to work on this. If you have any suggestions, let me know. Thanks for your help.

I changed setup to boot from CD/DVD and inserted recovery disk. It said "Windows is loading files...", then "Starting Windows", then came to a Dell DataSafe Local Backup screen. It said "Click 'Next' to restore your computer to the most recent Full System Backup. Files added or changed since that backup will be preserved and then copied back to your computer after the restoration is complete". There were 2 choices: Run the program from my hard disk (recommended) Continue with your System Recovery Disc So I chose to run it from hard disk, and clicked Next. It instructed me to remove the Recovery Disk, so I did. It said it was going to reboot from the recovery partition. I clicked Finish and it tried to reboot, but failed as usual - black screen with cursor blinking in upper left. I don't think I ever did a Full System Backup, so maybe that's why it failed.

I don't have a Windows 7 disk. I have a "recovery disk" that I made when I first got the computer. Unfortunately I can't find the documentation that told me to make the disk, so I don't know what it's for. It contains folders like "BOOT", "dell", "preload", "recovery", and some other files.

When I rebooted from hard drive, I got the same results as before: Saw Dell startup screen, then black screen with cursor blinking in upper left corner. Never got to Windows.

Here is the Kaspersky log: <pre style='color:#141312;background-color:#ffffff;'> bjects Scan: completed 1 minute ago (events: 311, objects: 2743488, time: 06:25:49) 12/4/12 8:06 AM Task completed 12/4/12 8:06 AM Untreated: Rootkit.Boot.Pihar.c /dev/sda Skipped by user 12/4/12 8:06 AM Untreated: Rootkit.Boot.Pihar.c /dev/sda Cannot be disinfected 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 5:18 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 2:13 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor OTHER.idz Read error 12/4/12 2:12 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor ANSI.idz Read error 12/4/12 2:12 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor ANSI.idz/AI2013_Inventor ANSI Read error 12/4/12 2:12 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor GOST.idz Read error 12/4/12 1:41 AM Untreated: Rootkit.Boot.Pihar.c /dev/sda Postponed 12/4/12 1:41 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 12/4/12 1:40 AM Task started </pre>

Thanks, but I couldn't download that file. When I clicked the link I got the following error from Internet Explorer: "Unable to download pldumpit.ndf from noahdfear.net. Unable to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later." I typed the URL in manually and got the same error.

Thanks for looking into it. I downloaded the drivers to the USB flash drive and booted from it, but got the same results. I tried it several times and it always failed the same way.

Same results as last attempt. I built the USB drive as directed and booted from it. I saw the xPUD language screen, chose English, but then it failed before it got to the next screen, so I couldn't follow the rest of your directions. Here is the text from the xPUD failure (I re-typed it, as I couldn't figure out how to get it off the sick computer): Current Operating System: Linux (none) 2.6.31.2 #5 SMP Mon Dec 7 11:56:35 UTC 2009 i686 Kernel command line: noisapnp quiet initrd=/opt/media lang=en kmap=us BOOT_IMAGE=/boot/xpud Build Date: 26 October 2009 05:15:02PM xorg-server 2:1.6.4-2ubuntu4 (buildd@) Before reporting problems, check http://wiki.x.org To make sure that you have the latest version. Markers: (--) probed, (**) from config file, (==) default setting, (++) from command line, (!!) notice, (II) informational, (WW) warning, (EE) error, (NI) not implemented, (??) unknown. (==) Log file: “/var/log/Xorg.0.log”, Time: Fri Nov 30 00:25:05 2012 (==) Using config file: “/etc/X11.xorg.conf” (EE) No devices detected. Fatal server error: no screens found Please consult the The X.Org Foundation support at http://wiki.x.org for help. Please also check the log file at “/var/log/Xorg.0.log” for additional information. ddxSigGiveUp: Closing log [ 7.948164] sd 7:0:0:0: [sdf] Assuming drive cache: write through [ 7.951560] sd 7:0:0:0: [sdf] Assuming drive cache: write through [ 8.653775] sd 7:0:0:0: [sdf] Assuming drive cache: write through giving up. xinit: No such file or directory (errno 2 ): unable to connect to X server xinit: No such process (errno 3): Server error. Xauth: (argv):1: bad display name “(none):0” in “remove” command Sh: no job control in this shell Sh-4.0#

No, I can't boot. When I power up, I see the Dell startup screen, then a black screen with blinking cursor. I never get to Windows at all. I've verified that it's set up to boot from the hard drive.

Not good news, TheDarkKnight! I built the USB drive as directed and booted from it. I saw the xPUD language screen, chose English, but then it failed before it got to the next screen, so I couldn't follow the rest of your directions. Here is the text from the xPUD failure (I re-typed it, as I couldn't figure out how to get it off the sick computer): Current Operating System: Linux (none) 2.6.31.2 #5 SMP Mon Dec 7 11:56:35 UTC 2009 i686 Kernel command line: noisapnp quiet initrd=/opt/media lang=en kmap=us BOOT_IMAGE=/boot/xpud Build Date: 26 October 2009 05:15:02PM xorg-server 2:1.6.4-2ubuntu4 (buildd@) Before reporting problems, check http://wiki.x.org To make sure that you have the latest version. Markers: (--) probed, (**) from config file, (==) default setting, (++) from command line, (!!) notice, (II) informational, (WW) warning, (EE) error, (NI) not implemented, (??) unknown. (==) Log file: “/var/log/Xorg.0.log”, Time: Fri Nov 30 00:25:05 2012 (==) Using config file: “/etc/X11.xorg.conf” (EE) No devices detected. Fatal server error: no screens found Please consult the The X.Org Foundation support at http://wiki.x.org for help. Please also check the log file at “/var/log/Xorg.0.log” for additional information. ddxSigGiveUp: Closing log [ 7.616898] sd 7:0:0:0: [sdf] Assuming drive cache: write through [ 7.620062] sd 7:0:0:0: [sdf] Assuming drive cache: write through [ 8.324030] sd 7:0:0:0: [sdf] Assuming drive cache: write through giving up xinit: No such file or directory (errno 2): unable to connect to X server xinit: No such process (errno 3): Server error. Xauth: (argv):1: bad display name “(none):0” in “remove” command Sh: no job control in this shell Sh-4.0# I don't know what it was trying to do, or why it failed. I downloaded the files several times, to make sure I didn't just have a corrupted file, but got same results.

Still can't boot from hard drive.

OK, here's the new log from the RescueDisk. Looks like it appended today's results onto yesterday's results. By the way, when I used Kaspersky's web browser to upload this log, it appeared to get redirected once. <pre style='color:#141312;background-color:#ffffff;'> Objects Scan: completed 1 day ago (events: 92, objects: 2750181, time: 08:13:32) 11/27/12 4:59 PM Task completed 11/27/12 4:59 PM Untreated: Rootkit.Boot.Pihar.c /dev/sda Skipped by user 11/27/12 4:59 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/27/12 4:59 PM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp Skipped by user 11/27/12 4:59 PM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp 11/27/12 4:59 PM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp Skipped by user 11/27/12 4:59 PM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp 11/27/12 4:59 PM Untreated: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Skipped by user 11/27/12 4:59 PM Detected: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS Skipped by user 11/27/12 4:59 PM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS 11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS Skipped by user 11/27/12 4:59 PM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS 11/27/12 4:59 PM Untreated: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir Skipped by user 11/27/12 4:59 PM Detected: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir 11/27/12 4:59 PM Untreated: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir Skipped by user 11/27/12 4:59 PM Detected: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir 11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Skipped by user 11/27/12 4:59 PM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS 11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Skipped by user 11/27/12 4:59 PM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS 11/27/12 4:59 PM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Skipped by user 11/27/12 4:59 PM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp 11/27/12 4:59 PM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Skipped by user 11/27/12 4:59 PM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp 11/27/12 4:59 PM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Skipped by user 11/27/12 4:59 PM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Skipped by user 11/27/12 4:58 PM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS 11/27/12 4:58 PM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Skipped by user 11/27/12 12:27 PM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS 11/27/12 11:22 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed 11/27/12 11:22 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/27/12 11:21 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed 11/27/12 11:21 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp 11/27/12 11:21 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed 11/27/12 11:21 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp 11/27/12 11:20 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed 11/27/12 11:20 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/27/12 11:13 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed 11/27/12 11:13 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/27/12 11:12 AM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed 11/27/12 11:12 AM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp 11/27/12 11:12 AM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed 11/27/12 11:12 AM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp 11/27/12 11:12 AM Untreated: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed 11/27/12 11:12 AM Detected: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/27/12 10:41 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Postponed 11/27/12 10:41 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS 11/27/12 10:41 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Postponed 11/27/12 10:41 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS 11/27/12 10:41 AM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS Postponed 11/27/12 10:41 AM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS Postponed 11/27/12 10:41 AM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS 11/27/12 10:41 AM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS 11/27/12 10:41 AM Untreated: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir Postponed 11/27/12 10:41 AM Untreated: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir Postponed 11/27/12 10:41 AM Detected: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir 11/27/12 10:41 AM Detected: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir 11/27/12 10:34 AM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Postponed 11/27/12 10:34 AM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Postponed 11/27/12 10:34 AM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS 11/27/12 10:34 AM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS 11/27/12 10:03 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed 11/27/12 10:03 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/27/12 10:02 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed 11/27/12 10:02 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp 11/27/12 10:02 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed 11/27/12 10:02 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp 11/27/12 10:01 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed 11/27/12 10:01 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/27/12 9:58 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed 11/27/12 9:58 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/27/12 9:57 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed 11/27/12 9:57 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp 11/27/12 9:57 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed 11/27/12 9:57 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp 11/27/12 9:57 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed 11/27/12 9:57 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/27/12 9:24 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Postponed 11/27/12 9:24 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Postponed 11/27/12 9:24 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS 11/27/12 9:24 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS 11/27/12 9:19 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor OTHER.idz Read error 11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/3rdParty/NET/4/wcu/dotNetFramework/dotNetFx40_Full_x86_x64.exe Read error 11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor ANSI.idz Read error 11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor GOST.idz Read error 11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor ANSI.idz/AI2013_Inventor ANSI Read error 11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/3rdParty/NET/4/wcu/dotNetFramework/dotNetFx40_Full_x86_x64.exe/netfx_Core.mzz Read error 11/27/12 8:46 AM Untreated: Rootkit.Boot.Pihar.c /dev/sda Postponed 11/27/12 8:46 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/27/12 8:46 AM Task started Objects Scan: completed 1 minute ago (events: 382, objects: 2750183, time: 07:38:58) 11/28/12 5:44 PM Task completed 11/28/12 5:44 PM Untreated: Rootkit.Boot.Pihar.c /dev/sda Skipped by user 11/28/12 5:44 PM Untreated: Rootkit.Boot.Pihar.c /dev/sda Cannot be disinfected 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 5:44 PM Deleted: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir 11/28/12 5:44 PM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS 11/28/12 5:44 PM Deleted: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir 11/28/12 5:44 PM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS 11/28/12 5:44 PM Deleted: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir 11/28/12 5:44 PM Detected: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir 11/28/12 5:44 PM Deleted: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir 11/28/12 5:44 PM Detected: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir 11/28/12 5:44 PM Deleted: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp 11/28/12 5:43 PM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp 11/28/12 5:43 PM Deleted: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp 11/28/12 5:43 PM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp 11/28/12 5:42 PM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/28/12 5:42 PM Deleted: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp 11/28/12 5:41 PM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS 11/28/12 5:41 PM Deleted: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp 11/28/12 1:45 PM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS 11/28/12 12:41 PM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed 11/28/12 12:41 PM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/28/12 12:40 PM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed 11/28/12 12:40 PM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp 11/28/12 12:40 PM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed 11/28/12 12:40 PM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp 11/28/12 12:40 PM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed 11/28/12 12:40 PM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/28/12 12:32 PM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed 11/28/12 12:32 PM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/28/12 12:31 PM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed 11/28/12 12:31 PM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp 11/28/12 12:31 PM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed 11/28/12 12:31 PM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp 11/28/12 12:31 PM Untreated: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed 11/28/12 12:31 PM Detected: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/28/12 12:00 PM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Postponed 11/28/12 12:00 PM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS 11/28/12 12:00 PM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Postponed 11/28/12 12:00 PM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS 11/28/12 12:00 PM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS Postponed 11/28/12 12:00 PM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS Postponed 11/28/12 12:00 PM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS 11/28/12 12:00 PM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS 11/28/12 12:00 PM Untreated: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir Postponed 11/28/12 12:00 PM Untreated: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir Postponed 11/28/12 12:00 PM Detected: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir 11/28/12 12:00 PM Detected: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir 11/28/12 11:53 AM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Postponed 11/28/12 11:53 AM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Postponed 11/28/12 11:53 AM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS 11/28/12 11:53 AM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS 11/28/12 11:22 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed 11/28/12 11:22 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/28/12 11:21 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed 11/28/12 11:21 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp 11/28/12 11:21 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed 11/28/12 11:21 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp 11/28/12 11:21 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed 11/28/12 11:21 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/28/12 11:17 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed 11/28/12 11:17 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/28/12 11:16 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed 11/28/12 11:16 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp 11/28/12 11:16 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed 11/28/12 11:16 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp 11/28/12 11:16 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed 11/28/12 11:16 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/28/12 10:43 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Postponed 11/28/12 10:43 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS 11/28/12 10:43 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Postponed 11/28/12 10:43 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS 11/28/12 10:38 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor OTHER.idz Read error 11/28/12 10:37 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/3rdParty/NET/4/wcu/dotNetFramework/dotNetFx40_Full_x86_x64.exe Read error 11/28/12 10:37 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor ANSI.idz Read error 11/28/12 10:37 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor ANSI.idz/AI2013_Inventor ANSI Read error 11/28/12 10:37 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor GOST.idz Read error 11/28/12 10:37 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/3rdParty/NET/4/wcu/dotNetFramework/dotNetFx40_Full_x86_x64.exe/netfx_Core.mzz Read error 11/28/12 10:06 AM Untreated: Rootkit.Boot.Pihar.c /dev/sda Postponed 11/28/12 10:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/28/12 10:06 AM Task started </pre>

Oops that didn't work. Here is the log:<pre style='color:#141312;background-color:#ffffff;'> Objects Scan: completed 2 minutes ago (events: 92, objects: 2750181, time: 08:13:32) 11/27/12 4:59 PM Task completed 11/27/12 4:59 PM Untreated: Rootkit.Boot.Pihar.c /dev/sda Skipped by user 11/27/12 4:59 PM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/27/12 4:59 PM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp Skipped by user 11/27/12 4:59 PM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp 11/27/12 4:59 PM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp Skipped by user 11/27/12 4:59 PM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp 11/27/12 4:59 PM Untreated: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Skipped by user 11/27/12 4:59 PM Detected: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS Skipped by user 11/27/12 4:59 PM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS 11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS Skipped by user 11/27/12 4:59 PM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS 11/27/12 4:59 PM Untreated: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir Skipped by user 11/27/12 4:59 PM Detected: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir 11/27/12 4:59 PM Untreated: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir Skipped by user 11/27/12 4:59 PM Detected: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir 11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Skipped by user 11/27/12 4:59 PM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS 11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Skipped by user 11/27/12 4:59 PM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS 11/27/12 4:59 PM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Skipped by user 11/27/12 4:59 PM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp 11/27/12 4:59 PM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Skipped by user 11/27/12 4:59 PM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp 11/27/12 4:59 PM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Skipped by user 11/27/12 4:59 PM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Skipped by user 11/27/12 4:58 PM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS 11/27/12 4:58 PM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Skipped by user 11/27/12 12:27 PM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS 11/27/12 11:22 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed 11/27/12 11:22 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/27/12 11:21 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed 11/27/12 11:21 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp 11/27/12 11:21 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed 11/27/12 11:21 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp 11/27/12 11:20 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed 11/27/12 11:20 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/27/12 11:13 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed 11/27/12 11:13 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/27/12 11:12 AM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed 11/27/12 11:12 AM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp 11/27/12 11:12 AM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed 11/27/12 11:12 AM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp 11/27/12 11:12 AM Untreated: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed 11/27/12 11:12 AM Detected: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/27/12 10:41 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Postponed 11/27/12 10:41 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS 11/27/12 10:41 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Postponed 11/27/12 10:41 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS 11/27/12 10:41 AM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS Postponed 11/27/12 10:41 AM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS Postponed 11/27/12 10:41 AM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS 11/27/12 10:41 AM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS 11/27/12 10:41 AM Untreated: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir Postponed 11/27/12 10:41 AM Untreated: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir Postponed 11/27/12 10:41 AM Detected: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir 11/27/12 10:41 AM Detected: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir 11/27/12 10:34 AM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Postponed 11/27/12 10:34 AM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Postponed 11/27/12 10:34 AM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS 11/27/12 10:34 AM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS 11/27/12 10:03 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed 11/27/12 10:03 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/27/12 10:02 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed 11/27/12 10:02 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp 11/27/12 10:02 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed 11/27/12 10:02 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp 11/27/12 10:01 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed 11/27/12 10:01 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/27/12 9:58 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed 11/27/12 9:58 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/27/12 9:57 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed 11/27/12 9:57 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp 11/27/12 9:57 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed 11/27/12 9:57 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp 11/27/12 9:57 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed 11/27/12 9:57 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm 11/27/12 9:24 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Postponed 11/27/12 9:24 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Postponed 11/27/12 9:24 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS 11/27/12 9:24 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS 11/27/12 9:19 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor OTHER.idz Read error 11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/3rdParty/NET/4/wcu/dotNetFramework/dotNetFx40_Full_x86_x64.exe Read error 11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor ANSI.idz Read error 11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor GOST.idz Read error 11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor ANSI.idz/AI2013_Inventor ANSI Read error 11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/3rdParty/NET/4/wcu/dotNetFramework/dotNetFx40_Full_x86_x64.exe/netfx_Core.mzz Read error 11/27/12 8:46 AM Untreated: Rootkit.Boot.Pihar.c /dev/sda Postponed 11/27/12 8:46 AM Detected: Rootkit.Boot.Pihar.c /dev/sda 11/27/12 8:46 AM Task started </pre>

Thanks for the info. I booted from the RescueDisk and completed the scan. I did not allow the tool to fix the problems; was I supposed to? Anyway, here is the log.

Thanks for your reply. Unfortunately, I can't even boot the computer now. When I power it up, I see the Dell startup screen, then it goes to a black screen with cursor blinking in upper left. And it stays there... forever. If I hit F2 as it boots, I get to the CMOS Setup Utility screen. If I hit F12 as it boots, I get to the boot device screen. Any ideas on how to get it to boot properly?

Thank you for your reply. Here is the result.txt from Listparts64: ListParts by Farbar Version: 30-10-2012 Ran by Kevin (administrator) on 25-11-2012 at 09:25:06 Windows 7 (X64) Running From: C:\Users\Kevin\Desktop Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 18% Total physical RAM: 8151.08 MB Available physical RAM: 6637.13 MB Total Pagefile: 16300.35 MB Available Pagefile: 14887.48 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:791.39 GB) NTFS 7 Drive v: (TI105957W0F) (Network) (Total:452.7 GB) (Free:395.91 GB) NTFS 8 Drive w: (TI105957W0F) (Network) (Total:452.7 GB) (Free:395.91 GB) NTFS 9 Drive x: (TI105957W0F) (Network) (Total:452.7 GB) (Free:395.91 GB) NTFS 10 Drive y: (TI105957W0F) (Network) (Total:452.7 GB) (Free:395.91 GB) NTFS 11 Drive z: (TI105957W0F) (Network) (Total:452.7 GB) (Free:395.91 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 0 B Disk 1 No Media 0 B 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 31 KB Partition 2 Primary 12 GB 40 MB Partition 3 Primary 919 GB 12 GB ====================================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No There is no volume associated with this partition. ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 RECOVERY NTFS Partition 12 GB Healthy System (partition with boot components) ====================================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 919 GB Healthy Boot ====================================================================================================== ****** End Of Log ******

Thanks again for your help! I was able to log in normally and run the Farbar Recovery Scan Tool. Here are the results: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2012 Ran by SYSTEM at 24-11-2012 21:51:51 Running from I:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8158240 2009-10-06] (Realtek Semiconductor) HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.) HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.) HKLM\...\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon [652624 2007-10-25] (CANON INC.) HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1840720 2007-09-13] (CANON INC.) HKLM\...\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] () HKLM\...\Run: [McPvTray_exe] "C:\Program Files\McAfee\MAT\McPvTray.exe" [436384 2011-04-08] (McAfee, Inc.) HKLM\...\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.) HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation) HKLM-x32\...\Run: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.) HKLM-x32\...\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-05-17] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd) HKLM-x32\...\Run: [updReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.) HKLM-x32\...\Run: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.) HKLM-x32\...\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [73728 2007-06-13] (Nuance Communications, Inc.) HKLM-x32\...\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.) HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.) HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.) HKLM-x32\...\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1446248 2011-12-15] (Garmin) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [135536 2010-12-13] (Microsoft Corporation) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1632216 2012-07-23] (Autodesk, Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.) HKU\Allison\...\Policies\system: [LogonHoursAction] 2 HKU\Allison\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Jan\...\Policies\system: [LogonHoursAction] 2 HKU\Jan\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Kevin\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation) HKU\Kevin\...\Run: [Akamai NetSession Interface] "C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.) HKU\Kevin\...\Policies\system: [LogonHoursAction] 2 HKU\Kevin\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Ryan\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation) HKU\Ryan\...\Run: [Google Update] "C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-09-15] (Google Inc.) HKU\Ryan\...\Policies\system: [LogonHoursAction] 2 HKU\Ryan\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-12] (Dell) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X] Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Startup: C:\Users\Allison\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Jan\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Kevin\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Kevin\Start Menu\Programs\Startup\GoZone iSync.lnk ShortcutTarget: GoZone iSync.lnk -> C:\Program Files (x86)\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.) Startup: C:\Users\Ryan\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ==================== Services (Whitelisted) =================== 2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [502032 2012-04-19] (McAfee, Inc.) 2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.) 2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.) 2 mfevtp; "C:\Windows\system32\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.) 2 mitsijm2013; "C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe" [339776 2012-01-30] ( ) 2 MOBKbackup; "C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe" [231224 2010-04-13] (McAfee, Inc.) 2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) 2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] ==================== Drivers (Whitelisted) ===================== 3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.) 0 McPvDrv; C:\Windows\System32\Drivers\McPvDrv.sys [71800 2011-04-11] (McAfee, Inc.) 3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.) 3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.) 3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.) 0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.) 1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.) 3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.) 0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.) 1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.) 1 RxFilter; C:\Windows\SysWow64\Drivers\RxFilter.sys [65520 2009-06-26] (Sonic Solutions) 3 catchme; \??\C:\ComboFix\catchme.sys [x] 3 mfeavfk01; [x] 3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-11-24 21:51 - 2012-11-24 21:51 - 00000000 ____D C:\FRST 2012-11-24 20:29 - 2009-07-13 19:14 - 00020480 ____N (Microsoft Corporation) C:\Windows\svchost.exe 2012-11-24 11:24 - 2012-11-24 11:24 - 00001215 ____A C:\Users\Kevin\Desktop\AdwCleaner[R1].txt 2012-11-24 11:24 - 2012-11-24 11:24 - 00001215 ____A C:\AdwCleaner[R1].txt 2012-11-24 11:21 - 2012-11-24 11:21 - 00480125 ____A C:\Users\Kevin\Desktop\adwcleaner.exe 2012-11-24 11:18 - 2012-11-24 11:16 - 00024464 ____A C:\Users\Kevin\Desktop\ComboFix.txt 2012-11-24 11:16 - 2012-11-24 11:16 - 00024464 ____A C:\ComboFix.txt 2012-11-24 10:53 - 2011-06-26 00:45 - 00256000 ____A C:\Windows\PEV.exe 2012-11-24 10:53 - 2010-11-07 11:20 - 00208896 ____A C:\Windows\MBR.exe 2012-11-24 10:53 - 2009-04-19 22:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-11-24 10:53 - 2000-08-30 18:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-11-24 10:53 - 2000-08-30 18:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-11-24 10:53 - 2000-08-30 18:00 - 00098816 ____A C:\Windows\sed.exe 2012-11-24 10:53 - 2000-08-30 18:00 - 00080412 ____A C:\Windows\grep.exe 2012-11-24 10:53 - 2000-08-30 18:00 - 00068096 ____A C:\Windows\zip.exe 2012-11-24 10:48 - 2012-11-24 11:16 - 00000000 ____D C:\Qoobox 2012-11-24 10:47 - 2012-11-24 11:14 - 00000000 ____D C:\Windows\erdnt 2012-11-24 10:45 - 2012-11-24 10:42 - 05006466 ____R (Swearware) C:\Users\Kevin\Desktop\ComboFix.exe 2012-11-24 10:40 - 2012-11-24 10:40 - 00000960 ____A C:\Users\Public\Desktop\7-zip.lnk 2012-11-24 10:40 - 2012-11-24 10:40 - 00000960 ____A C:\Users\All Users\Desktop\7-zip.lnk 2012-11-24 10:40 - 2012-11-24 10:40 - 00000000 ____D C:\Program Files (x86)\7-zip 2012-11-24 10:37 - 2012-11-24 10:37 - 01639104 ____A (W3i, LLC) C:\Users\Kevin\Downloads\7zip_installer_d162802.exe 2012-11-24 10:31 - 2012-11-24 10:31 - 00275336 ____A C:\Windows\Minidump\112412-28470-01.dmp 2012-11-24 09:05 - 2012-11-24 09:05 - 00275336 ____A C:\Windows\Minidump\112412-29858-01.dmp 2012-11-23 20:59 - 2012-11-23 20:59 - 00031735 ____A C:\Users\Kevin\Desktop\attach.txt 2012-11-23 20:59 - 2012-11-23 20:59 - 00024825 ____A C:\Users\Kevin\Desktop\dds.txt 2012-11-23 20:57 - 2012-11-23 20:57 - 00688992 ____R (Swearware) C:\Users\Kevin\Desktop\dds.com 2012-11-23 20:57 - 2012-11-23 20:57 - 00688992 ____A (Swearware) C:\Users\Kevin\Downloads\dds.com 2012-11-23 20:53 - 2012-11-23 20:53 - 00688992 ____A (Swearware) C:\Users\Kevin\Downloads\dds.scr 2012-11-23 20:41 - 2012-11-23 20:41 - 00275336 ____A C:\Windows\Minidump\112312-29125-01.dmp 2012-11-23 20:38 - 2012-11-23 20:38 - 00275336 ____A C:\Windows\Minidump\112312-31496-01.dmp 2012-11-23 20:33 - 2012-11-23 20:33 - 00275336 ____A C:\Windows\Minidump\112312-36363-01.dmp 2012-11-23 20:03 - 2012-11-23 20:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-11-23 20:03 - 2012-11-23 20:03 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-11-23 20:03 - 2012-11-23 20:03 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2012-11-23 19:59 - 2012-11-23 20:01 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Kevin\Downloads\mbam-setup-1.65.1.1000.exe 2012-11-23 19:30 - 2012-11-23 19:30 - 00275336 ____A C:\Windows\Minidump\112312-29983-01.dmp 2012-11-23 19:26 - 2012-11-23 19:26 - 00275336 ____A C:\Windows\Minidump\112312-20108-01.dmp 2012-11-23 19:23 - 2012-11-23 19:23 - 00275336 ____A C:\Windows\Minidump\112312-23852-01.dmp 2012-11-23 18:40 - 2012-11-23 18:41 - 00275392 ____A C:\Windows\Minidump\112312-31964-01.dmp 2012-11-23 18:17 - 2012-11-23 18:17 - 00275392 ____A C:\Windows\Minidump\112312-36254-01.dmp 2012-11-23 18:09 - 2012-11-23 18:09 - 00275336 ____A C:\Windows\Minidump\112312-56082-01.dmp 2012-11-23 17:02 - 2012-11-23 17:02 - 00275336 ____A C:\Windows\Minidump\112312-30856-01.dmp 2012-11-22 22:59 - 2012-11-22 22:59 - 00275336 ____A C:\Windows\Minidump\112212-21699-01.dmp 2012-11-22 12:02 - 2012-11-23 19:15 - 00000181 ____A C:\Windows\wininit.ini 2012-11-21 21:01 - 2012-11-21 21:01 - 00000000 ____D C:\Users\All Users\McAfee Anti-Theft 2012-11-21 21:01 - 2012-11-21 21:01 - 00000000 ____D C:\Users\All Users\Application Data\McAfee Anti-Theft 2012-11-21 20:59 - 2012-11-21 20:59 - 00275336 ____A C:\Windows\Minidump\112112-32869-01.dmp 2012-11-20 19:26 - 2012-11-20 19:26 - 00000000 ____D C:\Users\Ryan\Desktop\mc-edit 2012-11-19 17:22 - 2012-11-19 17:22 - 00275392 ____A C:\Windows\Minidump\111912-19078-01.dmp 2012-11-17 10:41 - 2012-11-21 09:25 - 00000000 ____D C:\Users\Ryan\Desktop\factions1.4.5 2012-11-17 00:05 - 2012-11-24 10:22 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy 2012-11-17 00:05 - 2012-11-24 10:22 - 00000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy 2012-11-17 00:05 - 2012-11-17 00:07 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2012-11-17 00:05 - 2012-11-17 00:05 - 00001260 ____A C:\Users\Kevin\Desktop\Spybot - Search & Destroy.lnk 2012-11-16 15:47 - 2012-11-16 15:47 - 00000000 ____D C:\Users\Ryan\Desktop\roblox 2012-11-14 19:59 - 2012-07-25 22:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys 2012-11-14 19:59 - 2012-07-25 22:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys 2012-11-14 19:59 - 2012-07-25 20:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll 2012-11-14 19:59 - 2012-06-02 08:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2012-11-14 19:55 - 2012-10-08 06:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-11-14 19:55 - 2012-10-08 05:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-11-14 19:55 - 2012-10-08 05:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-11-14 19:55 - 2012-10-08 05:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-11-14 19:55 - 2012-10-08 05:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-11-14 19:55 - 2012-10-08 05:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-11-14 19:55 - 2012-10-08 05:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-11-14 19:55 - 2012-10-08 05:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-11-14 19:55 - 2012-10-08 05:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-11-14 19:55 - 2012-10-08 05:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-11-14 19:55 - 2012-10-08 05:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-11-14 19:55 - 2012-10-08 05:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-11-14 19:55 - 2012-10-08 05:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-11-14 19:55 - 2012-10-08 05:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-11-14 19:55 - 2012-10-08 05:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-11-14 19:55 - 2012-10-08 05:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-11-14 19:55 - 2012-10-08 02:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-11-14 19:55 - 2012-10-08 02:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-11-14 19:55 - 2012-10-08 01:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-11-14 19:55 - 2012-10-08 01:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-11-14 19:55 - 2012-10-08 01:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-11-14 19:55 - 2012-10-08 01:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-11-14 19:55 - 2012-10-08 01:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-11-14 19:55 - 2012-10-08 01:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-11-14 19:55 - 2012-10-08 01:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-11-14 19:55 - 2012-10-08 01:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-11-14 19:55 - 2012-10-08 01:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-11-14 19:55 - 2012-10-08 01:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-11-14 19:55 - 2012-10-08 01:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-11-14 19:55 - 2012-10-08 01:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-11-14 19:55 - 2012-10-08 01:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-11-14 19:55 - 2012-10-08 01:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-11-14 19:53 - 2012-07-25 21:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll 2012-11-14 19:53 - 2012-07-25 21:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe 2012-11-14 19:53 - 2012-07-25 21:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll 2012-11-14 19:53 - 2012-07-25 21:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll 2012-11-14 19:53 - 2012-07-25 21:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll 2012-11-14 19:53 - 2012-07-25 20:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys 2012-11-14 19:53 - 2012-07-25 20:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys 2012-11-14 19:53 - 2012-06-02 08:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2012-11-14 10:33 - 2012-10-18 12:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-11-14 10:33 - 2012-10-09 12:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll 2012-11-14 10:33 - 2012-10-09 12:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll 2012-11-14 10:33 - 2012-10-09 11:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll 2012-11-14 10:33 - 2012-10-09 11:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll 2012-11-14 10:33 - 2012-10-03 11:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-11-14 10:33 - 2012-10-03 11:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll 2012-11-14 10:33 - 2012-10-03 11:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll 2012-11-14 10:33 - 2012-10-03 11:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll 2012-11-14 10:33 - 2012-10-03 11:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll 2012-11-14 10:33 - 2012-10-03 11:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll 2012-11-14 10:33 - 2012-10-03 11:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll 2012-11-14 10:33 - 2012-10-03 10:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll 2012-11-14 10:33 - 2012-10-03 10:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2012-11-14 10:33 - 2012-10-03 10:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll 2012-11-14 10:33 - 2012-10-03 10:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys 2012-11-14 10:33 - 2012-09-25 16:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll 2012-11-14 10:33 - 2012-09-25 16:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll 2012-11-14 10:33 - 2012-01-13 01:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2012-11-10 12:24 - 2012-11-10 12:24 - 00025196 ____A C:\Users\Ryan\Downloads\hs_err_pid19140.log 2012-11-03 09:21 - 2012-11-03 09:21 - 00002727 ____A C:\Users\Ryan\.recently-used.xbel 2012-11-03 09:19 - 2012-11-03 09:19 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\{4D776D23-61D0-4DB1-944C-F2B0A998E4C8} 2012-11-03 09:19 - 2012-11-03 09:19 - 00000000 ____D C:\Users\Ryan\Local Settings\{4D776D23-61D0-4DB1-944C-F2B0A998E4C8} 2012-11-03 09:19 - 2012-11-03 09:19 - 00000000 ____D C:\Users\Ryan\AppData\Local\{4D776D23-61D0-4DB1-944C-F2B0A998E4C8} 2012-11-01 14:30 - 2012-11-01 15:10 - 00000000 ____D C:\Users\Ryan\Application Data\Google 2012-11-01 14:30 - 2012-11-01 15:10 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Google 2012-10-31 20:53 - 2012-11-10 15:59 - 00032332 ____A C:\Users\Public\Documents\Contacts.xlsx 2012-10-31 20:53 - 2012-11-10 15:59 - 00032332 ____A C:\Users\All Users\Documents\Contacts.xlsx 2012-10-30 08:05 - 2012-10-30 08:05 - 00275336 ____A C:\Windows\Minidump\103012-16395-01.dmp 2012-10-29 12:31 - 2012-10-29 12:31 - 00005347 ____A C:\Users\Ryan\My Documents\xD.wlmp 2012-10-29 12:31 - 2012-10-29 12:31 - 00005347 ____A C:\Users\Ryan\Documents\xD.wlmp 2012-10-29 12:28 - 2012-10-29 12:32 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\{3DBE31DA-234D-490B-B004-D5E5904F60FF} 2012-10-29 12:28 - 2012-10-29 12:32 - 00000000 ____D C:\Users\Ryan\Local Settings\{3DBE31DA-234D-490B-B004-D5E5904F60FF} 2012-10-29 12:28 - 2012-10-29 12:32 - 00000000 ____D C:\Users\Ryan\AppData\Local\{3DBE31DA-234D-490B-B004-D5E5904F60FF} 2012-10-29 12:28 - 2012-10-29 12:28 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\{490B9340-72EF-44C6-ADD5-F498084C4207} 2012-10-29 12:28 - 2012-10-29 12:28 - 00000000 ____D C:\Users\Ryan\Local Settings\{490B9340-72EF-44C6-ADD5-F498084C4207} 2012-10-29 12:28 - 2012-10-29 12:28 - 00000000 ____D C:\Users\Ryan\AppData\Local\{490B9340-72EF-44C6-ADD5-F498084C4207} 2012-10-29 10:41 - 2012-11-12 08:54 - 00000000 ____D C:\Users\Ryan\Desktop\server 2012-10-29 10:09 - 2012-10-29 10:09 - 00000000 ____A C:\Users\Ryan\Downloads\Reach The End.rar.wteotfn.partial 2012-10-29 09:56 - 2012-10-29 09:57 - 17353763 ____A C:\Users\Ryan\Desktop\Its Better Together V1.4.zip 2012-10-29 09:03 - 2012-11-20 20:14 - 00000000 ____D C:\Users\Ryan\Desktop\plugins 2012-10-29 09:03 - 2012-11-20 19:34 - 00000000 ____D C:\Users\Ryan\Desktop\old servers 2012-10-28 17:29 - 2012-10-28 17:29 - 00001698 ____A C:\Users\Ryan\Desktop\Inventor.exe - Shortcut.lnk 2012-10-27 10:10 - 2012-10-27 10:10 - 00000000 ____D C:\Users\Kevin\My Documents\Autoloader 2012-10-27 10:10 - 2012-10-27 10:10 - 00000000 ____D C:\Users\Kevin\Documents\Autoloader 2012-10-27 10:02 - 2012-10-27 10:03 - 00000000 ____D C:\Users\Allison\My Documents\Inventor 2012-10-27 10:02 - 2012-10-27 10:03 - 00000000 ____D C:\Users\Allison\Documents\Inventor 2012-10-27 10:01 - 2012-10-27 10:01 - 00000000 ____D C:\Users\Allison\My Documents\Autoloader 2012-10-27 10:01 - 2012-10-27 10:01 - 00000000 ____D C:\Users\Allison\Documents\Autoloader 2012-10-27 09:59 - 2012-10-27 10:04 - 00000000 ____D C:\Users\Allison\Application Data\Autodesk 2012-10-27 09:59 - 2012-10-27 10:04 - 00000000 ____D C:\Users\Allison\AppData\Roaming\Autodesk 2012-10-27 09:35 - 2012-10-27 09:35 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-10-27 09:35 - 2012-10-27 09:35 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk 2012-10-27 09:35 - 2012-08-21 11:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys 2012-10-27 09:34 - 2012-10-27 09:35 - 00000000 ____D C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-10-27 09:34 - 2012-10-27 09:35 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-10-27 09:34 - 2012-10-27 09:35 - 00000000 ____D C:\Program Files\iTunes 2012-10-27 09:34 - 2012-10-27 09:35 - 00000000 ____D C:\Program Files (x86)\iTunes 2012-10-27 09:34 - 2012-10-27 09:34 - 00000000 ____D C:\Program Files\iPod 2012-10-27 09:30 - 2012-10-27 09:30 - 00000000 ____D C:\Users\Jan\My Documents\Autoloader 2012-10-27 09:30 - 2012-10-27 09:30 - 00000000 ____D C:\Users\Jan\Documents\Autoloader 2012-10-27 09:26 - 2012-10-27 09:28 - 00000000 ____D C:\Users\Jan\My Documents\Inventor 2012-10-27 09:26 - 2012-10-27 09:28 - 00000000 ____D C:\Users\Jan\Documents\Inventor 2012-10-27 09:25 - 2012-10-27 09:30 - 00000000 ____D C:\Users\Jan\Application Data\Autodesk 2012-10-27 09:25 - 2012-10-27 09:30 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Autodesk 2012-10-25 21:49 - 2012-10-28 16:44 - 00000000 ____D C:\Users\Kevin\Application Data\System 2012-10-25 21:49 - 2012-10-28 16:44 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\System 2012-10-25 18:06 - 2012-10-25 18:06 - 00000000 ____D C:\Users\Ryan\Local Settings\Autodesk,_Inc 2012-10-25 18:06 - 2012-10-25 18:06 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\Autodesk,_Inc 2012-10-25 18:06 - 2012-10-25 18:06 - 00000000 ____D C:\Users\Ryan\AppData\Local\Autodesk,_Inc 2012-10-25 17:31 - 2012-10-25 17:31 - 00000000 ____D C:\Users\Ryan\Local Settings\Granta Design 2012-10-25 17:31 - 2012-10-25 17:31 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\Granta Design 2012-10-25 17:31 - 2012-10-25 17:31 - 00000000 ____D C:\Users\Ryan\AppData\Local\Granta Design 2012-10-25 17:29 - 2012-10-25 17:31 - 00000000 ____D C:\Users\Ryan\My Documents\Inventor 2012-10-25 17:29 - 2012-10-25 17:31 - 00000000 ____D C:\Users\Ryan\Documents\Inventor 2012-10-25 16:59 - 2012-10-27 10:12 - 00000000 ____D C:\Users\Kevin\My Documents\Inventor 2012-10-25 16:59 - 2012-10-27 10:12 - 00000000 ____D C:\Users\Kevin\Documents\Inventor 2012-10-25 16:57 - 2012-10-25 16:57 - 00000000 ____D C:\Users\Kevin\My Documents\Autodesk 2012-10-25 16:57 - 2012-10-25 16:57 - 00000000 ____D C:\Users\Kevin\Documents\Autodesk 2012-10-25 16:57 - 2012-10-25 16:57 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared 2012-10-25 16:54 - 2012-10-25 17:26 - 00000000 ____D C:\Users\Public\Documents\Autodesk 2012-10-25 16:54 - 2012-10-25 17:26 - 00000000 ____D C:\Users\All Users\Documents\Autodesk 2012-10-25 16:46 - 2012-10-25 17:26 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared 2012-10-25 16:46 - 2012-10-25 16:46 - 00000000 ____D C:\Program Files (x86)\DWG TrueView 2013 2012-10-25 16:45 - 2012-10-25 17:26 - 00000000 ____D C:\Program Files\Autodesk 2012-10-25 16:42 - 2012-10-25 16:42 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE 2012-10-25 16:27 - 2012-10-25 16:28 - 22231488 ____A C:\Users\Ryan\Downloads\Autodesk_Inventor_2013_English_Win_64bit_wi_en-US_Setup1.exe 2012-10-25 16:24 - 2012-10-25 16:25 - 22228664 ____A C:\Users\Ryan\Downloads\Autodesk_Inventor_2013_English_Win_32bit_wi_en-US_Setup1.exe ==================== One Month Modified Files and Folders ======= 2012-11-24 21:51 - 2012-11-24 21:51 - 00000000 ____D C:\FRST 2012-11-24 20:47 - 2009-07-13 23:10 - 01151084 ____A C:\Windows\WindowsUpdate.log 2012-11-24 20:46 - 2012-08-28 18:30 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-11-24 20:46 - 2009-07-13 22:51 - 00132386 ____A C:\Windows\setupact.log 2012-11-24 20:45 - 2012-08-28 18:30 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-11-24 20:45 - 2011-12-11 13:47 - 00000000 __RSD C:\Users\Kevin\My Documents\McAfee Vaults 2012-11-24 20:45 - 2011-12-11 13:47 - 00000000 __RSD C:\Users\Kevin\Documents\McAfee Vaults 2012-11-24 20:45 - 2010-12-22 23:02 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks 2012-11-24 20:45 - 2010-12-22 23:02 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks 2012-11-24 20:45 - 2010-12-22 23:02 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2012-11-24 20:45 - 2010-12-22 23:02 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks 2012-11-24 20:45 - 2010-12-22 23:02 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks 2012-11-24 20:45 - 2010-12-22 23:02 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2012-11-24 20:45 - 2010-12-22 22:40 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2012-11-24 20:44 - 2011-04-17 21:07 - 00000422 ____A C:\Windows\Tasks\SystemToolsDailyTest.job 2012-11-24 20:38 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-11-24 20:38 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-11-24 20:30 - 2011-12-18 15:54 - 00000000 __RSD C:\Users\Allison\My Documents\McAfee Vaults 2012-11-24 20:30 - 2011-12-18 15:54 - 00000000 __RSD C:\Users\Allison\Documents\McAfee Vaults 2012-11-24 20:28 - 2010-12-23 00:31 - 00105634 ____A C:\Windows\PFRO.log 2012-11-24 20:28 - 2009-07-13 23:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-11-24 11:24 - 2012-11-24 11:24 - 00001215 ____A C:\Users\Kevin\Desktop\AdwCleaner[R1].txt 2012-11-24 11:24 - 2012-11-24 11:24 - 00001215 ____A C:\AdwCleaner[R1].txt 2012-11-24 11:21 - 2012-11-24 11:21 - 00480125 ____A C:\Users\Kevin\Desktop\adwcleaner.exe 2012-11-24 11:16 - 2012-11-24 11:18 - 00024464 ____A C:\Users\Kevin\Desktop\ComboFix.txt 2012-11-24 11:16 - 2012-11-24 11:16 - 00024464 ____A C:\ComboFix.txt 2012-11-24 11:16 - 2012-11-24 10:48 - 00000000 ____D C:\Qoobox 2012-11-24 11:14 - 2012-11-24 10:47 - 00000000 ____D C:\Windows\erdnt 2012-11-24 11:14 - 2009-07-13 20:34 - 00000215 ____A C:\Windows\system.ini 2012-11-24 10:42 - 2012-11-24 10:45 - 05006466 ____R (Swearware) C:\Users\Kevin\Desktop\ComboFix.exe 2012-11-24 10:40 - 2012-11-24 10:40 - 00000960 ____A C:\Users\Public\Desktop\7-zip.lnk 2012-11-24 10:40 - 2012-11-24 10:40 - 00000960 ____A C:\Users\All Users\Desktop\7-zip.lnk 2012-11-24 10:40 - 2012-11-24 10:40 - 00000000 ____D C:\Program Files (x86)\7-zip 2012-11-24 10:37 - 2012-11-24 10:37 - 01639104 ____A (W3i, LLC) C:\Users\Kevin\Downloads\7zip_installer_d162802.exe 2012-11-24 10:31 - 2012-11-24 10:31 - 00275336 ____A C:\Windows\Minidump\112412-28470-01.dmp 2012-11-24 10:31 - 2011-10-05 15:42 - 447978731 ____A C:\Windows\MEMORY.DMP 2012-11-24 10:31 - 2011-10-05 15:42 - 00000000 ____D C:\Windows\Minidump 2012-11-24 10:22 - 2012-11-17 00:05 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy 2012-11-24 10:22 - 2012-11-17 00:05 - 00000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy 2012-11-24 09:05 - 2012-11-24 09:05 - 00275336 ____A C:\Windows\Minidump\112412-29858-01.dmp 2012-11-23 21:12 - 2011-05-11 19:37 - 00000000 ____D C:\Users\Kevin\My Documents\Outlook Files 2012-11-23 21:12 - 2011-05-11 19:37 - 00000000 ____D C:\Users\Kevin\Documents\Outlook Files 2012-11-23 20:59 - 2012-11-23 20:59 - 00031735 ____A C:\Users\Kevin\Desktop\attach.txt 2012-11-23 20:59 - 2012-11-23 20:59 - 00024825 ____A C:\Users\Kevin\Desktop\dds.txt 2012-11-23 20:57 - 2012-11-23 20:57 - 00688992 ____R (Swearware) C:\Users\Kevin\Desktop\dds.com 2012-11-23 20:57 - 2012-11-23 20:57 - 00688992 ____A (Swearware) C:\Users\Kevin\Downloads\dds.com 2012-11-23 20:53 - 2012-11-23 20:53 - 00688992 ____A (Swearware) C:\Users\Kevin\Downloads\dds.scr 2012-11-23 20:41 - 2012-11-23 20:41 - 00275336 ____A C:\Windows\Minidump\112312-29125-01.dmp 2012-11-23 20:38 - 2012-11-23 20:38 - 00275336 ____A C:\Windows\Minidump\112312-31496-01.dmp 2012-11-23 20:33 - 2012-11-23 20:33 - 00275336 ____A C:\Windows\Minidump\112312-36363-01.dmp 2012-11-23 20:19 - 2012-09-23 16:14 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4167307642-361513427-4124430374-1003UA.job 2012-11-23 20:10 - 2012-03-30 21:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-11-23 20:04 - 2012-11-23 20:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-11-23 20:03 - 2012-11-23 20:03 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-11-23 20:03 - 2012-11-23 20:03 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2012-11-23 20:01 - 2012-11-23 19:59 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Kevin\Downloads\mbam-setup-1.65.1.1000.exe 2012-11-23 19:56 - 2011-03-06 14:21 - 00000000 ____D C:\Users\Kevin\My Documents\Kevin's stuff 2012-11-23 19:56 - 2011-03-06 14:21 - 00000000 ____D C:\Users\Kevin\Documents\Kevin's stuff 2012-11-23 19:53 - 2011-03-06 14:22 - 00000000 ____D C:\Users\Public\Documents\Ryan 2012-11-23 19:53 - 2011-03-06 14:22 - 00000000 ____D C:\Users\All Users\Documents\Ryan 2012-11-23 19:50 - 2011-10-23 14:42 - 00000000 ____D C:\Users\Allison\My Documents\Outlook Files 2012-11-23 19:50 - 2011-10-23 14:42 - 00000000 ____D C:\Users\Allison\Documents\Outlook Files 2012-11-23 19:30 - 2012-11-23 19:30 - 00275336 ____A C:\Windows\Minidump\112312-29983-01.dmp 2012-11-23 19:26 - 2012-11-23 19:26 - 00275336 ____A C:\Windows\Minidump\112312-20108-01.dmp 2012-11-23 19:23 - 2012-11-23 19:23 - 00275336 ____A C:\Windows\Minidump\112312-23852-01.dmp 2012-11-23 19:15 - 2012-11-22 12:02 - 00000181 ____A C:\Windows\wininit.ini 2012-11-23 18:56 - 2012-04-22 18:24 - 00000000 ____D C:\Users\Ryan\My Documents\Outlook Files 2012-11-23 18:56 - 2012-04-22 18:24 - 00000000 ____D C:\Users\Ryan\Documents\Outlook Files 2012-11-23 18:54 - 2011-05-11 20:06 - 00000000 ____D C:\Users\Jan\My Documents\Outlook Files 2012-11-23 18:54 - 2011-05-11 20:06 - 00000000 ____D C:\Users\Jan\Documents\Outlook Files 2012-11-23 18:41 - 2012-11-23 18:40 - 00275392 ____A C:\Windows\Minidump\112312-31964-01.dmp 2012-11-23 18:20 - 2011-12-11 16:14 - 00000000 __RSD C:\Users\Ryan\My Documents\McAfee Vaults 2012-11-23 18:20 - 2011-12-11 16:14 - 00000000 __RSD C:\Users\Ryan\Documents\McAfee Vaults 2012-11-23 18:17 - 2012-11-23 18:17 - 00275392 ____A C:\Windows\Minidump\112312-36254-01.dmp 2012-11-23 18:10 - 2011-12-11 13:50 - 00000000 __RSD C:\Users\Jan\My Documents\McAfee Vaults 2012-11-23 18:10 - 2011-12-11 13:50 - 00000000 __RSD C:\Users\Jan\Documents\McAfee Vaults 2012-11-23 18:09 - 2012-11-23 18:09 - 00275336 ____A C:\Windows\Minidump\112312-56082-01.dmp 2012-11-23 17:02 - 2012-11-23 17:02 - 00275336 ____A C:\Windows\Minidump\112312-30856-01.dmp 2012-11-22 22:59 - 2012-11-22 22:59 - 00275336 ____A C:\Windows\Minidump\112212-21699-01.dmp 2012-11-22 22:34 - 2011-03-06 13:59 - 00000000 ____D C:\Users\Kevin\My Documents\BACKUP 2012-11-22 22:34 - 2011-03-06 13:59 - 00000000 ____D C:\Users\Kevin\Documents\BACKUP 2012-11-22 21:24 - 2011-03-06 14:19 - 00000000 ____D C:\Users\Kevin\My Documents\Finances 2012-11-22 21:24 - 2011-03-06 14:19 - 00000000 ____D C:\Users\Kevin\Documents\Finances 2012-11-22 17:19 - 2012-09-23 16:14 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4167307642-361513427-4124430374-1003Core.job 2012-11-22 00:20 - 2011-01-29 20:55 - 00797354 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-11-21 21:01 - 2012-11-21 21:01 - 00000000 ____D C:\Users\All Users\McAfee Anti-Theft 2012-11-21 21:01 - 2012-11-21 21:01 - 00000000 ____D C:\Users\All Users\Application Data\McAfee Anti-Theft 2012-11-21 20:59 - 2012-11-21 20:59 - 00275336 ____A C:\Windows\Minidump\112112-32869-01.dmp 2012-11-21 20:53 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\sysprep 2012-11-21 20:51 - 2012-03-30 12:46 - 00000000 ____D C:\Users\Ryan\Application Data\Skype 2012-11-21 20:51 - 2012-03-30 12:46 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Skype 2012-11-21 09:26 - 2011-10-22 09:24 - 00000000 ____D C:\Users\Ryan\Application Data\.minecraft 2012-11-21 09:26 - 2011-10-22 09:24 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\.minecraft 2012-11-21 09:25 - 2012-11-17 10:41 - 00000000 ____D C:\Users\Ryan\Desktop\factions1.4.5 2012-11-20 20:14 - 2012-10-29 09:03 - 00000000 ____D C:\Users\Ryan\Desktop\plugins 2012-11-20 19:34 - 2012-10-29 09:03 - 00000000 ____D C:\Users\Ryan\Desktop\old servers 2012-11-20 19:26 - 2012-11-20 19:26 - 00000000 ____D C:\Users\Ryan\Desktop\mc-edit 2012-11-20 08:30 - 2011-10-24 11:58 - 00078848 __ASH C:\Users\Jan\My Documents\Thumbs.db 2012-11-20 08:30 - 2011-10-24 11:58 - 00078848 __ASH C:\Users\Jan\Documents\Thumbs.db 2012-11-19 17:22 - 2012-11-19 17:22 - 00275392 ____A C:\Windows\Minidump\111912-19078-01.dmp 2012-11-19 17:22 - 2009-07-13 23:08 - 00032584 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-11-19 08:03 - 2011-03-06 14:21 - 00000000 ____D C:\Users\Jan\My Documents\Christmas 2012-11-19 08:03 - 2011-03-06 14:21 - 00000000 ____D C:\Users\Jan\Documents\Christmas 2012-11-19 07:58 - 2012-05-28 12:59 - 00000000 ____D C:\Users\Public\Documents\Jan 2012-11-19 07:58 - 2012-05-28 12:59 - 00000000 ____D C:\Users\All Users\Documents\Jan 2012-11-19 07:58 - 2012-05-28 08:01 - 00000000 ____D C:\Users\Jan\My Documents\Shopping 2012-11-19 07:58 - 2012-05-28 08:01 - 00000000 ____D C:\Users\Jan\Documents\Shopping 2012-11-19 07:01 - 2011-04-17 21:07 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job 2012-11-17 16:14 - 2012-07-14 20:08 - 00036455 ____A C:\Users\Public\Documents\Passwords.xlsx 2012-11-17 16:14 - 2012-07-14 20:08 - 00036455 ____A C:\Users\All Users\Documents\Passwords.xlsx 2012-11-17 13:57 - 2012-03-27 17:27 - 00000000 ____D C:\Users\Kevin\Application Data\Skype 2012-11-17 13:57 - 2012-03-27 17:27 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Skype 2012-11-17 13:57 - 2011-03-06 14:22 - 00000000 ____D C:\Users\Kevin\My Documents\Sports 2012-11-17 13:57 - 2011-03-06 14:22 - 00000000 ____D C:\Users\Kevin\Documents\Sports 2012-11-17 12:28 - 2012-10-08 13:30 - 00000000 ____D C:\Users\Ryan\Desktop\MC maps 2012-11-17 00:07 - 2012-11-17 00:05 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2012-11-17 00:05 - 2012-11-17 00:05 - 00001260 ____A C:\Users\Kevin\Desktop\Spybot - Search & Destroy.lnk 2012-11-16 15:47 - 2012-11-16 15:47 - 00000000 ____D C:\Users\Ryan\Desktop\roblox 2012-11-15 20:08 - 2010-12-30 12:31 - 00178016 ____A C:\Users\Allison\Local Settings\GDIPFONTCACHEV1.DAT 2012-11-15 20:08 - 2010-12-30 12:31 - 00178016 ____A C:\Users\Allison\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-11-15 20:08 - 2010-12-30 12:31 - 00178016 ____A C:\Users\Allison\AppData\Local\GDIPFONTCACHEV1.DAT 2012-11-15 19:43 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\NDF 2012-11-15 18:48 - 2011-03-06 14:17 - 00000000 ____D C:\Users\Kevin\My Documents\Coins 2012-11-15 18:48 - 2011-03-06 14:17 - 00000000 ____D C:\Users\Kevin\Documents\Coins 2012-11-15 18:37 - 2010-12-30 12:17 - 00178016 ____A C:\Users\Kevin\Local Settings\GDIPFONTCACHEV1.DAT 2012-11-15 18:37 - 2010-12-30 12:17 - 00178016 ____A C:\Users\Kevin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-11-15 18:37 - 2010-12-30 12:17 - 00178016 ____A C:\Users\Kevin\AppData\Local\GDIPFONTCACHEV1.DAT 2012-11-15 17:01 - 2010-12-30 12:35 - 00178016 ____A C:\Users\Ryan\Local Settings\GDIPFONTCACHEV1.DAT 2012-11-15 17:01 - 2010-12-30 12:35 - 00178016 ____A C:\Users\Ryan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-11-15 17:01 - 2010-12-30 12:35 - 00178016 ____A C:\Users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT 2012-11-15 10:44 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache 2012-11-15 09:08 - 2010-12-30 12:26 - 00178016 ____A C:\Users\Jan\Local Settings\GDIPFONTCACHEV1.DAT 2012-11-15 09:08 - 2010-12-30 12:26 - 00178016 ____A C:\Users\Jan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-11-15 09:08 - 2010-12-30 12:26 - 00178016 ____A C:\Users\Jan\AppData\Local\GDIPFONTCACHEV1.DAT 2012-11-15 09:07 - 2009-07-13 22:45 - 00575024 ____A C:\Windows\System32\FNTCACHE.DAT 2012-11-14 20:02 - 2011-01-29 22:28 - 00000000 ____D C:\Users\All Users\Microsoft Help 2012-11-14 20:02 - 2011-01-29 22:28 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help 2012-11-14 20:00 - 2009-07-13 23:13 - 00794138 ____A C:\Windows\System32\PerfStringBackup.INI 2012-11-14 19:54 - 2011-01-01 20:29 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-11-14 19:53 - 2009-07-13 20:34 - 00000478 ____A C:\Windows\win.ini 2012-11-14 19:36 - 2011-03-06 14:16 - 00000000 ____D C:\Users\Kevin\My Documents\Cars 2012-11-14 19:36 - 2011-03-06 14:16 - 00000000 ____D C:\Users\Kevin\Documents\Cars 2012-11-14 18:19 - 2012-10-08 13:26 - 00000000 ____D C:\Users\Ryan\Desktop\mods 2012-11-12 08:54 - 2012-10-29 10:41 - 00000000 ____D C:\Users\Ryan\Desktop\server 2012-11-10 15:59 - 2012-10-31 20:53 - 00032332 ____A C:\Users\Public\Documents\Contacts.xlsx 2012-11-10 15:59 - 2012-10-31 20:53 - 00032332 ____A C:\Users\All Users\Documents\Contacts.xlsx 2012-11-10 12:24 - 2012-11-10 12:24 - 00025196 ____A C:\Users\Ryan\Downloads\hs_err_pid19140.log 2012-11-10 00:06 - 2012-01-02 13:07 - 00000000 ____D C:\Users\Kevin\Local Settings\Garmin 2012-11-10 00:06 - 2012-01-02 13:07 - 00000000 ____D C:\Users\Kevin\Local Settings\Application Data\Garmin 2012-11-10 00:06 - 2012-01-02 13:07 - 00000000 ____D C:\Users\Kevin\AppData\Local\Garmin 2012-11-09 18:13 - 2012-06-23 10:31 - 00000000 ____D C:\Users\Ryan\Desktop\texture packs 2012-11-09 14:42 - 2012-09-23 17:58 - 00000000 ____D C:\Users\Ryan\Application Data\Autodesk 2012-11-09 14:42 - 2012-09-23 17:58 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Autodesk 2012-11-08 20:35 - 2012-08-28 18:30 - 00000000 ____D C:\Program Files (x86)\Google 2012-11-08 20:34 - 2012-08-28 18:30 - 00000000 ____D C:\Users\Kevin\Local Settings\Google 2012-11-08 20:34 - 2012-08-28 18:30 - 00000000 ____D C:\Users\Kevin\Local Settings\Application Data\Google 2012-11-08 20:34 - 2012-08-28 18:30 - 00000000 ____D C:\Users\Kevin\AppData\Local\Google 2012-11-08 20:31 - 2012-03-30 21:08 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-11-08 20:31 - 2011-05-19 18:52 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-11-08 20:31 - 2010-12-22 22:38 - 00000000 ____D C:\Users\All Users\Application Data\Adobe 2012-11-08 20:31 - 2010-12-22 22:38 - 00000000 ____D C:\Users\All Users\Adobe 2012-11-06 08:10 - 2010-12-22 22:41 - 00000000 ____D C:\Users\All Users\Skype 2012-11-06 08:10 - 2010-12-22 22:41 - 00000000 ____D C:\Users\All Users\Application Data\Skype 2012-11-04 14:20 - 2012-10-21 12:59 - 00000000 ____D C:\Users\Ryan\Desktop\movies 2012-11-03 09:21 - 2012-11-03 09:21 - 00002727 ____A C:\Users\Ryan\.recently-used.xbel 2012-11-03 09:21 - 2012-04-28 13:41 - 00000000 ____D C:\Users\Ryan\.gimp-2.6 2012-11-03 09:21 - 2010-12-30 12:35 - 00000000 ____D C:\users\Ryan 2012-11-03 09:19 - 2012-11-03 09:19 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\{4D776D23-61D0-4DB1-944C-F2B0A998E4C8} 2012-11-03 09:19 - 2012-11-03 09:19 - 00000000 ____D C:\Users\Ryan\Local Settings\{4D776D23-61D0-4DB1-944C-F2B0A998E4C8} 2012-11-03 09:19 - 2012-11-03 09:19 - 00000000 ____D C:\Users\Ryan\AppData\Local\{4D776D23-61D0-4DB1-944C-F2B0A998E4C8} 2012-11-03 09:19 - 2012-10-19 19:39 - 00000000 ____D C:\Users\Ryan\Local Settings\Windows Live 2012-11-03 09:19 - 2012-10-19 19:39 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\Windows Live 2012-11-03 09:19 - 2012-10-19 19:39 - 00000000 ____D C:\Users\Ryan\AppData\Local\Windows Live 2012-11-01 15:10 - 2012-11-01 14:30 - 00000000 ____D C:\Users\Ryan\Application Data\Google 2012-11-01 15:10 - 2012-11-01 14:30 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Google 2012-11-01 14:30 - 2012-08-30 08:26 - 00000000 ____D C:\Users\Ryan\Local Settings\Google 2012-11-01 14:30 - 2012-08-30 08:26 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\Google 2012-11-01 14:30 - 2012-08-30 08:26 - 00000000 ____D C:\Users\Ryan\AppData\Local\Google 2012-10-30 08:34 - 2012-10-08 13:31 - 00000000 ____D C:\Users\Ryan\Desktop\jar files 2012-10-30 08:05 - 2012-10-30 08:05 - 00275336 ____A C:\Windows\Minidump\103012-16395-01.dmp 2012-10-29 12:32 - 2012-10-29 12:28 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\{3DBE31DA-234D-490B-B004-D5E5904F60FF} 2012-10-29 12:32 - 2012-10-29 12:28 - 00000000 ____D C:\Users\Ryan\Local Settings\{3DBE31DA-234D-490B-B004-D5E5904F60FF} 2012-10-29 12:32 - 2012-10-29 12:28 - 00000000 ____D C:\Users\Ryan\AppData\Local\{3DBE31DA-234D-490B-B004-D5E5904F60FF} 2012-10-29 12:31 - 2012-10-29 12:31 - 00005347 ____A C:\Users\Ryan\My Documents\xD.wlmp 2012-10-29 12:31 - 2012-10-29 12:31 - 00005347 ____A C:\Users\Ryan\Documents\xD.wlmp 2012-10-29 12:28 - 2012-10-29 12:28 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\{490B9340-72EF-44C6-ADD5-F498084C4207} 2012-10-29 12:28 - 2012-10-29 12:28 - 00000000 ____D C:\Users\Ryan\Local Settings\{490B9340-72EF-44C6-ADD5-F498084C4207} 2012-10-29 12:28 - 2012-10-29 12:28 - 00000000 ____D C:\Users\Ryan\AppData\Local\{490B9340-72EF-44C6-ADD5-F498084C4207} 2012-10-29 10:09 - 2012-10-29 10:09 - 00000000 ____A C:\Users\Ryan\Downloads\Reach The End.rar.wteotfn.partial 2012-10-29 09:57 - 2012-10-29 09:56 - 17353763 ____A C:\Users\Ryan\Desktop\Its Better Together V1.4.zip 2012-10-28 21:15 - 2011-03-06 14:20 - 00000000 ____D C:\Users\Kevin\My Documents\Genealogy 2012-10-28 21:15 - 2011-03-06 14:20 - 00000000 ____D C:\Users\Kevin\Documents\Genealogy 2012-10-28 17:29 - 2012-10-28 17:29 - 00001698 ____A C:\Users\Ryan\Desktop\Inventor.exe - Shortcut.lnk 2012-10-28 17:29 - 2012-09-23 17:40 - 00000000 ____D C:\Users\All Users\Autodesk 2012-10-28 17:29 - 2012-09-23 17:40 - 00000000 ____D C:\Users\All Users\Application Data\Autodesk 2012-10-28 16:44 - 2012-10-25 21:49 - 00000000 ____D C:\Users\Kevin\Application Data\System 2012-10-28 16:44 - 2012-10-25 21:49 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\System 2012-10-27 10:12 - 2012-10-25 16:59 - 00000000 ____D C:\Users\Kevin\My Documents\Inventor 2012-10-27 10:12 - 2012-10-25 16:59 - 00000000 ____D C:\Users\Kevin\Documents\Inventor 2012-10-27 10:10 - 2012-10-27 10:10 - 00000000 ____D C:\Users\Kevin\My Documents\Autoloader 2012-10-27 10:10 - 2012-10-27 10:10 - 00000000 ____D C:\Users\Kevin\Documents\Autoloader 2012-10-27 10:10 - 2012-09-23 17:40 - 00000000 ____D C:\Users\Kevin\Application Data\Autodesk 2012-10-27 10:10 - 2012-09-23 17:40 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Autodesk 2012-10-27 10:09 - 2012-09-23 17:25 - 00000000 ____D C:\Users\Kevin\Local Settings\Autodesk 2012-10-27 10:09 - 2012-09-23 17:25 - 00000000 ____D C:\Users\Kevin\Local Settings\Application Data\Autodesk 2012-10-27 10:09 - 2012-09-23 17:25 - 00000000 ____D C:\Users\Kevin\AppData\Local\Autodesk 2012-10-27 10:04 - 2012-10-27 09:59 - 00000000 ____D C:\Users\Allison\Application Data\Autodesk 2012-10-27 10:04 - 2012-10-27 09:59 - 00000000 ____D C:\Users\Allison\AppData\Roaming\Autodesk 2012-10-27 10:04 - 2012-10-05 07:19 - 00000000 ____D C:\Users\Allison\Local Settings\Autodesk 2012-10-27 10:04 - 2012-10-05 07:19 - 00000000 ____D C:\Users\Allison\Local Settings\Application Data\Autodesk 2012-10-27 10:04 - 2012-10-05 07:19 - 00000000 ____D C:\Users\Allison\AppData\Local\Autodesk 2012-10-27 10:03 - 2012-10-27 10:02 - 00000000 ____D C:\Users\Allison\My Documents\Inventor 2012-10-27 10:03 - 2012-10-27 10:02 - 00000000 ____D C:\Users\Allison\Documents\Inventor 2012-10-27 10:01 - 2012-10-27 10:01 - 00000000 ____D C:\Users\Allison\My Documents\Autoloader 2012-10-27 10:01 - 2012-10-27 10:01 - 00000000 ____D C:\Users\Allison\Documents\Autoloader 2012-10-27 09:35 - 2012-10-27 09:35 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-10-27 09:35 - 2012-10-27 09:35 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk 2012-10-27 09:35 - 2012-10-27 09:34 - 00000000 ____D C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-10-27 09:35 - 2012-10-27 09:34 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-10-27 09:35 - 2012-10-27 09:34 - 00000000 ____D C:\Program Files\iTunes 2012-10-27 09:35 - 2012-10-27 09:34 - 00000000 ____D C:\Program Files (x86)\iTunes 2012-10-27 09:34 - 2012-10-27 09:34 - 00000000 ____D C:\Program Files\iPod 2012-10-27 09:30 - 2012-10-27 09:30 - 00000000 ____D C:\Users\Jan\My Documents\Autoloader 2012-10-27 09:30 - 2012-10-27 09:30 - 00000000 ____D C:\Users\Jan\Documents\Autoloader 2012-10-27 09:30 - 2012-10-27 09:25 - 00000000 ____D C:\Users\Jan\Application Data\Autodesk 2012-10-27 09:30 - 2012-10-27 09:25 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Autodesk 2012-10-27 09:29 - 2012-09-24 18:50 - 00000000 ____D C:\Users\Jan\Local Settings\Autodesk 2012-10-27 09:29 - 2012-09-24 18:50 - 00000000 ____D C:\Users\Jan\Local Settings\Application Data\Autodesk 2012-10-27 09:29 - 2012-09-24 18:50 - 00000000 ____D C:\Users\Jan\AppData\Local\Autodesk 2012-10-27 09:28 - 2012-10-27 09:26 - 00000000 ____D C:\Users\Jan\My Documents\Inventor 2012-10-27 09:28 - 2012-10-27 09:26 - 00000000 ____D C:\Users\Jan\Documents\Inventor 2012-10-26 12:52 - 2012-09-23 17:58 - 00000000 ____D C:\Users\Ryan\Local Settings\Autodesk 2012-10-26 12:52 - 2012-09-23 17:58 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\Autodesk 2012-10-26 12:52 - 2012-09-23 17:58 - 00000000 ____D C:\Users\Ryan\AppData\Local\Autodesk 2012-10-25 18:06 - 2012-10-25 18:06 - 00000000 ____D C:\Users\Ryan\Local Settings\Autodesk,_Inc 2012-10-25 18:06 - 2012-10-25 18:06 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\Autodesk,_Inc 2012-10-25 18:06 - 2012-10-25 18:06 - 00000000 ____D C:\Users\Ryan\AppData\Local\Autodesk,_Inc 2012-10-25 17:31 - 2012-10-25 17:31 - 00000000 ____D C:\Users\Ryan\Local Settings\Granta Design 2012-10-25 17:31 - 2012-10-25 17:31 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\Granta Design 2012-10-25 17:31 - 2012-10-25 17:31 - 00000000 ____D C:\Users\Ryan\AppData\Local\Granta Design 2012-10-25 17:31 - 2012-10-25 17:29 - 00000000 ____D C:\Users\Ryan\My Documents\Inventor 2012-10-25 17:31 - 2012-10-25 17:29 - 00000000 ____D C:\Users\Ryan\Documents\Inventor 2012-10-25 17:26 - 2012-10-25 16:54 - 00000000 ____D C:\Users\Public\Documents\Autodesk 2012-10-25 17:26 - 2012-10-25 16:54 - 00000000 ____D C:\Users\All Users\Documents\Autodesk 2012-10-25 17:26 - 2012-10-25 16:46 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared 2012-10-25 17:26 - 2012-10-25 16:45 - 00000000 ____D C:\Program Files\Autodesk 2012-10-25 17:26 - 2012-09-23 17:49 - 00000000 ____D C:\Program Files (x86)\Autodesk 2012-10-25 16:57 - 2012-10-25 16:57 - 00000000 ____D C:\Users\Kevin\My Documents\Autodesk 2012-10-25 16:57 - 2012-10-25 16:57 - 00000000 ____D C:\Users\Kevin\Documents\Autodesk 2012-10-25 16:57 - 2012-10-25 16:57 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared 2012-10-25 16:46 - 2012-10-25 16:46 - 00000000 ____D C:\Program Files (x86)\DWG TrueView 2013 2012-10-25 16:42 - 2012-10-25 16:42 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE 2012-10-25 16:41 - 2010-12-22 22:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2012-10-25 16:32 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2012-10-25 16:30 - 2012-09-23 17:24 - 00000000 ____D C:\Users\Kevin\Local Settings\Application Data\Akamai 2012-10-25 16:30 - 2012-09-23 17:24 - 00000000 ____D C:\Users\Kevin\Local Settings\Akamai 2012-10-25 16:30 - 2012-09-23 17:24 - 00000000 ____D C:\Users\Kevin\AppData\Local\Akamai 2012-10-25 16:28 - 2012-10-25 16:27 - 22231488 ____A C:\Users\Ryan\Downloads\Autodesk_Inventor_2013_English_Win_64bit_wi_en-US_Setup1.exe 2012-10-25 16:28 - 2012-09-23 17:26 - 00000000 ____D C:\Autodesk 2012-10-25 16:25 - 2012-10-25 16:24 - 22228664 ____A C:\Users\Ryan\Downloads\Autodesk_Inventor_2013_English_Win_32bit_wi_en-US_Setup1.exe ATTENTION: ========> Check for possible partition/boot infection: C:\Windows\svchost.exe ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-11-10 17:49:49 Restore point made on: 2012-11-14 19:52:38 Restore point made on: 2012-11-22 01:25:43 ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 8151.08 MB Available physical RAM: 7303.76 MB Total Pagefile: 8149.23 MB Available Pagefile: 7293.82 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:793.05 GB) NTFS 7 Drive i: (USB20FD) (Removable) (Total:7.51 GB) (Free:7.5 GB) FAT32 8 Drive j: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.74 GB) NTFS ==>[system with boot components (obtained from reading drive)] 9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 0 B Disk 1 No Media 0 B 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 Online 7701 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 31 KB Partition 2 Primary 12 GB 40 MB Partition 3 Primary 919 GB 12 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 8 FAT Partition 39 MB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 J RECOVERY NTFS Partition 12 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 919 GB Healthy ========================================================= Partitions of Disk 5: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- * Partition 1 Primary 7701 MB 0 B ================================================================================== Disk: 5 There is no partition selected. There is no partition selected. Please select a partition and try again. ========================================================= Last Boot: 2012-11-15 10:36 ==================== End Of Log =============================

Thank you for your help! Computer is not running well: If I boot in normal mode, it crashes (blue screen) when I log in to my account. If I boot in "safe mode with networking", it doesn't crash. That's what I'm doing now. When I was in normal mode, I experienced IE browser redirects. That doesn't happen in safe mode. In both modes, I see winrscmde taking up lots of memory and CPU. Once, computer shut down on its own. Here are the results of MBAM, combofix, and AdwCleaner. Computer crashed (blue screen) on reboot after MBAM, so I'm not sure if all deletes were completed. Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.24.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Kevin :: DESKTOP2010-K [administrator] 11/23/2012 9:13:32 PM mbam-log-2012-11-23 (21-13-32).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 333911 Time elapsed: 14 minute(s), 36 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 4964 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 5 C:\$Recycle.Bin\S-1-5-21-4167307642-361513427-4124430374-1000\$55078b485655604d8e4628f9ed38b6c2\n (Trojan.0Access) -> Delete on reboot. C:\Users\Kevin\AppData\Local\Temp\C81D.tmp (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully. C:\Users\Kevin\AppData\Local\Temp\msimg32.dll (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully. C:\Users\Kevin\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully. C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot. (end) ComboFix 12-11-24.02 - Kevin 11/24/2012 12:00:17.1.8 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.6976 [GMT -5:00] Running from: c:\users\Kevin\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\$recycle.bin\S-1-5-21-4167307642-361513427-4124430374-1000\$55078b485655604d8e4628f9ed38b6c2\@ c:\$recycle.bin\S-1-5-21-4167307642-361513427-4124430374-1000\$55078b485655604d8e4628f9ed38b6c2\L\00000004.@ c:\$recycle.bin\S-1-5-21-4167307642-361513427-4124430374-1000\$55078b485655604d8e4628f9ed38b6c2\U\80000000.@ c:\$recycle.bin\S-1-5-21-4167307642-361513427-4124430374-1000\$55078b485655604d8e4628f9ed38b6c2\U\80000064.@ c:\programdata\Microsoft\Windows\DRM\C760.tmp c:\programdata\Microsoft\Windows\DRM\C761.tmp c:\users\Kevin\AppData\Local\Garmin\ElevatedDiagnostics\lwpwjrvfx.dll c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\Downloaded Program Files\IDropPTB.dll c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-10-24 to 2012-11-24 ))))))))))))))))))))))))))))))) . . 2012-11-24 17:12 . 2012-11-24 17:12 -------- d-----w- c:\users\Ryan\AppData\Local\temp 2012-11-24 17:12 . 2012-11-24 17:12 -------- d-----w- c:\users\Jan\AppData\Local\temp 2012-11-24 17:12 . 2012-11-24 17:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-24 17:12 . 2012-11-24 17:12 -------- d-----w- c:\users\Allison\AppData\Local\temp 2012-11-24 16:40 . 2012-11-24 16:40 -------- d-----w- c:\program files (x86)\7-zip 2012-11-24 02:03 . 2012-11-24 02:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-22 03:01 . 2012-11-22 03:01 -------- d-----w- c:\programdata\McAfee Anti-Theft 2012-11-17 06:05 . 2012-11-24 16:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-11-17 06:05 . 2012-11-17 06:07 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-11-15 01:59 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-15 01:59 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-15 01:59 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-15 01:59 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-15 01:53 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-15 01:53 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-15 01:53 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-15 01:53 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-15 01:53 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-15 01:53 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-15 01:53 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-10-27 15:59 . 2012-10-27 16:04 -------- d-----w- c:\users\Allison\AppData\Roaming\Autodesk 2012-10-27 15:35 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-10-27 15:34 . 2012-10-27 15:35 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-10-27 15:34 . 2012-10-27 15:35 -------- d-----w- c:\program files\iTunes 2012-10-27 15:34 . 2012-10-27 15:35 -------- d-----w- c:\program files (x86)\iTunes 2012-10-27 15:34 . 2012-10-27 15:34 -------- d-----w- c:\program files\iPod 2012-10-27 15:25 . 2012-10-27 15:30 -------- d-----w- c:\users\Jan\AppData\Roaming\Autodesk 2012-10-26 03:49 . 2012-10-28 22:44 -------- d-----w- c:\users\Kevin\AppData\Roaming\System 2012-10-26 00:06 . 2012-10-26 00:06 -------- d-----w- c:\users\Ryan\AppData\Local\Autodesk,_Inc 2012-10-25 23:31 . 2012-10-25 23:31 -------- d-----w- c:\users\Ryan\AppData\Local\Granta Design 2012-10-25 22:57 . 2012-10-25 22:57 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2012-10-25 22:46 . 2012-10-25 23:26 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2012-10-25 22:46 . 2012-10-25 22:46 -------- d-----w- c:\program files (x86)\DWG TrueView 2013 2012-10-25 22:45 . 2012-10-25 23:26 -------- d-----w- c:\program files\Autodesk 2012-10-25 22:42 . 2012-10-25 22:42 -------- d-----w- c:\program files (x86)\Microsoft WSE . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-15 01:54 . 2011-01-02 02:29 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-09 02:31 . 2012-03-31 03:08 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-09 02:31 . 2011-05-20 00:52 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-30 00:54 . 2011-12-01 02:17 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-14 19:19 . 2012-10-10 10:25 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 10:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-10 10:27 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-10 10:27 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 10:27 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-10 10:27 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672] "Akamai NetSession Interface"="c:\users\Kevin\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696] "ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-17 98304] "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528] "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-06-13 73728] "IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160] "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-12-15 1446248] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "ADSK DLMSession"="c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2012-07-23 1632216] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-13 559616] "Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-30 766536] "Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-09-30 1089608] . c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384] GoZone iSync.lnk - c:\program files (x86)\GoZone\GoZone_iSync.exe [2011-5-21 431608] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 66040] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-18 203264] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336] R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936] R2 mitsijm2013;Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager;c:\program files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [2012-01-31 339776] R2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224] R2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-07-07 35840] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-10-25 1432400] R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912] R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720] R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-11-18 25072] R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848] R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-01 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-04-11 71800] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192] S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-06 1847296] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296] . . Contents of the 'Scheduled Tasks' folder . 2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 02:31] . 2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 00:30] . 2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 00:30] . 2012-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4167307642-361513427-4124430374-1003Core.job - c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-23 16:41] . 2012-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4167307642-361513427-4124430374-1003UA.job - c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-23 16:41] . 2012-11-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13] . 2012-11-24 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK] @="{3c3f3c1a-9153-7c05-f938-622e7003894d}" [HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}] 2010-04-14 01:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2] @="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}" [HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}] 2010-04-14 01:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3] @="{b4caf489-1eec-c617-49ad-8d7088598c06}" [HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}] 2010-04-14 01:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240] "RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920] "RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504] "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1840720] "WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480] "McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 436384] "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-06 415680] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;<local> Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-ElevatedDiagnostics - c:\users\Kevin\AppData\Local\Garmin\ElevatedDiagnostics\lwpwjrvfx.dll Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-24 12:16:45 ComboFix-quarantined-files.txt 2012-11-24 17:16 . Pre-Run: 850,663,534,592 bytes free Post-Run: 852,562,075,648 bytes free . - - End Of File - - E1E45AA717B03338F27DBEA05E3AF755 # AdwCleaner v2.009 - Logfile created 11/24/2012 at 12:24:12 # Updated 24/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Kevin - DESKTOP2010-K # Boot Mode : Safe mode with networking # Running from : C:\Users\Kevin\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Found : HKCU\Software\Ask.com.tmp Key Found : HKLM\Software\Freeze.com ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\Allison\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1086 octets] - [24/11/2012 12:24:12] ########## EOF - C:\AdwCleaner[R1].txt - [1146 octets] ##########

Hi there! I think my PC is infected with a virus/trojan related to winrscmde. I ran MBAM, it found a few things, but PC is still infected. Any help would be appreciated! Here is the contents of DDS.txt: DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.4.1 Run by Kevin at 21:58:06 on 2012-11-23 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.7015 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\mfevtps.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe \\.\globalroot\systemroot\svchost.exe -netsvcs c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\SysWOW64\ctfmon.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120626164338.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" uRun: [Akamai NetSession Interface] "C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe" uRun: [ElevatedDiagnostics] rundll32.exe "C:\Users\Kevin\AppData\Local\Garmin\ElevatedDiagnostics\lwpwjrvfx.dll",DllRegisterServerW mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r mRun: [updReg] C:\Windows\UpdReg.EXE mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GOZONE~1.LNK - C:\Program Files (x86)\GoZone\GoZone_iSync.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{6A01A145-EC65-4B89-9963-BA4E1CDA273D} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{C7755A1B-ED37-4F91-9028-768712D0455C} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{C7755A1B-ED37-4F91-9028-768712D0455C}\B456C6D223031303D275962756C6563737 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{C7755A1B-ED37-4F91-9028-768712D0455C}\E4544574541425 : DHCPNameServer = 192.168.0.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20120626164338.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64 x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64 x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon x64-Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe x64-Run: [McPvTray_exe] "C:\Program Files\McAfee\MAT\McPvTray.exe" x64-Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 McPvDrv;McPvDrv Driver;C:\Windows\System32\drivers\McPvDrv.sys [2011-12-11 71800] R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 647208] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-12-11 289664] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-12-22 55280] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-12-11 75936] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-11 249936] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe [2011-12-11 210584] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-12-11 162192] R3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2011-1-26 1847296] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-12-23 56344] R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-12-23 321064] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-12-11 487296] S1 MOBKFilter;MOBKFilter;C:\Windows\System32\drivers\MOBK.sys [2011-12-11 66040] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-23 203264] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-22 13336] S2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-11 249936] S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-11 249936] S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-11 249936] S2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\SystemCore\mcshield.exe [2011-12-11 199272] S2 mitsijm2013;Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager;C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [2012-1-30 339776] S2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224] S2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000] S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-11-17 1153368] S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?] S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-22 1692480] S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-1-22 35840] S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-12-11 65264] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-10-25 1432400] S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-12-23 158976] S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-12-23 271872] S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-12-11 229528] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-12-11 100912] S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720] S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-11-17 25072] S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848] S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-7 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-1 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . FileExt: .scr: DWGTrueViewScriptFile=C:\Windows\System32\notepad.exe "%1" . =============== Created Last 30 ================ . 2012-11-24 02:31:50 20480 ----a-w- C:\Windows\svchost.exe 2012-11-24 02:03:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-11-22 03:01:32 -------- d-----w- C:\ProgramData\McAfee Anti-Theft 2012-11-22 02:53:19 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\C761.tmp 2012-11-22 02:53:19 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\C760.tmp 2012-11-17 06:05:46 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-11-17 06:05:46 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-11-15 01:59:24 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2012-11-15 01:59:24 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2012-11-15 01:59:24 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2012-11-15 01:59:24 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-15 01:53:42 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2012-11-15 01:53:42 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2012-11-15 01:53:42 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2012-11-15 01:53:41 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2012-11-15 01:53:41 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2012-11-15 01:53:41 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2012-11-15 01:53:41 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2012-10-27 15:35:29 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-10-27 15:34:40 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-10-27 15:34:40 -------- d-----w- C:\Program Files\iTunes 2012-10-27 15:34:40 -------- d-----w- C:\Program Files\iPod 2012-10-27 15:34:40 -------- d-----w- C:\Program Files (x86)\iTunes 2012-10-26 03:49:15 -------- d-----w- C:\Users\Kevin\AppData\Roaming\System 2012-10-25 22:57:15 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared 2012-10-25 22:46:43 -------- d-----w- C:\Program Files\Common Files\Autodesk Shared 2012-10-25 22:46:43 -------- d-----w- C:\Program Files (x86)\DWG TrueView 2013 2012-10-25 22:45:16 -------- d-----w- C:\Program Files\Autodesk 2012-10-25 22:42:42 -------- d-----w- C:\Program Files (x86)\Microsoft WSE . ==================== Find3M ==================== . 2012-11-09 02:31:07 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-09 02:31:07 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll 2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe . ============= FINISH: 21:59:21.89 =============== And here is the contents of attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 12/30/2010 1:16:40 PM System Uptime: 11/23/2012 9:41:03 PM (0 hours ago) . Motherboard: Dell Inc. | | 0G3HR7 Processor: Intel® Core™ i7 CPU 870 @ 2.93GHz | CPU 1 | 2926/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 919 GiB total, 790.487 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . ==== System Restore Points =================== . RP156: 11/10/2012 6:49:39 PM - Scheduled Checkpoint RP157: 11/14/2012 8:52:29 PM - Windows Update RP158: 11/22/2012 2:25:16 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . 7-Zip 9.20 (x64 edition) Adobe Digital Editions Adobe Flash Player 11 ActiveX Adobe Reader 9.5.2 Akamai NetSession Interface AnswerWorks 5.0 English Runtime Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Control Center Autodesk Backburner 2013.0.0 Autodesk Design Review 2013 Autodesk DirectConnect 2013 32-bit Autodesk Download Manager Autodesk FBX Plug-in 2013.1 - Maya 2013 Autodesk Inventor 2013 Quick Uninstaller Autodesk Inventor Content Center Libraries 2013 (Desktop Content) Autodesk Inventor Fusion 2013 Autodesk Inventor Fusion for Inventor 2013 Add-in Autodesk Inventor Professional 2013 Autodesk Inventor Professional 2013 English Autodesk Inventor Professional 2013 English Language Pack Autodesk MatchMover 2013 32-bit Autodesk Material Library 2013 Autodesk Material Library Base Resolution Image Library 2013 Autodesk Material Library Low Resolution Image Library 2013 Autodesk Maya 2013 32-bit Autodesk Sync Autodesk Vault Basic 2013 (Client) Autodesk Vault Basic 2013 (Client) English Language Pack Bonjour Canon IJ Network Scan Utility Canon IJ Network Tool Canon MP Navigator EX 1.1 Canon MX850 series Canon MX850 series User Registration Canon My Printer Canon Utilities Easy-PhotoPrint EX Canon Utilities Solution Menu Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Composite 2013 Consumer In-Home Service Agreement D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Dock Dell Driver Download Manager Dell Edoc Viewer Dell Getting Started Guide Dell Support Center DirectXInstallService DWG TrueView 2013 Eco Materials Adviser for Autodesk Inventor 2013 EMC 10 Content EMCGadgets64 Garmin City Navigator North America NT 2012.30 Update Garmin Lifetime Updater GIMP 2.6.11 Google Earth Google Toolbar for Internet Explorer Google Update Helper GoToAssist 8.0.0.514 GoZone iSync Intel® Control Center Intel® Rapid Storage Technology Internet Explorer iTunes Java Auto Updater Java SE Development Kit 7 Update 4 Java™ 7 Update 4 JavaFX 2.1.0 JavaFX 2.1.0 SDK Junk Mail filter update Malwarebytes Anti-Malware version 1.65.1.1000 McAfee Online Backup McAfee SecurityCenter Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Corporation Microsoft LifeCam Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Multimedia Card Reader NETGEAR Live Parental Controls Management Utility 2.1 Plants vs. Zombies - Game of the Year Edition Presto! PageManager 7.15.20 Quicken 2011 QuickTime Realtek High Definition Audio Driver Roxio Activation Module Roxio BackOnTrack Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Easy CD and DVD Burning Roxio Express Labeler 3 Roxio File Backup Roxio Update Manager ScanSoft OmniPage SE 4 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition Skins Skype Click to Call Skype™ 5.10 Sonic CinePlayer Decoder Pack Spelling Dictionaries Support For Adobe Reader 9 Spybot - Search & Destroy THX TruStudio PC TP-LINK Wireless Client Utility TurboTax 2010 TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wnyiper TurboTax 2010 wrapper TurboTax 2011 TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wnyiper TurboTax 2011 wrapper Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition VBA (2627.01) VD64Inst West Point Bridge Designer 2010 (2nd Edition) (remove only) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Wizard101 . ==== Event Viewer Messages From Past Week ======== . 11/23/2012 9:56:47 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 11/23/2012 9:56:45 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 11/23/2012 9:54:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06} 11/23/2012 9:54:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} 11/23/2012 9:43:41 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 11/23/2012 9:42:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 11/23/2012 9:42:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 11/23/2012 9:42:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 11/23/2012 9:41:58 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 21 11/23/2012 9:41:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 11/23/2012 9:41:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MOBKFilter RxFilter spldr Wanarpv6 11/23/2012 9:41:41 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 11/23/2012 9:41:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035254e3, 0x0000000000000000, 0x00000000000002e0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-29125-01. 11/23/2012 9:39:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Service Agent service to connect. 11/23/2012 9:39:46 PM, Error: Service Control Manager [7000] - The Application Virtualization Service Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/23/2012 9:39:01 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified. 11/23/2012 9:38:44 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126 11/23/2012 9:38:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800035170c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-31496-01. 11/23/2012 9:36:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Image Acquisition (WIA) service to connect. 11/23/2012 9:36:05 PM, Error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/23/2012 9:35:58 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 11/23/2012 9:35:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Skype Updater service to connect. 11/23/2012 9:35:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. 11/23/2012 9:35:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Skype C2C Service service to connect. 11/23/2012 9:33:55 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800034bb66b, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-36363-01. 11/23/2012 9:31:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect. 11/23/2012 9:31:56 PM, Error: Service Control Manager [7000] - The Intel® Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/23/2012 8:31:43 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter 11/23/2012 8:30:15 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800034bc0c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-29983-01. 11/23/2012 8:26:35 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000800cb, 0x0000000000000002, 0x0000000000000001, 0xfffff8000350c0c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-20108-01. 11/23/2012 8:23:43 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000088, 0x0000000000000002, 0x0000000000000001, 0xfffff800034adaa6). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-23852-01. 11/23/2012 8:04:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaSvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A} 11/23/2012 7:58:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 11/23/2012 7:41:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800034c166b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-31964-01. 11/23/2012 7:17:55 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa800a3c5bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-36254-01. 11/23/2012 7:12:11 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 11/23/2012 7:09:23 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800034fa0c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-56082-01. 11/23/2012 6:55:30 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 11/23/2012 6:55:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 11/23/2012 6:55:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 11/23/2012 6:02:35 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800034c366b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-30856-01. 11/23/2012 6:02:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk MOBKFilter NetBIOS NetBT nsiproxy Psched rdbss RxFilter spldr tdx vwififlt Wanarpv6 WfpLwf 11/23/2012 6:02:33 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start. 11/23/2012 6:02:33 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 11/23/2012 6:02:33 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 11/23/2012 6:02:33 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start. 11/23/2012 6:02:32 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 11/23/2012 6:02:32 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 11/23/2012 6:02:32 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 11/23/2012 6:02:32 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/23/2012 6:02:32 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning. 11/23/2012 6:02:32 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start. 11/23/2012 6:02:32 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/23/2012 6:02:30 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/23/2012 6:02:30 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 11/23/2012 6:02:30 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 11/23/2012 6:02:30 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 11/23/2012 6:02:30 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 11/23/2012 5:55:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 11/23/2012 12:00:38 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee McShield service to connect. 11/23/2012 12:00:38 AM, Error: Service Control Manager [7000] - The McAfee McShield service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/22/2012 11:59:05 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800035000c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112212-21699-01. 11/22/2012 11:56:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect. 11/22/2012 11:56:10 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 11/22/2012 11:56:10 PM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/22/2012 11:55:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect. 11/22/2012 11:55:40 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/21/2012 9:59:06 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800034c50c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112112-32869-01. 11/21/2012 9:56:33 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect. 11/21/2012 9:56:33 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/21/2012 12:07:52 AM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 11/21/2012 12:07:52 AM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 11/21/2012 12:07:52 AM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure. 11/21/2012 12:07:52 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure. 11/21/2012 12:07:52 AM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: A system shutdown is in progress. 11/19/2012 6:22:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000000782, 0xfffffa8006cd2b18, 0xfffff980180c0000, 0xfffff8a003822a80). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111912-19078-01. 11/19/2012 1:36:52 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107. 11/19/2012 1:36:52 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. 11/18/2012 8:53:01 PM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: A system shutdown is in progress. 11/17/2012 1:54:16 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Desktop2010-K\Kevin SID (S-1-5-21-4167307642-361513427-4124430374-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. . ==== End Of File ===========================