TechSpot

Win64/sirefef.y problem

By Throttle
Jun 10, 2012
  1. Hi
    I currently have win64/sirefef.y virus on my Windows 7 MSE detects it but I get the critical error 60 second message and the pc just reboots before I get chance too let MSE too finish cleaning it,
    Im getting the exact same problem in safe mode and windows repair has no luck fixing the problem either.

    I do have Windows vista installed aswell as Windows 7 on my pc so I could gain access too the windows 7 folders through using Vista if that any help too getting rid of it ?
    I have tried virus checkers and malware programs from vista but on scanning the drive that windows 7 is installed on yet even though it finds various stuff and fixes them it doesn't seem to find and get rid of the sirefef problem..
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================================================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  3. Throttle

    Throttle TS Rookie Topic Starter Posts: 34

    Hi Broni

    Thanks for your help :) as I mentioned initially I have both Windows 7 and Vista installed so I have dual boot setup where I select the windows edition during start up.
    I have selected Windows 7 and went into system recovery console and run frst.exe but when I returned to Vista too reply I noticed the notepad.txt was related too vista and not windows 7 which I have tried 3 times and seem to get info related too Vista and not windows 7 which im definitely selecting :confused:

    Here is the start of the notepad.txt

    Scan result of Farbar Recovery Scan Tool Version: 09-06-2012
    Ran by SYSTEM at 11-06-2012 01:45:40
    Running from I:\
    Windows Vista (TM) Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ATTENTION!:=====> THE OPERATING SYSTEM IS A X86 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X64 SYSTEM DISK.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Are both OSes located on a same disk (different partitions) or on separate disks?
     
  5. Throttle

    Throttle TS Rookie Topic Starter Posts: 34

    They are both on the same disk which is partitioned.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Is your Windows 7 32-bit or 64-bit?
     
  7. Throttle

    Throttle TS Rookie Topic Starter Posts: 34

    It Is the Windows 7 64-bit edition
     
  8. Broni

    Broni Malware Annihilator Posts: 52,892   +344

  9. Throttle

    Throttle TS Rookie Topic Starter Posts: 34

    Hi
    I managed too disable dual boot and got following txt below from frst64 run in safe mode luckly just before computer rebooted :)
    I try f8 too go too repair options and just seem too get moved too the start windows normally or launch auto repair now :confused:

    Scan result of Farbar Recovery Scan Tool Version: 09-06-2012
    Ran by Dave at 11-06-2012 18:01:02
    Running from I:\
    Service Pack 1 (X64) OS Language: English(US)
    Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.
    ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.
    ========================== Registry (Whitelisted) =============
    HKU\Jenny\...\Run: [Google Update] "C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-11-05] (Google Inc.)
    HKU\Jenny\...\Run: [EPSON Stylus DX6000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBIE.EXE /FU "C:\Windows\TEMP\E_SF7A.tmp" /EF "HKCU" [139264 2006-09-22] (SEIKO EPSON CORPORATION)
    HKLM\...\Winlogon: [Userinit]
    HKLM-x32\...\Winlogon: [Userinit] [x]
    HKLM\...\Winlogon: [Shell] [x ] ()
    HKLM-x32\...\Winlogon: [Shell] [x ] ()
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
    ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
    ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
    Startup: C:\Users\Dave\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    ==================== Services (Whitelisted) ======

    ========================== Drivers (Whitelisted) =============

    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============
    2012-06-11 17:34 - 2012-06-11 18:01 - 00000000 ____D C:\FRST
    2012-06-10 21:45 - 2012-06-10 21:33 - 00000186 ____A C:\Users\Dave\Desktop\Licence key.txt
    2012-06-10 17:11 - 2012-06-12 02:29 - 00000000 ___SD C:\32788R22FWJFW
    2012-06-09 14:53 - 2012-06-12 02:28 - 00000000 ____D C:\Windows Loader
    2012-06-09 14:41 - 2012-06-09 14:42 - 00136808 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_14.41.47_log.txt
    2012-06-09 14:39 - 2012-06-09 14:39 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-06-09 14:38 - 2012-06-09 14:40 - 00243538 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_14.38.25_log.txt
    2012-06-08 17:39 - 2012-06-08 17:39 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-08 17:39 - 2012-06-08 17:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-08 01:04 - 2012-06-12 02:27 - 00000000 ____D C:\Users\Dave\Documents\GameFly
    2012-06-08 01:04 - 2012-06-08 16:53 - 00000000 ____D C:\Program Files (x86)\GameFly
    2012-06-08 01:04 - 2012-06-08 01:04 - 00001106 ____A C:\Program Files (x86)\InstLog.txt
    2012-06-08 01:04 - 2012-06-08 01:04 - 00000000 ____D C:\Users\Dave\AppData\Roaming\GameFly
    2012-06-08 00:39 - 2012-06-12 02:26 - 00000000 ____D C:\Users\Dave\AppData\Local\Mozilla
    2012-06-08 00:38 - 2012-06-08 00:38 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-06-08 00:38 - 2012-06-08 00:38 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-06-08 00:38 - 2012-06-08 00:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-06-08 00:38 - 2012-06-08 00:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-06-07 20:56 - 2012-06-05 15:29 - 733769728 ____A C:\Users\Dave\Desktop\RESCUERS 2.avi
    2012-06-07 15:41 - 2012-06-07 15:41 - 00000000 ____D C:\Users\Dave\Documents\Rockstar Games
    2012-06-07 15:41 - 2012-06-07 15:41 - 00000000 ____D C:\Users\Dave\AppData\Local\Chromium
    2012-06-07 14:50 - 2012-06-07 15:37 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
    2012-06-07 14:50 - 2012-06-07 14:50 - 00000000 ____D C:\Users\All Users\Rockstar Games
    2012-06-07 09:49 - 2012-06-07 09:49 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-07 00:21 - 2012-06-07 00:21 - 00000378 ____A C:\Windows\SysWOW64\mprdin.ocx
    2012-06-07 00:20 - 2012-06-07 00:20 - 01775104 ____A C:\Windows\SysWOW64\mprdin.dll
    2012-06-06 22:14 - 2012-06-12 02:29 - 00000000 ____D C:\Users\Dave\AppData\Roaming\SystemRequirementsLab
    2012-06-05 20:06 - 2012-06-05 20:06 - 07401371 ____A C:\Users\Dave\Desktop\P1040780.jpg
    2012-06-05 10:43 - 2012-06-05 10:43 - 09568689 ____A C:\Users\Dave\Desktop\P1040774.jpg
    2012-06-04 20:08 - 2012-06-04 20:08 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-06-04 20:08 - 2012-06-04 20:08 - 00000000 ____D C:\Program Files\iTunes
    2012-06-04 20:08 - 2012-06-04 20:08 - 00000000 ____D C:\Program Files\iPod
    2012-06-04 20:08 - 2012-06-04 20:08 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-06-04 20:05 - 2012-06-04 20:05 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2012-06-04 20:05 - 2012-06-04 20:05 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2012-06-04 19:37 - 2012-06-12 02:24 - 00000000 ____D C:\Users\Dave\AppData\Local\Geckofx
    2012-06-04 19:37 - 2012-06-04 19:37 - 00002206 ____A C:\Users\Public\Desktop\Videora iPod Converter.lnk
    2012-06-04 19:37 - 2012-06-04 19:37 - 00000000 ____D C:\Program Files (x86)\Red Kawa
    2012-06-04 19:37 - 2012-06-04 19:37 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
    2012-06-04 15:56 - 2012-06-04 15:58 - 00171249 ____A C:\Users\Dave\Desktop\photo1.jpg
    2012-06-04 00:28 - 2012-06-04 00:28 - 00067310 ____A C:\Users\Dave\Desktop\photo.jpg
    2012-06-03 10:59 - 2012-06-03 10:59 - 11093576 ____A C:\Users\Dave\Desktop\P6030030.jpg
    2012-05-30 21:10 - 2012-05-30 21:10 - 04014974 ____A C:\Users\Dave\Desktop\P520000.jpg
    2012-05-30 21:07 - 2012-05-30 21:26 - 10995748 ____A C:\Users\Dave\Desktop\P5200004.jpg
    2012-05-30 21:07 - 2012-05-30 21:07 - 11130622 ____A C:\Users\Dave\Desktop\P5200003.jpg
    2012-05-30 21:01 - 2012-05-30 21:01 - 08851959 ____A C:\Users\Dave\Desktop\P5200001.jpg
    2012-05-27 09:19 - 2012-05-27 09:19 - 00000000 ____D C:\Users\Dave\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2012-05-27 09:19 - 2012-05-27 09:19 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Adobe Mini Bridge CS5.1
    2012-05-27 07:45 - 2012-05-27 07:46 - 00000000 ____D C:\Program Files (x86)\Portrait Professional Studio
    2012-05-26 12:49 - 2012-06-12 02:29 - 00000000 ____D C:\Users\Dave\AppData\Roaming\WindSolutions
    2012-05-26 12:49 - 2012-06-04 20:06 - 00001360 ____A C:\Users\Dave\Desktop\CopyTrans Control Center.lnk
    2012-05-26 12:49 - 2012-05-26 12:54 - 00000000 ____D C:\Users\All Users\WindSolutions
    2012-05-21 20:41 - 2012-05-21 20:42 - 00000000 ____D C:\Users\Jenny\AppData\Local\Intuit
    2012-05-21 00:15 - 2012-05-21 00:15 - 06450129 ____A C:\Users\Dave\Desktop\dans.jpg
    2012-05-17 18:51 - 2012-05-17 18:51 - 00000000 ____D C:\Program Files\Common Files\Intuit
    2012-05-17 13:41 - 2012-06-12 02:29 - 00000000 ____D C:\Users\Dave\AppData\Local\Intuit
    2012-05-17 13:36 - 2012-05-17 13:36 - 00002113 ____A C:\Users\Public\Desktop\QuickBooks Pro Plus 2011.lnk
    2012-05-17 13:36 - 2012-05-17 13:36 - 00001368 ____A C:\Users\Public\Desktop\Process Credit Cards & eChecks in QuickBooks.lnk
    2012-05-17 13:36 - 2012-05-17 13:36 - 00001326 ____A C:\Users\Public\Desktop\Checks & More for QuickBooks.lnk
    2012-05-17 13:36 - 2012-05-17 13:36 - 00001274 ____A C:\Users\Public\Desktop\Payroll for QuickBooks.lnk
    2012-05-17 13:36 - 2012-05-17 13:36 - 00001220 ____A C:\Users\Public\Desktop\Support for QuickBooks.lnk
    2012-05-17 13:36 - 2012-05-17 13:36 - 00001180 ____A C:\Users\Public\Desktop\Get More Customers with Intuit.lnk
    2012-05-17 13:33 - 2012-05-17 19:08 - 00000000 ____D C:\Users\All Users\SQL Anywhere 11
    2012-05-17 13:33 - 2012-05-17 18:47 - 00000000 ____D C:\Users\All Users\Intuit
    2012-05-17 13:33 - 2012-05-17 13:36 - 00000095 ____A C:\Windows\QBChanUtil_Trigger.ini
    2012-05-17 13:33 - 2012-05-17 13:33 - 00000000 ____D C:\Users\Public\Documents\Intuit
    2012-05-17 13:33 - 2012-05-17 13:33 - 00000000 ____D C:\Users\All Users\Nuance
    2012-05-17 13:33 - 2012-05-17 13:33 - 00000000 ____D C:\Program Files (x86)\Intuit
    2012-05-17 13:28 - 2012-05-17 13:28 - 00000000 ____D C:\Windows\Intuit
    2012-05-17 13:25 - 2010-11-18 22:09 - 00000759 ____A C:\Users\Dave\Desktop\FILE_ID.DIZ
    2012-05-15 19:54 - 2012-05-15 19:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2012-05-15 19:54 - 2012-05-15 19:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-05-13 23:31 - 2012-05-13 23:31 - 00275231 ____A C:\Users\Dave\Documents\posing_guide_for_children.pdf
    2012-05-13 21:25 - 2012-05-13 21:25 - 00001211 ____A C:\Users\Dave\Desktop\Awesome Duplicate Photo Finder.lnk
    2012-05-13 21:24 - 2012-05-13 21:24 - 00048191 ____A C:\Users\Dave\Desktop\63059_496808795960_713800960_7261011_7790920_n.jpg
    2012-05-13 20:58 - 2012-05-13 21:31 - 06621199 ____A C:\Users\Dave\Desktop\dan.jpg
    2012-05-12 14:39 - 2012-03-31 07:05 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-12 14:39 - 2012-03-31 05:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-12 14:39 - 2012-03-31 05:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-12 14:39 - 2012-03-31 04:10 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-12 14:39 - 2012-03-03 07:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
    2012-05-12 14:39 - 2012-03-03 06:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2012-05-12 14:37 - 2012-03-17 08:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
    2012-05-12 14:36 - 2012-03-30 12:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

    ============ 3 Months Modified Files and Folders =============
    2012-06-12 02:29 - 2012-06-10 17:11 - 00000000 ___SD C:\32788R22FWJFW
    2012-06-12 02:29 - 2012-06-06 22:14 - 00000000 ____D C:\Users\Dave\AppData\Roaming\SystemRequirementsLab
    2012-06-12 02:29 - 2012-05-26 12:49 - 00000000 ____D C:\Users\Dave\AppData\Roaming\WindSolutions
    2012-06-12 02:29 - 2012-05-17 13:41 - 00000000 ____D C:\Users\Dave\AppData\Local\Intuit
    2012-06-12 02:29 - 2012-04-22 23:36 - 00000000 ___RD C:\Users\Dave\Dropbox
    2012-06-12 02:29 - 2012-04-19 20:59 - 00000000 ____D C:\Users\Dave\Documents\Kelby Training - Ten Essential Studio Techniques Every Photographer Needs to Know
    2012-06-12 02:29 - 2012-04-03 16:56 - 00000000 ___HD C:\Users\Dave\Documents\.picasaoriginals
    2012-06-12 02:29 - 2012-03-05 00:28 - 00000000 ____D C:\Users\Dave\AppData\Local\eSupport.com
    2012-06-12 02:29 - 2012-02-29 02:18 - 00000000 ____D C:\Users\Dave\.android
    2012-06-12 02:29 - 2011-12-19 00:59 - 00000000 ____D C:\Users\Dave\Desktop\DVBT Vista 32&64bit
    2012-06-12 02:29 - 2011-12-19 00:59 - 00000000 ____D C:\Users\Dave\Desktop\00010626
    2012-06-12 02:29 - 2011-11-20 22:07 - 00000000 ____D C:\Users\Dave\AppData\Local\Criterion Games
    2012-06-12 02:29 - 2011-11-16 23:00 - 00000000 ____D C:\Users\Dave\Desktop\mw 3
    2012-06-12 02:29 - 2011-11-13 19:08 - 00000000 ____D C:\Users\Dave\AppData\Local\Nero_AG
    2012-06-12 02:29 - 2011-11-09 22:15 - 00000000 ____D C:\users\Jenny
    2012-06-12 02:29 - 2011-11-07 10:52 - 00000000 ____D C:\Users\Dave\AppData\Roaming\BitTorrent
    2012-06-12 02:29 - 2011-11-05 00:26 - 00000000 ____D C:\Users\Dave\AppData\Local\Apps\2.0
    2012-06-12 02:28 - 2012-06-09 14:53 - 00000000 ____D C:\Windows Loader
    2012-06-12 02:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
    2012-06-12 02:27 - 2012-06-08 01:04 - 00000000 ____D C:\Users\Dave\Documents\GameFly
    2012-06-12 02:27 - 2012-04-22 23:34 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Dropbox
    2012-06-12 02:27 - 2012-04-06 15:28 - 00000000 ____D C:\Users\Dave\AppData\Roaming\TomTom
    2012-06-12 02:27 - 2012-04-06 15:28 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Mozilla
    2012-06-12 02:27 - 2012-04-06 15:28 - 00000000 ____D C:\Users\Dave\AppData\Local\TomTom
    2012-06-12 02:27 - 2012-01-12 02:23 - 00000000 ____D C:\Users\Dave\Desktop\Adobe
    2012-06-12 02:27 - 2011-12-10 02:30 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Virgin Media
    2012-06-12 02:27 - 2011-11-13 19:08 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Nero
    2012-06-12 02:27 - 2011-11-07 18:05 - 00000000 ____D C:\Users\Dave\AppData\Roaming\OpenOffice.org
    2012-06-12 02:27 - 2011-11-06 00:49 - 00000000 ____D C:\Users\Dave\Documents\My Games
    2012-06-12 02:27 - 2011-11-05 00:02 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Macromedia
    2012-06-12 02:27 - 2011-11-05 00:01 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Adobe
    2012-06-12 02:27 - 2011-11-04 22:19 - 00000000 ____D C:\Users\Dave\AppData\LocalLow
    2012-06-12 02:26 - 2012-06-08 00:39 - 00000000 ____D C:\Users\Dave\AppData\Local\Mozilla
    2012-06-12 02:26 - 2012-03-02 19:35 - 00000000 ____D C:\Users\Dave\AppData\Local\Roblox
    2012-06-12 02:26 - 2011-11-06 01:03 - 00000000 ____D C:\Users\Dave\AppData\Local\PunkBuster
    2012-06-12 02:25 - 2012-02-18 21:13 - 00000000 ____D C:\Users\Dave\AppData\Local\id Software
    2012-06-12 02:24 - 2012-06-04 19:37 - 00000000 ____D C:\Users\Dave\AppData\Local\Geckofx
    2012-06-12 02:24 - 2011-11-05 00:27 - 00000000 ____D C:\Users\Dave\AppData\Local\Google
    2012-06-11 18:01 - 2012-06-11 17:34 - 00000000 ____D C:\FRST
    2012-06-11 18:00 - 2012-06-11 17:59 - 00245230 ____A C:\Windows\ntbtlog.txt
    2012-06-11 17:58 - 2011-11-15 21:50 - 00000282 ____A C:\Windows\Tasks\RtlLanOptimizerVistaStart.job
    2012-06-11 17:56 - 2011-11-04 23:41 - 00000000 ____D C:\Users\All Users\NVIDIA
    2012-06-11 17:56 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-11 17:56 - 2009-07-14 05:51 - 00066641 ____A C:\Windows\setupact.log
    2012-06-11 17:40 - 2012-06-11 17:40 - 00000000 ____D C:\Users\Dave\New folder
    2012-06-11 17:40 - 2011-11-04 22:19 - 00000000 ____D C:\users\Dave
    2012-06-11 17:39 - 2009-07-14 05:45 - 00017296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-11 17:39 - 2009-07-14 05:45 - 00017296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-11 17:38 - 2011-11-05 05:16 - 01728748 ____A C:\Windows\WindowsUpdate.log
    2012-06-11 17:34 - 2012-02-21 18:26 - 00000000 ____D C:\users\UpdatusUser
    2012-06-11 17:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\config\TxR
    2012-06-10 21:33 - 2012-06-10 21:45 - 00000186 ____A C:\Users\Dave\Desktop\Licence key.txt
    2012-06-10 06:41 - 2011-12-10 02:29 - 00000000 ____D C:\Users\All Users\Radialpoint
    2012-06-09 14:42 - 2012-06-09 14:41 - 00136808 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_14.41.47_log.txt
    2012-06-09 14:40 - 2012-06-09 14:38 - 00243538 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_14.38.25_log.txt
    2012-06-09 14:39 - 2012-06-09 14:39 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-06-09 03:14 - 2011-11-05 00:18 - 00000000 ____D C:\Users\All Users\Origin
    2012-06-08 18:16 - 2012-01-12 19:53 - 00000000 ____D C:\Program Files (x86)\Steam
    2012-06-08 18:16 - 2011-11-04 23:38 - 00025640 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
    2012-06-08 18:02 - 2012-01-12 18:54 - 00000000 __SHD C:\Users\Dave\AppData\Local\{d94b65d8-1389-32bb-aef9-51ffcf99ae71}
    2012-06-08 17:48 - 2011-11-05 00:27 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3025507441-877397348-3401498447-1000UA.job
    2012-06-08 17:39 - 2012-06-08 17:39 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-08 17:39 - 2012-06-08 17:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-08 17:39 - 2011-11-05 00:58 - 00743538 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-08 17:39 - 2011-11-05 00:58 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-06-08 17:12 - 2011-11-06 15:45 - 00001736 ____A C:\Users\Dave\Desktop\PeerBlock.lnk
    2012-06-08 17:12 - 2011-11-06 15:45 - 00000000 ____D C:\Program Files\PeerBlock
    2012-06-08 17:04 - 2012-03-30 15:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-06-08 16:53 - 2012-06-08 01:04 - 00000000 ____D C:\Program Files (x86)\GameFly
    2012-06-08 16:53 - 2009-07-14 06:13 - 00729944 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-08 01:46 - 2012-03-10 16:08 - 00000000 ____D C:\Users\All Users\EA Logs
    2012-06-08 01:04 - 2012-06-08 01:04 - 00001106 ____A C:\Program Files (x86)\InstLog.txt
    2012-06-08 01:04 - 2012-06-08 01:04 - 00000000 ____D C:\Users\Dave\AppData\Roaming\GameFly
    2012-06-08 00:48 - 2011-11-05 00:27 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3025507441-877397348-3401498447-1000Core.job
    2012-06-08 00:38 - 2012-06-08 00:38 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-06-08 00:38 - 2012-06-08 00:38 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-06-08 00:38 - 2012-06-08 00:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-06-08 00:38 - 2012-06-08 00:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-06-07 21:23 - 2012-03-05 00:02 - 00000406 _RASH C:\Users\All Users\ntuser.pol
    2012-06-07 15:41 - 2012-06-07 15:41 - 00000000 ____D C:\Users\Dave\Documents\Rockstar Games
    2012-06-07 15:41 - 2012-06-07 15:41 - 00000000 ____D C:\Users\Dave\AppData\Local\Chromium
    2012-06-07 15:37 - 2012-06-07 14:50 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
    2012-06-07 15:36 - 2011-11-05 22:45 - 00168547 ____A C:\Windows\DirectX.log
    2012-06-07 14:50 - 2012-06-07 14:50 - 00000000 ____D C:\Users\All Users\Rockstar Games
    2012-06-07 14:50 - 2011-11-04 22:38 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-06-07 12:28 - 2011-11-15 00:12 - 00000000 ____D C:\Program Files (x86)\Smart File Advisor
    2012-06-07 09:49 - 2012-06-07 09:49 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-07 06:56 - 2011-11-05 00:18 - 00000000 ____D C:\Program Files (x86)\Origin
    2012-06-07 00:21 - 2012-06-07 00:21 - 00000378 ____A C:\Windows\SysWOW64\mprdin.ocx
    2012-06-07 00:20 - 2012-06-07 00:20 - 01775104 ____A C:\Windows\SysWOW64\mprdin.dll
    2012-06-06 22:14 - 2012-03-03 15:54 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
    2012-06-05 22:56 - 2012-04-22 23:36 - 00001013 ____A C:\Users\Dave\Desktop\Dropbox.lnk
    2012-06-05 20:06 - 2012-06-05 20:06 - 07401371 ____A C:\Users\Dave\Desktop\P1040780.jpg
    2012-06-05 15:29 - 2012-06-07 20:56 - 733769728 ____A C:\Users\Dave\Desktop\RESCUERS 2.avi
    2012-06-05 10:53 - 2012-05-02 07:30 - 00000000 ____D C:\Users\All Users\Sony Ericsson
    2012-06-05 10:53 - 2012-05-02 07:08 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
    2012-06-05 10:43 - 2012-06-05 10:43 - 09568689 ____A C:\Users\Dave\Desktop\P1040774.jpg
    2012-06-05 10:35 - 2011-11-05 00:42 - 00020796 ____A C:\Windows\PFRO.log
    2012-06-04 20:09 - 2012-01-22 00:21 - 00002491 ____A C:\Users\Public\Desktop\Safari.lnk
    2012-06-04 20:09 - 2012-01-22 00:21 - 00000000 ____D C:\Program Files (x86)\Safari
    2012-06-04 20:08 - 2012-06-04 20:08 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-06-04 20:08 - 2012-06-04 20:08 - 00000000 ____D C:\Program Files\iTunes
    2012-06-04 20:08 - 2012-06-04 20:08 - 00000000 ____D C:\Program Files\iPod
    2012-06-04 20:08 - 2012-06-04 20:08 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-06-04 20:06 - 2012-05-26 12:49 - 00001360 ____A C:\Users\Dave\Desktop\CopyTrans Control Center.lnk
    2012-06-04 20:05 - 2012-06-04 20:05 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2012-06-04 20:05 - 2012-06-04 20:05 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2012-06-04 19:37 - 2012-06-04 19:37 - 00002206 ____A C:\Users\Public\Desktop\Videora iPod Converter.lnk
    2012-06-04 19:37 - 2012-06-04 19:37 - 00000000 ____D C:\Program Files (x86)\Red Kawa
    2012-06-04 19:37 - 2012-06-04 19:37 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
    2012-06-04 15:58 - 2012-06-04 15:56 - 00171249 ____A C:\Users\Dave\Desktop\photo1.jpg
    2012-06-04 00:28 - 2012-06-04 00:28 - 00067310 ____A C:\Users\Dave\Desktop\photo.jpg
    2012-06-03 10:59 - 2012-06-03 10:59 - 11093576 ____A C:\Users\Dave\Desktop\P6030030.jpg
    2012-05-30 21:26 - 2012-05-30 21:07 - 10995748 ____A C:\Users\Dave\Desktop\P5200004.jpg
    2012-05-30 21:10 - 2012-05-30 21:10 - 04014974 ____A C:\Users\Dave\Desktop\P520000.jpg
    2012-05-30 21:07 - 2012-05-30 21:07 - 11130622 ____A C:\Users\Dave\Desktop\P5200003.jpg
    2012-05-30 21:01 - 2012-05-30 21:01 - 08851959 ____A C:\Users\Dave\Desktop\P5200001.jpg
    2012-05-30 20:54 - 2012-05-02 07:26 - 00193964 ____A C:\Windows\DPINST.LOG
    2012-05-30 20:53 - 2012-05-02 07:25 - 00002026 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
    2012-05-27 09:19 - 2012-05-27 09:19 - 00000000 ____D C:\Users\Dave\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2012-05-27 09:19 - 2012-05-27 09:19 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Adobe Mini Bridge CS5.1
    2012-05-27 08:07 - 2012-04-21 18:19 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Imagenomic
    2012-05-27 07:56 - 2012-04-21 18:06 - 00000000 ____D C:\Program Files (x86)\Imagenomic
    2012-05-27 07:46 - 2012-05-27 07:45 - 00000000 ____D C:\Program Files (x86)\Portrait Professional Studio
    2012-05-26 12:54 - 2012-05-26 12:49 - 00000000 ____D C:\Users\All Users\WindSolutions
    2012-05-24 22:49 - 2011-11-05 00:27 - 00002391 ____A C:\Users\Dave\Desktop\Google Chrome.lnk
    2012-05-21 20:42 - 2012-05-21 20:41 - 00000000 ____D C:\Users\Jenny\AppData\Local\Intuit
    2012-05-21 20:41 - 2011-11-09 22:15 - 00120304 ____A C:\Users\Jenny\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-05-21 00:15 - 2012-05-21 00:15 - 06450129 ____A C:\Users\Dave\Desktop\dans.jpg
    2012-05-17 19:08 - 2012-05-17 13:33 - 00000000 ____D C:\Users\All Users\SQL Anywhere 11
    2012-05-17 18:51 - 2012-05-17 18:51 - 00000000 ____D C:\Program Files\Common Files\Intuit
    2012-05-17 18:47 - 2012-05-17 13:33 - 00000000 ____D C:\Users\All Users\Intuit
    2012-05-17 18:47 - 2009-07-14 05:45 - 05006624 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-05-17 13:38 - 2011-11-04 23:43 - 00120304 ____A C:\Users\Dave\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-05-17 13:36 - 2012-05-17 13:36 - 00002113 ____A C:\Users\Public\Desktop\QuickBooks Pro Plus 2011.lnk
    2012-05-17 13:36 - 2012-05-17 13:36 - 00001368 ____A C:\Users\Public\Desktop\Process Credit Cards & eChecks in QuickBooks.lnk
    2012-05-17 13:36 - 2012-05-17 13:36 - 00001326 ____A C:\Users\Public\Desktop\Checks & More for QuickBooks.lnk
    2012-05-17 13:36 - 2012-05-17 13:36 - 00001274 ____A C:\Users\Public\Desktop\Payroll for QuickBooks.lnk
    2012-05-17 13:36 - 2012-05-17 13:36 - 00001220 ____A C:\Users\Public\Desktop\Support for QuickBooks.lnk
    2012-05-17 13:36 - 2012-05-17 13:36 - 00001180 ____A C:\Users\Public\Desktop\Get More Customers with Intuit.lnk
    2012-05-17 13:36 - 2012-05-17 13:33 - 00000095 ____A C:\Windows\QBChanUtil_Trigger.ini
    2012-05-17 13:33 - 2012-05-17 13:33 - 00000000 ____D C:\Users\Public\Documents\Intuit
    2012-05-17 13:33 - 2012-05-17 13:33 - 00000000 ____D C:\Users\All Users\Nuance
    2012-05-17 13:33 - 2012-05-17 13:33 - 00000000 ____D C:\Program Files (x86)\Intuit
    2012-05-17 13:28 - 2012-05-17 13:28 - 00000000 ____D C:\Windows\Intuit
    2012-05-15 19:54 - 2012-05-15 19:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2012-05-15 19:54 - 2012-05-15 19:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-05-13 23:31 - 2012-05-13 23:31 - 00275231 ____A C:\Users\Dave\Documents\posing_guide_for_children.pdf
    2012-05-13 21:31 - 2012-05-13 20:58 - 06621199 ____A C:\Users\Dave\Desktop\dan.jpg
    2012-05-13 21:25 - 2012-05-13 21:25 - 00001211 ____A C:\Users\Dave\Desktop\Awesome Duplicate Photo Finder.lnk
    2012-05-13 21:25 - 2012-04-21 11:30 - 00000000 ____D C:\Program Files (x86)\Awesome Duplicate Photo Finder
    2012-05-13 21:24 - 2012-05-13 21:24 - 00048191 ____A C:\Users\Dave\Desktop\63059_496808795960_713800960_7261011_7790920_n.jpg
    2012-05-12 15:23 - 2011-11-07 19:11 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-05-12 15:23 - 2011-11-05 00:26 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-05-12 15:16 - 2009-07-14 08:46 - 00000000 ____D C:\Program Files\Windows Journal
    2012-05-07 12:55 - 2011-11-15 18:45 - 00000000 ____D C:\Users\Dave\AppData\Local\ElevatedDiagnostics
    2012-05-07 12:25 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\Downloaded Program Files
    2012-05-06 20:01 - 2012-01-12 02:25 - 00000000 ____D C:\Program Files\Adobe
    2012-05-06 20:01 - 2011-11-07 10:44 - 00000000 ____D C:\Program Files (x86)\Adobe
    2012-05-06 19:59 - 2012-01-12 02:33 - 00000000 ____D C:\Users\Dave\Desktop\Untitled Export
    2012-05-06 18:04 - 2012-03-30 16:04 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-05-06 18:04 - 2012-03-30 15:55 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-05-06 18:04 - 2011-11-04 23:49 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-05-04 15:08 - 2009-07-14 06:08 - 00032616 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-05-02 22:16 - 2012-05-02 22:16 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
    2012-05-02 07:35 - 2012-05-02 07:32 - 00000000 ____D C:\Flashtool
    2012-05-02 07:25 - 2012-05-02 07:25 - 00000000 ____D C:\Users\All Users\Sony
    2012-05-02 07:25 - 2012-05-02 07:25 - 00000000 ____D C:\Program Files (x86)\Sony
    2012-05-02 07:12 - 2012-05-02 07:12 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggsemc_01007.Wdf
    2012-05-02 07:12 - 2012-05-02 07:12 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggflt_01007.Wdf
    2012-05-02 07:09 - 2012-05-02 07:09 - 00027176 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggsemc.sys
    2012-05-02 07:09 - 2012-05-02 07:09 - 00013352 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggflt.sys
    2012-05-02 07:09 - 2012-05-02 07:09 - 00001245 ____A C:\Users\Dave\Desktop\Update Service.lnk
    2012-05-01 23:55 - 2012-04-23 01:27 - 00000000 ____D C:\Users\Dave\Tracing
    2012-05-01 18:50 - 2012-04-23 00:23 - 00000000 ____D C:\Users\Dave\AppData\Local\Windows Live
    2012-05-01 18:49 - 2012-05-01 18:49 - 00000000 ____D C:\Users\Dave\AppData\Local\{FBF0847A-B5C6-4C53-8595-552F16F17700}
    2012-05-01 18:49 - 2012-05-01 18:49 - 00000000 ____D C:\Users\Dave\AppData\Local\{9FAD5520-2527-4EA1-820C-75D6E365E89B}
    2012-04-30 20:43 - 2012-04-30 20:43 - 00000000 ____D C:\Users\Dave\AppData\Local\{40CC0615-C74B-4175-A6A9-FC149FBB8177}
    2012-04-30 20:43 - 2012-04-30 20:43 - 00000000 ____D C:\Users\Dave\AppData\Local\{3D86780D-94F7-48E5-8248-9ECC633B1776}
    2012-04-28 19:55 - 2012-04-28 19:55 - 00000000 ____D C:\Users\Dave\AppData\Local\{F202833E-CB1D-4B4E-904E-F661FEE2545F}
    2012-04-28 19:55 - 2012-04-28 19:54 - 00000000 ____D C:\Users\Dave\AppData\Local\{1FC823FB-C70E-4182-AB09-50DBBDB11B75}
    2012-04-25 20:46 - 2012-04-23 22:16 - 00000000 ____D C:\Users\Dave\Documents\2012-04-23
    2012-04-25 20:37 - 2012-04-25 20:37 - 00000000 ____D C:\Users\Dave\AppData\Local\{AC62039C-71CB-41EB-8226-5CD377446109}
    2012-04-25 20:37 - 2012-04-25 20:37 - 00000000 ____D C:\Users\Dave\AppData\Local\{98D8ADF2-73F6-4809-888A-348E3BDA6625}
    2012-04-25 20:37 - 2012-04-25 20:37 - 00000000 ____D C:\Users\Dave\AppData\Local\{7683E989-190D-4BD2-8942-D906AE7B0C59}
    2012-04-23 21:11 - 2012-04-23 21:11 - 00000000 ____D C:\Users\Dave\AppData\Local\{4DD858DE-B5D0-4BE1-93F3-3B77D840C7C1}
    2012-04-23 21:11 - 2012-04-23 21:11 - 00000000 ____D C:\Users\Dave\AppData\Local\{26F5A7D6-BC11-408F-931B-AB2AB5934776}
    2012-04-23 02:02 - 2011-11-13 19:03 - 00000000 ____D C:\Program Files (x86)\Nero
    2012-04-23 02:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Cursors
    2012-04-23 02:02 - 2009-07-14 03:34 - 00001633 ____A C:\Windows\System32\Drivers\etc\hosts
    2012-04-23 02:01 - 2012-04-23 02:01 - 00002797 ____A C:\Users\Public\Desktop\Nero Video 11.lnk
    2012-04-23 02:00 - 2012-04-23 02:00 - 00002109 ____A C:\Users\Public\Desktop\Nero Kwik Media.lnk
    2012-04-23 01:59 - 2012-04-22 23:02 - 00000000 ____D C:\Users\All Users\Nero
    2012-04-23 01:41 - 2012-04-23 01:34 - 00002283 ____A C:\Users\Dave\Documents\My Movie.wlmp
    2012-04-23 01:35 - 2012-04-23 01:34 - 00002281 ____A C:\Users\Dave\Documents\My Movie slowed down.wlmp
    2012-04-23 01:32 - 2012-04-23 01:31 - 00000000 ____D C:\Users\Dave\AppData\Local\{E093AC04-2A02-442A-91CF-A26642ED3273}
    2012-04-23 01:31 - 2012-04-23 01:31 - 00000000 ____D C:\Users\Dave\AppData\Local\{AF257C83-7C42-4B9E-9B41-E25DF521FA4B}
    2012-04-23 01:27 - 2012-04-23 01:27 - 00000000 ____D C:\Users\Dave\AppData\Local\{14F47A5C-0E1B-4949-BDFD-BF0B1BBF7148}
    2012-04-23 00:58 - 2012-04-23 00:31 - 00000000 ____D C:\Program Files (x86)\Windows Live
    2012-04-23 00:56 - 2012-04-23 00:56 - 00000000 ____D C:\Windows\en
    2012-04-23 00:45 - 2011-11-07 19:14 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2012-04-23 00:31 - 2012-04-23 00:29 - 00000000 ____D C:\Program Files\Windows Live
    2012-04-23 00:30 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2012-04-22 23:22 - 2012-04-22 23:20 - 202523813 ____A C:\Users\Dave\Desktop\edit2.mp4
    2012-04-22 23:18 - 2012-04-22 23:18 - 00000000 ____D C:\Users\Dave\AppData\Roaming\NeroDigital
    2012-04-22 23:17 - 2012-04-22 23:02 - 00000000 ____D C:\Users\Dave\AppData\Local\Nero
    2012-04-22 23:02 - 2012-04-22 23:02 - 00000000 ____D C:\Users\Dave\Documents\NeroVideo
    2012-04-22 22:57 - 2012-04-22 22:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
    2012-04-22 22:49 - 2012-04-22 22:59 - 185015964 ____A C:\Users\Dave\Desktop\edit2.mpg
    2012-04-21 13:19 - 2012-04-21 13:19 - 00000000 ____D C:\Program Files (x86)\VisiPics
    2012-04-21 13:15 - 2012-02-21 18:26 - 00000000 ____D C:\Windows\SysWOW64\NV
    2012-04-21 13:15 - 2012-02-21 18:26 - 00000000 ____D C:\Windows\System32\NV
    2012-04-21 11:29 - 2012-04-21 11:27 - 00000000 ____D C:\Users\Dave\Documents\Strobist Lighting Seminar DVD Box Set
    2012-04-21 11:27 - 2012-04-21 11:27 - 00000000 ____D C:\Users\Dave\Documents\Understanding_the_Canon_Speedlight_
    2012-04-21 10:53 - 2012-04-21 10:53 - 08514240 ____A C:\Users\Dave\Desktop\Attachments_2012_04_21.zip
    2012-04-21 10:00 - 2012-04-21 10:00 - 02034202 ____A C:\Users\Dave\Desktop\1.jpg
    2012-04-19 20:59 - 2012-04-19 20:58 - 00000000 ____D C:\Users\Dave\Documents\KelbyTraining.com - Photographing with One Light (Joe McNally)
    2012-04-19 00:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF
    2012-04-18 20:56 - 2012-04-18 20:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
    2012-04-18 20:56 - 2012-04-18 20:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
    2012-04-17 22:34 - 2011-11-07 10:44 - 00000000 ____D C:\Users\All Users\Adobe
    2012-04-17 18:20 - 2012-03-17 00:39 - 00002026 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
    2012-04-17 15:54 - 2012-04-17 15:54 - 00000000 ____D C:\Users\Jenny\AppData\Local\Adobe
    2012-04-17 15:54 - 2011-11-09 22:31 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\Adobe
    2012-04-16 06:57 - 2012-04-16 06:57 - 00000000 ____D C:\Users\All Users\boost_interprocess
    2012-04-06 15:53 - 2012-04-06 15:53 - 00000000 ____D C:\Users\Dave\AppData\Local\Ilivid Player
    2012-04-06 15:28 - 2012-04-06 15:28 - 00000000 ____D C:\Users\Dave\Documents\TomTom
    2012-04-06 15:28 - 2012-04-06 15:28 - 00000000 ____D C:\Program Files (x86)\TomTom International B.V
    2012-04-06 15:27 - 2012-04-06 15:27 - 00000000 ____D C:\Program Files (x86)\TomTom HOME 2
    2012-04-05 08:13 - 2012-04-05 07:59 - 00000000 ____D C:\Users\Dave\Documents\2012-04-05
    2012-04-05 08:03 - 2011-11-07 10:44 - 00000000 ____D C:\Users\Dave\AppData\Local\Adobe
    2012-04-03 23:11 - 2012-04-03 23:11 - 05890949 ____A C:\Users\Dave\Documents\EOS-1DMarkIII_HG_EN.pdf
    2012-04-03 17:04 - 2012-04-03 16:56 - 00234065 ____A C:\Users\Dave\Documents\DSC_0105.jpg
    2012-04-03 16:56 - 2012-04-03 16:56 - 00000034 ___AH C:\Users\Dave\Documents\.picasa.ini
    2012-04-02 00:29 - 2012-04-01 23:24 - 00057193 ____A C:\Users\Dave\Desktop\Jay Collier1273458.snp
    2012-04-02 00:29 - 2012-04-01 23:24 - 00015498 ____A C:\Users\Dave\Desktop\J273457.snp
    2012-04-01 23:25 - 2012-04-01 23:25 - 00000000 ____D C:\Program Files (x86)\Snapshot Viewer
    2012-03-31 11:19 - 2012-03-31 11:19 - 00001106 ____A C:\Users\Public\Desktop\Picasa 3.lnk
    2012-03-31 11:19 - 2012-03-31 11:18 - 00000000 ____D C:\Program Files (x86)\Google
    2012-03-31 10:46 - 2012-03-31 10:46 - 00000000 ____D C:\Program Files (x86)\Canon
    2012-03-31 10:45 - 2012-03-31 10:45 - 00000000 ____D C:\Program Files\Nikon
    2012-03-31 10:45 - 2012-03-31 10:45 - 00000000 ____D C:\Program Files\Common Files\Nikon
    2012-03-31 10:45 - 2012-03-31 10:45 - 00000000 ____D C:\Program Files (x86)\Nikon
    2012-03-31 07:05 - 2012-05-12 14:39 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-03-31 05:39 - 2012-05-12 14:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-03-31 05:39 - 2012-05-12 14:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-03-31 04:10 - 2012-05-12 14:39 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-03-30 12:35 - 2012-05-12 14:36 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-03-24 16:16 - 2012-03-24 16:16 - 04723513 ____A C:\Users\Dave\Desktop\AJOL9777.jpg
    2012-03-22 20:12 - 2012-03-22 20:12 - 04435968 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
    2012-03-20 20:44 - 2012-03-20 20:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
    2012-03-20 20:44 - 2012-03-20 20:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
    2012-03-19 23:58 - 2012-03-19 23:58 - 00018660 ____A C:\Windows\System32\iglhxs64.vp
    2012-03-19 23:44 - 2012-03-19 23:44 - 05888792 ____A (Intel Corporation) C:\Windows\System32\GfxUI.exe
    2012-03-19 23:44 - 2012-03-19 23:44 - 00509720 ____A (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    2012-03-19 23:44 - 2012-03-19 23:44 - 00439064 ____A (Intel Corporation) C:\Windows\System32\igfxpers.exe
    2012-03-19 23:44 - 2012-03-19 23:44 - 00398616 ____A (Intel Corporation) C:\Windows\System32\hkcmd.exe
    2012-03-19 23:44 - 2012-03-19 23:44 - 00276248 ____A (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
    2012-03-19 23:44 - 2012-03-19 23:44 - 00250136 ____A (Intel Corporation) C:\Windows\System32\igfxext.exe
    2012-03-19 23:44 - 2012-03-19 23:44 - 00184600 ____A (Intel Corporation) C:\Windows\System32\difx64.exe
    2012-03-19 23:44 - 2012-03-19 23:44 - 00170264 ____A (Intel Corporation) C:\Windows\System32\igfxtray.exe
    2012-03-19 23:42 - 2012-03-19 23:42 - 00090112 ____A (Intel Corporation) C:\Windows\System32\igfxCoIn_v2696.dll
    2012-03-19 23:32 - 2012-03-19 23:32 - 14745600 ____A (Intel Corporation) C:\Windows\System32\Drivers\igdkmd64.sys
    2012-03-19 23:31 - 2012-03-19 23:31 - 08087040 ____A (Intel Corporation) C:\Windows\System32\igdumd64.dll
    2012-03-19 23:31 - 2012-03-19 23:31 - 00079360 ____A C:\Windows\System32\igdde64.dll
    2012-03-19 23:26 - 2012-03-19 23:26 - 06120960 ____A (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
    2012-03-19 23:25 - 2012-03-19 23:25 - 00058880 ____A C:\Windows\SysWOW64\igdde32.dll
    2012-03-19 23:22 - 2012-03-19 23:22 - 09605632 ____A (Intel Corporation) C:\Windows\System32\igd10umd64.dll
    2012-03-19 23:11 - 2012-03-19 23:11 - 07795200 ____A (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
    2012-03-19 22:31 - 2012-03-19 22:31 - 18137088 ____A C:\Windows\System32\ig4icd64.dll
    2012-03-19 22:21 - 2012-03-19 22:21 - 13212672 ____A C:\Windows\SysWOW64\ig4icd32.dll
    2012-03-19 22:19 - 2012-03-19 22:19 - 00221877 ____A C:\Windows\System32\Gfxres.th-TH.resources
    2012-03-19 22:19 - 2012-03-19 22:19 - 00144790 ____A C:\Windows\System32\Gfxres.ro-RO.resources
    2012-03-19 22:19 - 2012-03-19 22:19 - 00143564 ____A C:\Windows\System32\Gfxres.tr-TR.resources
    2012-03-19 22:19 - 2012-03-19 22:19 - 00141854 ____A C:\Windows\System32\Gfxres.sv-SE.resources
    2012-03-19 22:19 - 2012-03-19 22:19 - 00140548 ____A C:\Windows\System32\Gfxres.sk-SK.resources
    2012-03-19 22:19 - 2012-03-19 22:19 - 00139901 ____A C:\Windows\System32\Gfxres.hr-HR.resources
    2012-03-19 22:19 - 2012-03-19 22:19 - 00136850 ____A C:\Windows\System32\Gfxres.sl-SI.resources
    2012-03-19 22:19 - 2012-03-19 22:19 - 00125306 ____A C:\Windows\System32\Gfxres.zh-TW.resources
    2012-03-19 22:19 - 2012-03-19 22:19 - 00123778 ____A C:\Windows\System32\Gfxres.zh-CN.resources
    2012-03-19 22:18 - 2012-03-19 22:18 - 00440320 ____A (Intel Corporation) C:\Windows\System32\igfxrell.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00439808 ____A (Intel Corporation) C:\Windows\System32\igfxrfra.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00439808 ____A (Intel Corporation) C:\Windows\System32\igfxresn.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00439296 ____A (Intel Corporation) C:\Windows\System32\igfxrrus.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00439296 ____A (Intel Corporation) C:\Windows\System32\igfxrrom.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrptg.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrplk.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrnld.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrita.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrhrv.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrdeu.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00438272 ____A (Intel Corporation) C:\Windows\System32\igfxrsky.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00438272 ____A (Intel Corporation) C:\Windows\System32\igfxrhun.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00438272 ____A (Intel Corporation) C:\Windows\System32\igfxrfin.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00438272 ____A (Intel Corporation) C:\Windows\System32\igfxrcsy.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00437760 ____A (Intel Corporation) C:\Windows\System32\igfxrtrk.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00437760 ____A (Intel Corporation) C:\Windows\System32\igfxrsve.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00437760 ____A (Intel Corporation) C:\Windows\System32\igfxrslv.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00437760 ____A (Intel Corporation) C:\Windows\System32\igfxrptb.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00437760 ____A (Intel Corporation) C:\Windows\System32\igfxrnor.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00437248 ____A (Intel Corporation) C:\Windows\System32\igfxrtha.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00437248 ____A (Intel Corporation) C:\Windows\System32\igfxrdan.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00435712 ____A (Intel Corporation) C:\Windows\System32\igfxrheb.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00435712 ____A (Intel Corporation) C:\Windows\System32\igfxrara.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00432128 ____A (Intel Corporation) C:\Windows\System32\igfxrjpn.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00430592 ____A (Intel Corporation) C:\Windows\System32\igfxrkor.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00429056 ____A (Intel Corporation) C:\Windows\System32\igfxrcht.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00428544 ____A (Intel Corporation) C:\Windows\System32\igfxrchs.lrc
    2012-03-19 22:18 - 2012-03-19 22:18 - 00410624 ____A (Intel Corporation) C:\Windows\System32\igfxTMM.dll
    2012-03-19 22:18 - 2012-03-19 22:18 - 00386560 ____A (Intel Corporation) C:\Windows\System32\igfxpph.dll
    2012-03-19 22:18 - 2012-03-19 22:18 - 00208522 ____A C:\Windows\System32\Gfxres.el-GR.resources
    2012-03-19 22:18 - 2012-03-19 22:18 - 00192378 ____A C:\Windows\System32\Gfxres.ru-RU.resources
    2012-03-19 22:18 - 2012-03-19 22:18 - 00164821 ____A C:\Windows\System32\Gfxres.ar-SA.resources
    2012-03-19 22:18 - 2012-03-19 22:18 - 00162150 ____A C:\Windows\System32\Gfxres.ja-JP.resources
    2012-03-19 22:18 - 2012-03-19 22:18 - 00157713 ____A C:\Windows\System32\Gfxres.he-IL.resources
    2012-03-19 22:18 - 2012-03-19 22:18 - 00148461 ____A C:\Windows\System32\Gfxres.it-IT.resources
    2012-03-19 22:18 - 2012-03-19 22:18 - 00147116 ____A C:\Windows\System32\Gfxres.ko-KR.resources
    2012-03-19 22:18 - 2012-03-19 22:18 - 00146125 ____A C:\Windows\System32\Gfxres.es-ES.resources
    2012-03-19 22:18 - 2012-03-19 22:18 - 00146008 ____A C:\Windows\System32\Gfxres.de-DE.resources
    2012-03-19 22:18 - 2012-03-19 22:18 - 00144267 ____A C:\Windows\System32\Gfxres.fr-FR.resources
    2012-03-19 22:18 - 2012-03-19 22:18 - 00143112 ____A C:\Windows\System32\Gfxres.pt-BR.resources
    2012-03-19 22:18 - 2012-03-19 22:18 - 00142797 ____A C:\Windows\System32\Gfxres.nl-NL.resources
    2012-03-19 22:18 - 2012-03-19 22:18 - 00142606 ____A C:\Windows\System32\Gfxres.hu-HU.resources
    2012-03-19 22:18 - 2012-03-19 22:18 - 00142079 ____A C:\Windows\System32\Gfxres.pt-PT.resources
    2012-03-19 22:18 - 2012-03-19 22:18 - 00141421 ____A C:\Windows\System32\Gfxres.pl-PL.resources
    2012-03-19 22:18 - 2012-03-19 22:18 - 00141297 ____A C:\Windows\System32\Gfxres.cs-CZ.resources
    2012-03-19 22:18 - 2012-03-19 22:18 - 00140949 ____A C:\Windows\System32\Gfxres.fi-FI.resources
    2012-03-19 22:18 - 2012-03-19 22:18 - 00136778 ____A C:\Windows\System32\Gfxres.nb-NO.resources
    2012-03-19 22:18 - 2012-03-19 22:18 - 00136261 ____A C:\Windows\System32\Gfxres.da-DK.resources
    2012-03-19 22:18 - 2012-03-19 22:18 - 00131674 ____A C:\Windows\System32\Gfxres.en-US.resources
    2012-03-19 22:18 - 2012-03-19 22:18 - 00126976 ____A (Intel Corporation) C:\Windows\System32\igfxcpl.cpl
    2012-03-19 22:17 - 2012-03-19 22:17 - 00434688 ____A (Intel Corporation) C:\Windows\System32\igfxdev.dll
    2012-03-19 22:17 - 2012-03-19 22:17 - 00172032 ____A (Intel Corporation) C:\Windows\System32\gfxSrvc.dll
    2012-03-19 22:17 - 2012-03-19 22:17 - 00028672 ____A (Intel Corporation) C:\Windows\System32\igfxexps.dll
    2012-03-19 22:17 - 2012-03-19 22:17 - 00009216 ____A ( ) C:\Windows\System32\IGFXDEVLib.dll
    2012-03-19 22:17 - 2011-08-31 20:21 - 00063488 ____A (Intel Corporation) C:\Windows\System32\igfxsrvc.dll
    2012-03-19 22:17 - 2011-08-31 20:20 - 00110592 ____A (Intel Corporation) C:\Windows\System32\hccutils.dll
    2012-03-19 22:16 - 2012-03-19 22:16 - 09007616 ____A (Intel Corporation) C:\Windows\System32\igfxress.dll
    2012-03-19 22:16 - 2012-03-19 22:16 - 00286208 ____A (Intel Corporation) C:\Windows\System32\igfxrenu.lrc
    2012-03-19 22:16 - 2012-03-19 22:16 - 00142336 ____A (Intel Corporation) C:\Windows\System32\igfxdo.dll
    2012-03-19 22:12 - 2012-03-19 22:12 - 00025088 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
    2012-03-19 22:11 - 2012-03-19 22:11 - 00325120 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
    2012-03-17 08:58 - 2012-05-12 14:37 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
    2012-03-17 01:24 - 2012-03-17 01:24 - 00000000 ____D C:\Users\Dave\AppData\Roaming\NVIDIA
    2012-03-17 01:11 - 2012-03-17 01:11 - 00000000 ____D C:\Users\Dave\AppData\Roaming\com.adobe.dmp.contentviewer
    2012-03-17 01:05 - 2012-03-17 01:05 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
    2012-03-17 00:51 - 2012-01-12 02:25 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2012-03-17 00:48 - 2012-03-17 00:48 - 00000000 ____D C:\Users\All Users\ALM
    2012-03-17 00:42 - 2012-03-17 00:42 - 00000000 ____D C:\Users\Dave\Adobe Flash Builder 4.5
    2012-03-17 00:37 - 2012-03-17 00:37 - 00001085 ____A C:\Users\Public\Desktop\Adobe Content Viewer.lnk
    2012-03-17 00:36 - 2012-03-17 00:36 - 00000000 ____D C:\Program Files (x86)\Adobe Story
    2012-03-17 00:34 - 2012-03-17 00:34 - 00000000 ____D C:\Program Files (x86)\My Company Name
    ZeroAccess:
    C:\Windows\Installer\{d94b65d8-1389-32bb-aef9-51ffcf99ae71}
    C:\Windows\Installer\{d94b65d8-1389-32bb-aef9-51ffcf99ae71}\@
    C:\Windows\Installer\{d94b65d8-1389-32bb-aef9-51ffcf99ae71}\L
    C:\Windows\Installer\{d94b65d8-1389-32bb-aef9-51ffcf99ae71}\n
    C:\Windows\Installer\{d94b65d8-1389-32bb-aef9-51ffcf99ae71}\U
    ZeroAccess:
    C:\Users\Dave\AppData\Local\{d94b65d8-1389-32bb-aef9-51ffcf99ae71}
    C:\Users\Dave\AppData\Local\{d94b65d8-1389-32bb-aef9-51ffcf99ae71}\@
    C:\Users\Dave\AppData\Local\{d94b65d8-1389-32bb-aef9-51ffcf99ae71}\L
    C:\Users\Dave\AppData\Local\{d94b65d8-1389-32bb-aef9-51ffcf99ae71}\U
    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe
    [2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: <===== ATTENTION!
    HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
    HKLM\...\exefile\open\command: <===== ATTENTION!
    ========================= Memory info ======================
    Percentage of memory in use: 31%
    Total physical RAM: 4013.12 MB
    Available physical RAM: 2733.27 MB
    Total Pagefile: 8024.43 MB
    Available Pagefile: 6756.72 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB
    ======================= Partitions =========================
    1 Drive c: () (Fixed) (Total:244.11 GB) (Free:34.4 GB) NTFS
    2 Drive d: () (Fixed) (Total:221.63 GB) (Free:33.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    7 Drive I: () (Removable) (Total:3.83 GB) (Free:3.77 GB) NTFS
    DiskPart has encountered an error: The RPC server is unavailable.
    See the System Event Log for more information.

    ==========================================================
    Last Boot: 2012-06-01 00:01
    ======================= End Of Log ==========================
     
  10. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Very well :)

    Before we run any fix we need to find a replacement for one infected system file.

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to BartPe and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
     
  11. Throttle

    Throttle TS Rookie Topic Starter Posts: 34

    I've eventually managed too get access too system recovery ..got the following from the search

    Farbar Recovery Scan Tool Version: 09-06-2012
    Ran by Dave at 2012-06-11 20:26:41
    Running from J:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
    ====== End Of Search ======
     
  12. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Very well because you didn't do it in your original scan:
    You need to re-run the tool from RE and post new log.
     
  13. Throttle

    Throttle TS Rookie Topic Starter Posts: 34

    Sorry I couldn't get access too the recovery mode previously so managed get it from safe mode.. I've managed too get a start up disc sorted so I will redo it correctly from recovery mode now.
     
  14. Throttle

    Throttle TS Rookie Topic Starter Posts: 34

    I've tried again used a Windows 7 64bit startup disc too get access too recovery and it says Windows 7 on drive (D: ) , So ive tried running the search and scan but they all seem be related too drive (C: ) and Vista

    Scan result of Farbar Recovery Scan Tool Version: 09-06-2012
    Ran by SYSTEM at 11-06-2012 21:11:09
    Running from J:\
    Windows Vista (TM) Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ATTENTION!:=====> THE OPERATING SYSTEM IS A X86 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X64 SYSTEM DISK.

    :(
     
  15. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    If you boot to Vista can you access files on Windows 7 partition?
     
  16. Throttle

    Throttle TS Rookie Topic Starter Posts: 34

    Yes I can access files on Windows 7 when I'm using Vista
     
  17. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Very well then.
    We can try something.
    Hold on there...
     
  18. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    1. Delete following folders from Windows 7 installation:
    - C:\Users\Dave\AppData\Local\{d94b65d8-1389-32bb-aef9-51ffcf99ae71}
    - C:\Windows\Installer\{d94b65d8-1389-32bb-aef9-51ffcf99ae71}

    2. Navigate to C:\Windows\System32 folder and rename services.exe to services.old.
    Copy services.exe file from C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1 folder and paste it to C:\Windows\System32 folder.

    See if you can boot to Windows 7 normally.
     
  19. Throttle

    Throttle TS Rookie Topic Starter Posts: 34

    Thanks
    I've deleted the files and at the moment Windows 7 appears too not have the dreaded critical error so far :D do I need too do anything else now or is it still about somewhere on my drive ?
     
  20. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Good news :)

    We need to run some scans to make sure you're clean.

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
     
  21. Throttle

    Throttle TS Rookie Topic Starter Posts: 34

    Ok I'll run the scans and post what info I get, thanks again for your help :)(y)
     
  22. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Sure thing :)
     
  23. Throttle

    Throttle TS Rookie Topic Starter Posts: 34

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.11.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Dave :: DAVE-PC [administrator]

    Protection: Enabled

    11/06/2012 23:34:19
    mbam-log-2012-06-11 (23-34-19).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 252449
    Time elapsed: 14 minute(s), 22 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-06-12 00:32:40
    Windows 6.1.7601 Service Pack 1
    Running: shiqw599.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a3a7bb402
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a3a7bb402@0013a9462429 0xBC 0x8D 0xEC 0x63 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a3a7bb402@00125a69554e 0xE4 0xA5 0x1E 0xC9 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a3a7bb402 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a3a7bb402@0013a9462429 0xBC 0x8D 0xEC 0x63 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a3a7bb402@00125a69554e 0xE4 0xA5 0x1E 0xC9 ...

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Dave at 1:05:54 on 2012-06-12
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4013.1714 [GMT 1:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Realtek\LanOptimizer\LanOptimizer.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe
    C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
    C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe
    C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\mmc.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\werfault.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManagerComHandler.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [Google Update] "C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Spotify] "C:\Users\Dave\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
    uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    uRun: [AdobeBridge]
    uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
    uRun: [EPSON Stylus DX6000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBIE.EXE /FU "C:\Users\Dave\AppData\Local\Temp\E_S10C2.tmp" /EF "HKCU"
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
    mRun: [Smart File Advisor] "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc
    mRun: [ServiceManager.exe] "C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN
    mRun: [DHSClient.exe] "C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe" /AUTORUN
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [<NO NAME>]
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\Users\Dave\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: dyndns.org\dlplant
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {0920DBB1-D098-4ACE-9DDD-7A6F18A9ED66} - hxxps://britishgastopup.paypoint.com/HomeVend.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} - hxxps://bg.itronenergypoint.net/IHVConnect/KeyBoxControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{2287BB51-5D7A-40FD-81F4-3B327D48AC6F} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{F0291062-DD95-4B70-96C5-1008C376C504} : DhcpNameServer = 192.168.43.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect - No File
    TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
    mRun-x64: [Smart File Advisor] "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc
    mRun-x64: [ServiceManager.exe] "C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN
    mRun-x64: [DHSClient.exe] "C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe" /AUTORUN
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun-x64: [(Default)]
    mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\vh91drvc.default\
    FF - prefs.js: network.proxy.http - 117.240.242.115
    FF - prefs.js: network.proxy.http_port - 80
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Dave\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Dave\AppData\Local\Roblox\Versions\version-21cdb2fff9fb4df2\NPRobloxProxy.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys --> C:\Windows\system32\DRIVERS\NBVol.sys [?]
    R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys --> C:\Windows\system32\DRIVERS\NBVolUp.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
    R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\system32\DRIVERS\ndisrd.sys --> C:\Windows\system32\DRIVERS\ndisrd.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 HsdService;HsdService;C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe [2011-12-10 1406264]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-11 654408]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-21 2348352]
    R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2010-9-17 1251840]
    R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]
    R2 ServicepointService;ServicepointService;C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe [2011-12-10 689464]
    R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-11-4 114688]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272]
    R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-1-23 92592]
    R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
    R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 257696]
    S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
    S3 BDA_Capture_225;USB Digital-TV receiver. Driver 3.0.1.18;C:\Windows\system32\Drivers\BDA_Capture_225_x64.sys --> C:\Windows\system32\Drivers\BDA_Capture_225_x64.sys [?]
    S3 BDA_Loader_225;USB Digital-TV Receiver. Firmware Loader 7.1.9.0;C:\Windows\system32\Drivers\BDA_Loader_225_x64.sys --> C:\Windows\system32\Drivers\BDA_Loader_225_x64.sys [?]
    S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
    S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-11-7 25640]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 GemCCID;GemCCID;C:\Windows\system32\Drivers\GemCCID.sys --> C:\Windows\system32\Drivers\GemCCID.sys [?]
    S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys --> C:\Windows\system32\DRIVERS\ggflt.sys [?]
    S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-11-4 30528]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-8 113120]
    S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2011-11-6 24176]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
    S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVlan60.sys --> C:\Windows\system32\DRIVERS\RtVlan60.sys [?]
    S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-5-2 155320]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-06-11 23:42:4169000----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E565028-C8EC-4EAD-B113-087F020A6C43}\offreg.dll
    2012-06-11 22:29:42--------d-----w-C:\Users\Dave\AppData\Roaming\Malwarebytes
    2012-06-11 22:29:28--------d-----w-C:\ProgramData\Malwarebytes
    2012-06-11 22:29:2624904----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-06-11 22:29:26--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-11 21:38:16328704----a-w-C:\Windows\System32\services.exe
    2012-06-11 18:06:19--------d-----w-C:\Windows\pss
    2012-06-11 17:42:33927800----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BC8263E9-2E3E-4AF7-97FC-1EEBBB171545}\gapaengine.dll
    2012-06-11 17:42:308955792----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E565028-C8EC-4EAD-B113-087F020A6C43}\mpengine.dll
    2012-06-11 16:40:13--------d-----w-C:\Users\Dave\New folder
    2012-06-11 16:34:41--------d-----w-C:\FRST
    2012-06-09 13:53:15--------d-----w-C:\Windows Loader
    2012-06-09 13:39:30--------d-----w-C:\TDSSKiller_Quarantine
    2012-06-08 16:39:35--------d-----w-C:\Program Files (x86)\Microsoft Security Client
    2012-06-08 16:39:33--------d-----w-C:\Program Files\Microsoft Security Client
    2012-06-08 00:04:45--------d-----w-C:\Users\Dave\AppData\Roaming\GameFly
    2012-06-08 00:04:31--------d-----w-C:\Program Files (x86)\GameFly
    2012-06-07 23:39:01--------d-----w-C:\Users\Dave\AppData\Local\Mozilla
    2012-06-07 14:41:04--------d-----w-C:\Users\Dave\AppData\Local\Chromium
    2012-06-07 13:50:38--------d-----w-C:\ProgramData\Rockstar Games
    2012-06-07 13:50:38--------d-----w-C:\Program Files (x86)\Rockstar Games
    2012-06-07 08:49:35--------d-sh--w-C:\Windows\System32\%APPDATA%
    2012-06-06 23:20:581775104----a-w-C:\Windows\SysWow64\mprdin.dll
    2012-06-04 19:08:06--------d-----w-C:\Program Files\iPod
    2012-06-04 19:08:05--------d-----w-C:\Program Files\iTunes
    2012-06-04 19:08:05--------d-----w-C:\Program Files (x86)\iTunes
    2012-06-04 19:05:14159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-06-04 19:05:14159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-06-04 19:05:14159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-06-04 19:05:14159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-06-04 19:05:14159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-06-04 19:05:14159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-06-04 19:05:14159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-06-04 18:37:51--------d-----w-C:\Users\Dave\AppData\Local\Geckofx
    2012-06-04 18:37:34--------d-----w-C:\Program Files (x86)\AviSynth 2.5
    2012-06-04 18:37:29--------d-----w-C:\Program Files (x86)\Red Kawa
    2012-05-27 08:19:53--------d-----w-C:\Users\Dave\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2012-05-27 08:19:53--------d-----w-C:\Users\Dave\AppData\Roaming\Adobe Mini Bridge CS5.1
    2012-05-27 06:45:15--------d-----w-C:\Program Files (x86)\Portrait Professional Studio
    2012-05-26 11:49:19--------d-----w-C:\Users\Dave\AppData\Roaming\WindSolutions
    2012-05-26 11:49:18--------d-----w-C:\ProgramData\WindSolutions
    2012-05-17 17:51:28--------d-----w-C:\Program Files\Common Files\Intuit
    2012-05-17 12:41:14--------d-----w-C:\Users\Dave\AppData\Local\Intuit
    2012-05-17 12:33:50--------d-----w-C:\ProgramData\Nuance
    2012-05-17 12:33:50--------d-----w-C:\ProgramData\Intuit
    2012-05-17 12:33:50--------d-----w-C:\Program Files (x86)\Intuit
    2012-05-17 12:33:50--------d-----w-C:\Program Files (x86)\Common Files\Intuit
    2012-05-17 12:33:36--------d-----w-C:\ProgramData\SQL Anywhere 11
    2012-05-17 12:33:36--------d-----w-C:\ProgramData\COMMON FILES
    2012-05-17 12:28:04--------d-----w-C:\Windows\Intuit
    .
    ==================== Find3M ====================
    .
    2012-06-11 23:42:5425640----a-w-C:\Windows\gdrv.sys
    2012-05-06 17:04:2770304----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-06 17:04:27419488----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-05-06 17:04:118744608----a-w-C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-02 06:09:3127176----a-w-C:\Windows\System32\drivers\ggsemc.sys
    2012-05-02 06:09:3113352----a-w-C:\Windows\System32\drivers\ggflt.sys
    2012-04-18 19:56:3094208----a-w-C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-04-18 19:56:3069632----a-w-C:\Windows\SysWow64\QuickTime.qts
    2012-03-31 06:05:575559664----a-w-C:\Windows\System32\ntoskrnl.exe
    2012-03-31 04:39:373968368----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2012-03-31 04:39:373913072----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2012-03-31 03:10:033146240----a-w-C:\Windows\System32\win32k.sys
    2012-03-30 11:35:471918320----a-w-C:\Windows\System32\drivers\tcpip.sys
    2012-03-22 19:12:124435968----a-w-C:\Windows\SysWow64\GPhotos.scr
    2012-03-20 19:44:1298688----a-w-C:\Windows\System32\drivers\NisDrvWFP.sys
    2012-03-20 19:44:12203888----a-w-C:\Windows\System32\drivers\MpFilter.sys
    2012-03-19 22:44:205888792----a-w-C:\Windows\System32\GfxUI.exe
    2012-03-19 22:44:20509720----a-w-C:\Windows\System32\igfxsrvc.exe
    2012-03-19 22:44:20439064----a-w-C:\Windows\System32\igfxpers.exe
    2012-03-19 22:44:20398616----a-w-C:\Windows\System32\hkcmd.exe
    2012-03-19 22:44:20276248----a-w-C:\Windows\SysWow64\IntelCpHeciSvc.exe
    2012-03-19 22:44:20250136----a-w-C:\Windows\System32\igfxext.exe
    2012-03-19 22:44:20184600----a-w-C:\Windows\System32\difx64.exe
    2012-03-19 22:44:20170264----a-w-C:\Windows\System32\igfxtray.exe
    2012-03-19 22:42:0890112----a-w-C:\Windows\System32\igfxCoIn_v2696.dll
    2012-03-19 22:32:0414745600----a-w-C:\Windows\System32\drivers\igdkmd64.sys
    2012-03-19 22:31:568087040----a-w-C:\Windows\System32\igdumd64.dll
    2012-03-19 22:31:1479360----a-w-C:\Windows\System32\igdde64.dll
    2012-03-19 22:26:566120960----a-w-C:\Windows\SysWow64\igdumd32.dll
    2012-03-19 22:25:5858880----a-w-C:\Windows\SysWow64\igdde32.dll
    2012-03-19 22:22:109605632----a-w-C:\Windows\System32\igd10umd64.dll
    2012-03-19 22:11:387795200----a-w-C:\Windows\SysWow64\igd10umd32.dll
    2012-03-19 21:31:1418137088----a-w-C:\Windows\System32\ig4icd64.dll
    2012-03-19 21:21:1413212672----a-w-C:\Windows\SysWow64\ig4icd32.dll
    2012-03-19 21:17:5628672----a-w-C:\Windows\System32\igfxexps.dll
    2012-03-19 21:17:4663488----a-w-C:\Windows\System32\igfxsrvc.dll
    2012-03-19 21:17:22110592----a-w-C:\Windows\System32\hccutils.dll
    2012-03-19 21:17:149216----a-w-C:\Windows\System32\IGFXDEVLib.dll
    2012-03-19 21:17:14434688----a-w-C:\Windows\System32\igfxdev.dll
    2012-03-19 21:17:14172032----a-w-C:\Windows\System32\gfxSrvc.dll
    2012-03-19 21:16:40286208----a-w-C:\Windows\System32\igfxrenu.lrc
    2012-03-19 21:16:38142336----a-w-C:\Windows\System32\igfxdo.dll
    2012-03-19 21:16:369007616----a-w-C:\Windows\System32\igfxress.dll
    2012-03-19 21:12:0625088----a-w-C:\Windows\SysWow64\igfxexps32.dll
    2012-03-19 21:11:22325120----a-w-C:\Windows\SysWow64\igfxdv32.dll
    2012-03-17 07:58:5775120----a-w-C:\Windows\System32\drivers\partmgr.sys
    .
    ============= FINISH: 1:06:07.72 ===============
     
  24. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    I still need Attach.txt part of DDS.
     
  25. Throttle

    Throttle TS Rookie Topic Starter Posts: 34

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume2
    Install Date: 04/11/2011 21:19:41
    System Uptime: 12/06/2012 00:41:53 (1 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | Z68AP-D3
    Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | Socket 1155 | 3601/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 244 GiB total, 26.38 GiB free.
    D: is FIXED (NTFS) - 222 GiB total, 33.651 GiB free.
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{0000110B-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&3205BF01&0&0013A9462429_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{0000110B-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&3205BF01&0&0013A9462429_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&3205BF01&0&0013A9462429_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&3205BF01&0&0013A9462429_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{0000111E-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&3205BF01&0&0013A9462429_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{0000111E-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&3205BF01&0&0013A9462429_C00000000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP148: 08/06/2012 17:50:24 - Windows Update
    RP149: 08/06/2012 18:17:18 - Windows Update
    RP150: 11/06/2012 18:41:56 - Windows Update
    .
    ==== Installed Programs ======================
    .
    @BIOS
    Adobe Acrobat X Pro - English, Français, Deutsch
    Adobe AIR
    Adobe Community Help
    Adobe Content Viewer
    Adobe Creative Suite 5.5 Master Collection
    Adobe Reader X (10.1.3)
    Adobe Story
    Adobe Widget Browser
    Android SDK Tools
    Apple Application Support
    Apple Software Update
    AutoGreen B10.1021.1
    AviSynth 2.5
    Awesome Duplicate Photo Finder v. 1.0.1
    Battlefield 3™
    Battlelog Web Plugins
    Bing Bar
    BitTorrent
    Burnout(TM) Paradise The Ultimate Box
    Canon RAW Codec
    CopyTrans Suite Remove Only
    D3DX10
    DC Universe Online
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dropbox
    Easy Tune 6 B11.0512.1
    ESN Sonar
    Etron USB3.0 Host Controller
    Flashtool
    GameFly
    Google Chrome
    High-Definition Video Playback
    inSSIDer
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    IsoBuster 2.8
    Java Auto Updater
    Java(TM) 6 Update 31
    Junk Mail filter update
    LanOptimizer
    Malwarebytes Anti-Malware version 1.61.0.1400
    Max Payne 3
    Mesh Runtime
    Messenger Companion
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XNA Framework Redistributable 3.1
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Mozilla Firefox 13.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    NEF Codec
    Nero 11 Cliparts
    Nero 11 Collection 1
    Nero 11 Disc Menus 1
    Nero 11 Disc Menus 2
    Nero 11 Disc Menus 3
    Nero 11 Disc Menus Basic
    Nero 11 Effects Basic
    Nero 11 Image Samples
    Nero 11 Kwik Themes 1
    Nero 11 Kwik Themes 2
    Nero 11 Kwik Themes 3
    Nero 11 Kwik Themes 4
    Nero 11 Kwik Themes Basic
    Nero 11 PiP Effects 1
    Nero 11 PiP Effects Basic
    Nero 11 Video Samples
    Nero 11 Video Transitions 1
    Nero Audio Pack 1
    Nero ControlCenter 11
    Nero ControlCenter 11 Help (CHM)
    Nero Core Components 11
    Nero Kwik Media
    Nero Kwik Media Help (CHM)
    Nero Video 11
    Nero Video 11 Help (CHM)
    nero.prerequisites.msi
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    ON_OFF Charge B11.0110.1
    Origin
    PDF Settings CS5
    Picasa 3
    Portrait Professional Studio
    PunkBuster Services
    PxMergeModule
    QuickBooks
    QuickBooks Pro 2011
    QuickTime
    Radialpoint Security Advisor 2.5.19
    Realtek Ethernet Controller Driver
    Realtek Ethernet Diagnostic Utility
    Realtek High Definition Audio Driver
    Rockstar Games Social Club
    Safari
    Saints Row: The Third
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Smart 6 B11.0512.1
    Smart File Advisor 1.1.1
    Snapshot Viewer
    Sony Ericsson Update Engine
    Sony Ericsson Update Service
    Sony PC Companion 2.10.065
    Steam
    System Requirements Lab
    System Requirements Lab CYRI
    The Elder Scrolls V: Skyrim
    TomTom HOME 2.8.3.2499
    TomTom HOME Visual Studio Merge Modules
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553092)
    Videora iPod Converter 6
    Virgin Media Digital Home Support 2.1.27
    Virgin Media Service Manager 3.7.47
    VisiPics V1.30
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/06/2012 00:44:53, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    12/06/2012 00:44:53, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    12/06/2012 00:42:51, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    12/06/2012 00:42:44, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    12/06/2012 00:42:43, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    12/06/2012 00:42:27, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    11/06/2012 23:00:37, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
    11/06/2012 22:24:39, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:632 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.127.1752.0, AS: 1.127.1752.0, NIS: 11.0.0.0 Engine Version: AM: 1.1.8403.0, NIS: 2.0.8001.0
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...