kk4flyer
-
Posts
19 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by kk4flyer
-
-
I changed setup to boot from CD/DVD and inserted recovery disk. It said "Windows is loading files...", then "Starting Windows", then came to a Dell DataSafe Local Backup screen. It said "Click 'Next' to restore your computer to the most recent Full System Backup. Files added or changed since that backup will be preserved and then copied back to your computer after the restoration is complete". There were 2 choices:
Run the program from my hard disk (recommended)
Continue with your System Recovery Disc
So I chose to run it from hard disk, and clicked Next. It instructed me to remove the Recovery Disk, so I did. It said it was going to reboot from the recovery partition. I clicked Finish and it tried to reboot, but failed as usual - black screen with cursor blinking in upper left.
I don't think I ever did a Full System Backup, so maybe that's why it failed.
-
I don't have a Windows 7 disk. I have a "recovery disk" that I made when I first got the computer. Unfortunately I can't find the documentation that told me to make the disk, so I don't know what it's for. It contains folders like "BOOT", "dell", "preload", "recovery", and some other files.
-
When I rebooted from hard drive, I got the same results as before: Saw Dell startup screen, then black screen with cursor blinking in upper left corner. Never got to Windows.
-
Here is the Kaspersky log:
<pre style='color:#141312;background-color:#ffffff;'>
bjects Scan: completed 1 minute ago (events: 311, objects: 2743488, time: 06:25:49)
12/4/12 8:06 AM Task completed
12/4/12 8:06 AM Untreated: Rootkit.Boot.Pihar.c /dev/sda Skipped by user
12/4/12 8:06 AM Untreated: Rootkit.Boot.Pihar.c /dev/sda Cannot be disinfected
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 5:18 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 2:13 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor OTHER.idz Read error
12/4/12 2:12 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor ANSI.idz Read error
12/4/12 2:12 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor ANSI.idz/AI2013_Inventor ANSI Read error
12/4/12 2:12 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor GOST.idz Read error
12/4/12 1:41 AM Untreated: Rootkit.Boot.Pihar.c /dev/sda Postponed
12/4/12 1:41 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
12/4/12 1:40 AM Task started
</pre>
-
Thanks, but I couldn't download that file. When I clicked the link I got the following error from Internet Explorer: "Unable to download pldumpit.ndf from noahdfear.net. Unable to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later."
I typed the URL in manually and got the same error.
-
Thanks for looking into it. I downloaded the drivers to the USB flash drive and booted from it, but got the same results. I tried it several times and it always failed the same way.
-
Same results as last attempt. I built the USB drive as directed and booted from it. I saw the xPUD language screen, chose English, but then it failed before it got to the next screen, so I couldn't follow the rest of your directions. Here is the text from the xPUD failure (I re-typed it, as I couldn't figure out how to get it off the sick computer):
Current Operating System: Linux (none) 2.6.31.2 #5 SMP Mon Dec 7 11:56:35 UTC 2009 i686
Kernel command line: noisapnp quiet initrd=/opt/media lang=en kmap=us BOOT_IMAGE=/boot/xpud
Build Date: 26 October 2009 05:15:02PM
xorg-server 2:1.6.4-2ubuntu4 (buildd@)
Before reporting problems, check http://wiki.x.org
To make sure that you have the latest version.
Markers: (--) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: “/var/log/Xorg.0.log”, Time: Fri Nov 30 00:25:05 2012
(==) Using config file: “/etc/X11.xorg.conf”
(EE) No devices detected.
Fatal server error:
no screens found
Please consult the The X.Org Foundation support
for help.
Please also check the log file at “/var/log/Xorg.0.log” for additional information.
ddxSigGiveUp: Closing log
[ 7.948164] sd 7:0:0:0: [sdf] Assuming drive cache: write through
[ 7.951560] sd 7:0:0:0: [sdf] Assuming drive cache: write through
[ 8.653775] sd 7:0:0:0: [sdf] Assuming drive cache: write through
giving up.
xinit: No such file or directory (errno 2 ): unable to connect to X server
xinit: No such process (errno 3): Server error.
Xauth: (argv):1: bad display name “(none):0” in “remove” command
Sh: no job control in this shell
Sh-4.0#
-
No, I can't boot. When I power up, I see the Dell startup screen, then a black screen with blinking cursor. I never get to Windows at all. I've verified that it's set up to boot from the hard drive.
-
Not good news, TheDarkKnight! I built the USB drive as directed and booted from it. I saw the xPUD language screen, chose English, but then it failed before it got to the next screen, so I couldn't follow the rest of your directions. Here is the text from the xPUD failure (I re-typed it, as I couldn't figure out how to get it off the sick computer):
Current Operating System: Linux (none) 2.6.31.2 #5 SMP Mon Dec 7 11:56:35 UTC 2009 i686
Kernel command line: noisapnp quiet initrd=/opt/media lang=en kmap=us BOOT_IMAGE=/boot/xpud
Build Date: 26 October 2009 05:15:02PM
xorg-server 2:1.6.4-2ubuntu4 (buildd@)
Before reporting problems, check http://wiki.x.org
To make sure that you have the latest version.
Markers: (--) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: “/var/log/Xorg.0.log”, Time: Fri Nov 30 00:25:05 2012
(==) Using config file: “/etc/X11.xorg.conf”
(EE) No devices detected.
Fatal server error:
no screens found
Please consult the The X.Org Foundation support
for help.
Please also check the log file at “/var/log/Xorg.0.log” for additional information.
ddxSigGiveUp: Closing log
[ 7.616898] sd 7:0:0:0: [sdf] Assuming drive cache: write through
[ 7.620062] sd 7:0:0:0: [sdf] Assuming drive cache: write through
[ 8.324030] sd 7:0:0:0: [sdf] Assuming drive cache: write through
giving up
xinit: No such file or directory (errno 2): unable to connect to X server
xinit: No such process (errno 3): Server error.
Xauth: (argv):1: bad display name “(none):0” in “remove” command
Sh: no job control in this shell
Sh-4.0#
I don't know what it was trying to do, or why it failed. I downloaded the files several times, to make sure I didn't just have a corrupted file, but got same results.
-
Still can't boot from hard drive.
-
OK, here's the new log from the RescueDisk. Looks like it appended today's results onto yesterday's results.
By the way, when I used Kaspersky's web browser to upload this log, it appeared to get redirected once.
<pre style='color:#141312;background-color:#ffffff;'>
Objects Scan: completed 1 day ago (events: 92, objects: 2750181, time: 08:13:32)
11/27/12 4:59 PM Task completed
11/27/12 4:59 PM Untreated: Rootkit.Boot.Pihar.c /dev/sda Skipped by user
11/27/12 4:59 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/27/12 4:59 PM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp Skipped by user
11/27/12 4:59 PM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp
11/27/12 4:59 PM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp Skipped by user
11/27/12 4:59 PM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp
11/27/12 4:59 PM Untreated: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Skipped by user
11/27/12 4:59 PM Detected: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS Skipped by user
11/27/12 4:59 PM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS
11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS Skipped by user
11/27/12 4:59 PM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS
11/27/12 4:59 PM Untreated: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir Skipped by user
11/27/12 4:59 PM Detected: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir
11/27/12 4:59 PM Untreated: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir Skipped by user
11/27/12 4:59 PM Detected: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir
11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Skipped by user
11/27/12 4:59 PM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS
11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Skipped by user
11/27/12 4:59 PM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS
11/27/12 4:59 PM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Skipped by user
11/27/12 4:59 PM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp
11/27/12 4:59 PM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Skipped by user
11/27/12 4:59 PM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp
11/27/12 4:59 PM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Skipped by user
11/27/12 4:59 PM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Skipped by user
11/27/12 4:58 PM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS
11/27/12 4:58 PM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Skipped by user
11/27/12 12:27 PM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS
11/27/12 11:22 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed
11/27/12 11:22 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/27/12 11:21 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed
11/27/12 11:21 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp
11/27/12 11:21 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed
11/27/12 11:21 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp
11/27/12 11:20 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed
11/27/12 11:20 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/27/12 11:13 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed
11/27/12 11:13 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/27/12 11:12 AM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed
11/27/12 11:12 AM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp
11/27/12 11:12 AM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed
11/27/12 11:12 AM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp
11/27/12 11:12 AM Untreated: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed
11/27/12 11:12 AM Detected: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/27/12 10:41 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Postponed
11/27/12 10:41 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS
11/27/12 10:41 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Postponed
11/27/12 10:41 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS
11/27/12 10:41 AM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS Postponed
11/27/12 10:41 AM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS Postponed
11/27/12 10:41 AM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS
11/27/12 10:41 AM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS
11/27/12 10:41 AM Untreated: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir Postponed
11/27/12 10:41 AM Untreated: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir Postponed
11/27/12 10:41 AM Detected: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir
11/27/12 10:41 AM Detected: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir
11/27/12 10:34 AM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Postponed
11/27/12 10:34 AM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Postponed
11/27/12 10:34 AM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS
11/27/12 10:34 AM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS
11/27/12 10:03 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed
11/27/12 10:03 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/27/12 10:02 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed
11/27/12 10:02 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp
11/27/12 10:02 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed
11/27/12 10:02 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp
11/27/12 10:01 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed
11/27/12 10:01 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/27/12 9:58 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed
11/27/12 9:58 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/27/12 9:57 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed
11/27/12 9:57 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp
11/27/12 9:57 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed
11/27/12 9:57 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp
11/27/12 9:57 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed
11/27/12 9:57 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/27/12 9:24 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Postponed
11/27/12 9:24 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Postponed
11/27/12 9:24 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS
11/27/12 9:24 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS
11/27/12 9:19 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor OTHER.idz Read error
11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/3rdParty/NET/4/wcu/dotNetFramework/dotNetFx40_Full_x86_x64.exe Read error
11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor ANSI.idz Read error
11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor GOST.idz Read error
11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor ANSI.idz/AI2013_Inventor ANSI Read error
11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/3rdParty/NET/4/wcu/dotNetFramework/dotNetFx40_Full_x86_x64.exe/netfx_Core.mzz Read error
11/27/12 8:46 AM Untreated: Rootkit.Boot.Pihar.c /dev/sda Postponed
11/27/12 8:46 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/27/12 8:46 AM Task started
Objects Scan: completed 1 minute ago (events: 382, objects: 2750183, time: 07:38:58)
11/28/12 5:44 PM Task completed
11/28/12 5:44 PM Untreated: Rootkit.Boot.Pihar.c /dev/sda Skipped by user
11/28/12 5:44 PM Untreated: Rootkit.Boot.Pihar.c /dev/sda Cannot be disinfected
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 5:44 PM Deleted: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir
11/28/12 5:44 PM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS
11/28/12 5:44 PM Deleted: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir
11/28/12 5:44 PM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS
11/28/12 5:44 PM Deleted: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir
11/28/12 5:44 PM Detected: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir
11/28/12 5:44 PM Deleted: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir
11/28/12 5:44 PM Detected: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir
11/28/12 5:44 PM Deleted: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp
11/28/12 5:43 PM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp
11/28/12 5:43 PM Deleted: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp
11/28/12 5:43 PM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp
11/28/12 5:42 PM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/28/12 5:42 PM Deleted: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp
11/28/12 5:41 PM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS
11/28/12 5:41 PM Deleted: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp
11/28/12 1:45 PM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS
11/28/12 12:41 PM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed
11/28/12 12:41 PM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/28/12 12:40 PM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed
11/28/12 12:40 PM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp
11/28/12 12:40 PM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed
11/28/12 12:40 PM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp
11/28/12 12:40 PM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed
11/28/12 12:40 PM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/28/12 12:32 PM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed
11/28/12 12:32 PM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/28/12 12:31 PM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed
11/28/12 12:31 PM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp
11/28/12 12:31 PM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed
11/28/12 12:31 PM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp
11/28/12 12:31 PM Untreated: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed
11/28/12 12:31 PM Detected: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/28/12 12:00 PM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Postponed
11/28/12 12:00 PM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS
11/28/12 12:00 PM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Postponed
11/28/12 12:00 PM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS
11/28/12 12:00 PM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS Postponed
11/28/12 12:00 PM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS Postponed
11/28/12 12:00 PM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS
11/28/12 12:00 PM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS
11/28/12 12:00 PM Untreated: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir Postponed
11/28/12 12:00 PM Untreated: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir Postponed
11/28/12 12:00 PM Detected: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir
11/28/12 12:00 PM Detected: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir
11/28/12 11:53 AM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Postponed
11/28/12 11:53 AM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Postponed
11/28/12 11:53 AM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS
11/28/12 11:53 AM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS
11/28/12 11:22 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed
11/28/12 11:22 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/28/12 11:21 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed
11/28/12 11:21 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp
11/28/12 11:21 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed
11/28/12 11:21 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp
11/28/12 11:21 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed
11/28/12 11:21 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/28/12 11:17 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed
11/28/12 11:17 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/28/12 11:16 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed
11/28/12 11:16 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp
11/28/12 11:16 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed
11/28/12 11:16 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp
11/28/12 11:16 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed
11/28/12 11:16 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/28/12 10:43 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Postponed
11/28/12 10:43 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS
11/28/12 10:43 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Postponed
11/28/12 10:43 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS
11/28/12 10:38 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor OTHER.idz Read error
11/28/12 10:37 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/3rdParty/NET/4/wcu/dotNetFramework/dotNetFx40_Full_x86_x64.exe Read error
11/28/12 10:37 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor ANSI.idz Read error
11/28/12 10:37 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor ANSI.idz/AI2013_Inventor ANSI Read error
11/28/12 10:37 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor GOST.idz Read error
11/28/12 10:37 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/3rdParty/NET/4/wcu/dotNetFramework/dotNetFx40_Full_x86_x64.exe/netfx_Core.mzz Read error
11/28/12 10:06 AM Untreated: Rootkit.Boot.Pihar.c /dev/sda Postponed
11/28/12 10:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/28/12 10:06 AM Task started
</pre>
-
Oops that didn't work. Here is the log:<pre style='color:#141312;background-color:#ffffff;'>
Objects Scan: completed 2 minutes ago (events: 92, objects: 2750181, time: 08:13:32)
11/27/12 4:59 PM Task completed
11/27/12 4:59 PM Untreated: Rootkit.Boot.Pihar.c /dev/sda Skipped by user
11/27/12 4:59 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/27/12 4:59 PM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp Skipped by user
11/27/12 4:59 PM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp
11/27/12 4:59 PM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp Skipped by user
11/27/12 4:59 PM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp
11/27/12 4:59 PM Untreated: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Skipped by user
11/27/12 4:59 PM Detected: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS Skipped by user
11/27/12 4:59 PM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS
11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS Skipped by user
11/27/12 4:59 PM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS
11/27/12 4:59 PM Untreated: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir Skipped by user
11/27/12 4:59 PM Detected: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir
11/27/12 4:59 PM Untreated: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir Skipped by user
11/27/12 4:59 PM Detected: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir
11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Skipped by user
11/27/12 4:59 PM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS
11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Skipped by user
11/27/12 4:59 PM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS
11/27/12 4:59 PM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Skipped by user
11/27/12 4:59 PM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp
11/27/12 4:59 PM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Skipped by user
11/27/12 4:59 PM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp
11/27/12 4:59 PM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Skipped by user
11/27/12 4:59 PM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Skipped by user
11/27/12 4:58 PM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS
11/27/12 4:58 PM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Skipped by user
11/27/12 12:27 PM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS
11/27/12 11:22 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed
11/27/12 11:22 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/27/12 11:21 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed
11/27/12 11:21 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp
11/27/12 11:21 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed
11/27/12 11:21 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp
11/27/12 11:20 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed
11/27/12 11:20 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/27/12 11:13 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed
11/27/12 11:13 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/27/12 11:12 AM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed
11/27/12 11:12 AM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp
11/27/12 11:12 AM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed
11/27/12 11:12 AM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp
11/27/12 11:12 AM Untreated: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed
11/27/12 11:12 AM Detected: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/27/12 10:41 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Postponed
11/27/12 10:41 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS
11/27/12 10:41 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Postponed
11/27/12 10:41 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS
11/27/12 10:41 AM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS Postponed
11/27/12 10:41 AM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS Postponed
11/27/12 10:41 AM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS
11/27/12 10:41 AM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS
11/27/12 10:41 AM Untreated: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir Postponed
11/27/12 10:41 AM Untreated: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir Postponed
11/27/12 10:41 AM Detected: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir
11/27/12 10:41 AM Detected: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir
11/27/12 10:34 AM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Postponed
11/27/12 10:34 AM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Postponed
11/27/12 10:34 AM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS
11/27/12 10:34 AM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS
11/27/12 10:03 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed
11/27/12 10:03 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/27/12 10:02 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed
11/27/12 10:02 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp
11/27/12 10:02 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed
11/27/12 10:02 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp
11/27/12 10:01 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed
11/27/12 10:01 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/27/12 9:58 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed
11/27/12 9:58 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/27/12 9:57 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed
11/27/12 9:57 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp
11/27/12 9:57 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed
11/27/12 9:57 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp
11/27/12 9:57 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed
11/27/12 9:57 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm
11/27/12 9:24 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Postponed
11/27/12 9:24 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Postponed
11/27/12 9:24 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS
11/27/12 9:24 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS
11/27/12 9:19 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor OTHER.idz Read error
11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/3rdParty/NET/4/wcu/dotNetFramework/dotNetFx40_Full_x86_x64.exe Read error
11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor ANSI.idz Read error
11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor GOST.idz Read error
11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor ANSI.idz/AI2013_Inventor ANSI Read error
11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/3rdParty/NET/4/wcu/dotNetFramework/dotNetFx40_Full_x86_x64.exe/netfx_Core.mzz Read error
11/27/12 8:46 AM Untreated: Rootkit.Boot.Pihar.c /dev/sda Postponed
11/27/12 8:46 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/27/12 8:46 AM Task started
</pre>
-
Thanks for the info. I booted from the RescueDisk and completed the scan. I did not allow the tool to fix the problems; was I supposed to? Anyway, here is the log.
-
Thanks for your reply. Unfortunately, I can't even boot the computer now. When I power it up, I see the Dell startup screen, then it goes to a black screen with cursor blinking in upper left. And it stays there... forever. If I hit F2 as it boots, I get to the CMOS Setup Utility screen. If I hit F12 as it boots, I get to the boot device screen. Any ideas on how to get it to boot properly?
-
Thank you for your reply. Here is the result.txt from Listparts64:
ListParts by Farbar Version: 30-10-2012
Ran by Kevin (administrator) on 25-11-2012 at 09:25:06
Windows 7 (X64)
Running From: C:\Users\Kevin\Desktop
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 18%
Total physical RAM: 8151.08 MB
Available physical RAM: 6637.13 MB
Total Pagefile: 16300.35 MB
Available Pagefile: 14887.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:791.39 GB) NTFS
7 Drive v: (TI105957W0F) (Network) (Total:452.7 GB) (Free:395.91 GB) NTFS
8 Drive w: (TI105957W0F) (Network) (Total:452.7 GB) (Free:395.91 GB) NTFS
9 Drive x: (TI105957W0F) (Network) (Total:452.7 GB) (Free:395.91 GB) NTFS
10 Drive y: (TI105957W0F) (Network) (Total:452.7 GB) (Free:395.91 GB) NTFS
11 Drive z: (TI105957W0F) (Network) (Total:452.7 GB) (Free:395.91 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 12 GB 40 MB
Partition 3 Primary 919 GB 12 GB
======================================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
There is no volume associated with this partition.
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 RECOVERY NTFS Partition 12 GB Healthy System (partition with boot components)
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 919 GB Healthy Boot
======================================================================================================
****** End Of Log ******
-
Thanks again for your help!
I was able to log in normally and run the Farbar Recovery Scan Tool. Here are the results:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2012
Ran by SYSTEM at 24-11-2012 21:51:51
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8158240 2009-10-06] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon [652624 2007-10-25] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1840720 2007-09-13] (CANON INC.)
HKLM\...\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [McPvTray_exe] "C:\Program Files\McAfee\MAT\McPvTray.exe" [436384 2011-04-08] (McAfee, Inc.)
HKLM\...\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-05-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [updReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [73728 2007-06-13] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.)
HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
HKLM-x32\...\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1446248 2011-12-15] (Garmin)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1632216 2012-07-23] (Autodesk, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKU\Allison\...\Policies\system: [LogonHoursAction] 2
HKU\Allison\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Jan\...\Policies\system: [LogonHoursAction] 2
HKU\Jan\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Kevin\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKU\Kevin\...\Run: [Akamai NetSession Interface] "C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)
HKU\Kevin\...\Policies\system: [LogonHoursAction] 2
HKU\Kevin\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Ryan\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Ryan\...\Run: [Google Update] "C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-09-15] (Google Inc.)
HKU\Ryan\...\Policies\system: [LogonHoursAction] 2
HKU\Ryan\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-12] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\Allison\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Jan\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Kevin\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Kevin\Start Menu\Programs\Startup\GoZone iSync.lnk
ShortcutTarget: GoZone iSync.lnk -> C:\Program Files (x86)\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
Startup: C:\Users\Ryan\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
==================== Services (Whitelisted) ===================
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [502032 2012-04-19] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)
2 mitsijm2013; "C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe" [339776 2012-01-30] ( )
2 MOBKbackup; "C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe" [231224 2010-04-13] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
==================== Drivers (Whitelisted) =====================
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
0 McPvDrv; C:\Windows\System32\Drivers\McPvDrv.sys [71800 2011-04-11] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
1 RxFilter; C:\Windows\SysWow64\Drivers\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 mfeavfk01; [x]
3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2012-11-24 21:51 - 2012-11-24 21:51 - 00000000 ____D C:\FRST
2012-11-24 20:29 - 2009-07-13 19:14 - 00020480 ____N (Microsoft Corporation) C:\Windows\svchost.exe
2012-11-24 11:24 - 2012-11-24 11:24 - 00001215 ____A C:\Users\Kevin\Desktop\AdwCleaner[R1].txt
2012-11-24 11:24 - 2012-11-24 11:24 - 00001215 ____A C:\AdwCleaner[R1].txt
2012-11-24 11:21 - 2012-11-24 11:21 - 00480125 ____A C:\Users\Kevin\Desktop\adwcleaner.exe
2012-11-24 11:18 - 2012-11-24 11:16 - 00024464 ____A C:\Users\Kevin\Desktop\ComboFix.txt
2012-11-24 11:16 - 2012-11-24 11:16 - 00024464 ____A C:\ComboFix.txt
2012-11-24 10:53 - 2011-06-26 00:45 - 00256000 ____A C:\Windows\PEV.exe
2012-11-24 10:53 - 2010-11-07 11:20 - 00208896 ____A C:\Windows\MBR.exe
2012-11-24 10:53 - 2009-04-19 22:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-11-24 10:53 - 2000-08-30 18:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-11-24 10:53 - 2000-08-30 18:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-11-24 10:53 - 2000-08-30 18:00 - 00098816 ____A C:\Windows\sed.exe
2012-11-24 10:53 - 2000-08-30 18:00 - 00080412 ____A C:\Windows\grep.exe
2012-11-24 10:53 - 2000-08-30 18:00 - 00068096 ____A C:\Windows\zip.exe
2012-11-24 10:48 - 2012-11-24 11:16 - 00000000 ____D C:\Qoobox
2012-11-24 10:47 - 2012-11-24 11:14 - 00000000 ____D C:\Windows\erdnt
2012-11-24 10:45 - 2012-11-24 10:42 - 05006466 ____R (Swearware) C:\Users\Kevin\Desktop\ComboFix.exe
2012-11-24 10:40 - 2012-11-24 10:40 - 00000960 ____A C:\Users\Public\Desktop\7-zip.lnk
2012-11-24 10:40 - 2012-11-24 10:40 - 00000960 ____A C:\Users\All Users\Desktop\7-zip.lnk
2012-11-24 10:40 - 2012-11-24 10:40 - 00000000 ____D C:\Program Files (x86)\7-zip
2012-11-24 10:37 - 2012-11-24 10:37 - 01639104 ____A (W3i, LLC) C:\Users\Kevin\Downloads\7zip_installer_d162802.exe
2012-11-24 10:31 - 2012-11-24 10:31 - 00275336 ____A C:\Windows\Minidump\112412-28470-01.dmp
2012-11-24 09:05 - 2012-11-24 09:05 - 00275336 ____A C:\Windows\Minidump\112412-29858-01.dmp
2012-11-23 20:59 - 2012-11-23 20:59 - 00031735 ____A C:\Users\Kevin\Desktop\attach.txt
2012-11-23 20:59 - 2012-11-23 20:59 - 00024825 ____A C:\Users\Kevin\Desktop\dds.txt
2012-11-23 20:57 - 2012-11-23 20:57 - 00688992 ____R (Swearware) C:\Users\Kevin\Desktop\dds.com
2012-11-23 20:57 - 2012-11-23 20:57 - 00688992 ____A (Swearware) C:\Users\Kevin\Downloads\dds.com
2012-11-23 20:53 - 2012-11-23 20:53 - 00688992 ____A (Swearware) C:\Users\Kevin\Downloads\dds.scr
2012-11-23 20:41 - 2012-11-23 20:41 - 00275336 ____A C:\Windows\Minidump\112312-29125-01.dmp
2012-11-23 20:38 - 2012-11-23 20:38 - 00275336 ____A C:\Windows\Minidump\112312-31496-01.dmp
2012-11-23 20:33 - 2012-11-23 20:33 - 00275336 ____A C:\Windows\Minidump\112312-36363-01.dmp
2012-11-23 20:03 - 2012-11-23 20:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-23 20:03 - 2012-11-23 20:03 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-23 20:03 - 2012-11-23 20:03 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-23 19:59 - 2012-11-23 20:01 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Kevin\Downloads\mbam-setup-1.65.1.1000.exe
2012-11-23 19:30 - 2012-11-23 19:30 - 00275336 ____A C:\Windows\Minidump\112312-29983-01.dmp
2012-11-23 19:26 - 2012-11-23 19:26 - 00275336 ____A C:\Windows\Minidump\112312-20108-01.dmp
2012-11-23 19:23 - 2012-11-23 19:23 - 00275336 ____A C:\Windows\Minidump\112312-23852-01.dmp
2012-11-23 18:40 - 2012-11-23 18:41 - 00275392 ____A C:\Windows\Minidump\112312-31964-01.dmp
2012-11-23 18:17 - 2012-11-23 18:17 - 00275392 ____A C:\Windows\Minidump\112312-36254-01.dmp
2012-11-23 18:09 - 2012-11-23 18:09 - 00275336 ____A C:\Windows\Minidump\112312-56082-01.dmp
2012-11-23 17:02 - 2012-11-23 17:02 - 00275336 ____A C:\Windows\Minidump\112312-30856-01.dmp
2012-11-22 22:59 - 2012-11-22 22:59 - 00275336 ____A C:\Windows\Minidump\112212-21699-01.dmp
2012-11-22 12:02 - 2012-11-23 19:15 - 00000181 ____A C:\Windows\wininit.ini
2012-11-21 21:01 - 2012-11-21 21:01 - 00000000 ____D C:\Users\All Users\McAfee Anti-Theft
2012-11-21 21:01 - 2012-11-21 21:01 - 00000000 ____D C:\Users\All Users\Application Data\McAfee Anti-Theft
2012-11-21 20:59 - 2012-11-21 20:59 - 00275336 ____A C:\Windows\Minidump\112112-32869-01.dmp
2012-11-20 19:26 - 2012-11-20 19:26 - 00000000 ____D C:\Users\Ryan\Desktop\mc-edit
2012-11-19 17:22 - 2012-11-19 17:22 - 00275392 ____A C:\Windows\Minidump\111912-19078-01.dmp
2012-11-17 10:41 - 2012-11-21 09:25 - 00000000 ____D C:\Users\Ryan\Desktop\factions1.4.5
2012-11-17 00:05 - 2012-11-24 10:22 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-11-17 00:05 - 2012-11-24 10:22 - 00000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy
2012-11-17 00:05 - 2012-11-17 00:07 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-11-17 00:05 - 2012-11-17 00:05 - 00001260 ____A C:\Users\Kevin\Desktop\Spybot - Search & Destroy.lnk
2012-11-16 15:47 - 2012-11-16 15:47 - 00000000 ____D C:\Users\Ryan\Desktop\roblox
2012-11-14 19:59 - 2012-07-25 22:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-14 19:59 - 2012-07-25 22:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-14 19:59 - 2012-07-25 20:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-14 19:59 - 2012-06-02 08:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-14 19:55 - 2012-10-08 06:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-14 19:55 - 2012-10-08 05:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-14 19:55 - 2012-10-08 05:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-14 19:55 - 2012-10-08 05:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-14 19:55 - 2012-10-08 05:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-14 19:55 - 2012-10-08 05:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-14 19:55 - 2012-10-08 05:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-14 19:55 - 2012-10-08 05:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-14 19:55 - 2012-10-08 05:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-14 19:55 - 2012-10-08 05:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-14 19:55 - 2012-10-08 05:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-14 19:55 - 2012-10-08 05:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-14 19:55 - 2012-10-08 05:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-14 19:55 - 2012-10-08 05:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-14 19:55 - 2012-10-08 05:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-14 19:55 - 2012-10-08 05:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-14 19:55 - 2012-10-08 02:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-14 19:55 - 2012-10-08 02:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-14 19:55 - 2012-10-08 01:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-14 19:55 - 2012-10-08 01:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-14 19:55 - 2012-10-08 01:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-14 19:55 - 2012-10-08 01:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-14 19:55 - 2012-10-08 01:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-14 19:55 - 2012-10-08 01:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-14 19:55 - 2012-10-08 01:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-14 19:55 - 2012-10-08 01:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-14 19:55 - 2012-10-08 01:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-14 19:55 - 2012-10-08 01:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-14 19:55 - 2012-10-08 01:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-14 19:55 - 2012-10-08 01:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-14 19:55 - 2012-10-08 01:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-14 19:55 - 2012-10-08 01:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-14 19:53 - 2012-07-25 21:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-14 19:53 - 2012-07-25 21:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-14 19:53 - 2012-07-25 21:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-14 19:53 - 2012-07-25 21:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-14 19:53 - 2012-07-25 21:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-14 19:53 - 2012-07-25 20:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-14 19:53 - 2012-07-25 20:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-14 19:53 - 2012-06-02 08:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-14 10:33 - 2012-10-18 12:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-14 10:33 - 2012-10-09 12:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-14 10:33 - 2012-10-09 12:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-14 10:33 - 2012-10-09 11:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-14 10:33 - 2012-10-09 11:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-14 10:33 - 2012-10-03 11:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-14 10:33 - 2012-10-03 11:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-14 10:33 - 2012-10-03 11:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-14 10:33 - 2012-10-03 11:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-14 10:33 - 2012-10-03 11:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-14 10:33 - 2012-10-03 11:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-14 10:33 - 2012-10-03 11:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-14 10:33 - 2012-10-03 10:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-14 10:33 - 2012-10-03 10:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-14 10:33 - 2012-10-03 10:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-14 10:33 - 2012-10-03 10:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-14 10:33 - 2012-09-25 16:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-14 10:33 - 2012-09-25 16:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-14 10:33 - 2012-01-13 01:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-11-10 12:24 - 2012-11-10 12:24 - 00025196 ____A C:\Users\Ryan\Downloads\hs_err_pid19140.log
2012-11-03 09:21 - 2012-11-03 09:21 - 00002727 ____A C:\Users\Ryan\.recently-used.xbel
2012-11-03 09:19 - 2012-11-03 09:19 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\{4D776D23-61D0-4DB1-944C-F2B0A998E4C8}
2012-11-03 09:19 - 2012-11-03 09:19 - 00000000 ____D C:\Users\Ryan\Local Settings\{4D776D23-61D0-4DB1-944C-F2B0A998E4C8}
2012-11-03 09:19 - 2012-11-03 09:19 - 00000000 ____D C:\Users\Ryan\AppData\Local\{4D776D23-61D0-4DB1-944C-F2B0A998E4C8}
2012-11-01 14:30 - 2012-11-01 15:10 - 00000000 ____D C:\Users\Ryan\Application Data\Google
2012-11-01 14:30 - 2012-11-01 15:10 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Google
2012-10-31 20:53 - 2012-11-10 15:59 - 00032332 ____A C:\Users\Public\Documents\Contacts.xlsx
2012-10-31 20:53 - 2012-11-10 15:59 - 00032332 ____A C:\Users\All Users\Documents\Contacts.xlsx
2012-10-30 08:05 - 2012-10-30 08:05 - 00275336 ____A C:\Windows\Minidump\103012-16395-01.dmp
2012-10-29 12:31 - 2012-10-29 12:31 - 00005347 ____A C:\Users\Ryan\My Documents\xD.wlmp
2012-10-29 12:31 - 2012-10-29 12:31 - 00005347 ____A C:\Users\Ryan\Documents\xD.wlmp
2012-10-29 12:28 - 2012-10-29 12:32 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\{3DBE31DA-234D-490B-B004-D5E5904F60FF}
2012-10-29 12:28 - 2012-10-29 12:32 - 00000000 ____D C:\Users\Ryan\Local Settings\{3DBE31DA-234D-490B-B004-D5E5904F60FF}
2012-10-29 12:28 - 2012-10-29 12:32 - 00000000 ____D C:\Users\Ryan\AppData\Local\{3DBE31DA-234D-490B-B004-D5E5904F60FF}
2012-10-29 12:28 - 2012-10-29 12:28 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\{490B9340-72EF-44C6-ADD5-F498084C4207}
2012-10-29 12:28 - 2012-10-29 12:28 - 00000000 ____D C:\Users\Ryan\Local Settings\{490B9340-72EF-44C6-ADD5-F498084C4207}
2012-10-29 12:28 - 2012-10-29 12:28 - 00000000 ____D C:\Users\Ryan\AppData\Local\{490B9340-72EF-44C6-ADD5-F498084C4207}
2012-10-29 10:41 - 2012-11-12 08:54 - 00000000 ____D C:\Users\Ryan\Desktop\server
2012-10-29 10:09 - 2012-10-29 10:09 - 00000000 ____A C:\Users\Ryan\Downloads\Reach The End.rar.wteotfn.partial
2012-10-29 09:56 - 2012-10-29 09:57 - 17353763 ____A C:\Users\Ryan\Desktop\Its Better Together V1.4.zip
2012-10-29 09:03 - 2012-11-20 20:14 - 00000000 ____D C:\Users\Ryan\Desktop\plugins
2012-10-29 09:03 - 2012-11-20 19:34 - 00000000 ____D C:\Users\Ryan\Desktop\old servers
2012-10-28 17:29 - 2012-10-28 17:29 - 00001698 ____A C:\Users\Ryan\Desktop\Inventor.exe - Shortcut.lnk
2012-10-27 10:10 - 2012-10-27 10:10 - 00000000 ____D C:\Users\Kevin\My Documents\Autoloader
2012-10-27 10:10 - 2012-10-27 10:10 - 00000000 ____D C:\Users\Kevin\Documents\Autoloader
2012-10-27 10:02 - 2012-10-27 10:03 - 00000000 ____D C:\Users\Allison\My Documents\Inventor
2012-10-27 10:02 - 2012-10-27 10:03 - 00000000 ____D C:\Users\Allison\Documents\Inventor
2012-10-27 10:01 - 2012-10-27 10:01 - 00000000 ____D C:\Users\Allison\My Documents\Autoloader
2012-10-27 10:01 - 2012-10-27 10:01 - 00000000 ____D C:\Users\Allison\Documents\Autoloader
2012-10-27 09:59 - 2012-10-27 10:04 - 00000000 ____D C:\Users\Allison\Application Data\Autodesk
2012-10-27 09:59 - 2012-10-27 10:04 - 00000000 ____D C:\Users\Allison\AppData\Roaming\Autodesk
2012-10-27 09:35 - 2012-10-27 09:35 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-10-27 09:35 - 2012-10-27 09:35 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-10-27 09:35 - 2012-08-21 11:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-10-27 09:34 - 2012-10-27 09:35 - 00000000 ____D C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-27 09:34 - 2012-10-27 09:35 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-27 09:34 - 2012-10-27 09:35 - 00000000 ____D C:\Program Files\iTunes
2012-10-27 09:34 - 2012-10-27 09:35 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-10-27 09:34 - 2012-10-27 09:34 - 00000000 ____D C:\Program Files\iPod
2012-10-27 09:30 - 2012-10-27 09:30 - 00000000 ____D C:\Users\Jan\My Documents\Autoloader
2012-10-27 09:30 - 2012-10-27 09:30 - 00000000 ____D C:\Users\Jan\Documents\Autoloader
2012-10-27 09:26 - 2012-10-27 09:28 - 00000000 ____D C:\Users\Jan\My Documents\Inventor
2012-10-27 09:26 - 2012-10-27 09:28 - 00000000 ____D C:\Users\Jan\Documents\Inventor
2012-10-27 09:25 - 2012-10-27 09:30 - 00000000 ____D C:\Users\Jan\Application Data\Autodesk
2012-10-27 09:25 - 2012-10-27 09:30 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Autodesk
2012-10-25 21:49 - 2012-10-28 16:44 - 00000000 ____D C:\Users\Kevin\Application Data\System
2012-10-25 21:49 - 2012-10-28 16:44 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\System
2012-10-25 18:06 - 2012-10-25 18:06 - 00000000 ____D C:\Users\Ryan\Local Settings\Autodesk,_Inc
2012-10-25 18:06 - 2012-10-25 18:06 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\Autodesk,_Inc
2012-10-25 18:06 - 2012-10-25 18:06 - 00000000 ____D C:\Users\Ryan\AppData\Local\Autodesk,_Inc
2012-10-25 17:31 - 2012-10-25 17:31 - 00000000 ____D C:\Users\Ryan\Local Settings\Granta Design
2012-10-25 17:31 - 2012-10-25 17:31 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\Granta Design
2012-10-25 17:31 - 2012-10-25 17:31 - 00000000 ____D C:\Users\Ryan\AppData\Local\Granta Design
2012-10-25 17:29 - 2012-10-25 17:31 - 00000000 ____D C:\Users\Ryan\My Documents\Inventor
2012-10-25 17:29 - 2012-10-25 17:31 - 00000000 ____D C:\Users\Ryan\Documents\Inventor
2012-10-25 16:59 - 2012-10-27 10:12 - 00000000 ____D C:\Users\Kevin\My Documents\Inventor
2012-10-25 16:59 - 2012-10-27 10:12 - 00000000 ____D C:\Users\Kevin\Documents\Inventor
2012-10-25 16:57 - 2012-10-25 16:57 - 00000000 ____D C:\Users\Kevin\My Documents\Autodesk
2012-10-25 16:57 - 2012-10-25 16:57 - 00000000 ____D C:\Users\Kevin\Documents\Autodesk
2012-10-25 16:57 - 2012-10-25 16:57 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2012-10-25 16:54 - 2012-10-25 17:26 - 00000000 ____D C:\Users\Public\Documents\Autodesk
2012-10-25 16:54 - 2012-10-25 17:26 - 00000000 ____D C:\Users\All Users\Documents\Autodesk
2012-10-25 16:46 - 2012-10-25 17:26 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2012-10-25 16:46 - 2012-10-25 16:46 - 00000000 ____D C:\Program Files (x86)\DWG TrueView 2013
2012-10-25 16:45 - 2012-10-25 17:26 - 00000000 ____D C:\Program Files\Autodesk
2012-10-25 16:42 - 2012-10-25 16:42 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE
2012-10-25 16:27 - 2012-10-25 16:28 - 22231488 ____A C:\Users\Ryan\Downloads\Autodesk_Inventor_2013_English_Win_64bit_wi_en-US_Setup1.exe
2012-10-25 16:24 - 2012-10-25 16:25 - 22228664 ____A C:\Users\Ryan\Downloads\Autodesk_Inventor_2013_English_Win_32bit_wi_en-US_Setup1.exe
==================== One Month Modified Files and Folders =======
2012-11-24 21:51 - 2012-11-24 21:51 - 00000000 ____D C:\FRST
2012-11-24 20:47 - 2009-07-13 23:10 - 01151084 ____A C:\Windows\WindowsUpdate.log
2012-11-24 20:46 - 2012-08-28 18:30 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-24 20:46 - 2009-07-13 22:51 - 00132386 ____A C:\Windows\setupact.log
2012-11-24 20:45 - 2012-08-28 18:30 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-24 20:45 - 2011-12-11 13:47 - 00000000 __RSD C:\Users\Kevin\My Documents\McAfee Vaults
2012-11-24 20:45 - 2011-12-11 13:47 - 00000000 __RSD C:\Users\Kevin\Documents\McAfee Vaults
2012-11-24 20:45 - 2010-12-22 23:02 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
2012-11-24 20:45 - 2010-12-22 23:02 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2012-11-24 20:45 - 2010-12-22 23:02 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-11-24 20:45 - 2010-12-22 23:02 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2012-11-24 20:45 - 2010-12-22 23:02 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2012-11-24 20:45 - 2010-12-22 23:02 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-11-24 20:45 - 2010-12-22 22:40 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-11-24 20:44 - 2011-04-17 21:07 - 00000422 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-11-24 20:38 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-24 20:38 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-24 20:30 - 2011-12-18 15:54 - 00000000 __RSD C:\Users\Allison\My Documents\McAfee Vaults
2012-11-24 20:30 - 2011-12-18 15:54 - 00000000 __RSD C:\Users\Allison\Documents\McAfee Vaults
2012-11-24 20:28 - 2010-12-23 00:31 - 00105634 ____A C:\Windows\PFRO.log
2012-11-24 20:28 - 2009-07-13 23:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-24 11:24 - 2012-11-24 11:24 - 00001215 ____A C:\Users\Kevin\Desktop\AdwCleaner[R1].txt
2012-11-24 11:24 - 2012-11-24 11:24 - 00001215 ____A C:\AdwCleaner[R1].txt
2012-11-24 11:21 - 2012-11-24 11:21 - 00480125 ____A C:\Users\Kevin\Desktop\adwcleaner.exe
2012-11-24 11:16 - 2012-11-24 11:18 - 00024464 ____A C:\Users\Kevin\Desktop\ComboFix.txt
2012-11-24 11:16 - 2012-11-24 11:16 - 00024464 ____A C:\ComboFix.txt
2012-11-24 11:16 - 2012-11-24 10:48 - 00000000 ____D C:\Qoobox
2012-11-24 11:14 - 2012-11-24 10:47 - 00000000 ____D C:\Windows\erdnt
2012-11-24 11:14 - 2009-07-13 20:34 - 00000215 ____A C:\Windows\system.ini
2012-11-24 10:42 - 2012-11-24 10:45 - 05006466 ____R (Swearware) C:\Users\Kevin\Desktop\ComboFix.exe
2012-11-24 10:40 - 2012-11-24 10:40 - 00000960 ____A C:\Users\Public\Desktop\7-zip.lnk
2012-11-24 10:40 - 2012-11-24 10:40 - 00000960 ____A C:\Users\All Users\Desktop\7-zip.lnk
2012-11-24 10:40 - 2012-11-24 10:40 - 00000000 ____D C:\Program Files (x86)\7-zip
2012-11-24 10:37 - 2012-11-24 10:37 - 01639104 ____A (W3i, LLC) C:\Users\Kevin\Downloads\7zip_installer_d162802.exe
2012-11-24 10:31 - 2012-11-24 10:31 - 00275336 ____A C:\Windows\Minidump\112412-28470-01.dmp
2012-11-24 10:31 - 2011-10-05 15:42 - 447978731 ____A C:\Windows\MEMORY.DMP
2012-11-24 10:31 - 2011-10-05 15:42 - 00000000 ____D C:\Windows\Minidump
2012-11-24 10:22 - 2012-11-17 00:05 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-11-24 10:22 - 2012-11-17 00:05 - 00000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy
2012-11-24 09:05 - 2012-11-24 09:05 - 00275336 ____A C:\Windows\Minidump\112412-29858-01.dmp
2012-11-23 21:12 - 2011-05-11 19:37 - 00000000 ____D C:\Users\Kevin\My Documents\Outlook Files
2012-11-23 21:12 - 2011-05-11 19:37 - 00000000 ____D C:\Users\Kevin\Documents\Outlook Files
2012-11-23 20:59 - 2012-11-23 20:59 - 00031735 ____A C:\Users\Kevin\Desktop\attach.txt
2012-11-23 20:59 - 2012-11-23 20:59 - 00024825 ____A C:\Users\Kevin\Desktop\dds.txt
2012-11-23 20:57 - 2012-11-23 20:57 - 00688992 ____R (Swearware) C:\Users\Kevin\Desktop\dds.com
2012-11-23 20:57 - 2012-11-23 20:57 - 00688992 ____A (Swearware) C:\Users\Kevin\Downloads\dds.com
2012-11-23 20:53 - 2012-11-23 20:53 - 00688992 ____A (Swearware) C:\Users\Kevin\Downloads\dds.scr
2012-11-23 20:41 - 2012-11-23 20:41 - 00275336 ____A C:\Windows\Minidump\112312-29125-01.dmp
2012-11-23 20:38 - 2012-11-23 20:38 - 00275336 ____A C:\Windows\Minidump\112312-31496-01.dmp
2012-11-23 20:33 - 2012-11-23 20:33 - 00275336 ____A C:\Windows\Minidump\112312-36363-01.dmp
2012-11-23 20:19 - 2012-09-23 16:14 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4167307642-361513427-4124430374-1003UA.job
2012-11-23 20:10 - 2012-03-30 21:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-23 20:04 - 2012-11-23 20:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-23 20:03 - 2012-11-23 20:03 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-23 20:03 - 2012-11-23 20:03 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-23 20:01 - 2012-11-23 19:59 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Kevin\Downloads\mbam-setup-1.65.1.1000.exe
2012-11-23 19:56 - 2011-03-06 14:21 - 00000000 ____D C:\Users\Kevin\My Documents\Kevin's stuff
2012-11-23 19:56 - 2011-03-06 14:21 - 00000000 ____D C:\Users\Kevin\Documents\Kevin's stuff
2012-11-23 19:53 - 2011-03-06 14:22 - 00000000 ____D C:\Users\Public\Documents\Ryan
2012-11-23 19:53 - 2011-03-06 14:22 - 00000000 ____D C:\Users\All Users\Documents\Ryan
2012-11-23 19:50 - 2011-10-23 14:42 - 00000000 ____D C:\Users\Allison\My Documents\Outlook Files
2012-11-23 19:50 - 2011-10-23 14:42 - 00000000 ____D C:\Users\Allison\Documents\Outlook Files
2012-11-23 19:30 - 2012-11-23 19:30 - 00275336 ____A C:\Windows\Minidump\112312-29983-01.dmp
2012-11-23 19:26 - 2012-11-23 19:26 - 00275336 ____A C:\Windows\Minidump\112312-20108-01.dmp
2012-11-23 19:23 - 2012-11-23 19:23 - 00275336 ____A C:\Windows\Minidump\112312-23852-01.dmp
2012-11-23 19:15 - 2012-11-22 12:02 - 00000181 ____A C:\Windows\wininit.ini
2012-11-23 18:56 - 2012-04-22 18:24 - 00000000 ____D C:\Users\Ryan\My Documents\Outlook Files
2012-11-23 18:56 - 2012-04-22 18:24 - 00000000 ____D C:\Users\Ryan\Documents\Outlook Files
2012-11-23 18:54 - 2011-05-11 20:06 - 00000000 ____D C:\Users\Jan\My Documents\Outlook Files
2012-11-23 18:54 - 2011-05-11 20:06 - 00000000 ____D C:\Users\Jan\Documents\Outlook Files
2012-11-23 18:41 - 2012-11-23 18:40 - 00275392 ____A C:\Windows\Minidump\112312-31964-01.dmp
2012-11-23 18:20 - 2011-12-11 16:14 - 00000000 __RSD C:\Users\Ryan\My Documents\McAfee Vaults
2012-11-23 18:20 - 2011-12-11 16:14 - 00000000 __RSD C:\Users\Ryan\Documents\McAfee Vaults
2012-11-23 18:17 - 2012-11-23 18:17 - 00275392 ____A C:\Windows\Minidump\112312-36254-01.dmp
2012-11-23 18:10 - 2011-12-11 13:50 - 00000000 __RSD C:\Users\Jan\My Documents\McAfee Vaults
2012-11-23 18:10 - 2011-12-11 13:50 - 00000000 __RSD C:\Users\Jan\Documents\McAfee Vaults
2012-11-23 18:09 - 2012-11-23 18:09 - 00275336 ____A C:\Windows\Minidump\112312-56082-01.dmp
2012-11-23 17:02 - 2012-11-23 17:02 - 00275336 ____A C:\Windows\Minidump\112312-30856-01.dmp
2012-11-22 22:59 - 2012-11-22 22:59 - 00275336 ____A C:\Windows\Minidump\112212-21699-01.dmp
2012-11-22 22:34 - 2011-03-06 13:59 - 00000000 ____D C:\Users\Kevin\My Documents\BACKUP
2012-11-22 22:34 - 2011-03-06 13:59 - 00000000 ____D C:\Users\Kevin\Documents\BACKUP
2012-11-22 21:24 - 2011-03-06 14:19 - 00000000 ____D C:\Users\Kevin\My Documents\Finances
2012-11-22 21:24 - 2011-03-06 14:19 - 00000000 ____D C:\Users\Kevin\Documents\Finances
2012-11-22 17:19 - 2012-09-23 16:14 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4167307642-361513427-4124430374-1003Core.job
2012-11-22 00:20 - 2011-01-29 20:55 - 00797354 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-11-21 21:01 - 2012-11-21 21:01 - 00000000 ____D C:\Users\All Users\McAfee Anti-Theft
2012-11-21 21:01 - 2012-11-21 21:01 - 00000000 ____D C:\Users\All Users\Application Data\McAfee Anti-Theft
2012-11-21 20:59 - 2012-11-21 20:59 - 00275336 ____A C:\Windows\Minidump\112112-32869-01.dmp
2012-11-21 20:53 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\sysprep
2012-11-21 20:51 - 2012-03-30 12:46 - 00000000 ____D C:\Users\Ryan\Application Data\Skype
2012-11-21 20:51 - 2012-03-30 12:46 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Skype
2012-11-21 09:26 - 2011-10-22 09:24 - 00000000 ____D C:\Users\Ryan\Application Data\.minecraft
2012-11-21 09:26 - 2011-10-22 09:24 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\.minecraft
2012-11-21 09:25 - 2012-11-17 10:41 - 00000000 ____D C:\Users\Ryan\Desktop\factions1.4.5
2012-11-20 20:14 - 2012-10-29 09:03 - 00000000 ____D C:\Users\Ryan\Desktop\plugins
2012-11-20 19:34 - 2012-10-29 09:03 - 00000000 ____D C:\Users\Ryan\Desktop\old servers
2012-11-20 19:26 - 2012-11-20 19:26 - 00000000 ____D C:\Users\Ryan\Desktop\mc-edit
2012-11-20 08:30 - 2011-10-24 11:58 - 00078848 __ASH C:\Users\Jan\My Documents\Thumbs.db
2012-11-20 08:30 - 2011-10-24 11:58 - 00078848 __ASH C:\Users\Jan\Documents\Thumbs.db
2012-11-19 17:22 - 2012-11-19 17:22 - 00275392 ____A C:\Windows\Minidump\111912-19078-01.dmp
2012-11-19 17:22 - 2009-07-13 23:08 - 00032584 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-11-19 08:03 - 2011-03-06 14:21 - 00000000 ____D C:\Users\Jan\My Documents\Christmas
2012-11-19 08:03 - 2011-03-06 14:21 - 00000000 ____D C:\Users\Jan\Documents\Christmas
2012-11-19 07:58 - 2012-05-28 12:59 - 00000000 ____D C:\Users\Public\Documents\Jan
2012-11-19 07:58 - 2012-05-28 12:59 - 00000000 ____D C:\Users\All Users\Documents\Jan
2012-11-19 07:58 - 2012-05-28 08:01 - 00000000 ____D C:\Users\Jan\My Documents\Shopping
2012-11-19 07:58 - 2012-05-28 08:01 - 00000000 ____D C:\Users\Jan\Documents\Shopping
2012-11-19 07:01 - 2011-04-17 21:07 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-11-17 16:14 - 2012-07-14 20:08 - 00036455 ____A C:\Users\Public\Documents\Passwords.xlsx
2012-11-17 16:14 - 2012-07-14 20:08 - 00036455 ____A C:\Users\All Users\Documents\Passwords.xlsx
2012-11-17 13:57 - 2012-03-27 17:27 - 00000000 ____D C:\Users\Kevin\Application Data\Skype
2012-11-17 13:57 - 2012-03-27 17:27 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Skype
2012-11-17 13:57 - 2011-03-06 14:22 - 00000000 ____D C:\Users\Kevin\My Documents\Sports
2012-11-17 13:57 - 2011-03-06 14:22 - 00000000 ____D C:\Users\Kevin\Documents\Sports
2012-11-17 12:28 - 2012-10-08 13:30 - 00000000 ____D C:\Users\Ryan\Desktop\MC maps
2012-11-17 00:07 - 2012-11-17 00:05 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-11-17 00:05 - 2012-11-17 00:05 - 00001260 ____A C:\Users\Kevin\Desktop\Spybot - Search & Destroy.lnk
2012-11-16 15:47 - 2012-11-16 15:47 - 00000000 ____D C:\Users\Ryan\Desktop\roblox
2012-11-15 20:08 - 2010-12-30 12:31 - 00178016 ____A C:\Users\Allison\Local Settings\GDIPFONTCACHEV1.DAT
2012-11-15 20:08 - 2010-12-30 12:31 - 00178016 ____A C:\Users\Allison\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-11-15 20:08 - 2010-12-30 12:31 - 00178016 ____A C:\Users\Allison\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-15 19:43 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\NDF
2012-11-15 18:48 - 2011-03-06 14:17 - 00000000 ____D C:\Users\Kevin\My Documents\Coins
2012-11-15 18:48 - 2011-03-06 14:17 - 00000000 ____D C:\Users\Kevin\Documents\Coins
2012-11-15 18:37 - 2010-12-30 12:17 - 00178016 ____A C:\Users\Kevin\Local Settings\GDIPFONTCACHEV1.DAT
2012-11-15 18:37 - 2010-12-30 12:17 - 00178016 ____A C:\Users\Kevin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-11-15 18:37 - 2010-12-30 12:17 - 00178016 ____A C:\Users\Kevin\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-15 17:01 - 2010-12-30 12:35 - 00178016 ____A C:\Users\Ryan\Local Settings\GDIPFONTCACHEV1.DAT
2012-11-15 17:01 - 2010-12-30 12:35 - 00178016 ____A C:\Users\Ryan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-11-15 17:01 - 2010-12-30 12:35 - 00178016 ____A C:\Users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-15 10:44 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2012-11-15 09:08 - 2010-12-30 12:26 - 00178016 ____A C:\Users\Jan\Local Settings\GDIPFONTCACHEV1.DAT
2012-11-15 09:08 - 2010-12-30 12:26 - 00178016 ____A C:\Users\Jan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-11-15 09:08 - 2010-12-30 12:26 - 00178016 ____A C:\Users\Jan\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-15 09:07 - 2009-07-13 22:45 - 00575024 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-14 20:02 - 2011-01-29 22:28 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-14 20:02 - 2011-01-29 22:28 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-11-14 20:00 - 2009-07-13 23:13 - 00794138 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-14 19:54 - 2011-01-01 20:29 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-14 19:53 - 2009-07-13 20:34 - 00000478 ____A C:\Windows\win.ini
2012-11-14 19:36 - 2011-03-06 14:16 - 00000000 ____D C:\Users\Kevin\My Documents\Cars
2012-11-14 19:36 - 2011-03-06 14:16 - 00000000 ____D C:\Users\Kevin\Documents\Cars
2012-11-14 18:19 - 2012-10-08 13:26 - 00000000 ____D C:\Users\Ryan\Desktop\mods
2012-11-12 08:54 - 2012-10-29 10:41 - 00000000 ____D C:\Users\Ryan\Desktop\server
2012-11-10 15:59 - 2012-10-31 20:53 - 00032332 ____A C:\Users\Public\Documents\Contacts.xlsx
2012-11-10 15:59 - 2012-10-31 20:53 - 00032332 ____A C:\Users\All Users\Documents\Contacts.xlsx
2012-11-10 12:24 - 2012-11-10 12:24 - 00025196 ____A C:\Users\Ryan\Downloads\hs_err_pid19140.log
2012-11-10 00:06 - 2012-01-02 13:07 - 00000000 ____D C:\Users\Kevin\Local Settings\Garmin
2012-11-10 00:06 - 2012-01-02 13:07 - 00000000 ____D C:\Users\Kevin\Local Settings\Application Data\Garmin
2012-11-10 00:06 - 2012-01-02 13:07 - 00000000 ____D C:\Users\Kevin\AppData\Local\Garmin
2012-11-09 18:13 - 2012-06-23 10:31 - 00000000 ____D C:\Users\Ryan\Desktop\texture packs
2012-11-09 14:42 - 2012-09-23 17:58 - 00000000 ____D C:\Users\Ryan\Application Data\Autodesk
2012-11-09 14:42 - 2012-09-23 17:58 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Autodesk
2012-11-08 20:35 - 2012-08-28 18:30 - 00000000 ____D C:\Program Files (x86)\Google
2012-11-08 20:34 - 2012-08-28 18:30 - 00000000 ____D C:\Users\Kevin\Local Settings\Google
2012-11-08 20:34 - 2012-08-28 18:30 - 00000000 ____D C:\Users\Kevin\Local Settings\Application Data\Google
2012-11-08 20:34 - 2012-08-28 18:30 - 00000000 ____D C:\Users\Kevin\AppData\Local\Google
2012-11-08 20:31 - 2012-03-30 21:08 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-08 20:31 - 2011-05-19 18:52 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-08 20:31 - 2010-12-22 22:38 - 00000000 ____D C:\Users\All Users\Application Data\Adobe
2012-11-08 20:31 - 2010-12-22 22:38 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-06 08:10 - 2010-12-22 22:41 - 00000000 ____D C:\Users\All Users\Skype
2012-11-06 08:10 - 2010-12-22 22:41 - 00000000 ____D C:\Users\All Users\Application Data\Skype
2012-11-04 14:20 - 2012-10-21 12:59 - 00000000 ____D C:\Users\Ryan\Desktop\movies
2012-11-03 09:21 - 2012-11-03 09:21 - 00002727 ____A C:\Users\Ryan\.recently-used.xbel
2012-11-03 09:21 - 2012-04-28 13:41 - 00000000 ____D C:\Users\Ryan\.gimp-2.6
2012-11-03 09:21 - 2010-12-30 12:35 - 00000000 ____D C:\users\Ryan
2012-11-03 09:19 - 2012-11-03 09:19 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\{4D776D23-61D0-4DB1-944C-F2B0A998E4C8}
2012-11-03 09:19 - 2012-11-03 09:19 - 00000000 ____D C:\Users\Ryan\Local Settings\{4D776D23-61D0-4DB1-944C-F2B0A998E4C8}
2012-11-03 09:19 - 2012-11-03 09:19 - 00000000 ____D C:\Users\Ryan\AppData\Local\{4D776D23-61D0-4DB1-944C-F2B0A998E4C8}
2012-11-03 09:19 - 2012-10-19 19:39 - 00000000 ____D C:\Users\Ryan\Local Settings\Windows Live
2012-11-03 09:19 - 2012-10-19 19:39 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\Windows Live
2012-11-03 09:19 - 2012-10-19 19:39 - 00000000 ____D C:\Users\Ryan\AppData\Local\Windows Live
2012-11-01 15:10 - 2012-11-01 14:30 - 00000000 ____D C:\Users\Ryan\Application Data\Google
2012-11-01 15:10 - 2012-11-01 14:30 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Google
2012-11-01 14:30 - 2012-08-30 08:26 - 00000000 ____D C:\Users\Ryan\Local Settings\Google
2012-11-01 14:30 - 2012-08-30 08:26 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\Google
2012-11-01 14:30 - 2012-08-30 08:26 - 00000000 ____D C:\Users\Ryan\AppData\Local\Google
2012-10-30 08:34 - 2012-10-08 13:31 - 00000000 ____D C:\Users\Ryan\Desktop\jar files
2012-10-30 08:05 - 2012-10-30 08:05 - 00275336 ____A C:\Windows\Minidump\103012-16395-01.dmp
2012-10-29 12:32 - 2012-10-29 12:28 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\{3DBE31DA-234D-490B-B004-D5E5904F60FF}
2012-10-29 12:32 - 2012-10-29 12:28 - 00000000 ____D C:\Users\Ryan\Local Settings\{3DBE31DA-234D-490B-B004-D5E5904F60FF}
2012-10-29 12:32 - 2012-10-29 12:28 - 00000000 ____D C:\Users\Ryan\AppData\Local\{3DBE31DA-234D-490B-B004-D5E5904F60FF}
2012-10-29 12:31 - 2012-10-29 12:31 - 00005347 ____A C:\Users\Ryan\My Documents\xD.wlmp
2012-10-29 12:31 - 2012-10-29 12:31 - 00005347 ____A C:\Users\Ryan\Documents\xD.wlmp
2012-10-29 12:28 - 2012-10-29 12:28 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\{490B9340-72EF-44C6-ADD5-F498084C4207}
2012-10-29 12:28 - 2012-10-29 12:28 - 00000000 ____D C:\Users\Ryan\Local Settings\{490B9340-72EF-44C6-ADD5-F498084C4207}
2012-10-29 12:28 - 2012-10-29 12:28 - 00000000 ____D C:\Users\Ryan\AppData\Local\{490B9340-72EF-44C6-ADD5-F498084C4207}
2012-10-29 10:09 - 2012-10-29 10:09 - 00000000 ____A C:\Users\Ryan\Downloads\Reach The End.rar.wteotfn.partial
2012-10-29 09:57 - 2012-10-29 09:56 - 17353763 ____A C:\Users\Ryan\Desktop\Its Better Together V1.4.zip
2012-10-28 21:15 - 2011-03-06 14:20 - 00000000 ____D C:\Users\Kevin\My Documents\Genealogy
2012-10-28 21:15 - 2011-03-06 14:20 - 00000000 ____D C:\Users\Kevin\Documents\Genealogy
2012-10-28 17:29 - 2012-10-28 17:29 - 00001698 ____A C:\Users\Ryan\Desktop\Inventor.exe - Shortcut.lnk
2012-10-28 17:29 - 2012-09-23 17:40 - 00000000 ____D C:\Users\All Users\Autodesk
2012-10-28 17:29 - 2012-09-23 17:40 - 00000000 ____D C:\Users\All Users\Application Data\Autodesk
2012-10-28 16:44 - 2012-10-25 21:49 - 00000000 ____D C:\Users\Kevin\Application Data\System
2012-10-28 16:44 - 2012-10-25 21:49 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\System
2012-10-27 10:12 - 2012-10-25 16:59 - 00000000 ____D C:\Users\Kevin\My Documents\Inventor
2012-10-27 10:12 - 2012-10-25 16:59 - 00000000 ____D C:\Users\Kevin\Documents\Inventor
2012-10-27 10:10 - 2012-10-27 10:10 - 00000000 ____D C:\Users\Kevin\My Documents\Autoloader
2012-10-27 10:10 - 2012-10-27 10:10 - 00000000 ____D C:\Users\Kevin\Documents\Autoloader
2012-10-27 10:10 - 2012-09-23 17:40 - 00000000 ____D C:\Users\Kevin\Application Data\Autodesk
2012-10-27 10:10 - 2012-09-23 17:40 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Autodesk
2012-10-27 10:09 - 2012-09-23 17:25 - 00000000 ____D C:\Users\Kevin\Local Settings\Autodesk
2012-10-27 10:09 - 2012-09-23 17:25 - 00000000 ____D C:\Users\Kevin\Local Settings\Application Data\Autodesk
2012-10-27 10:09 - 2012-09-23 17:25 - 00000000 ____D C:\Users\Kevin\AppData\Local\Autodesk
2012-10-27 10:04 - 2012-10-27 09:59 - 00000000 ____D C:\Users\Allison\Application Data\Autodesk
2012-10-27 10:04 - 2012-10-27 09:59 - 00000000 ____D C:\Users\Allison\AppData\Roaming\Autodesk
2012-10-27 10:04 - 2012-10-05 07:19 - 00000000 ____D C:\Users\Allison\Local Settings\Autodesk
2012-10-27 10:04 - 2012-10-05 07:19 - 00000000 ____D C:\Users\Allison\Local Settings\Application Data\Autodesk
2012-10-27 10:04 - 2012-10-05 07:19 - 00000000 ____D C:\Users\Allison\AppData\Local\Autodesk
2012-10-27 10:03 - 2012-10-27 10:02 - 00000000 ____D C:\Users\Allison\My Documents\Inventor
2012-10-27 10:03 - 2012-10-27 10:02 - 00000000 ____D C:\Users\Allison\Documents\Inventor
2012-10-27 10:01 - 2012-10-27 10:01 - 00000000 ____D C:\Users\Allison\My Documents\Autoloader
2012-10-27 10:01 - 2012-10-27 10:01 - 00000000 ____D C:\Users\Allison\Documents\Autoloader
2012-10-27 09:35 - 2012-10-27 09:35 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-10-27 09:35 - 2012-10-27 09:35 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-10-27 09:35 - 2012-10-27 09:34 - 00000000 ____D C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-27 09:35 - 2012-10-27 09:34 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-27 09:35 - 2012-10-27 09:34 - 00000000 ____D C:\Program Files\iTunes
2012-10-27 09:35 - 2012-10-27 09:34 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-10-27 09:34 - 2012-10-27 09:34 - 00000000 ____D C:\Program Files\iPod
2012-10-27 09:30 - 2012-10-27 09:30 - 00000000 ____D C:\Users\Jan\My Documents\Autoloader
2012-10-27 09:30 - 2012-10-27 09:30 - 00000000 ____D C:\Users\Jan\Documents\Autoloader
2012-10-27 09:30 - 2012-10-27 09:25 - 00000000 ____D C:\Users\Jan\Application Data\Autodesk
2012-10-27 09:30 - 2012-10-27 09:25 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Autodesk
2012-10-27 09:29 - 2012-09-24 18:50 - 00000000 ____D C:\Users\Jan\Local Settings\Autodesk
2012-10-27 09:29 - 2012-09-24 18:50 - 00000000 ____D C:\Users\Jan\Local Settings\Application Data\Autodesk
2012-10-27 09:29 - 2012-09-24 18:50 - 00000000 ____D C:\Users\Jan\AppData\Local\Autodesk
2012-10-27 09:28 - 2012-10-27 09:26 - 00000000 ____D C:\Users\Jan\My Documents\Inventor
2012-10-27 09:28 - 2012-10-27 09:26 - 00000000 ____D C:\Users\Jan\Documents\Inventor
2012-10-26 12:52 - 2012-09-23 17:58 - 00000000 ____D C:\Users\Ryan\Local Settings\Autodesk
2012-10-26 12:52 - 2012-09-23 17:58 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\Autodesk
2012-10-26 12:52 - 2012-09-23 17:58 - 00000000 ____D C:\Users\Ryan\AppData\Local\Autodesk
2012-10-25 18:06 - 2012-10-25 18:06 - 00000000 ____D C:\Users\Ryan\Local Settings\Autodesk,_Inc
2012-10-25 18:06 - 2012-10-25 18:06 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\Autodesk,_Inc
2012-10-25 18:06 - 2012-10-25 18:06 - 00000000 ____D C:\Users\Ryan\AppData\Local\Autodesk,_Inc
2012-10-25 17:31 - 2012-10-25 17:31 - 00000000 ____D C:\Users\Ryan\Local Settings\Granta Design
2012-10-25 17:31 - 2012-10-25 17:31 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\Granta Design
2012-10-25 17:31 - 2012-10-25 17:31 - 00000000 ____D C:\Users\Ryan\AppData\Local\Granta Design
2012-10-25 17:31 - 2012-10-25 17:29 - 00000000 ____D C:\Users\Ryan\My Documents\Inventor
2012-10-25 17:31 - 2012-10-25 17:29 - 00000000 ____D C:\Users\Ryan\Documents\Inventor
2012-10-25 17:26 - 2012-10-25 16:54 - 00000000 ____D C:\Users\Public\Documents\Autodesk
2012-10-25 17:26 - 2012-10-25 16:54 - 00000000 ____D C:\Users\All Users\Documents\Autodesk
2012-10-25 17:26 - 2012-10-25 16:46 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2012-10-25 17:26 - 2012-10-25 16:45 - 00000000 ____D C:\Program Files\Autodesk
2012-10-25 17:26 - 2012-09-23 17:49 - 00000000 ____D C:\Program Files (x86)\Autodesk
2012-10-25 16:57 - 2012-10-25 16:57 - 00000000 ____D C:\Users\Kevin\My Documents\Autodesk
2012-10-25 16:57 - 2012-10-25 16:57 - 00000000 ____D C:\Users\Kevin\Documents\Autodesk
2012-10-25 16:57 - 2012-10-25 16:57 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2012-10-25 16:46 - 2012-10-25 16:46 - 00000000 ____D C:\Program Files (x86)\DWG TrueView 2013
2012-10-25 16:42 - 2012-10-25 16:42 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE
2012-10-25 16:41 - 2010-12-22 22:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2012-10-25 16:32 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-10-25 16:30 - 2012-09-23 17:24 - 00000000 ____D C:\Users\Kevin\Local Settings\Application Data\Akamai
2012-10-25 16:30 - 2012-09-23 17:24 - 00000000 ____D C:\Users\Kevin\Local Settings\Akamai
2012-10-25 16:30 - 2012-09-23 17:24 - 00000000 ____D C:\Users\Kevin\AppData\Local\Akamai
2012-10-25 16:28 - 2012-10-25 16:27 - 22231488 ____A C:\Users\Ryan\Downloads\Autodesk_Inventor_2013_English_Win_64bit_wi_en-US_Setup1.exe
2012-10-25 16:28 - 2012-09-23 17:26 - 00000000 ____D C:\Autodesk
2012-10-25 16:25 - 2012-10-25 16:24 - 22228664 ____A C:\Users\Ryan\Downloads\Autodesk_Inventor_2013_English_Win_32bit_wi_en-US_Setup1.exe
ATTENTION: ========> Check for possible partition/boot infection:
C:\Windows\svchost.exe
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-11-10 17:49:49
Restore point made on: 2012-11-14 19:52:38
Restore point made on: 2012-11-22 01:25:43
==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 8151.08 MB
Available physical RAM: 7303.76 MB
Total Pagefile: 8149.23 MB
Available Pagefile: 7293.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions =============================
1 Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:793.05 GB) NTFS
7 Drive i: (USB20FD) (Removable) (Total:7.51 GB) (Free:7.5 GB) FAT32
8 Drive j: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.74 GB) NTFS ==>[system with boot components (obtained from reading drive)]
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 7701 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 12 GB 40 MB
Partition 3 Primary 919 GB 12 GB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 39 MB Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 J RECOVERY NTFS Partition 12 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 919 GB Healthy
=========================================================
Partitions of Disk 5:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 7701 MB 0 B
==================================================================================
Disk: 5
There is no partition selected.
There is no partition selected.
Please select a partition and try again.
=========================================================
Last Boot: 2012-11-15 10:36
==================== End Of Log =============================
-
Thank you for your help!
Computer is not running well:
- If I boot in normal mode, it crashes (blue screen) when I log in to my account.
- If I boot in "safe mode with networking", it doesn't crash. That's what I'm doing now.
- When I was in normal mode, I experienced IE browser redirects. That doesn't happen in safe mode.
- In both modes, I see winrscmde taking up lots of memory and CPU.
- Once, computer shut down on its own.
Here are the results of MBAM, combofix, and AdwCleaner. Computer crashed (blue screen) on reboot after MBAM, so I'm not sure if all deletes were completed.
Malwarebytes Anti-Malware 1.65.1.1000
Database version: v2012.11.24.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kevin :: DESKTOP2010-K [administrator]
11/23/2012 9:13:32 PM
mbam-log-2012-11-23 (21-13-32).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 333911
Time elapsed: 14 minute(s), 36 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4964 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 5
C:\$Recycle.Bin\S-1-5-21-4167307642-361513427-4124430374-1000\$55078b485655604d8e4628f9ed38b6c2\n (Trojan.0Access) -> Delete on reboot.
C:\Users\Kevin\AppData\Local\Temp\C81D.tmp (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\Users\Kevin\AppData\Local\Temp\msimg32.dll (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\Users\Kevin\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)
ComboFix 12-11-24.02 - Kevin 11/24/2012 12:00:17.1.8 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.6976 [GMT -5:00]
Running from: c:\users\Kevin\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-21-4167307642-361513427-4124430374-1000\$55078b485655604d8e4628f9ed38b6c2\@
c:\$recycle.bin\S-1-5-21-4167307642-361513427-4124430374-1000\$55078b485655604d8e4628f9ed38b6c2\L\00000004.@
c:\$recycle.bin\S-1-5-21-4167307642-361513427-4124430374-1000\$55078b485655604d8e4628f9ed38b6c2\U\80000000.@
c:\$recycle.bin\S-1-5-21-4167307642-361513427-4124430374-1000\$55078b485655604d8e4628f9ed38b6c2\U\80000064.@
c:\programdata\Microsoft\Windows\DRM\C760.tmp
c:\programdata\Microsoft\Windows\DRM\C761.tmp
c:\users\Kevin\AppData\Local\Garmin\ElevatedDiagnostics\lwpwjrvfx.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-24 to 2012-11-24 )))))))))))))))))))))))))))))))
.
.
2012-11-24 17:12 . 2012-11-24 17:12 -------- d-----w- c:\users\Ryan\AppData\Local\temp
2012-11-24 17:12 . 2012-11-24 17:12 -------- d-----w- c:\users\Jan\AppData\Local\temp
2012-11-24 17:12 . 2012-11-24 17:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-24 17:12 . 2012-11-24 17:12 -------- d-----w- c:\users\Allison\AppData\Local\temp
2012-11-24 16:40 . 2012-11-24 16:40 -------- d-----w- c:\program files (x86)\7-zip
2012-11-24 02:03 . 2012-11-24 02:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-22 03:01 . 2012-11-22 03:01 -------- d-----w- c:\programdata\McAfee Anti-Theft
2012-11-17 06:05 . 2012-11-24 16:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-17 06:05 . 2012-11-17 06:07 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-11-15 01:59 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 01:59 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 01:59 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 01:59 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 01:53 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 01:53 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 01:53 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 01:53 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 01:53 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 01:53 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 01:53 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-10-27 15:59 . 2012-10-27 16:04 -------- d-----w- c:\users\Allison\AppData\Roaming\Autodesk
2012-10-27 15:35 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-27 15:34 . 2012-10-27 15:35 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-27 15:34 . 2012-10-27 15:35 -------- d-----w- c:\program files\iTunes
2012-10-27 15:34 . 2012-10-27 15:35 -------- d-----w- c:\program files (x86)\iTunes
2012-10-27 15:34 . 2012-10-27 15:34 -------- d-----w- c:\program files\iPod
2012-10-27 15:25 . 2012-10-27 15:30 -------- d-----w- c:\users\Jan\AppData\Roaming\Autodesk
2012-10-26 03:49 . 2012-10-28 22:44 -------- d-----w- c:\users\Kevin\AppData\Roaming\System
2012-10-26 00:06 . 2012-10-26 00:06 -------- d-----w- c:\users\Ryan\AppData\Local\Autodesk,_Inc
2012-10-25 23:31 . 2012-10-25 23:31 -------- d-----w- c:\users\Ryan\AppData\Local\Granta Design
2012-10-25 22:57 . 2012-10-25 22:57 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-10-25 22:46 . 2012-10-25 23:26 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2012-10-25 22:46 . 2012-10-25 22:46 -------- d-----w- c:\program files (x86)\DWG TrueView 2013
2012-10-25 22:45 . 2012-10-25 23:26 -------- d-----w- c:\program files\Autodesk
2012-10-25 22:42 . 2012-10-25 22:42 -------- d-----w- c:\program files (x86)\Microsoft WSE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-15 01:54 . 2011-01-02 02:29 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-09 02:31 . 2012-03-31 03:08 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-09 02:31 . 2011-05-20 00:52 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-30 00:54 . 2011-12-01 02:17 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 19:19 . 2012-10-10 10:25 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 10:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-10 10:27 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 10:27 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 10:27 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 10:27 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]
"Akamai NetSession Interface"="c:\users\Kevin\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-17 98304]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-06-13 73728]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-12-15 1446248]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"ADSK DLMSession"="c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2012-07-23 1632216]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-13 559616]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-30 766536]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-09-30 1089608]
.
c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
GoZone iSync.lnk - c:\program files (x86)\GoZone\GoZone_iSync.exe [2011-5-21 431608]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 66040]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-18 203264]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 mitsijm2013;Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager;c:\program files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [2012-01-31 339776]
R2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224]
R2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-07-07 35840]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-10-25 1432400]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-11-18 25072]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-01 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-04-11 71800]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-06 1847296]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 02:31]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 00:30]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 00:30]
.
2012-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4167307642-361513427-4124430374-1003Core.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-23 16:41]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4167307642-361513427-4124430374-1003UA.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-23 16:41]
.
2012-11-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2012-11-24 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 01:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 01:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 01:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]
"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1840720]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 436384]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-06 415680]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-ElevatedDiagnostics - c:\users\Kevin\AppData\Local\Garmin\ElevatedDiagnostics\lwpwjrvfx.dll
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-24 12:16:45
ComboFix-quarantined-files.txt 2012-11-24 17:16
.
Pre-Run: 850,663,534,592 bytes free
Post-Run: 852,562,075,648 bytes free
.
- - End Of File - - E1E45AA717B03338F27DBEA05E3AF755
# AdwCleaner v2.009 - Logfile created 11/24/2012 at 12:24:12
# Updated 24/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Kevin - DESKTOP2010-K
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Kevin\Desktop\adwcleaner.exe
# Option [search]
***** [services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Found : HKCU\Software\Ask.com.tmp
Key Found : HKLM\Software\Freeze.com
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Google Chrome v [unable to get version]
File : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Users\Allison\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1086 octets] - [24/11/2012 12:24:12]
########## EOF - C:\AdwCleaner[R1].txt - [1146 octets] ##########
- If I boot in normal mode, it crashes (blue screen) when I log in to my account.
-
Hi there!
I think my PC is infected with a virus/trojan related to winrscmde. I ran MBAM, it found a few things, but PC is still infected. Any help would be appreciated!
Here is the contents of DDS.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.4.1
Run by Kevin at 21:58:06 on 2012-11-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.7015 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
\\.\globalroot\systemroot\svchost.exe -netsvcs
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120626164338.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Akamai NetSession Interface] "C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe"
uRun: [ElevatedDiagnostics] rundll32.exe "C:\Users\Kevin\AppData\Local\Garmin\ElevatedDiagnostics\lwpwjrvfx.dll",DllRegisterServerW
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [updReg] C:\Windows\UpdReg.EXE
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GOZONE~1.LNK - C:\Program Files (x86)\GoZone\GoZone_iSync.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6A01A145-EC65-4B89-9963-BA4E1CDA273D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C7755A1B-ED37-4F91-9028-768712D0455C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C7755A1B-ED37-4F91-9028-768712D0455C}\B456C6D223031303D275962756C6563737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C7755A1B-ED37-4F91-9028-768712D0455C}\E4544574541425 : DHCPNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20120626164338.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
x64-Run: [McPvTray_exe] "C:\Program Files\McAfee\MAT\McPvTray.exe"
x64-Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 McPvDrv;McPvDrv Driver;C:\Windows\System32\drivers\McPvDrv.sys [2011-12-11 71800]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 647208]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-12-11 289664]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-12-22 55280]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-12-11 75936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-11 249936]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe [2011-12-11 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-12-11 162192]
R3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2011-1-26 1847296]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-12-23 56344]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-12-23 321064]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-12-11 487296]
S1 MOBKFilter;MOBKFilter;C:\Windows\System32\drivers\MOBK.sys [2011-12-11 66040]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-23 203264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-22 13336]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-11 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-11 249936]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-11 249936]
S2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\SystemCore\mcshield.exe [2011-12-11 199272]
S2 mitsijm2013;Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager;C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [2012-1-30 339776]
S2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
S2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-11-17 1153368]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-22 1692480]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-1-22 35840]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-12-11 65264]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-10-25 1432400]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-12-23 158976]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-12-23 271872]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-12-11 229528]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-12-11 100912]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-11-17 25072]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-1 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .scr: DWGTrueViewScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2012-11-24 02:31:50 20480 ----a-w- C:\Windows\svchost.exe
2012-11-24 02:03:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-22 03:01:32 -------- d-----w- C:\ProgramData\McAfee Anti-Theft
2012-11-22 02:53:19 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\C761.tmp
2012-11-22 02:53:19 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\C760.tmp
2012-11-17 06:05:46 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-11-17 06:05:46 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-11-15 01:59:24 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-15 01:59:24 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-15 01:59:24 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-15 01:59:24 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-15 01:53:42 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-15 01:53:42 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-15 01:53:42 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-15 01:53:41 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-15 01:53:41 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-15 01:53:41 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-15 01:53:41 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-10-27 15:35:29 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-10-27 15:34:40 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-27 15:34:40 -------- d-----w- C:\Program Files\iTunes
2012-10-27 15:34:40 -------- d-----w- C:\Program Files\iPod
2012-10-27 15:34:40 -------- d-----w- C:\Program Files (x86)\iTunes
2012-10-26 03:49:15 -------- d-----w- C:\Users\Kevin\AppData\Roaming\System
2012-10-25 22:57:15 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
2012-10-25 22:46:43 -------- d-----w- C:\Program Files\Common Files\Autodesk Shared
2012-10-25 22:46:43 -------- d-----w- C:\Program Files (x86)\DWG TrueView 2013
2012-10-25 22:45:16 -------- d-----w- C:\Program Files\Autodesk
2012-10-25 22:42:42 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
.
==================== Find3M ====================
.
2012-11-09 02:31:07 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-09 02:31:07 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 21:59:21.89 ===============
And here is the contents of attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/30/2010 1:16:40 PM
System Uptime: 11/23/2012 9:41:03 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0G3HR7
Processor: Intel® Core™ i7 CPU 870 @ 2.93GHz | CPU 1 | 2926/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 919 GiB total, 790.487 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP156: 11/10/2012 6:49:39 PM - Scheduled Checkpoint
RP157: 11/14/2012 8:52:29 PM - Windows Update
RP158: 11/22/2012 2:25:16 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.2
Akamai NetSession Interface
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
Autodesk Backburner 2013.0.0
Autodesk Design Review 2013
Autodesk DirectConnect 2013 32-bit
Autodesk Download Manager
Autodesk FBX Plug-in 2013.1 - Maya 2013
Autodesk Inventor 2013 Quick Uninstaller
Autodesk Inventor Content Center Libraries 2013 (Desktop Content)
Autodesk Inventor Fusion 2013
Autodesk Inventor Fusion for Inventor 2013 Add-in
Autodesk Inventor Professional 2013
Autodesk Inventor Professional 2013 English
Autodesk Inventor Professional 2013 English Language Pack
Autodesk MatchMover 2013 32-bit
Autodesk Material Library 2013
Autodesk Material Library Base Resolution Image Library 2013
Autodesk Material Library Low Resolution Image Library 2013
Autodesk Maya 2013 32-bit
Autodesk Sync
Autodesk Vault Basic 2013 (Client)
Autodesk Vault Basic 2013 (Client) English Language Pack
Bonjour
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 1.1
Canon MX850 series
Canon MX850 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Composite 2013
Consumer In-Home Service Agreement
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Driver Download Manager
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center
DirectXInstallService
DWG TrueView 2013
Eco Materials Adviser for Autodesk Inventor 2013
EMC 10 Content
EMCGadgets64
Garmin City Navigator North America NT 2012.30 Update
Garmin Lifetime Updater
GIMP 2.6.11
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
GoZone iSync
Intel® Control Center
Intel® Rapid Storage Technology
Internet Explorer
iTunes
Java Auto Updater
Java SE Development Kit 7 Update 4
Java™ 7 Update 4
JavaFX 2.1.0
JavaFX 2.1.0 SDK
Junk Mail filter update
Malwarebytes Anti-Malware version 1.65.1.1000
McAfee Online Backup
McAfee SecurityCenter
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
NETGEAR Live Parental Controls Management Utility 2.1
Plants vs. Zombies - Game of the Year Edition
Presto! PageManager 7.15.20
Quicken 2011
QuickTime
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio File Backup
Roxio Update Manager
ScanSoft OmniPage SE 4
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Skins
Skype Click to Call
Skype™ 5.10
Sonic CinePlayer Decoder Pack
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
THX TruStudio PC
TP-LINK Wireless Client Utility
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wnyiper
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wnyiper
TurboTax 2011 wrapper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VBA (2627.01)
VD64Inst
West Point Bridge Designer 2010 (2nd Edition) (remove only)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wizard101
.
==== Event Viewer Messages From Past Week ========
.
11/23/2012 9:56:47 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/23/2012 9:56:45 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/23/2012 9:54:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
11/23/2012 9:54:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
11/23/2012 9:43:41 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/23/2012 9:42:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/23/2012 9:42:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/23/2012 9:42:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/23/2012 9:41:58 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 21
11/23/2012 9:41:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/23/2012 9:41:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MOBKFilter RxFilter spldr Wanarpv6
11/23/2012 9:41:41 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
11/23/2012 9:41:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035254e3, 0x0000000000000000, 0x00000000000002e0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-29125-01.
11/23/2012 9:39:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Service Agent service to connect.
11/23/2012 9:39:46 PM, Error: Service Control Manager [7000] - The Application Virtualization Service Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/23/2012 9:39:01 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified.
11/23/2012 9:38:44 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126
11/23/2012 9:38:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800035170c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-31496-01.
11/23/2012 9:36:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Image Acquisition (WIA) service to connect.
11/23/2012 9:36:05 PM, Error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/23/2012 9:35:58 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
11/23/2012 9:35:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Skype Updater service to connect.
11/23/2012 9:35:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
11/23/2012 9:35:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Skype C2C Service service to connect.
11/23/2012 9:33:55 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800034bb66b, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-36363-01.
11/23/2012 9:31:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.
11/23/2012 9:31:56 PM, Error: Service Control Manager [7000] - The Intel® Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/23/2012 8:31:43 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter
11/23/2012 8:30:15 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800034bc0c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-29983-01.
11/23/2012 8:26:35 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000800cb, 0x0000000000000002, 0x0000000000000001, 0xfffff8000350c0c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-20108-01.
11/23/2012 8:23:43 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000088, 0x0000000000000002, 0x0000000000000001, 0xfffff800034adaa6). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-23852-01.
11/23/2012 8:04:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaSvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
11/23/2012 7:58:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/23/2012 7:41:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800034c166b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-31964-01.
11/23/2012 7:17:55 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa800a3c5bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-36254-01.
11/23/2012 7:12:11 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
11/23/2012 7:09:23 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800034fa0c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-56082-01.
11/23/2012 6:55:30 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/23/2012 6:55:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/23/2012 6:55:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/23/2012 6:02:35 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800034c366b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-30856-01.
11/23/2012 6:02:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk MOBKFilter NetBIOS NetBT nsiproxy Psched rdbss RxFilter spldr tdx vwififlt Wanarpv6 WfpLwf
11/23/2012 6:02:33 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
11/23/2012 6:02:33 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
11/23/2012 6:02:33 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
11/23/2012 6:02:33 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
11/23/2012 6:02:32 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/23/2012 6:02:32 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/23/2012 6:02:32 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/23/2012 6:02:32 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/23/2012 6:02:32 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
11/23/2012 6:02:32 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
11/23/2012 6:02:32 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/23/2012 6:02:30 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/23/2012 6:02:30 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/23/2012 6:02:30 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/23/2012 6:02:30 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/23/2012 6:02:30 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/23/2012 5:55:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/23/2012 12:00:38 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee McShield service to connect.
11/23/2012 12:00:38 AM, Error: Service Control Manager [7000] - The McAfee McShield service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/22/2012 11:59:05 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800035000c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112212-21699-01.
11/22/2012 11:56:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
11/22/2012 11:56:10 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
11/22/2012 11:56:10 PM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/22/2012 11:55:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
11/22/2012 11:55:40 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/21/2012 9:59:06 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800034c50c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112112-32869-01.
11/21/2012 9:56:33 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
11/21/2012 9:56:33 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/21/2012 12:07:52 AM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/21/2012 12:07:52 AM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/21/2012 12:07:52 AM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
11/21/2012 12:07:52 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
11/21/2012 12:07:52 AM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: A system shutdown is in progress.
11/19/2012 6:22:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000000782, 0xfffffa8006cd2b18, 0xfffff980180c0000, 0xfffff8a003822a80). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111912-19078-01.
11/19/2012 1:36:52 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
11/19/2012 1:36:52 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
11/18/2012 8:53:01 PM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: A system shutdown is in progress.
11/17/2012 1:54:16 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Desktop2010-K\Kevin SID (S-1-5-21-4167307642-361513427-4124430374-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
Infected with winrscmde trojan?
in Resolved Malware Removal Logs
Posted
Tried again to boot from Recovery Disk. This time I selected the "continue with recovery disk" option. It gave me 2 options: "Restore computer and preserve my new or changed files (recommended)" and "select other system backup and more options". I tried the first one. It went to an Emergency File & Folder Backup screen and scanned my computer for new or changed files since the last backup; it saved them in an Emergency folder on the C: drive. It looked like it saved just about every file. Then it went to "Restore my computer", which formatted the partition. Oops, I didn't know it was going to do that. Then it started "reinstalling your original content", which took a long time. Then it restarted, and yes.. it got to Windows! Looks like a clean re-install of Windows; it asked me for a bunch of setup stuff. Windows is working, but lots of things need to be set up, like internet connection. I'll try to work on this. If you have any suggestions, let me know. Thanks for your help.