Jump to content

Infected with winrscmde trojan?


kk4flyer
 Share

Recommended Posts

Hi there!

I think my PC is infected with a virus/trojan related to winrscmde. I ran MBAM, it found a few things, but PC is still infected. Any help would be appreciated!

Here is the contents of DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.4.1

Run by Kevin at 21:58:06 on 2012-11-23

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.7015 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\mfevtps.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

\\.\globalroot\systemroot\svchost.exe -netsvcs

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120626164338.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

uRun: [Akamai NetSession Interface] "C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe"

uRun: [ElevatedDiagnostics] rundll32.exe "C:\Users\Kevin\AppData\Local\Garmin\ElevatedDiagnostics\lwpwjrvfx.dll",DllRegisterServerW

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"

mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe

StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GOZONE~1.LNK - C:\Program Files (x86)\GoZone\GoZone_iSync.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{6A01A145-EC65-4B89-9963-BA4E1CDA273D} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{C7755A1B-ED37-4F91-9028-768712D0455C} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{C7755A1B-ED37-4F91-9028-768712D0455C}\B456C6D223031303D275962756C6563737 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{C7755A1B-ED37-4F91-9028-768712D0455C}\E4544574541425 : DHCPNameServer = 192.168.0.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20120626164338.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64

x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64

x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon

x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

x64-Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe

x64-Run: [McPvTray_exe] "C:\Program Files\McAfee\MAT\McPvTray.exe"

x64-Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 McPvDrv;McPvDrv Driver;C:\Windows\System32\drivers\McPvDrv.sys [2011-12-11 71800]

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 647208]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-12-11 289664]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-12-22 55280]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-12-11 75936]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-11 249936]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe [2011-12-11 210584]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-12-11 162192]

R3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2011-1-26 1847296]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-12-23 56344]

R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-12-23 321064]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-12-11 487296]

S1 MOBKFilter;MOBKFilter;C:\Windows\System32\drivers\MOBK.sys [2011-12-11 66040]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-23 203264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-22 13336]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-11 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-11 249936]

S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-11 249936]

S2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\SystemCore\mcshield.exe [2011-12-11 199272]

S2 mitsijm2013;Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager;C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [2012-1-30 339776]

S2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]

S2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-11-17 1153368]

S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]

S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-22 1692480]

S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-1-22 35840]

S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-12-11 65264]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-10-25 1432400]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-12-23 158976]

S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-12-23 271872]

S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-12-11 229528]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-12-11 100912]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]

S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-11-17 25072]

S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]

S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-7 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-1 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

FileExt: .scr: DWGTrueViewScriptFile=C:\Windows\System32\notepad.exe "%1"

.

=============== Created Last 30 ================

.

2012-11-24 02:31:50 20480 ----a-w- C:\Windows\svchost.exe

2012-11-24 02:03:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-11-22 03:01:32 -------- d-----w- C:\ProgramData\McAfee Anti-Theft

2012-11-22 02:53:19 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\C761.tmp

2012-11-22 02:53:19 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\C760.tmp

2012-11-17 06:05:46 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-11-17 06:05:46 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-11-15 01:59:24 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-11-15 01:59:24 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-11-15 01:59:24 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-11-15 01:59:24 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-11-15 01:53:42 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-11-15 01:53:42 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2012-11-15 01:53:42 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2012-11-15 01:53:41 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2012-11-15 01:53:41 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2012-11-15 01:53:41 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2012-11-15 01:53:41 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2012-10-27 15:35:29 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-10-27 15:34:40 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-10-27 15:34:40 -------- d-----w- C:\Program Files\iTunes

2012-10-27 15:34:40 -------- d-----w- C:\Program Files\iPod

2012-10-27 15:34:40 -------- d-----w- C:\Program Files (x86)\iTunes

2012-10-26 03:49:15 -------- d-----w- C:\Users\Kevin\AppData\Roaming\System

2012-10-25 22:57:15 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared

2012-10-25 22:46:43 -------- d-----w- C:\Program Files\Common Files\Autodesk Shared

2012-10-25 22:46:43 -------- d-----w- C:\Program Files (x86)\DWG TrueView 2013

2012-10-25 22:45:16 -------- d-----w- C:\Program Files\Autodesk

2012-10-25 22:42:42 -------- d-----w- C:\Program Files (x86)\Microsoft WSE

.

==================== Find3M ====================

.

2012-11-09 02:31:07 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-09 02:31:07 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

.

============= FINISH: 21:59:21.89 ===============

And here is the contents of attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 12/30/2010 1:16:40 PM

System Uptime: 11/23/2012 9:41:03 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0G3HR7

Processor: Intel® Core™ i7 CPU 870 @ 2.93GHz | CPU 1 | 2926/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 919 GiB total, 790.487 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP156: 11/10/2012 6:49:39 PM - Scheduled Checkpoint

RP157: 11/14/2012 8:52:29 PM - Windows Update

RP158: 11/22/2012 2:25:16 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

7-Zip 9.20 (x64 edition)

Adobe Digital Editions

Adobe Flash Player 11 ActiveX

Adobe Reader 9.5.2

Akamai NetSession Interface

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Control Center

Autodesk Backburner 2013.0.0

Autodesk Design Review 2013

Autodesk DirectConnect 2013 32-bit

Autodesk Download Manager

Autodesk FBX Plug-in 2013.1 - Maya 2013

Autodesk Inventor 2013 Quick Uninstaller

Autodesk Inventor Content Center Libraries 2013 (Desktop Content)

Autodesk Inventor Fusion 2013

Autodesk Inventor Fusion for Inventor 2013 Add-in

Autodesk Inventor Professional 2013

Autodesk Inventor Professional 2013 English

Autodesk Inventor Professional 2013 English Language Pack

Autodesk MatchMover 2013 32-bit

Autodesk Material Library 2013

Autodesk Material Library Base Resolution Image Library 2013

Autodesk Material Library Low Resolution Image Library 2013

Autodesk Maya 2013 32-bit

Autodesk Sync

Autodesk Vault Basic 2013 (Client)

Autodesk Vault Basic 2013 (Client) English Language Pack

Bonjour

Canon IJ Network Scan Utility

Canon IJ Network Tool

Canon MP Navigator EX 1.1

Canon MX850 series

Canon MX850 series User Registration

Canon My Printer

Canon Utilities Easy-PhotoPrint EX

Canon Utilities Solution Menu

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Composite 2013

Consumer In-Home Service Agreement

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Dock

Dell Driver Download Manager

Dell Edoc Viewer

Dell Getting Started Guide

Dell Support Center

DirectXInstallService

DWG TrueView 2013

Eco Materials Adviser for Autodesk Inventor 2013

EMC 10 Content

EMCGadgets64

Garmin City Navigator North America NT 2012.30 Update

Garmin Lifetime Updater

GIMP 2.6.11

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

GoToAssist 8.0.0.514

GoZone iSync

Intel® Control Center

Intel® Rapid Storage Technology

Internet Explorer

iTunes

Java Auto Updater

Java SE Development Kit 7 Update 4

Java™ 7 Update 4

JavaFX 2.1.0

JavaFX 2.1.0 SDK

Junk Mail filter update

Malwarebytes Anti-Malware version 1.65.1.1000

McAfee Online Backup

McAfee SecurityCenter

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Corporation

Microsoft LifeCam

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Multimedia Card Reader

NETGEAR Live Parental Controls Management Utility 2.1

Plants vs. Zombies - Game of the Year Edition

Presto! PageManager 7.15.20

Quicken 2011

QuickTime

Realtek High Definition Audio Driver

Roxio Activation Module

Roxio BackOnTrack

Roxio Central Audio

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Easy CD and DVD Burning

Roxio Express Labeler 3

Roxio File Backup

Roxio Update Manager

ScanSoft OmniPage SE 4

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition

Skins

Skype Click to Call

Skype™ 5.10

Sonic CinePlayer Decoder Pack

Spelling Dictionaries Support For Adobe Reader 9

Spybot - Search & Destroy

THX TruStudio PC

TP-LINK Wireless Client Utility

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wnyiper

TurboTax 2010 wrapper

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wnyiper

TurboTax 2011 wrapper

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

VBA (2627.01)

VD64Inst

West Point Bridge Designer 2010 (2nd Edition) (remove only)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Wizard101

.

==== Event Viewer Messages From Past Week ========

.

11/23/2012 9:56:47 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

11/23/2012 9:56:45 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

11/23/2012 9:54:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}

11/23/2012 9:54:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

11/23/2012 9:43:41 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

11/23/2012 9:42:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

11/23/2012 9:42:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

11/23/2012 9:42:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/23/2012 9:41:58 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 21

11/23/2012 9:41:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

11/23/2012 9:41:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MOBKFilter RxFilter spldr Wanarpv6

11/23/2012 9:41:41 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

11/23/2012 9:41:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035254e3, 0x0000000000000000, 0x00000000000002e0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-29125-01.

11/23/2012 9:39:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Service Agent service to connect.

11/23/2012 9:39:46 PM, Error: Service Control Manager [7000] - The Application Virtualization Service Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/23/2012 9:39:01 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified.

11/23/2012 9:38:44 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126

11/23/2012 9:38:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800035170c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-31496-01.

11/23/2012 9:36:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Image Acquisition (WIA) service to connect.

11/23/2012 9:36:05 PM, Error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/23/2012 9:35:58 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

11/23/2012 9:35:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Skype Updater service to connect.

11/23/2012 9:35:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

11/23/2012 9:35:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Skype C2C Service service to connect.

11/23/2012 9:33:55 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800034bb66b, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-36363-01.

11/23/2012 9:31:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.

11/23/2012 9:31:56 PM, Error: Service Control Manager [7000] - The Intel® Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/23/2012 8:31:43 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter

11/23/2012 8:30:15 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800034bc0c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-29983-01.

11/23/2012 8:26:35 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000800cb, 0x0000000000000002, 0x0000000000000001, 0xfffff8000350c0c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-20108-01.

11/23/2012 8:23:43 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000088, 0x0000000000000002, 0x0000000000000001, 0xfffff800034adaa6). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-23852-01.

11/23/2012 8:04:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaSvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

11/23/2012 7:58:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

11/23/2012 7:41:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800034c166b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-31964-01.

11/23/2012 7:17:55 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa800a3c5bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-36254-01.

11/23/2012 7:12:11 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

11/23/2012 7:09:23 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800034fa0c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-56082-01.

11/23/2012 6:55:30 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

11/23/2012 6:55:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

11/23/2012 6:55:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

11/23/2012 6:02:35 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800034c366b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-30856-01.

11/23/2012 6:02:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk MOBKFilter NetBIOS NetBT nsiproxy Psched rdbss RxFilter spldr tdx vwififlt Wanarpv6 WfpLwf

11/23/2012 6:02:33 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

11/23/2012 6:02:33 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

11/23/2012 6:02:33 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

11/23/2012 6:02:33 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

11/23/2012 6:02:32 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

11/23/2012 6:02:32 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

11/23/2012 6:02:32 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

11/23/2012 6:02:32 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/23/2012 6:02:32 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

11/23/2012 6:02:32 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.

11/23/2012 6:02:32 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/23/2012 6:02:30 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/23/2012 6:02:30 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

11/23/2012 6:02:30 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

11/23/2012 6:02:30 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/23/2012 6:02:30 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

11/23/2012 5:55:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

11/23/2012 12:00:38 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee McShield service to connect.

11/23/2012 12:00:38 AM, Error: Service Control Manager [7000] - The McAfee McShield service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/22/2012 11:59:05 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800035000c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112212-21699-01.

11/22/2012 11:56:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.

11/22/2012 11:56:10 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

11/22/2012 11:56:10 PM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/22/2012 11:55:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.

11/22/2012 11:55:40 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/21/2012 9:59:06 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800034c50c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112112-32869-01.

11/21/2012 9:56:33 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

11/21/2012 9:56:33 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/21/2012 12:07:52 AM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

11/21/2012 12:07:52 AM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

11/21/2012 12:07:52 AM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.

11/21/2012 12:07:52 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.

11/21/2012 12:07:52 AM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: A system shutdown is in progress.

11/19/2012 6:22:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000000782, 0xfffffa8006cd2b18, 0xfffff980180c0000, 0xfffff8a003822a80). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111912-19078-01.

11/19/2012 1:36:52 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.

11/19/2012 1:36:52 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

11/18/2012 8:53:01 PM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: A system shutdown is in progress.

11/17/2012 1:54:16 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Desktop2010-K\Kevin SID (S-1-5-21-4167307642-361513427-4124430374-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

.

==== End Of File ===========================

Link to post
Share on other sites

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

First, please post the contents of the MBAM report in your reply.

=====

Next, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

=====

Finally, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

=====

In your reply I would like to see the following please:

  • MBAM log.
  • ComboFix.txt.
  • AdwCleaner[R1].txt.

How is your computer currently running?

Link to post
Share on other sites

Thank you for your help!

Computer is not running well:

  • If I boot in normal mode, it crashes (blue screen) when I log in to my account.
  • If I boot in "safe mode with networking", it doesn't crash. That's what I'm doing now.
  • When I was in normal mode, I experienced IE browser redirects. That doesn't happen in safe mode.
  • In both modes, I see winrscmde taking up lots of memory and CPU.
  • Once, computer shut down on its own.

Here are the results of MBAM, combofix, and AdwCleaner. Computer crashed (blue screen) on reboot after MBAM, so I'm not sure if all deletes were completed.

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.24.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Kevin :: DESKTOP2010-K [administrator]

11/23/2012 9:13:32 PM

mbam-log-2012-11-23 (21-13-32).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 333911

Time elapsed: 14 minute(s), 36 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 4964 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 5

C:\$Recycle.Bin\S-1-5-21-4167307642-361513427-4124430374-1000\$55078b485655604d8e4628f9ed38b6c2\n (Trojan.0Access) -> Delete on reboot.

C:\Users\Kevin\AppData\Local\Temp\C81D.tmp (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.

C:\Users\Kevin\AppData\Local\Temp\msimg32.dll (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.

C:\Users\Kevin\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

ComboFix 12-11-24.02 - Kevin 11/24/2012 12:00:17.1.8 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.6976 [GMT -5:00]

Running from: c:\users\Kevin\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\$recycle.bin\S-1-5-21-4167307642-361513427-4124430374-1000\$55078b485655604d8e4628f9ed38b6c2\@

c:\$recycle.bin\S-1-5-21-4167307642-361513427-4124430374-1000\$55078b485655604d8e4628f9ed38b6c2\L\00000004.@

c:\$recycle.bin\S-1-5-21-4167307642-361513427-4124430374-1000\$55078b485655604d8e4628f9ed38b6c2\U\80000000.@

c:\$recycle.bin\S-1-5-21-4167307642-361513427-4124430374-1000\$55078b485655604d8e4628f9ed38b6c2\U\80000064.@

c:\programdata\Microsoft\Windows\DRM\C760.tmp

c:\programdata\Microsoft\Windows\DRM\C761.tmp

c:\users\Kevin\AppData\Local\Garmin\ElevatedDiagnostics\lwpwjrvfx.dll

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\Downloaded Program Files\IDropPTB.dll

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-10-24 to 2012-11-24 )))))))))))))))))))))))))))))))

.

.

2012-11-24 17:12 . 2012-11-24 17:12 -------- d-----w- c:\users\Ryan\AppData\Local\temp

2012-11-24 17:12 . 2012-11-24 17:12 -------- d-----w- c:\users\Jan\AppData\Local\temp

2012-11-24 17:12 . 2012-11-24 17:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-24 17:12 . 2012-11-24 17:12 -------- d-----w- c:\users\Allison\AppData\Local\temp

2012-11-24 16:40 . 2012-11-24 16:40 -------- d-----w- c:\program files (x86)\7-zip

2012-11-24 02:03 . 2012-11-24 02:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-22 03:01 . 2012-11-22 03:01 -------- d-----w- c:\programdata\McAfee Anti-Theft

2012-11-17 06:05 . 2012-11-24 16:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-11-17 06:05 . 2012-11-17 06:07 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-11-15 01:59 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-15 01:59 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-15 01:59 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-15 01:59 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-15 01:53 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-15 01:53 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-15 01:53 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-15 01:53 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-15 01:53 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-15 01:53 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-15 01:53 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-10-27 15:59 . 2012-10-27 16:04 -------- d-----w- c:\users\Allison\AppData\Roaming\Autodesk

2012-10-27 15:35 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-10-27 15:34 . 2012-10-27 15:35 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-10-27 15:34 . 2012-10-27 15:35 -------- d-----w- c:\program files\iTunes

2012-10-27 15:34 . 2012-10-27 15:35 -------- d-----w- c:\program files (x86)\iTunes

2012-10-27 15:34 . 2012-10-27 15:34 -------- d-----w- c:\program files\iPod

2012-10-27 15:25 . 2012-10-27 15:30 -------- d-----w- c:\users\Jan\AppData\Roaming\Autodesk

2012-10-26 03:49 . 2012-10-28 22:44 -------- d-----w- c:\users\Kevin\AppData\Roaming\System

2012-10-26 00:06 . 2012-10-26 00:06 -------- d-----w- c:\users\Ryan\AppData\Local\Autodesk,_Inc

2012-10-25 23:31 . 2012-10-25 23:31 -------- d-----w- c:\users\Ryan\AppData\Local\Granta Design

2012-10-25 22:57 . 2012-10-25 22:57 -------- d-----w- c:\program files\Common Files\Macrovision Shared

2012-10-25 22:46 . 2012-10-25 23:26 -------- d-----w- c:\program files\Common Files\Autodesk Shared

2012-10-25 22:46 . 2012-10-25 22:46 -------- d-----w- c:\program files (x86)\DWG TrueView 2013

2012-10-25 22:45 . 2012-10-25 23:26 -------- d-----w- c:\program files\Autodesk

2012-10-25 22:42 . 2012-10-25 22:42 -------- d-----w- c:\program files (x86)\Microsoft WSE

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-15 01:54 . 2011-01-02 02:29 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-11-09 02:31 . 2012-03-31 03:08 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-09 02:31 . 2011-05-20 00:52 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-30 00:54 . 2011-12-01 02:17 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-14 19:19 . 2012-10-10 10:25 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 10:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-08-31 18:19 . 2012-10-10 10:27 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 18:03 . 2012-10-10 10:27 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 10:27 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12 . 2012-10-10 10:27 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]

"Akamai NetSession Interface"="c:\users\Kevin\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]

"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-17 98304]

"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]

"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-06-13 73728]

"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]

"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-12-15 1446248]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"ADSK DLMSession"="c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2012-07-23 1632216]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-13 559616]

"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-30 766536]

"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-09-30 1089608]

.

c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

GoZone iSync.lnk - c:\program files (x86)\GoZone\GoZone_iSync.exe [2011-5-21 431608]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 66040]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-18 203264]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R2 mitsijm2013;Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager;c:\program files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [2012-01-31 339776]

R2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224]

R2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-07-07 35840]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-10-25 1432400]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]

R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-11-18 25072]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]

R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-01 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-04-11 71800]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]

S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-06 1847296]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 02:31]

.

2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 00:30]

.

2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 00:30]

.

2012-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4167307642-361513427-4124430374-1003Core.job

- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-23 16:41]

.

2012-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4167307642-361513427-4124430374-1003UA.job

- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-23 16:41]

.

2012-11-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]

.

2012-11-24 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]

@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"

[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]

2010-04-14 01:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]

@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"

[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]

2010-04-14 01:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]

@="{b4caf489-1eec-c617-49ad-8d7088598c06}"

[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]

2010-04-14 01:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]

"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]

"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1840720]

"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]

"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 436384]

"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-06 415680]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;<local>

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-ElevatedDiagnostics - c:\users\Kevin\AppData\Local\Garmin\ElevatedDiagnostics\lwpwjrvfx.dll

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-24 12:16:45

ComboFix-quarantined-files.txt 2012-11-24 17:16

.

Pre-Run: 850,663,534,592 bytes free

Post-Run: 852,562,075,648 bytes free

.

- - End Of File - - E1E45AA717B03338F27DBEA05E3AF755

# AdwCleaner v2.009 - Logfile created 11/24/2012 at 12:24:12

# Updated 24/11/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Kevin - DESKTOP2010-K

# Boot Mode : Safe mode with networking

# Running from : C:\Users\Kevin\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKCU\Software\Ask.com.tmp

Key Found : HKLM\Software\Freeze.com

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Allison\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1086 octets] - [24/11/2012 12:24:12]

########## EOF - C:\AdwCleaner[R1].txt - [1146 octets] ##########

Link to post
Share on other sites

Hello kk4flyer,

You have the ZeroAccess Rootkit.

For x32 (x86) bit systems please download the Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.

For x64 bit systems please download the Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using the Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt.

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select Computer, find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter.

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to the disclaimer.

[*]Press the Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your reply.

Link to post
Share on other sites

Thanks again for your help!

I was able to log in normally and run the Farbar Recovery Scan Tool. Here are the results:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2012

Ran by SYSTEM at 24-11-2012 21:51:51

Running from I:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8158240 2009-10-06] (Realtek Semiconductor)

HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)

HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)

HKLM\...\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon [652624 2007-10-25] (CANON INC.)

HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1840720 2007-09-13] (CANON INC.)

HKLM\...\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()

HKLM\...\Run: [McPvTray_exe] "C:\Program Files\McAfee\MAT\McPvTray.exe" [436384 2011-04-08] (McAfee, Inc.)

HKLM\...\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)

HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)

HKLM-x32\...\Run: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)

HKLM-x32\...\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-05-17] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)

HKLM-x32\...\Run: [updReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)

HKLM-x32\...\Run: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [73728 2007-06-13] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.)

HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)

HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)

HKLM-x32\...\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1446248 2011-12-15] (Garmin)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [135536 2010-12-13] (Microsoft Corporation)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1632216 2012-07-23] (Autodesk, Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)

HKU\Allison\...\Policies\system: [LogonHoursAction] 2

HKU\Allison\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Jan\...\Policies\system: [LogonHoursAction] 2

HKU\Jan\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Kevin\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)

HKU\Kevin\...\Run: [Akamai NetSession Interface] "C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)

HKU\Kevin\...\Policies\system: [LogonHoursAction] 2

HKU\Kevin\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Ryan\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)

HKU\Ryan\...\Run: [Google Update] "C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-09-15] (Google Inc.)

HKU\Ryan\...\Policies\system: [LogonHoursAction] 2

HKU\Ryan\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-12] (Dell)

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Startup: C:\Users\Allison\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Jan\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Kevin\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Kevin\Start Menu\Programs\Startup\GoZone iSync.lnk

ShortcutTarget: GoZone iSync.lnk -> C:\Program Files (x86)\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)

Startup: C:\Users\Ryan\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ===================

2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [502032 2012-04-19] (McAfee, Inc.)

2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)

2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)

2 mfevtp; "C:\Windows\system32\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)

2 mitsijm2013; "C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe" [339776 2012-01-30] ( )

2 MOBKbackup; "C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe" [231224 2010-04-13] (McAfee, Inc.)

2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

==================== Drivers (Whitelisted) =====================

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)

0 McPvDrv; C:\Windows\System32\Drivers\McPvDrv.sys [71800 2011-04-11] (McAfee, Inc.)

3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)

3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)

3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)

0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)

1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)

3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)

0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)

1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)

1 RxFilter; C:\Windows\SysWow64\Drivers\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)

3 catchme; \??\C:\ComboFix\catchme.sys [x]

3 mfeavfk01; [x]

3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-11-24 21:51 - 2012-11-24 21:51 - 00000000 ____D C:\FRST

2012-11-24 20:29 - 2009-07-13 19:14 - 00020480 ____N (Microsoft Corporation) C:\Windows\svchost.exe

2012-11-24 11:24 - 2012-11-24 11:24 - 00001215 ____A C:\Users\Kevin\Desktop\AdwCleaner[R1].txt

2012-11-24 11:24 - 2012-11-24 11:24 - 00001215 ____A C:\AdwCleaner[R1].txt

2012-11-24 11:21 - 2012-11-24 11:21 - 00480125 ____A C:\Users\Kevin\Desktop\adwcleaner.exe

2012-11-24 11:18 - 2012-11-24 11:16 - 00024464 ____A C:\Users\Kevin\Desktop\ComboFix.txt

2012-11-24 11:16 - 2012-11-24 11:16 - 00024464 ____A C:\ComboFix.txt

2012-11-24 10:53 - 2011-06-26 00:45 - 00256000 ____A C:\Windows\PEV.exe

2012-11-24 10:53 - 2010-11-07 11:20 - 00208896 ____A C:\Windows\MBR.exe

2012-11-24 10:53 - 2009-04-19 22:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-11-24 10:53 - 2000-08-30 18:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-11-24 10:53 - 2000-08-30 18:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-11-24 10:53 - 2000-08-30 18:00 - 00098816 ____A C:\Windows\sed.exe

2012-11-24 10:53 - 2000-08-30 18:00 - 00080412 ____A C:\Windows\grep.exe

2012-11-24 10:53 - 2000-08-30 18:00 - 00068096 ____A C:\Windows\zip.exe

2012-11-24 10:48 - 2012-11-24 11:16 - 00000000 ____D C:\Qoobox

2012-11-24 10:47 - 2012-11-24 11:14 - 00000000 ____D C:\Windows\erdnt

2012-11-24 10:45 - 2012-11-24 10:42 - 05006466 ____R (Swearware) C:\Users\Kevin\Desktop\ComboFix.exe

2012-11-24 10:40 - 2012-11-24 10:40 - 00000960 ____A C:\Users\Public\Desktop\7-zip.lnk

2012-11-24 10:40 - 2012-11-24 10:40 - 00000960 ____A C:\Users\All Users\Desktop\7-zip.lnk

2012-11-24 10:40 - 2012-11-24 10:40 - 00000000 ____D C:\Program Files (x86)\7-zip

2012-11-24 10:37 - 2012-11-24 10:37 - 01639104 ____A (W3i, LLC) C:\Users\Kevin\Downloads\7zip_installer_d162802.exe

2012-11-24 10:31 - 2012-11-24 10:31 - 00275336 ____A C:\Windows\Minidump\112412-28470-01.dmp

2012-11-24 09:05 - 2012-11-24 09:05 - 00275336 ____A C:\Windows\Minidump\112412-29858-01.dmp

2012-11-23 20:59 - 2012-11-23 20:59 - 00031735 ____A C:\Users\Kevin\Desktop\attach.txt

2012-11-23 20:59 - 2012-11-23 20:59 - 00024825 ____A C:\Users\Kevin\Desktop\dds.txt

2012-11-23 20:57 - 2012-11-23 20:57 - 00688992 ____R (Swearware) C:\Users\Kevin\Desktop\dds.com

2012-11-23 20:57 - 2012-11-23 20:57 - 00688992 ____A (Swearware) C:\Users\Kevin\Downloads\dds.com

2012-11-23 20:53 - 2012-11-23 20:53 - 00688992 ____A (Swearware) C:\Users\Kevin\Downloads\dds.scr

2012-11-23 20:41 - 2012-11-23 20:41 - 00275336 ____A C:\Windows\Minidump\112312-29125-01.dmp

2012-11-23 20:38 - 2012-11-23 20:38 - 00275336 ____A C:\Windows\Minidump\112312-31496-01.dmp

2012-11-23 20:33 - 2012-11-23 20:33 - 00275336 ____A C:\Windows\Minidump\112312-36363-01.dmp

2012-11-23 20:03 - 2012-11-23 20:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-11-23 20:03 - 2012-11-23 20:03 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-11-23 20:03 - 2012-11-23 20:03 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2012-11-23 19:59 - 2012-11-23 20:01 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Kevin\Downloads\mbam-setup-1.65.1.1000.exe

2012-11-23 19:30 - 2012-11-23 19:30 - 00275336 ____A C:\Windows\Minidump\112312-29983-01.dmp

2012-11-23 19:26 - 2012-11-23 19:26 - 00275336 ____A C:\Windows\Minidump\112312-20108-01.dmp

2012-11-23 19:23 - 2012-11-23 19:23 - 00275336 ____A C:\Windows\Minidump\112312-23852-01.dmp

2012-11-23 18:40 - 2012-11-23 18:41 - 00275392 ____A C:\Windows\Minidump\112312-31964-01.dmp

2012-11-23 18:17 - 2012-11-23 18:17 - 00275392 ____A C:\Windows\Minidump\112312-36254-01.dmp

2012-11-23 18:09 - 2012-11-23 18:09 - 00275336 ____A C:\Windows\Minidump\112312-56082-01.dmp

2012-11-23 17:02 - 2012-11-23 17:02 - 00275336 ____A C:\Windows\Minidump\112312-30856-01.dmp

2012-11-22 22:59 - 2012-11-22 22:59 - 00275336 ____A C:\Windows\Minidump\112212-21699-01.dmp

2012-11-22 12:02 - 2012-11-23 19:15 - 00000181 ____A C:\Windows\wininit.ini

2012-11-21 21:01 - 2012-11-21 21:01 - 00000000 ____D C:\Users\All Users\McAfee Anti-Theft

2012-11-21 21:01 - 2012-11-21 21:01 - 00000000 ____D C:\Users\All Users\Application Data\McAfee Anti-Theft

2012-11-21 20:59 - 2012-11-21 20:59 - 00275336 ____A C:\Windows\Minidump\112112-32869-01.dmp

2012-11-20 19:26 - 2012-11-20 19:26 - 00000000 ____D C:\Users\Ryan\Desktop\mc-edit

2012-11-19 17:22 - 2012-11-19 17:22 - 00275392 ____A C:\Windows\Minidump\111912-19078-01.dmp

2012-11-17 10:41 - 2012-11-21 09:25 - 00000000 ____D C:\Users\Ryan\Desktop\factions1.4.5

2012-11-17 00:05 - 2012-11-24 10:22 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy

2012-11-17 00:05 - 2012-11-24 10:22 - 00000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy

2012-11-17 00:05 - 2012-11-17 00:07 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy

2012-11-17 00:05 - 2012-11-17 00:05 - 00001260 ____A C:\Users\Kevin\Desktop\Spybot - Search & Destroy.lnk

2012-11-16 15:47 - 2012-11-16 15:47 - 00000000 ____D C:\Users\Ryan\Desktop\roblox

2012-11-14 19:59 - 2012-07-25 22:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys

2012-11-14 19:59 - 2012-07-25 22:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys

2012-11-14 19:59 - 2012-07-25 20:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll

2012-11-14 19:59 - 2012-06-02 08:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

2012-11-14 19:55 - 2012-10-08 06:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-11-14 19:55 - 2012-10-08 05:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-11-14 19:55 - 2012-10-08 05:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-11-14 19:55 - 2012-10-08 05:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-11-14 19:55 - 2012-10-08 05:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-11-14 19:55 - 2012-10-08 05:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-11-14 19:55 - 2012-10-08 05:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-11-14 19:55 - 2012-10-08 05:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-11-14 19:55 - 2012-10-08 05:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-11-14 19:55 - 2012-10-08 05:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-11-14 19:55 - 2012-10-08 05:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-11-14 19:55 - 2012-10-08 05:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-11-14 19:55 - 2012-10-08 05:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-11-14 19:55 - 2012-10-08 05:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-11-14 19:55 - 2012-10-08 05:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-11-14 19:55 - 2012-10-08 05:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-11-14 19:55 - 2012-10-08 02:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-11-14 19:55 - 2012-10-08 02:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-11-14 19:55 - 2012-10-08 01:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-11-14 19:55 - 2012-10-08 01:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-11-14 19:55 - 2012-10-08 01:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-11-14 19:55 - 2012-10-08 01:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-11-14 19:55 - 2012-10-08 01:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-11-14 19:55 - 2012-10-08 01:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-11-14 19:55 - 2012-10-08 01:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-11-14 19:55 - 2012-10-08 01:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-11-14 19:55 - 2012-10-08 01:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2012-11-14 19:55 - 2012-10-08 01:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-11-14 19:55 - 2012-10-08 01:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-11-14 19:55 - 2012-10-08 01:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-11-14 19:55 - 2012-10-08 01:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-11-14 19:55 - 2012-10-08 01:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-11-14 19:53 - 2012-07-25 21:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll

2012-11-14 19:53 - 2012-07-25 21:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe

2012-11-14 19:53 - 2012-07-25 21:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll

2012-11-14 19:53 - 2012-07-25 21:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll

2012-11-14 19:53 - 2012-07-25 21:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll

2012-11-14 19:53 - 2012-07-25 20:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys

2012-11-14 19:53 - 2012-07-25 20:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys

2012-11-14 19:53 - 2012-06-02 08:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

2012-11-14 10:33 - 2012-10-18 12:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-11-14 10:33 - 2012-10-09 12:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll

2012-11-14 10:33 - 2012-10-09 12:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll

2012-11-14 10:33 - 2012-10-09 11:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll

2012-11-14 10:33 - 2012-10-09 11:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll

2012-11-14 10:33 - 2012-10-03 11:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-11-14 10:33 - 2012-10-03 11:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll

2012-11-14 10:33 - 2012-10-03 11:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll

2012-11-14 10:33 - 2012-10-03 11:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll

2012-11-14 10:33 - 2012-10-03 11:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll

2012-11-14 10:33 - 2012-10-03 11:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll

2012-11-14 10:33 - 2012-10-03 11:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll

2012-11-14 10:33 - 2012-10-03 10:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll

2012-11-14 10:33 - 2012-10-03 10:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2012-11-14 10:33 - 2012-10-03 10:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll

2012-11-14 10:33 - 2012-10-03 10:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys

2012-11-14 10:33 - 2012-09-25 16:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll

2012-11-14 10:33 - 2012-09-25 16:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll

2012-11-14 10:33 - 2012-01-13 01:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2012-11-10 12:24 - 2012-11-10 12:24 - 00025196 ____A C:\Users\Ryan\Downloads\hs_err_pid19140.log

2012-11-03 09:21 - 2012-11-03 09:21 - 00002727 ____A C:\Users\Ryan\.recently-used.xbel

2012-11-03 09:19 - 2012-11-03 09:19 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\{4D776D23-61D0-4DB1-944C-F2B0A998E4C8}

2012-11-03 09:19 - 2012-11-03 09:19 - 00000000 ____D C:\Users\Ryan\Local Settings\{4D776D23-61D0-4DB1-944C-F2B0A998E4C8}

2012-11-03 09:19 - 2012-11-03 09:19 - 00000000 ____D C:\Users\Ryan\AppData\Local\{4D776D23-61D0-4DB1-944C-F2B0A998E4C8}

2012-11-01 14:30 - 2012-11-01 15:10 - 00000000 ____D C:\Users\Ryan\Application Data\Google

2012-11-01 14:30 - 2012-11-01 15:10 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Google

2012-10-31 20:53 - 2012-11-10 15:59 - 00032332 ____A C:\Users\Public\Documents\Contacts.xlsx

2012-10-31 20:53 - 2012-11-10 15:59 - 00032332 ____A C:\Users\All Users\Documents\Contacts.xlsx

2012-10-30 08:05 - 2012-10-30 08:05 - 00275336 ____A C:\Windows\Minidump\103012-16395-01.dmp

2012-10-29 12:31 - 2012-10-29 12:31 - 00005347 ____A C:\Users\Ryan\My Documents\xD.wlmp

2012-10-29 12:31 - 2012-10-29 12:31 - 00005347 ____A C:\Users\Ryan\Documents\xD.wlmp

2012-10-29 12:28 - 2012-10-29 12:32 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\{3DBE31DA-234D-490B-B004-D5E5904F60FF}

2012-10-29 12:28 - 2012-10-29 12:32 - 00000000 ____D C:\Users\Ryan\Local Settings\{3DBE31DA-234D-490B-B004-D5E5904F60FF}

2012-10-29 12:28 - 2012-10-29 12:32 - 00000000 ____D C:\Users\Ryan\AppData\Local\{3DBE31DA-234D-490B-B004-D5E5904F60FF}

2012-10-29 12:28 - 2012-10-29 12:28 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\{490B9340-72EF-44C6-ADD5-F498084C4207}

2012-10-29 12:28 - 2012-10-29 12:28 - 00000000 ____D C:\Users\Ryan\Local Settings\{490B9340-72EF-44C6-ADD5-F498084C4207}

2012-10-29 12:28 - 2012-10-29 12:28 - 00000000 ____D C:\Users\Ryan\AppData\Local\{490B9340-72EF-44C6-ADD5-F498084C4207}

2012-10-29 10:41 - 2012-11-12 08:54 - 00000000 ____D C:\Users\Ryan\Desktop\server

2012-10-29 10:09 - 2012-10-29 10:09 - 00000000 ____A C:\Users\Ryan\Downloads\Reach The End.rar.wteotfn.partial

2012-10-29 09:56 - 2012-10-29 09:57 - 17353763 ____A C:\Users\Ryan\Desktop\Its Better Together V1.4.zip

2012-10-29 09:03 - 2012-11-20 20:14 - 00000000 ____D C:\Users\Ryan\Desktop\plugins

2012-10-29 09:03 - 2012-11-20 19:34 - 00000000 ____D C:\Users\Ryan\Desktop\old servers

2012-10-28 17:29 - 2012-10-28 17:29 - 00001698 ____A C:\Users\Ryan\Desktop\Inventor.exe - Shortcut.lnk

2012-10-27 10:10 - 2012-10-27 10:10 - 00000000 ____D C:\Users\Kevin\My Documents\Autoloader

2012-10-27 10:10 - 2012-10-27 10:10 - 00000000 ____D C:\Users\Kevin\Documents\Autoloader

2012-10-27 10:02 - 2012-10-27 10:03 - 00000000 ____D C:\Users\Allison\My Documents\Inventor

2012-10-27 10:02 - 2012-10-27 10:03 - 00000000 ____D C:\Users\Allison\Documents\Inventor

2012-10-27 10:01 - 2012-10-27 10:01 - 00000000 ____D C:\Users\Allison\My Documents\Autoloader

2012-10-27 10:01 - 2012-10-27 10:01 - 00000000 ____D C:\Users\Allison\Documents\Autoloader

2012-10-27 09:59 - 2012-10-27 10:04 - 00000000 ____D C:\Users\Allison\Application Data\Autodesk

2012-10-27 09:59 - 2012-10-27 10:04 - 00000000 ____D C:\Users\Allison\AppData\Roaming\Autodesk

2012-10-27 09:35 - 2012-10-27 09:35 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-10-27 09:35 - 2012-10-27 09:35 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk

2012-10-27 09:35 - 2012-08-21 11:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys

2012-10-27 09:34 - 2012-10-27 09:35 - 00000000 ____D C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-10-27 09:34 - 2012-10-27 09:35 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-10-27 09:34 - 2012-10-27 09:35 - 00000000 ____D C:\Program Files\iTunes

2012-10-27 09:34 - 2012-10-27 09:35 - 00000000 ____D C:\Program Files (x86)\iTunes

2012-10-27 09:34 - 2012-10-27 09:34 - 00000000 ____D C:\Program Files\iPod

2012-10-27 09:30 - 2012-10-27 09:30 - 00000000 ____D C:\Users\Jan\My Documents\Autoloader

2012-10-27 09:30 - 2012-10-27 09:30 - 00000000 ____D C:\Users\Jan\Documents\Autoloader

2012-10-27 09:26 - 2012-10-27 09:28 - 00000000 ____D C:\Users\Jan\My Documents\Inventor

2012-10-27 09:26 - 2012-10-27 09:28 - 00000000 ____D C:\Users\Jan\Documents\Inventor

2012-10-27 09:25 - 2012-10-27 09:30 - 00000000 ____D C:\Users\Jan\Application Data\Autodesk

2012-10-27 09:25 - 2012-10-27 09:30 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Autodesk

2012-10-25 21:49 - 2012-10-28 16:44 - 00000000 ____D C:\Users\Kevin\Application Data\System

2012-10-25 21:49 - 2012-10-28 16:44 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\System

2012-10-25 18:06 - 2012-10-25 18:06 - 00000000 ____D C:\Users\Ryan\Local Settings\Autodesk,_Inc

2012-10-25 18:06 - 2012-10-25 18:06 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\Autodesk,_Inc

2012-10-25 18:06 - 2012-10-25 18:06 - 00000000 ____D C:\Users\Ryan\AppData\Local\Autodesk,_Inc

2012-10-25 17:31 - 2012-10-25 17:31 - 00000000 ____D C:\Users\Ryan\Local Settings\Granta Design

2012-10-25 17:31 - 2012-10-25 17:31 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\Granta Design

2012-10-25 17:31 - 2012-10-25 17:31 - 00000000 ____D C:\Users\Ryan\AppData\Local\Granta Design

2012-10-25 17:29 - 2012-10-25 17:31 - 00000000 ____D C:\Users\Ryan\My Documents\Inventor

2012-10-25 17:29 - 2012-10-25 17:31 - 00000000 ____D C:\Users\Ryan\Documents\Inventor

2012-10-25 16:59 - 2012-10-27 10:12 - 00000000 ____D C:\Users\Kevin\My Documents\Inventor

2012-10-25 16:59 - 2012-10-27 10:12 - 00000000 ____D C:\Users\Kevin\Documents\Inventor

2012-10-25 16:57 - 2012-10-25 16:57 - 00000000 ____D C:\Users\Kevin\My Documents\Autodesk

2012-10-25 16:57 - 2012-10-25 16:57 - 00000000 ____D C:\Users\Kevin\Documents\Autodesk

2012-10-25 16:57 - 2012-10-25 16:57 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared

2012-10-25 16:54 - 2012-10-25 17:26 - 00000000 ____D C:\Users\Public\Documents\Autodesk

2012-10-25 16:54 - 2012-10-25 17:26 - 00000000 ____D C:\Users\All Users\Documents\Autodesk

2012-10-25 16:46 - 2012-10-25 17:26 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared

2012-10-25 16:46 - 2012-10-25 16:46 - 00000000 ____D C:\Program Files (x86)\DWG TrueView 2013

2012-10-25 16:45 - 2012-10-25 17:26 - 00000000 ____D C:\Program Files\Autodesk

2012-10-25 16:42 - 2012-10-25 16:42 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE

2012-10-25 16:27 - 2012-10-25 16:28 - 22231488 ____A C:\Users\Ryan\Downloads\Autodesk_Inventor_2013_English_Win_64bit_wi_en-US_Setup1.exe

2012-10-25 16:24 - 2012-10-25 16:25 - 22228664 ____A C:\Users\Ryan\Downloads\Autodesk_Inventor_2013_English_Win_32bit_wi_en-US_Setup1.exe

==================== One Month Modified Files and Folders =======

2012-11-24 21:51 - 2012-11-24 21:51 - 00000000 ____D C:\FRST

2012-11-24 20:47 - 2009-07-13 23:10 - 01151084 ____A C:\Windows\WindowsUpdate.log

2012-11-24 20:46 - 2012-08-28 18:30 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-11-24 20:46 - 2009-07-13 22:51 - 00132386 ____A C:\Windows\setupact.log

2012-11-24 20:45 - 2012-08-28 18:30 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-11-24 20:45 - 2011-12-11 13:47 - 00000000 __RSD C:\Users\Kevin\My Documents\McAfee Vaults

2012-11-24 20:45 - 2011-12-11 13:47 - 00000000 __RSD C:\Users\Kevin\Documents\McAfee Vaults

2012-11-24 20:45 - 2010-12-22 23:02 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks

2012-11-24 20:45 - 2010-12-22 23:02 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks

2012-11-24 20:45 - 2010-12-22 23:02 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks

2012-11-24 20:45 - 2010-12-22 23:02 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks

2012-11-24 20:45 - 2010-12-22 23:02 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks

2012-11-24 20:45 - 2010-12-22 23:02 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks

2012-11-24 20:45 - 2010-12-22 22:40 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup

2012-11-24 20:44 - 2011-04-17 21:07 - 00000422 ____A C:\Windows\Tasks\SystemToolsDailyTest.job

2012-11-24 20:38 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-11-24 20:38 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-11-24 20:30 - 2011-12-18 15:54 - 00000000 __RSD C:\Users\Allison\My Documents\McAfee Vaults

2012-11-24 20:30 - 2011-12-18 15:54 - 00000000 __RSD C:\Users\Allison\Documents\McAfee Vaults

2012-11-24 20:28 - 2010-12-23 00:31 - 00105634 ____A C:\Windows\PFRO.log

2012-11-24 20:28 - 2009-07-13 23:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-11-24 11:24 - 2012-11-24 11:24 - 00001215 ____A C:\Users\Kevin\Desktop\AdwCleaner[R1].txt

2012-11-24 11:24 - 2012-11-24 11:24 - 00001215 ____A C:\AdwCleaner[R1].txt

2012-11-24 11:21 - 2012-11-24 11:21 - 00480125 ____A C:\Users\Kevin\Desktop\adwcleaner.exe

2012-11-24 11:16 - 2012-11-24 11:18 - 00024464 ____A C:\Users\Kevin\Desktop\ComboFix.txt

2012-11-24 11:16 - 2012-11-24 11:16 - 00024464 ____A C:\ComboFix.txt

2012-11-24 11:16 - 2012-11-24 10:48 - 00000000 ____D C:\Qoobox

2012-11-24 11:14 - 2012-11-24 10:47 - 00000000 ____D C:\Windows\erdnt

2012-11-24 11:14 - 2009-07-13 20:34 - 00000215 ____A C:\Windows\system.ini

2012-11-24 10:42 - 2012-11-24 10:45 - 05006466 ____R (Swearware) C:\Users\Kevin\Desktop\ComboFix.exe

2012-11-24 10:40 - 2012-11-24 10:40 - 00000960 ____A C:\Users\Public\Desktop\7-zip.lnk

2012-11-24 10:40 - 2012-11-24 10:40 - 00000960 ____A C:\Users\All Users\Desktop\7-zip.lnk

2012-11-24 10:40 - 2012-11-24 10:40 - 00000000 ____D C:\Program Files (x86)\7-zip

2012-11-24 10:37 - 2012-11-24 10:37 - 01639104 ____A (W3i, LLC) C:\Users\Kevin\Downloads\7zip_installer_d162802.exe

2012-11-24 10:31 - 2012-11-24 10:31 - 00275336 ____A C:\Windows\Minidump\112412-28470-01.dmp

2012-11-24 10:31 - 2011-10-05 15:42 - 447978731 ____A C:\Windows\MEMORY.DMP

2012-11-24 10:31 - 2011-10-05 15:42 - 00000000 ____D C:\Windows\Minidump

2012-11-24 10:22 - 2012-11-17 00:05 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy

2012-11-24 10:22 - 2012-11-17 00:05 - 00000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy

2012-11-24 09:05 - 2012-11-24 09:05 - 00275336 ____A C:\Windows\Minidump\112412-29858-01.dmp

2012-11-23 21:12 - 2011-05-11 19:37 - 00000000 ____D C:\Users\Kevin\My Documents\Outlook Files

2012-11-23 21:12 - 2011-05-11 19:37 - 00000000 ____D C:\Users\Kevin\Documents\Outlook Files

2012-11-23 20:59 - 2012-11-23 20:59 - 00031735 ____A C:\Users\Kevin\Desktop\attach.txt

2012-11-23 20:59 - 2012-11-23 20:59 - 00024825 ____A C:\Users\Kevin\Desktop\dds.txt

2012-11-23 20:57 - 2012-11-23 20:57 - 00688992 ____R (Swearware) C:\Users\Kevin\Desktop\dds.com

2012-11-23 20:57 - 2012-11-23 20:57 - 00688992 ____A (Swearware) C:\Users\Kevin\Downloads\dds.com

2012-11-23 20:53 - 2012-11-23 20:53 - 00688992 ____A (Swearware) C:\Users\Kevin\Downloads\dds.scr

2012-11-23 20:41 - 2012-11-23 20:41 - 00275336 ____A C:\Windows\Minidump\112312-29125-01.dmp

2012-11-23 20:38 - 2012-11-23 20:38 - 00275336 ____A C:\Windows\Minidump\112312-31496-01.dmp

2012-11-23 20:33 - 2012-11-23 20:33 - 00275336 ____A C:\Windows\Minidump\112312-36363-01.dmp

2012-11-23 20:19 - 2012-09-23 16:14 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4167307642-361513427-4124430374-1003UA.job

2012-11-23 20:10 - 2012-03-30 21:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-11-23 20:04 - 2012-11-23 20:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-11-23 20:03 - 2012-11-23 20:03 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-11-23 20:03 - 2012-11-23 20:03 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2012-11-23 20:01 - 2012-11-23 19:59 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Kevin\Downloads\mbam-setup-1.65.1.1000.exe

2012-11-23 19:56 - 2011-03-06 14:21 - 00000000 ____D C:\Users\Kevin\My Documents\Kevin's stuff

2012-11-23 19:56 - 2011-03-06 14:21 - 00000000 ____D C:\Users\Kevin\Documents\Kevin's stuff

2012-11-23 19:53 - 2011-03-06 14:22 - 00000000 ____D C:\Users\Public\Documents\Ryan

2012-11-23 19:53 - 2011-03-06 14:22 - 00000000 ____D C:\Users\All Users\Documents\Ryan

2012-11-23 19:50 - 2011-10-23 14:42 - 00000000 ____D C:\Users\Allison\My Documents\Outlook Files

2012-11-23 19:50 - 2011-10-23 14:42 - 00000000 ____D C:\Users\Allison\Documents\Outlook Files

2012-11-23 19:30 - 2012-11-23 19:30 - 00275336 ____A C:\Windows\Minidump\112312-29983-01.dmp

2012-11-23 19:26 - 2012-11-23 19:26 - 00275336 ____A C:\Windows\Minidump\112312-20108-01.dmp

2012-11-23 19:23 - 2012-11-23 19:23 - 00275336 ____A C:\Windows\Minidump\112312-23852-01.dmp

2012-11-23 19:15 - 2012-11-22 12:02 - 00000181 ____A C:\Windows\wininit.ini

2012-11-23 18:56 - 2012-04-22 18:24 - 00000000 ____D C:\Users\Ryan\My Documents\Outlook Files

2012-11-23 18:56 - 2012-04-22 18:24 - 00000000 ____D C:\Users\Ryan\Documents\Outlook Files

2012-11-23 18:54 - 2011-05-11 20:06 - 00000000 ____D C:\Users\Jan\My Documents\Outlook Files

2012-11-23 18:54 - 2011-05-11 20:06 - 00000000 ____D C:\Users\Jan\Documents\Outlook Files

2012-11-23 18:41 - 2012-11-23 18:40 - 00275392 ____A C:\Windows\Minidump\112312-31964-01.dmp

2012-11-23 18:20 - 2011-12-11 16:14 - 00000000 __RSD C:\Users\Ryan\My Documents\McAfee Vaults

2012-11-23 18:20 - 2011-12-11 16:14 - 00000000 __RSD C:\Users\Ryan\Documents\McAfee Vaults

2012-11-23 18:17 - 2012-11-23 18:17 - 00275392 ____A C:\Windows\Minidump\112312-36254-01.dmp

2012-11-23 18:10 - 2011-12-11 13:50 - 00000000 __RSD C:\Users\Jan\My Documents\McAfee Vaults

2012-11-23 18:10 - 2011-12-11 13:50 - 00000000 __RSD C:\Users\Jan\Documents\McAfee Vaults

2012-11-23 18:09 - 2012-11-23 18:09 - 00275336 ____A C:\Windows\Minidump\112312-56082-01.dmp

2012-11-23 17:02 - 2012-11-23 17:02 - 00275336 ____A C:\Windows\Minidump\112312-30856-01.dmp

2012-11-22 22:59 - 2012-11-22 22:59 - 00275336 ____A C:\Windows\Minidump\112212-21699-01.dmp

2012-11-22 22:34 - 2011-03-06 13:59 - 00000000 ____D C:\Users\Kevin\My Documents\BACKUP

2012-11-22 22:34 - 2011-03-06 13:59 - 00000000 ____D C:\Users\Kevin\Documents\BACKUP

2012-11-22 21:24 - 2011-03-06 14:19 - 00000000 ____D C:\Users\Kevin\My Documents\Finances

2012-11-22 21:24 - 2011-03-06 14:19 - 00000000 ____D C:\Users\Kevin\Documents\Finances

2012-11-22 17:19 - 2012-09-23 16:14 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4167307642-361513427-4124430374-1003Core.job

2012-11-22 00:20 - 2011-01-29 20:55 - 00797354 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-11-21 21:01 - 2012-11-21 21:01 - 00000000 ____D C:\Users\All Users\McAfee Anti-Theft

2012-11-21 21:01 - 2012-11-21 21:01 - 00000000 ____D C:\Users\All Users\Application Data\McAfee Anti-Theft

2012-11-21 20:59 - 2012-11-21 20:59 - 00275336 ____A C:\Windows\Minidump\112112-32869-01.dmp

2012-11-21 20:53 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\sysprep

2012-11-21 20:51 - 2012-03-30 12:46 - 00000000 ____D C:\Users\Ryan\Application Data\Skype

2012-11-21 20:51 - 2012-03-30 12:46 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Skype

2012-11-21 09:26 - 2011-10-22 09:24 - 00000000 ____D C:\Users\Ryan\Application Data\.minecraft

2012-11-21 09:26 - 2011-10-22 09:24 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\.minecraft

2012-11-21 09:25 - 2012-11-17 10:41 - 00000000 ____D C:\Users\Ryan\Desktop\factions1.4.5

2012-11-20 20:14 - 2012-10-29 09:03 - 00000000 ____D C:\Users\Ryan\Desktop\plugins

2012-11-20 19:34 - 2012-10-29 09:03 - 00000000 ____D C:\Users\Ryan\Desktop\old servers

2012-11-20 19:26 - 2012-11-20 19:26 - 00000000 ____D C:\Users\Ryan\Desktop\mc-edit

2012-11-20 08:30 - 2011-10-24 11:58 - 00078848 __ASH C:\Users\Jan\My Documents\Thumbs.db

2012-11-20 08:30 - 2011-10-24 11:58 - 00078848 __ASH C:\Users\Jan\Documents\Thumbs.db

2012-11-19 17:22 - 2012-11-19 17:22 - 00275392 ____A C:\Windows\Minidump\111912-19078-01.dmp

2012-11-19 17:22 - 2009-07-13 23:08 - 00032584 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-11-19 08:03 - 2011-03-06 14:21 - 00000000 ____D C:\Users\Jan\My Documents\Christmas

2012-11-19 08:03 - 2011-03-06 14:21 - 00000000 ____D C:\Users\Jan\Documents\Christmas

2012-11-19 07:58 - 2012-05-28 12:59 - 00000000 ____D C:\Users\Public\Documents\Jan

2012-11-19 07:58 - 2012-05-28 12:59 - 00000000 ____D C:\Users\All Users\Documents\Jan

2012-11-19 07:58 - 2012-05-28 08:01 - 00000000 ____D C:\Users\Jan\My Documents\Shopping

2012-11-19 07:58 - 2012-05-28 08:01 - 00000000 ____D C:\Users\Jan\Documents\Shopping

2012-11-19 07:01 - 2011-04-17 21:07 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

2012-11-17 16:14 - 2012-07-14 20:08 - 00036455 ____A C:\Users\Public\Documents\Passwords.xlsx

2012-11-17 16:14 - 2012-07-14 20:08 - 00036455 ____A C:\Users\All Users\Documents\Passwords.xlsx

2012-11-17 13:57 - 2012-03-27 17:27 - 00000000 ____D C:\Users\Kevin\Application Data\Skype

2012-11-17 13:57 - 2012-03-27 17:27 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Skype

2012-11-17 13:57 - 2011-03-06 14:22 - 00000000 ____D C:\Users\Kevin\My Documents\Sports

2012-11-17 13:57 - 2011-03-06 14:22 - 00000000 ____D C:\Users\Kevin\Documents\Sports

2012-11-17 12:28 - 2012-10-08 13:30 - 00000000 ____D C:\Users\Ryan\Desktop\MC maps

2012-11-17 00:07 - 2012-11-17 00:05 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy

2012-11-17 00:05 - 2012-11-17 00:05 - 00001260 ____A C:\Users\Kevin\Desktop\Spybot - Search & Destroy.lnk

2012-11-16 15:47 - 2012-11-16 15:47 - 00000000 ____D C:\Users\Ryan\Desktop\roblox

2012-11-15 20:08 - 2010-12-30 12:31 - 00178016 ____A C:\Users\Allison\Local Settings\GDIPFONTCACHEV1.DAT

2012-11-15 20:08 - 2010-12-30 12:31 - 00178016 ____A C:\Users\Allison\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2012-11-15 20:08 - 2010-12-30 12:31 - 00178016 ____A C:\Users\Allison\AppData\Local\GDIPFONTCACHEV1.DAT

2012-11-15 19:43 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\NDF

2012-11-15 18:48 - 2011-03-06 14:17 - 00000000 ____D C:\Users\Kevin\My Documents\Coins

2012-11-15 18:48 - 2011-03-06 14:17 - 00000000 ____D C:\Users\Kevin\Documents\Coins

2012-11-15 18:37 - 2010-12-30 12:17 - 00178016 ____A C:\Users\Kevin\Local Settings\GDIPFONTCACHEV1.DAT

2012-11-15 18:37 - 2010-12-30 12:17 - 00178016 ____A C:\Users\Kevin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2012-11-15 18:37 - 2010-12-30 12:17 - 00178016 ____A C:\Users\Kevin\AppData\Local\GDIPFONTCACHEV1.DAT

2012-11-15 17:01 - 2010-12-30 12:35 - 00178016 ____A C:\Users\Ryan\Local Settings\GDIPFONTCACHEV1.DAT

2012-11-15 17:01 - 2010-12-30 12:35 - 00178016 ____A C:\Users\Ryan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2012-11-15 17:01 - 2010-12-30 12:35 - 00178016 ____A C:\Users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT

2012-11-15 10:44 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache

2012-11-15 09:08 - 2010-12-30 12:26 - 00178016 ____A C:\Users\Jan\Local Settings\GDIPFONTCACHEV1.DAT

2012-11-15 09:08 - 2010-12-30 12:26 - 00178016 ____A C:\Users\Jan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2012-11-15 09:08 - 2010-12-30 12:26 - 00178016 ____A C:\Users\Jan\AppData\Local\GDIPFONTCACHEV1.DAT

2012-11-15 09:07 - 2009-07-13 22:45 - 00575024 ____A C:\Windows\System32\FNTCACHE.DAT

2012-11-14 20:02 - 2011-01-29 22:28 - 00000000 ____D C:\Users\All Users\Microsoft Help

2012-11-14 20:02 - 2011-01-29 22:28 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help

2012-11-14 20:00 - 2009-07-13 23:13 - 00794138 ____A C:\Windows\System32\PerfStringBackup.INI

2012-11-14 19:54 - 2011-01-01 20:29 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-11-14 19:53 - 2009-07-13 20:34 - 00000478 ____A C:\Windows\win.ini

2012-11-14 19:36 - 2011-03-06 14:16 - 00000000 ____D C:\Users\Kevin\My Documents\Cars

2012-11-14 19:36 - 2011-03-06 14:16 - 00000000 ____D C:\Users\Kevin\Documents\Cars

2012-11-14 18:19 - 2012-10-08 13:26 - 00000000 ____D C:\Users\Ryan\Desktop\mods

2012-11-12 08:54 - 2012-10-29 10:41 - 00000000 ____D C:\Users\Ryan\Desktop\server

2012-11-10 15:59 - 2012-10-31 20:53 - 00032332 ____A C:\Users\Public\Documents\Contacts.xlsx

2012-11-10 15:59 - 2012-10-31 20:53 - 00032332 ____A C:\Users\All Users\Documents\Contacts.xlsx

2012-11-10 12:24 - 2012-11-10 12:24 - 00025196 ____A C:\Users\Ryan\Downloads\hs_err_pid19140.log

2012-11-10 00:06 - 2012-01-02 13:07 - 00000000 ____D C:\Users\Kevin\Local Settings\Garmin

2012-11-10 00:06 - 2012-01-02 13:07 - 00000000 ____D C:\Users\Kevin\Local Settings\Application Data\Garmin

2012-11-10 00:06 - 2012-01-02 13:07 - 00000000 ____D C:\Users\Kevin\AppData\Local\Garmin

2012-11-09 18:13 - 2012-06-23 10:31 - 00000000 ____D C:\Users\Ryan\Desktop\texture packs

2012-11-09 14:42 - 2012-09-23 17:58 - 00000000 ____D C:\Users\Ryan\Application Data\Autodesk

2012-11-09 14:42 - 2012-09-23 17:58 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Autodesk

2012-11-08 20:35 - 2012-08-28 18:30 - 00000000 ____D C:\Program Files (x86)\Google

2012-11-08 20:34 - 2012-08-28 18:30 - 00000000 ____D C:\Users\Kevin\Local Settings\Google

2012-11-08 20:34 - 2012-08-28 18:30 - 00000000 ____D C:\Users\Kevin\Local Settings\Application Data\Google

2012-11-08 20:34 - 2012-08-28 18:30 - 00000000 ____D C:\Users\Kevin\AppData\Local\Google

2012-11-08 20:31 - 2012-03-30 21:08 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-11-08 20:31 - 2011-05-19 18:52 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-11-08 20:31 - 2010-12-22 22:38 - 00000000 ____D C:\Users\All Users\Application Data\Adobe

2012-11-08 20:31 - 2010-12-22 22:38 - 00000000 ____D C:\Users\All Users\Adobe

2012-11-06 08:10 - 2010-12-22 22:41 - 00000000 ____D C:\Users\All Users\Skype

2012-11-06 08:10 - 2010-12-22 22:41 - 00000000 ____D C:\Users\All Users\Application Data\Skype

2012-11-04 14:20 - 2012-10-21 12:59 - 00000000 ____D C:\Users\Ryan\Desktop\movies

2012-11-03 09:21 - 2012-11-03 09:21 - 00002727 ____A C:\Users\Ryan\.recently-used.xbel

2012-11-03 09:21 - 2012-04-28 13:41 - 00000000 ____D C:\Users\Ryan\.gimp-2.6

2012-11-03 09:21 - 2010-12-30 12:35 - 00000000 ____D C:\users\Ryan

2012-11-03 09:19 - 2012-11-03 09:19 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\{4D776D23-61D0-4DB1-944C-F2B0A998E4C8}

2012-11-03 09:19 - 2012-11-03 09:19 - 00000000 ____D C:\Users\Ryan\Local Settings\{4D776D23-61D0-4DB1-944C-F2B0A998E4C8}

2012-11-03 09:19 - 2012-11-03 09:19 - 00000000 ____D C:\Users\Ryan\AppData\Local\{4D776D23-61D0-4DB1-944C-F2B0A998E4C8}

2012-11-03 09:19 - 2012-10-19 19:39 - 00000000 ____D C:\Users\Ryan\Local Settings\Windows Live

2012-11-03 09:19 - 2012-10-19 19:39 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\Windows Live

2012-11-03 09:19 - 2012-10-19 19:39 - 00000000 ____D C:\Users\Ryan\AppData\Local\Windows Live

2012-11-01 15:10 - 2012-11-01 14:30 - 00000000 ____D C:\Users\Ryan\Application Data\Google

2012-11-01 15:10 - 2012-11-01 14:30 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Google

2012-11-01 14:30 - 2012-08-30 08:26 - 00000000 ____D C:\Users\Ryan\Local Settings\Google

2012-11-01 14:30 - 2012-08-30 08:26 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\Google

2012-11-01 14:30 - 2012-08-30 08:26 - 00000000 ____D C:\Users\Ryan\AppData\Local\Google

2012-10-30 08:34 - 2012-10-08 13:31 - 00000000 ____D C:\Users\Ryan\Desktop\jar files

2012-10-30 08:05 - 2012-10-30 08:05 - 00275336 ____A C:\Windows\Minidump\103012-16395-01.dmp

2012-10-29 12:32 - 2012-10-29 12:28 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\{3DBE31DA-234D-490B-B004-D5E5904F60FF}

2012-10-29 12:32 - 2012-10-29 12:28 - 00000000 ____D C:\Users\Ryan\Local Settings\{3DBE31DA-234D-490B-B004-D5E5904F60FF}

2012-10-29 12:32 - 2012-10-29 12:28 - 00000000 ____D C:\Users\Ryan\AppData\Local\{3DBE31DA-234D-490B-B004-D5E5904F60FF}

2012-10-29 12:31 - 2012-10-29 12:31 - 00005347 ____A C:\Users\Ryan\My Documents\xD.wlmp

2012-10-29 12:31 - 2012-10-29 12:31 - 00005347 ____A C:\Users\Ryan\Documents\xD.wlmp

2012-10-29 12:28 - 2012-10-29 12:28 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\{490B9340-72EF-44C6-ADD5-F498084C4207}

2012-10-29 12:28 - 2012-10-29 12:28 - 00000000 ____D C:\Users\Ryan\Local Settings\{490B9340-72EF-44C6-ADD5-F498084C4207}

2012-10-29 12:28 - 2012-10-29 12:28 - 00000000 ____D C:\Users\Ryan\AppData\Local\{490B9340-72EF-44C6-ADD5-F498084C4207}

2012-10-29 10:09 - 2012-10-29 10:09 - 00000000 ____A C:\Users\Ryan\Downloads\Reach The End.rar.wteotfn.partial

2012-10-29 09:57 - 2012-10-29 09:56 - 17353763 ____A C:\Users\Ryan\Desktop\Its Better Together V1.4.zip

2012-10-28 21:15 - 2011-03-06 14:20 - 00000000 ____D C:\Users\Kevin\My Documents\Genealogy

2012-10-28 21:15 - 2011-03-06 14:20 - 00000000 ____D C:\Users\Kevin\Documents\Genealogy

2012-10-28 17:29 - 2012-10-28 17:29 - 00001698 ____A C:\Users\Ryan\Desktop\Inventor.exe - Shortcut.lnk

2012-10-28 17:29 - 2012-09-23 17:40 - 00000000 ____D C:\Users\All Users\Autodesk

2012-10-28 17:29 - 2012-09-23 17:40 - 00000000 ____D C:\Users\All Users\Application Data\Autodesk

2012-10-28 16:44 - 2012-10-25 21:49 - 00000000 ____D C:\Users\Kevin\Application Data\System

2012-10-28 16:44 - 2012-10-25 21:49 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\System

2012-10-27 10:12 - 2012-10-25 16:59 - 00000000 ____D C:\Users\Kevin\My Documents\Inventor

2012-10-27 10:12 - 2012-10-25 16:59 - 00000000 ____D C:\Users\Kevin\Documents\Inventor

2012-10-27 10:10 - 2012-10-27 10:10 - 00000000 ____D C:\Users\Kevin\My Documents\Autoloader

2012-10-27 10:10 - 2012-10-27 10:10 - 00000000 ____D C:\Users\Kevin\Documents\Autoloader

2012-10-27 10:10 - 2012-09-23 17:40 - 00000000 ____D C:\Users\Kevin\Application Data\Autodesk

2012-10-27 10:10 - 2012-09-23 17:40 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Autodesk

2012-10-27 10:09 - 2012-09-23 17:25 - 00000000 ____D C:\Users\Kevin\Local Settings\Autodesk

2012-10-27 10:09 - 2012-09-23 17:25 - 00000000 ____D C:\Users\Kevin\Local Settings\Application Data\Autodesk

2012-10-27 10:09 - 2012-09-23 17:25 - 00000000 ____D C:\Users\Kevin\AppData\Local\Autodesk

2012-10-27 10:04 - 2012-10-27 09:59 - 00000000 ____D C:\Users\Allison\Application Data\Autodesk

2012-10-27 10:04 - 2012-10-27 09:59 - 00000000 ____D C:\Users\Allison\AppData\Roaming\Autodesk

2012-10-27 10:04 - 2012-10-05 07:19 - 00000000 ____D C:\Users\Allison\Local Settings\Autodesk

2012-10-27 10:04 - 2012-10-05 07:19 - 00000000 ____D C:\Users\Allison\Local Settings\Application Data\Autodesk

2012-10-27 10:04 - 2012-10-05 07:19 - 00000000 ____D C:\Users\Allison\AppData\Local\Autodesk

2012-10-27 10:03 - 2012-10-27 10:02 - 00000000 ____D C:\Users\Allison\My Documents\Inventor

2012-10-27 10:03 - 2012-10-27 10:02 - 00000000 ____D C:\Users\Allison\Documents\Inventor

2012-10-27 10:01 - 2012-10-27 10:01 - 00000000 ____D C:\Users\Allison\My Documents\Autoloader

2012-10-27 10:01 - 2012-10-27 10:01 - 00000000 ____D C:\Users\Allison\Documents\Autoloader

2012-10-27 09:35 - 2012-10-27 09:35 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-10-27 09:35 - 2012-10-27 09:35 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk

2012-10-27 09:35 - 2012-10-27 09:34 - 00000000 ____D C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-10-27 09:35 - 2012-10-27 09:34 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-10-27 09:35 - 2012-10-27 09:34 - 00000000 ____D C:\Program Files\iTunes

2012-10-27 09:35 - 2012-10-27 09:34 - 00000000 ____D C:\Program Files (x86)\iTunes

2012-10-27 09:34 - 2012-10-27 09:34 - 00000000 ____D C:\Program Files\iPod

2012-10-27 09:30 - 2012-10-27 09:30 - 00000000 ____D C:\Users\Jan\My Documents\Autoloader

2012-10-27 09:30 - 2012-10-27 09:30 - 00000000 ____D C:\Users\Jan\Documents\Autoloader

2012-10-27 09:30 - 2012-10-27 09:25 - 00000000 ____D C:\Users\Jan\Application Data\Autodesk

2012-10-27 09:30 - 2012-10-27 09:25 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Autodesk

2012-10-27 09:29 - 2012-09-24 18:50 - 00000000 ____D C:\Users\Jan\Local Settings\Autodesk

2012-10-27 09:29 - 2012-09-24 18:50 - 00000000 ____D C:\Users\Jan\Local Settings\Application Data\Autodesk

2012-10-27 09:29 - 2012-09-24 18:50 - 00000000 ____D C:\Users\Jan\AppData\Local\Autodesk

2012-10-27 09:28 - 2012-10-27 09:26 - 00000000 ____D C:\Users\Jan\My Documents\Inventor

2012-10-27 09:28 - 2012-10-27 09:26 - 00000000 ____D C:\Users\Jan\Documents\Inventor

2012-10-26 12:52 - 2012-09-23 17:58 - 00000000 ____D C:\Users\Ryan\Local Settings\Autodesk

2012-10-26 12:52 - 2012-09-23 17:58 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\Autodesk

2012-10-26 12:52 - 2012-09-23 17:58 - 00000000 ____D C:\Users\Ryan\AppData\Local\Autodesk

2012-10-25 18:06 - 2012-10-25 18:06 - 00000000 ____D C:\Users\Ryan\Local Settings\Autodesk,_Inc

2012-10-25 18:06 - 2012-10-25 18:06 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\Autodesk,_Inc

2012-10-25 18:06 - 2012-10-25 18:06 - 00000000 ____D C:\Users\Ryan\AppData\Local\Autodesk,_Inc

2012-10-25 17:31 - 2012-10-25 17:31 - 00000000 ____D C:\Users\Ryan\Local Settings\Granta Design

2012-10-25 17:31 - 2012-10-25 17:31 - 00000000 ____D C:\Users\Ryan\Local Settings\Application Data\Granta Design

2012-10-25 17:31 - 2012-10-25 17:31 - 00000000 ____D C:\Users\Ryan\AppData\Local\Granta Design

2012-10-25 17:31 - 2012-10-25 17:29 - 00000000 ____D C:\Users\Ryan\My Documents\Inventor

2012-10-25 17:31 - 2012-10-25 17:29 - 00000000 ____D C:\Users\Ryan\Documents\Inventor

2012-10-25 17:26 - 2012-10-25 16:54 - 00000000 ____D C:\Users\Public\Documents\Autodesk

2012-10-25 17:26 - 2012-10-25 16:54 - 00000000 ____D C:\Users\All Users\Documents\Autodesk

2012-10-25 17:26 - 2012-10-25 16:46 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared

2012-10-25 17:26 - 2012-10-25 16:45 - 00000000 ____D C:\Program Files\Autodesk

2012-10-25 17:26 - 2012-09-23 17:49 - 00000000 ____D C:\Program Files (x86)\Autodesk

2012-10-25 16:57 - 2012-10-25 16:57 - 00000000 ____D C:\Users\Kevin\My Documents\Autodesk

2012-10-25 16:57 - 2012-10-25 16:57 - 00000000 ____D C:\Users\Kevin\Documents\Autodesk

2012-10-25 16:57 - 2012-10-25 16:57 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared

2012-10-25 16:46 - 2012-10-25 16:46 - 00000000 ____D C:\Program Files (x86)\DWG TrueView 2013

2012-10-25 16:42 - 2012-10-25 16:42 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE

2012-10-25 16:41 - 2010-12-22 22:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

2012-10-25 16:32 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2012-10-25 16:30 - 2012-09-23 17:24 - 00000000 ____D C:\Users\Kevin\Local Settings\Application Data\Akamai

2012-10-25 16:30 - 2012-09-23 17:24 - 00000000 ____D C:\Users\Kevin\Local Settings\Akamai

2012-10-25 16:30 - 2012-09-23 17:24 - 00000000 ____D C:\Users\Kevin\AppData\Local\Akamai

2012-10-25 16:28 - 2012-10-25 16:27 - 22231488 ____A C:\Users\Ryan\Downloads\Autodesk_Inventor_2013_English_Win_64bit_wi_en-US_Setup1.exe

2012-10-25 16:28 - 2012-09-23 17:26 - 00000000 ____D C:\Autodesk

2012-10-25 16:25 - 2012-10-25 16:24 - 22228664 ____A C:\Users\Ryan\Downloads\Autodesk_Inventor_2013_English_Win_32bit_wi_en-US_Setup1.exe

ATTENTION: ========> Check for possible partition/boot infection:

C:\Windows\svchost.exe

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-10 17:49:49

Restore point made on: 2012-11-14 19:52:38

Restore point made on: 2012-11-22 01:25:43

==================== Memory info ===========================

Percentage of memory in use: 10%

Total physical RAM: 8151.08 MB

Available physical RAM: 7303.76 MB

Total Pagefile: 8149.23 MB

Available Pagefile: 7293.82 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:793.05 GB) NTFS

7 Drive i: (USB20FD) (Removable) (Total:7.51 GB) (Free:7.5 GB) FAT32

8 Drive j: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.74 GB) NTFS ==>[system with boot components (obtained from reading drive)]

9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 931 GB 0 B

Disk 1 No Media 0 B 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 Online 7701 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 39 MB 31 KB

Partition 2 Primary 12 GB 40 MB

Partition 3 Primary 919 GB 12 GB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 8 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 J RECOVERY NTFS Partition 12 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 919 GB Healthy

=========================================================

Partitions of Disk 5:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

* Partition 1 Primary 7701 MB 0 B

==================================================================================

Disk: 5

There is no partition selected.

There is no partition selected.

Please select a partition and try again.

=========================================================

Last Boot: 2012-11-15 10:36

==================== End Of Log =============================

Link to post
Share on other sites

Thank you for your reply. Here is the result.txt from Listparts64:

ListParts by Farbar Version: 30-10-2012

Ran by Kevin (administrator) on 25-11-2012 at 09:25:06

Windows 7 (X64)

Running From: C:\Users\Kevin\Desktop

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 18%

Total physical RAM: 8151.08 MB

Available physical RAM: 6637.13 MB

Total Pagefile: 16300.35 MB

Available Pagefile: 14887.48 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:791.39 GB) NTFS

7 Drive v: (TI105957W0F) (Network) (Total:452.7 GB) (Free:395.91 GB) NTFS

8 Drive w: (TI105957W0F) (Network) (Total:452.7 GB) (Free:395.91 GB) NTFS

9 Drive x: (TI105957W0F) (Network) (Total:452.7 GB) (Free:395.91 GB) NTFS

10 Drive y: (TI105957W0F) (Network) (Total:452.7 GB) (Free:395.91 GB) NTFS

11 Drive z: (TI105957W0F) (Network) (Total:452.7 GB) (Free:395.91 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 931 GB 0 B

Disk 1 No Media 0 B 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 39 MB 31 KB

Partition 2 Primary 12 GB 40 MB

Partition 3 Primary 919 GB 12 GB

======================================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 RECOVERY NTFS Partition 12 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 919 GB Healthy Boot

======================================================================================================

****** End Of Log ******

Link to post
Share on other sites

Hey kk4flyer,

Please download Malwarebytes Anti-Rootkit here.

  • Unzip the contents to a folder on the Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as adminsistrator for Vista and Windows 7).
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Please post the two logs produced.

Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.

Link to post
Share on other sites

Thanks for your reply. Unfortunately, I can't even boot the computer now. When I power it up, I see the Dell startup screen, then it goes to a black screen with cursor blinking in upper left. And it stays there... forever. If I hit F2 as it boots, I get to the CMOS Setup Utility screen. If I hit F12 as it boots, I get to the boot device screen. Any ideas on how to get it to boot properly?

Link to post
Share on other sites

Good morning kk4flyer,

Please access the boot device screen and set boot from a CD as the first device.

Then, please read all these directions before proceeding.

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like ImgBurn that can burn an .ISO image. I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.

Be sure to read these:

Download Kaspersky Rescue Disk 10

How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?

How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?

  • Please go to a clean computer
  • Download the .iso image file.
  • Create a CD (or flash drive if you prefer).
  • On the infected computer: put the disk in the drive and reboot.

Follow the directions here, but you will find some differences.

Familiarise yourself with How to create a report file in Kaspersky Rescue Disk 10?

Then, please print the following directions:

Boot from Kaspersky Rescue Disk 10:

Restart your computer and put the disk in the drive while booting.

Press any key. A loading wizard will start (you will see the menu to select the required language). If you do not press any key in 10 seconds, the computer boots from hard drive automatically.

Select the required interface language using the arrow-keys on your keyboard.

Press the Enter key on the keyboard.

In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic Mode

Click Enter.

Click 'A' to accept the agreement.

Select operating system from dropdown menu (select Windows whatever).

Select Objects to scan: check Disk boot sectors, Hidden startup objects, C:

Click My Update Center and update.

Back to other tab and click Start Object Scan.

When scan has completed save a report:

On the upper part of the Kaspersky Rescue Disk window, click on the Report link.

On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.

On the upper right hand corner of the Detailed report window, click on the Save button.

After clicking Detailed Report and 'SAVE', a browse window opens.

Double-click on the \

Click 'disks'.

All your drives will be shown and you can easily double-click C and save the report to C:\KasperskyRescueDisk10.txt.

Click on the Save button.

The report has been saved to the file.

Remove the disk from the drive (or disconnect USB) and reboot normally.

Link to post
Share on other sites

Oops that didn't work. Here is the log:<pre style='color:#141312;background-color:#ffffff;'>

Objects Scan: completed 2 minutes ago (events: 92, objects: 2750181, time: 08:13:32)

11/27/12 4:59 PM Task completed

11/27/12 4:59 PM Untreated: Rootkit.Boot.Pihar.c /dev/sda Skipped by user

11/27/12 4:59 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/27/12 4:59 PM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp Skipped by user

11/27/12 4:59 PM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp

11/27/12 4:59 PM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp Skipped by user

11/27/12 4:59 PM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp

11/27/12 4:59 PM Untreated: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Skipped by user

11/27/12 4:59 PM Detected: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS Skipped by user

11/27/12 4:59 PM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS

11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS Skipped by user

11/27/12 4:59 PM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS

11/27/12 4:59 PM Untreated: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir Skipped by user

11/27/12 4:59 PM Detected: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir

11/27/12 4:59 PM Untreated: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir Skipped by user

11/27/12 4:59 PM Detected: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir

11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Skipped by user

11/27/12 4:59 PM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS

11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Skipped by user

11/27/12 4:59 PM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS

11/27/12 4:59 PM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Skipped by user

11/27/12 4:59 PM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp

11/27/12 4:59 PM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Skipped by user

11/27/12 4:59 PM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp

11/27/12 4:59 PM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Skipped by user

11/27/12 4:59 PM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Skipped by user

11/27/12 4:58 PM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS

11/27/12 4:58 PM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Skipped by user

11/27/12 12:27 PM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS

11/27/12 11:22 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed

11/27/12 11:22 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/27/12 11:21 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed

11/27/12 11:21 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp

11/27/12 11:21 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed

11/27/12 11:21 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp

11/27/12 11:20 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed

11/27/12 11:20 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/27/12 11:13 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed

11/27/12 11:13 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/27/12 11:12 AM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed

11/27/12 11:12 AM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp

11/27/12 11:12 AM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed

11/27/12 11:12 AM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp

11/27/12 11:12 AM Untreated: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed

11/27/12 11:12 AM Detected: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/27/12 10:41 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Postponed

11/27/12 10:41 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS

11/27/12 10:41 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Postponed

11/27/12 10:41 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS

11/27/12 10:41 AM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS Postponed

11/27/12 10:41 AM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS Postponed

11/27/12 10:41 AM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS

11/27/12 10:41 AM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS

11/27/12 10:41 AM Untreated: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir Postponed

11/27/12 10:41 AM Untreated: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir Postponed

11/27/12 10:41 AM Detected: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir

11/27/12 10:41 AM Detected: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir

11/27/12 10:34 AM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Postponed

11/27/12 10:34 AM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Postponed

11/27/12 10:34 AM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS

11/27/12 10:34 AM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS

11/27/12 10:03 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed

11/27/12 10:03 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/27/12 10:02 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed

11/27/12 10:02 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp

11/27/12 10:02 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed

11/27/12 10:02 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp

11/27/12 10:01 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed

11/27/12 10:01 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/27/12 9:58 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed

11/27/12 9:58 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/27/12 9:57 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed

11/27/12 9:57 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp

11/27/12 9:57 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed

11/27/12 9:57 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp

11/27/12 9:57 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed

11/27/12 9:57 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/27/12 9:24 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Postponed

11/27/12 9:24 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Postponed

11/27/12 9:24 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS

11/27/12 9:24 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS

11/27/12 9:19 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor OTHER.idz Read error

11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/3rdParty/NET/4/wcu/dotNetFramework/dotNetFx40_Full_x86_x64.exe Read error

11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor ANSI.idz Read error

11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor GOST.idz Read error

11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor ANSI.idz/AI2013_Inventor ANSI Read error

11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/3rdParty/NET/4/wcu/dotNetFramework/dotNetFx40_Full_x86_x64.exe/netfx_Core.mzz Read error

11/27/12 8:46 AM Untreated: Rootkit.Boot.Pihar.c /dev/sda Postponed

11/27/12 8:46 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/27/12 8:46 AM Task started

</pre>

Link to post
Share on other sites

OK, here's the new log from the RescueDisk. Looks like it appended today's results onto yesterday's results.

By the way, when I used Kaspersky's web browser to upload this log, it appeared to get redirected once.

<pre style='color:#141312;background-color:#ffffff;'>

Objects Scan: completed 1 day ago (events: 92, objects: 2750181, time: 08:13:32)

11/27/12 4:59 PM Task completed

11/27/12 4:59 PM Untreated: Rootkit.Boot.Pihar.c /dev/sda Skipped by user

11/27/12 4:59 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/27/12 4:59 PM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp Skipped by user

11/27/12 4:59 PM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp

11/27/12 4:59 PM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp Skipped by user

11/27/12 4:59 PM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp

11/27/12 4:59 PM Untreated: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Skipped by user

11/27/12 4:59 PM Detected: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS Skipped by user

11/27/12 4:59 PM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS

11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS Skipped by user

11/27/12 4:59 PM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS

11/27/12 4:59 PM Untreated: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir Skipped by user

11/27/12 4:59 PM Detected: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir

11/27/12 4:59 PM Untreated: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir Skipped by user

11/27/12 4:59 PM Detected: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir

11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Skipped by user

11/27/12 4:59 PM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS

11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Skipped by user

11/27/12 4:59 PM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS

11/27/12 4:59 PM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Skipped by user

11/27/12 4:59 PM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp

11/27/12 4:59 PM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Skipped by user

11/27/12 4:59 PM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp

11/27/12 4:59 PM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Skipped by user

11/27/12 4:59 PM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/27/12 4:59 PM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Skipped by user

11/27/12 4:58 PM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS

11/27/12 4:58 PM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Skipped by user

11/27/12 12:27 PM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS

11/27/12 11:22 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed

11/27/12 11:22 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/27/12 11:21 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed

11/27/12 11:21 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp

11/27/12 11:21 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed

11/27/12 11:21 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp

11/27/12 11:20 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed

11/27/12 11:20 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/27/12 11:13 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed

11/27/12 11:13 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/27/12 11:12 AM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed

11/27/12 11:12 AM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp

11/27/12 11:12 AM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed

11/27/12 11:12 AM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp

11/27/12 11:12 AM Untreated: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed

11/27/12 11:12 AM Detected: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/27/12 10:41 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Postponed

11/27/12 10:41 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS

11/27/12 10:41 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Postponed

11/27/12 10:41 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS

11/27/12 10:41 AM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS Postponed

11/27/12 10:41 AM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS Postponed

11/27/12 10:41 AM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS

11/27/12 10:41 AM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS

11/27/12 10:41 AM Untreated: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir Postponed

11/27/12 10:41 AM Untreated: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir Postponed

11/27/12 10:41 AM Detected: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir

11/27/12 10:41 AM Detected: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir

11/27/12 10:34 AM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Postponed

11/27/12 10:34 AM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Postponed

11/27/12 10:34 AM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS

11/27/12 10:34 AM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS

11/27/12 10:03 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed

11/27/12 10:03 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/27/12 10:02 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed

11/27/12 10:02 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp

11/27/12 10:02 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed

11/27/12 10:02 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp

11/27/12 10:01 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed

11/27/12 10:01 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/27/12 9:58 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed

11/27/12 9:58 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/27/12 9:57 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed

11/27/12 9:57 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp

11/27/12 9:57 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed

11/27/12 9:57 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp

11/27/12 9:57 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed

11/27/12 9:57 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/27/12 9:24 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Postponed

11/27/12 9:24 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Postponed

11/27/12 9:24 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS

11/27/12 9:24 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS

11/27/12 9:19 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor OTHER.idz Read error

11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/3rdParty/NET/4/wcu/dotNetFramework/dotNetFx40_Full_x86_x64.exe Read error

11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor ANSI.idz Read error

11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor GOST.idz Read error

11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor ANSI.idz/AI2013_Inventor ANSI Read error

11/27/12 9:17 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/3rdParty/NET/4/wcu/dotNetFramework/dotNetFx40_Full_x86_x64.exe/netfx_Core.mzz Read error

11/27/12 8:46 AM Untreated: Rootkit.Boot.Pihar.c /dev/sda Postponed

11/27/12 8:46 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/27/12 8:46 AM Task started

Objects Scan: completed 1 minute ago (events: 382, objects: 2750183, time: 07:38:58)

11/28/12 5:44 PM Task completed

11/28/12 5:44 PM Untreated: Rootkit.Boot.Pihar.c /dev/sda Skipped by user

11/28/12 5:44 PM Untreated: Rootkit.Boot.Pihar.c /dev/sda Cannot be disinfected

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 5:44 PM Deleted: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir

11/28/12 5:44 PM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS

11/28/12 5:44 PM Deleted: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir

11/28/12 5:44 PM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS

11/28/12 5:44 PM Deleted: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir

11/28/12 5:44 PM Detected: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir

11/28/12 5:44 PM Deleted: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir

11/28/12 5:44 PM Detected: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir

11/28/12 5:44 PM Deleted: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp

11/28/12 5:43 PM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp

11/28/12 5:43 PM Deleted: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp

11/28/12 5:43 PM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp

11/28/12 5:42 PM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/28/12 5:42 PM Deleted: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp

11/28/12 5:41 PM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS

11/28/12 5:41 PM Deleted: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp

11/28/12 1:45 PM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS

11/28/12 12:41 PM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed

11/28/12 12:41 PM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/28/12 12:40 PM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed

11/28/12 12:40 PM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp

11/28/12 12:40 PM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed

11/28/12 12:40 PM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp

11/28/12 12:40 PM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed

11/28/12 12:40 PM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/28/12 12:32 PM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed

11/28/12 12:32 PM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/28/12 12:31 PM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed

11/28/12 12:31 PM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/1EF6.tmp

11/28/12 12:31 PM Untreated: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed

11/28/12 12:31 PM Detected: Trojan.Win32.TDSS.itpc C:/Users/Kevin/AppData/Local/Temp/80D.tmp

11/28/12 12:31 PM Untreated: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed

11/28/12 12:31 PM Detected: HEUR:Trojan.Script.Generic C:/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/28/12 12:00 PM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Postponed

11/28/12 12:00 PM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS

11/28/12 12:00 PM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Postponed

11/28/12 12:00 PM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS

11/28/12 12:00 PM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS Postponed

11/28/12 12:00 PM Untreated: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS Postponed

11/28/12 12:00 PM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C760.tmp.vir/MPRESS

11/28/12 12:00 PM Detected: Trojan.Win64.TDSS.d C:/Qoobox/Quarantine/C/ProgramData/Microsoft/Windows/DRM/C761.tmp.vir/MPRESS

11/28/12 12:00 PM Untreated: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir Postponed

11/28/12 12:00 PM Untreated: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir Postponed

11/28/12 12:00 PM Detected: Backdoor.Win32.ZAccess.zku C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000064.@.vir

11/28/12 12:00 PM Detected: Trojan.Win32.Genome.ailnk C:/Qoobox/Quarantine/C/$Recycle.Bin/S-1-5-21-4167307642-361513427-4124430374-1000/$55078b485655604d8e4628f9ed38b6c2/U/80000000.@.vir

11/28/12 11:53 AM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Postponed

11/28/12 11:53 AM Untreated: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Postponed

11/28/12 11:53 AM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS

11/28/12 11:53 AM Detected: Trojan.Win64.TDSS.d C:/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS

11/28/12 11:22 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed

11/28/12 11:22 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/28/12 11:21 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed

11/28/12 11:21 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp

11/28/12 11:21 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed

11/28/12 11:21 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp

11/28/12 11:21 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed

11/28/12 11:21 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/28/12 11:17 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed

11/28/12 11:17 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/28/12 11:16 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp Postponed

11/28/12 11:16 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/80D.tmp

11/28/12 11:16 AM Untreated: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp Postponed

11/28/12 11:16 AM Detected: Trojan.Win32.TDSS.itpc /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Temp/1EF6.tmp

11/28/12 11:16 AM Untreated: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm Postponed

11/28/12 11:16 AM Detected: HEUR:Trojan.Script.Generic /mnt/MountedDevices/PD-77E3ED41-0000000312600000/Users/Kevin/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/S1AIY5ZJ/malwarebytes[1].htm

11/28/12 10:43 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS Postponed

11/28/12 10:43 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/770.tmp/MPRESS

11/28/12 10:43 AM Untreated: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS Postponed

11/28/12 10:43 AM Detected: Trojan.Win64.TDSS.d /mnt/MountedDevices/PD-77E3ED41-0000000312600000/ProgramData/Microsoft/Windows/DRM/760.tmp/MPRESS

11/28/12 10:38 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor OTHER.idz Read error

11/28/12 10:37 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/3rdParty/NET/4/wcu/dotNetFramework/dotNetFx40_Full_x86_x64.exe Read error

11/28/12 10:37 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor ANSI.idz Read error

11/28/12 10:37 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor ANSI.idz/AI2013_Inventor ANSI Read error

11/28/12 10:37 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor GOST.idz Read error

11/28/12 10:37 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/3rdParty/NET/4/wcu/dotNetFramework/dotNetFx40_Full_x86_x64.exe/netfx_Core.mzz Read error

11/28/12 10:06 AM Untreated: Rootkit.Boot.Pihar.c /dev/sda Postponed

11/28/12 10:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

11/28/12 10:06 AM Task started

</pre>

Link to post
Share on other sites

Hello kk4flyer,

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & xPUD to the Desktop of your clean computer

  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your hard drive
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • If you don't see sdb1:
    • Click on the Tool menu, and then click on Open Terminal
    • In the Terminal window that opens, copy/paste each of the following lines, pressing enter after each one:
      [xcode]mkdir /mnt/sdb1
      mount /dev/sdb1 /mnt/sdb1[/xcode]
    • Close the Terminal window.

    [*]Confirm that you see driver.sh that you downloaded there

    [*]Press Tool at the top

    [*]Choose Open Terminal

    [*]Type bash driver.sh

    [*]Press Enter

    [*]After it has finished a report will be located on your USB drive named report.txt

    [*]Remove the USB drive and insert back in your working computer and navigate to report.txt

    Note: All text entries are case sensitive.

Copy and paste the report.txt for my review.

Link to post
Share on other sites

Not good news, TheDarkKnight! I built the USB drive as directed and booted from it. I saw the xPUD language screen, chose English, but then it failed before it got to the next screen, so I couldn't follow the rest of your directions. Here is the text from the xPUD failure (I re-typed it, as I couldn't figure out how to get it off the sick computer):

Current Operating System: Linux (none) 2.6.31.2 #5 SMP Mon Dec 7 11:56:35 UTC 2009 i686

Kernel command line: noisapnp quiet initrd=/opt/media lang=en kmap=us BOOT_IMAGE=/boot/xpud

Build Date: 26 October 2009 05:15:02PM

xorg-server 2:1.6.4-2ubuntu4 (buildd@)

Before reporting problems, check http://wiki.x.org

To make sure that you have the latest version.

Markers: (--) probed, (**) from config file, (==) default setting,

(++) from command line, (!!) notice, (II) informational,

(WW) warning, (EE) error, (NI) not implemented, (??) unknown.

(==) Log file: “/var/log/Xorg.0.log”, Time: Fri Nov 30 00:25:05 2012

(==) Using config file: “/etc/X11.xorg.conf”

(EE) No devices detected.

Fatal server error:

no screens found

Please consult the The X.Org Foundation support

at http://wiki.x.org

for help.

Please also check the log file at “/var/log/Xorg.0.log” for additional information.

ddxSigGiveUp: Closing log

[ 7.616898] sd 7:0:0:0: [sdf] Assuming drive cache: write through

[ 7.620062] sd 7:0:0:0: [sdf] Assuming drive cache: write through

[ 8.324030] sd 7:0:0:0: [sdf] Assuming drive cache: write through

giving up

xinit: No such file or directory (errno 2): unable to connect to X server

xinit: No such process (errno 3): Server error.

Xauth: (argv):1: bad display name “(none):0” in “remove” command

Sh: no job control in this shell

Sh-4.0#

I don't know what it was trying to do, or why it failed. I downloaded the files several times, to make sure I didn't just have a corrupted file, but got same results.

Link to post
Share on other sites

Hello kk4flyer,

Try this please instead. You will need a USB drive.

Download http://unetbootin.so...dows-latest.exe & http://noahdfear.net.../xpud-0.9.2.iso to the Desktop of your clean computer.

  • Insert your USB drive.
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format.
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded.
  • Press Run then OK.
  • It will install a little bootable OS on your USB.
  • After it has completed do not choose to reboot the clean computer simply close the installer.
  • Download xPUDtestdisk.exe and save it to the USB device.
  • Double click xPUDtestdisk.exe to extract the contents to your USB device.
  • Remove the USB and insert it in the sick computer.
  • Boot the Sick computer.
  • Press F12 and choose to boot from the USB.
  • Follow the prompts.
  • A Welcome to xPUD screen will appear.
  • Press File.
  • Expand mnt.
  • sda1,2...usually corresponds to your HDD.
  • sdb1 is likely your USB.
  • Click on the folder that represents your USB drive (sdb1).
  • Press Tool at the top.
  • Choose Open Terminal.
  • Type testdisk/testdisk_static.
  • Press Enter.
    • The TestDisk command window will open.
    • Choose Create and press Enter.
    • TestDisk will now detect all local hard drives.
    • Use the arrow (up and down) keys to highlight the disk called /dev/sda if it represents your primary hard drive and press Enter.
    • If your not sure then note everything you see and post it for my review.
    • Select Intel (even if you have an AMD processor) and press Enter.
    • Select Advanced and press Enter.
    • Select [boot] and press Enter.
    • Select [Dump] and press Enter.
    • Select [Quit] to exit.

    [*]A log will be created in the root of the usb device.

    [*]Remove the USB drive and insert back in your working computer.

    Please note - all text entries are case sensitive.

Copy and paste the resultant log for my review.

Link to post
Share on other sites

Same results as last attempt. I built the USB drive as directed and booted from it. I saw the xPUD language screen, chose English, but then it failed before it got to the next screen, so I couldn't follow the rest of your directions. Here is the text from the xPUD failure (I re-typed it, as I couldn't figure out how to get it off the sick computer):

Current Operating System: Linux (none) 2.6.31.2 #5 SMP Mon Dec 7 11:56:35 UTC 2009 i686

Kernel command line: noisapnp quiet initrd=/opt/media lang=en kmap=us BOOT_IMAGE=/boot/xpud

Build Date: 26 October 2009 05:15:02PM

xorg-server 2:1.6.4-2ubuntu4 (buildd@)

Before reporting problems, check http://wiki.x.org

To make sure that you have the latest version.

Markers: (--) probed, (**) from config file, (==) default setting,

(++) from command line, (!!) notice, (II) informational,

(WW) warning, (EE) error, (NI) not implemented, (??) unknown.

(==) Log file: “/var/log/Xorg.0.log”, Time: Fri Nov 30 00:25:05 2012

(==) Using config file: “/etc/X11.xorg.conf”

(EE) No devices detected.

Fatal server error:

no screens found

Please consult the The X.Org Foundation support

at http://wiki.x.org

for help.

Please also check the log file at “/var/log/Xorg.0.log” for additional information.

ddxSigGiveUp: Closing log

[ 7.948164] sd 7:0:0:0: [sdf] Assuming drive cache: write through

[ 7.951560] sd 7:0:0:0: [sdf] Assuming drive cache: write through

[ 8.653775] sd 7:0:0:0: [sdf] Assuming drive cache: write through

giving up.

xinit: No such file or directory (errno 2 ): unable to connect to X server

xinit: No such process (errno 3): Server error.

Xauth: (argv):1: bad display name “(none):0” in “remove” command

Sh: no job control in this shell

Sh-4.0#

Link to post
Share on other sites

Hey kk4flyer,

My apologies for the delay.

I consulted the developer of this tool regarding your errors and it is because you have unsupported hardware. Please try my second post, but on the flash drive please also have these extra drivers downloaded:

http://mesrss.free.fr/xpud/opt/driver.opt

Link to post
Share on other sites

Thanks, but I couldn't download that file. When I clicked the link I got the following error from Internet Explorer: "Unable to download pldumpit.ndf from noahdfear.net. Unable to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later."

I typed the URL in manually and got the same error.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.