Solved Win64/sirefef.y problem

Throttle

Posts: 34   +0
Hi
I currently have win64/sirefef.y virus on my Windows 7 MSE detects it but I get the critical error 60 second message and the pc just reboots before I get chance too let MSE too finish cleaning it,
Im getting the exact same problem in safe mode and windows repair has no luck fixing the problem either.

I do have Windows vista installed aswell as Windows 7 on my pc so I could gain access too the windows 7 folders through using Vista if that any help too getting rid of it ?
I have tried virus checkers and malware programs from vista but on scanning the drive that windows 7 is installed on yet even though it finds various stuff and fixes them it doesn't seem to find and get rid of the sirefef problem..
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================================================================

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Hi Broni

Thanks for your help :) as I mentioned initially I have both Windows 7 and Vista installed so I have dual boot setup where I select the windows edition during start up.
I have selected Windows 7 and went into system recovery console and run frst.exe but when I returned to Vista too reply I noticed the notepad.txt was related too vista and not windows 7 which I have tried 3 times and seem to get info related too Vista and not windows 7 which im definitely selecting :confused:

Here is the start of the notepad.txt

Scan result of Farbar Recovery Scan Tool Version: 09-06-2012
Ran by SYSTEM at 11-06-2012 01:45:40
Running from I:\
Windows Vista (TM) Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

ATTENTION!:=====> THE OPERATING SYSTEM IS A X86 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X64 SYSTEM DISK.
 
Are both OSes located on a same disk (different partitions) or on separate disks?
 
Hi
I managed too disable dual boot and got following txt below from frst64 run in safe mode luckly just before computer rebooted :)
I try f8 too go too repair options and just seem too get moved too the start windows normally or launch auto repair now :confused:

Scan result of Farbar Recovery Scan Tool Version: 09-06-2012
Ran by Dave at 11-06-2012 18:01:02
Running from I:\
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.
========================== Registry (Whitelisted) =============
HKU\Jenny\...\Run: [Google Update] "C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-11-05] (Google Inc.)
HKU\Jenny\...\Run: [EPSON Stylus DX6000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBIE.EXE /FU "C:\Windows\TEMP\E_SF7A.tmp" /EF "HKCU" [139264 2006-09-22] (SEIKO EPSON CORPORATION)
HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell] [x ] ()
HKLM-x32\...\Winlogon: [Shell] [x ] ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Dave\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Services (Whitelisted) ======

========================== Drivers (Whitelisted) =============

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-06-11 17:34 - 2012-06-11 18:01 - 00000000 ____D C:\FRST
2012-06-10 21:45 - 2012-06-10 21:33 - 00000186 ____A C:\Users\Dave\Desktop\Licence key.txt
2012-06-10 17:11 - 2012-06-12 02:29 - 00000000 ___SD C:\32788R22FWJFW
2012-06-09 14:53 - 2012-06-12 02:28 - 00000000 ____D C:\Windows Loader
2012-06-09 14:41 - 2012-06-09 14:42 - 00136808 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_14.41.47_log.txt
2012-06-09 14:39 - 2012-06-09 14:39 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-09 14:38 - 2012-06-09 14:40 - 00243538 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_14.38.25_log.txt
2012-06-08 17:39 - 2012-06-08 17:39 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-08 17:39 - 2012-06-08 17:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-08 01:04 - 2012-06-12 02:27 - 00000000 ____D C:\Users\Dave\Documents\GameFly
2012-06-08 01:04 - 2012-06-08 16:53 - 00000000 ____D C:\Program Files (x86)\GameFly
2012-06-08 01:04 - 2012-06-08 01:04 - 00001106 ____A C:\Program Files (x86)\InstLog.txt
2012-06-08 01:04 - 2012-06-08 01:04 - 00000000 ____D C:\Users\Dave\AppData\Roaming\GameFly
2012-06-08 00:39 - 2012-06-12 02:26 - 00000000 ____D C:\Users\Dave\AppData\Local\Mozilla
2012-06-08 00:38 - 2012-06-08 00:38 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-08 00:38 - 2012-06-08 00:38 - 00000000 ____D C:\Users\All Users\Mozilla
2012-06-08 00:38 - 2012-06-08 00:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-08 00:38 - 2012-06-08 00:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-07 20:56 - 2012-06-05 15:29 - 733769728 ____A C:\Users\Dave\Desktop\RESCUERS 2.avi
2012-06-07 15:41 - 2012-06-07 15:41 - 00000000 ____D C:\Users\Dave\Documents\Rockstar Games
2012-06-07 15:41 - 2012-06-07 15:41 - 00000000 ____D C:\Users\Dave\AppData\Local\Chromium
2012-06-07 14:50 - 2012-06-07 15:37 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2012-06-07 14:50 - 2012-06-07 14:50 - 00000000 ____D C:\Users\All Users\Rockstar Games
2012-06-07 09:49 - 2012-06-07 09:49 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-07 00:21 - 2012-06-07 00:21 - 00000378 ____A C:\Windows\SysWOW64\mprdin.ocx
2012-06-07 00:20 - 2012-06-07 00:20 - 01775104 ____A C:\Windows\SysWOW64\mprdin.dll
2012-06-06 22:14 - 2012-06-12 02:29 - 00000000 ____D C:\Users\Dave\AppData\Roaming\SystemRequirementsLab
2012-06-05 20:06 - 2012-06-05 20:06 - 07401371 ____A C:\Users\Dave\Desktop\P1040780.jpg
2012-06-05 10:43 - 2012-06-05 10:43 - 09568689 ____A C:\Users\Dave\Desktop\P1040774.jpg
2012-06-04 20:08 - 2012-06-04 20:08 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-04 20:08 - 2012-06-04 20:08 - 00000000 ____D C:\Program Files\iTunes
2012-06-04 20:08 - 2012-06-04 20:08 - 00000000 ____D C:\Program Files\iPod
2012-06-04 20:08 - 2012-06-04 20:08 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-06-04 20:05 - 2012-06-04 20:05 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-04 20:05 - 2012-06-04 20:05 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-06-04 19:37 - 2012-06-12 02:24 - 00000000 ____D C:\Users\Dave\AppData\Local\Geckofx
2012-06-04 19:37 - 2012-06-04 19:37 - 00002206 ____A C:\Users\Public\Desktop\Videora iPod Converter.lnk
2012-06-04 19:37 - 2012-06-04 19:37 - 00000000 ____D C:\Program Files (x86)\Red Kawa
2012-06-04 19:37 - 2012-06-04 19:37 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2012-06-04 15:56 - 2012-06-04 15:58 - 00171249 ____A C:\Users\Dave\Desktop\photo1.jpg
2012-06-04 00:28 - 2012-06-04 00:28 - 00067310 ____A C:\Users\Dave\Desktop\photo.jpg
2012-06-03 10:59 - 2012-06-03 10:59 - 11093576 ____A C:\Users\Dave\Desktop\P6030030.jpg
2012-05-30 21:10 - 2012-05-30 21:10 - 04014974 ____A C:\Users\Dave\Desktop\P520000.jpg
2012-05-30 21:07 - 2012-05-30 21:26 - 10995748 ____A C:\Users\Dave\Desktop\P5200004.jpg
2012-05-30 21:07 - 2012-05-30 21:07 - 11130622 ____A C:\Users\Dave\Desktop\P5200003.jpg
2012-05-30 21:01 - 2012-05-30 21:01 - 08851959 ____A C:\Users\Dave\Desktop\P5200001.jpg
2012-05-27 09:19 - 2012-05-27 09:19 - 00000000 ____D C:\Users\Dave\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-05-27 09:19 - 2012-05-27 09:19 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Adobe Mini Bridge CS5.1
2012-05-27 07:45 - 2012-05-27 07:46 - 00000000 ____D C:\Program Files (x86)\Portrait Professional Studio
2012-05-26 12:49 - 2012-06-12 02:29 - 00000000 ____D C:\Users\Dave\AppData\Roaming\WindSolutions
2012-05-26 12:49 - 2012-06-04 20:06 - 00001360 ____A C:\Users\Dave\Desktop\CopyTrans Control Center.lnk
2012-05-26 12:49 - 2012-05-26 12:54 - 00000000 ____D C:\Users\All Users\WindSolutions
2012-05-21 20:41 - 2012-05-21 20:42 - 00000000 ____D C:\Users\Jenny\AppData\Local\Intuit
2012-05-21 00:15 - 2012-05-21 00:15 - 06450129 ____A C:\Users\Dave\Desktop\dans.jpg
2012-05-17 18:51 - 2012-05-17 18:51 - 00000000 ____D C:\Program Files\Common Files\Intuit
2012-05-17 13:41 - 2012-06-12 02:29 - 00000000 ____D C:\Users\Dave\AppData\Local\Intuit
2012-05-17 13:36 - 2012-05-17 13:36 - 00002113 ____A C:\Users\Public\Desktop\QuickBooks Pro Plus 2011.lnk
2012-05-17 13:36 - 2012-05-17 13:36 - 00001368 ____A C:\Users\Public\Desktop\Process Credit Cards & eChecks in QuickBooks.lnk
2012-05-17 13:36 - 2012-05-17 13:36 - 00001326 ____A C:\Users\Public\Desktop\Checks & More for QuickBooks.lnk
2012-05-17 13:36 - 2012-05-17 13:36 - 00001274 ____A C:\Users\Public\Desktop\Payroll for QuickBooks.lnk
2012-05-17 13:36 - 2012-05-17 13:36 - 00001220 ____A C:\Users\Public\Desktop\Support for QuickBooks.lnk
2012-05-17 13:36 - 2012-05-17 13:36 - 00001180 ____A C:\Users\Public\Desktop\Get More Customers with Intuit.lnk
2012-05-17 13:33 - 2012-05-17 19:08 - 00000000 ____D C:\Users\All Users\SQL Anywhere 11
2012-05-17 13:33 - 2012-05-17 18:47 - 00000000 ____D C:\Users\All Users\Intuit
2012-05-17 13:33 - 2012-05-17 13:36 - 00000095 ____A C:\Windows\QBChanUtil_Trigger.ini
2012-05-17 13:33 - 2012-05-17 13:33 - 00000000 ____D C:\Users\Public\Documents\Intuit
2012-05-17 13:33 - 2012-05-17 13:33 - 00000000 ____D C:\Users\All Users\Nuance
2012-05-17 13:33 - 2012-05-17 13:33 - 00000000 ____D C:\Program Files (x86)\Intuit
2012-05-17 13:28 - 2012-05-17 13:28 - 00000000 ____D C:\Windows\Intuit
2012-05-17 13:25 - 2010-11-18 22:09 - 00000759 ____A C:\Users\Dave\Desktop\FILE_ID.DIZ
2012-05-15 19:54 - 2012-05-15 19:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-15 19:54 - 2012-05-15 19:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-13 23:31 - 2012-05-13 23:31 - 00275231 ____A C:\Users\Dave\Documents\posing_guide_for_children.pdf
2012-05-13 21:25 - 2012-05-13 21:25 - 00001211 ____A C:\Users\Dave\Desktop\Awesome Duplicate Photo Finder.lnk
2012-05-13 21:24 - 2012-05-13 21:24 - 00048191 ____A C:\Users\Dave\Desktop\63059_496808795960_713800960_7261011_7790920_n.jpg
2012-05-13 20:58 - 2012-05-13 21:31 - 06621199 ____A C:\Users\Dave\Desktop\dan.jpg
2012-05-12 14:39 - 2012-03-31 07:05 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-12 14:39 - 2012-03-31 05:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-12 14:39 - 2012-03-31 05:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-12 14:39 - 2012-03-31 04:10 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 14:39 - 2012-03-03 07:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-12 14:39 - 2012-03-03 06:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-12 14:37 - 2012-03-17 08:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-12 14:36 - 2012-03-30 12:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

============ 3 Months Modified Files and Folders =============
2012-06-12 02:29 - 2012-06-10 17:11 - 00000000 ___SD C:\32788R22FWJFW
2012-06-12 02:29 - 2012-06-06 22:14 - 00000000 ____D C:\Users\Dave\AppData\Roaming\SystemRequirementsLab
2012-06-12 02:29 - 2012-05-26 12:49 - 00000000 ____D C:\Users\Dave\AppData\Roaming\WindSolutions
2012-06-12 02:29 - 2012-05-17 13:41 - 00000000 ____D C:\Users\Dave\AppData\Local\Intuit
2012-06-12 02:29 - 2012-04-22 23:36 - 00000000 ___RD C:\Users\Dave\Dropbox
2012-06-12 02:29 - 2012-04-19 20:59 - 00000000 ____D C:\Users\Dave\Documents\Kelby Training - Ten Essential Studio Techniques Every Photographer Needs to Know
2012-06-12 02:29 - 2012-04-03 16:56 - 00000000 ___HD C:\Users\Dave\Documents\.picasaoriginals
2012-06-12 02:29 - 2012-03-05 00:28 - 00000000 ____D C:\Users\Dave\AppData\Local\eSupport.com
2012-06-12 02:29 - 2012-02-29 02:18 - 00000000 ____D C:\Users\Dave\.android
2012-06-12 02:29 - 2011-12-19 00:59 - 00000000 ____D C:\Users\Dave\Desktop\DVBT Vista 32&64bit
2012-06-12 02:29 - 2011-12-19 00:59 - 00000000 ____D C:\Users\Dave\Desktop\00010626
2012-06-12 02:29 - 2011-11-20 22:07 - 00000000 ____D C:\Users\Dave\AppData\Local\Criterion Games
2012-06-12 02:29 - 2011-11-16 23:00 - 00000000 ____D C:\Users\Dave\Desktop\mw 3
2012-06-12 02:29 - 2011-11-13 19:08 - 00000000 ____D C:\Users\Dave\AppData\Local\Nero_AG
2012-06-12 02:29 - 2011-11-09 22:15 - 00000000 ____D C:\users\Jenny
2012-06-12 02:29 - 2011-11-07 10:52 - 00000000 ____D C:\Users\Dave\AppData\Roaming\BitTorrent
2012-06-12 02:29 - 2011-11-05 00:26 - 00000000 ____D C:\Users\Dave\AppData\Local\Apps\2.0
2012-06-12 02:28 - 2012-06-09 14:53 - 00000000 ____D C:\Windows Loader
2012-06-12 02:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2012-06-12 02:27 - 2012-06-08 01:04 - 00000000 ____D C:\Users\Dave\Documents\GameFly
2012-06-12 02:27 - 2012-04-22 23:34 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Dropbox
2012-06-12 02:27 - 2012-04-06 15:28 - 00000000 ____D C:\Users\Dave\AppData\Roaming\TomTom
2012-06-12 02:27 - 2012-04-06 15:28 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Mozilla
2012-06-12 02:27 - 2012-04-06 15:28 - 00000000 ____D C:\Users\Dave\AppData\Local\TomTom
2012-06-12 02:27 - 2012-01-12 02:23 - 00000000 ____D C:\Users\Dave\Desktop\Adobe
2012-06-12 02:27 - 2011-12-10 02:30 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Virgin Media
2012-06-12 02:27 - 2011-11-13 19:08 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Nero
2012-06-12 02:27 - 2011-11-07 18:05 - 00000000 ____D C:\Users\Dave\AppData\Roaming\OpenOffice.org
2012-06-12 02:27 - 2011-11-06 00:49 - 00000000 ____D C:\Users\Dave\Documents\My Games
2012-06-12 02:27 - 2011-11-05 00:02 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Macromedia
2012-06-12 02:27 - 2011-11-05 00:01 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Adobe
2012-06-12 02:27 - 2011-11-04 22:19 - 00000000 ____D C:\Users\Dave\AppData\LocalLow
2012-06-12 02:26 - 2012-06-08 00:39 - 00000000 ____D C:\Users\Dave\AppData\Local\Mozilla
2012-06-12 02:26 - 2012-03-02 19:35 - 00000000 ____D C:\Users\Dave\AppData\Local\Roblox
2012-06-12 02:26 - 2011-11-06 01:03 - 00000000 ____D C:\Users\Dave\AppData\Local\PunkBuster
2012-06-12 02:25 - 2012-02-18 21:13 - 00000000 ____D C:\Users\Dave\AppData\Local\id Software
2012-06-12 02:24 - 2012-06-04 19:37 - 00000000 ____D C:\Users\Dave\AppData\Local\Geckofx
2012-06-12 02:24 - 2011-11-05 00:27 - 00000000 ____D C:\Users\Dave\AppData\Local\Google
2012-06-11 18:01 - 2012-06-11 17:34 - 00000000 ____D C:\FRST
2012-06-11 18:00 - 2012-06-11 17:59 - 00245230 ____A C:\Windows\ntbtlog.txt
2012-06-11 17:58 - 2011-11-15 21:50 - 00000282 ____A C:\Windows\Tasks\RtlLanOptimizerVistaStart.job
2012-06-11 17:56 - 2011-11-04 23:41 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-06-11 17:56 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-11 17:56 - 2009-07-14 05:51 - 00066641 ____A C:\Windows\setupact.log
2012-06-11 17:40 - 2012-06-11 17:40 - 00000000 ____D C:\Users\Dave\New folder
2012-06-11 17:40 - 2011-11-04 22:19 - 00000000 ____D C:\users\Dave
2012-06-11 17:39 - 2009-07-14 05:45 - 00017296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-11 17:39 - 2009-07-14 05:45 - 00017296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-11 17:38 - 2011-11-05 05:16 - 01728748 ____A C:\Windows\WindowsUpdate.log
2012-06-11 17:34 - 2012-02-21 18:26 - 00000000 ____D C:\users\UpdatusUser
2012-06-11 17:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\config\TxR
2012-06-10 21:33 - 2012-06-10 21:45 - 00000186 ____A C:\Users\Dave\Desktop\Licence key.txt
2012-06-10 06:41 - 2011-12-10 02:29 - 00000000 ____D C:\Users\All Users\Radialpoint
2012-06-09 14:42 - 2012-06-09 14:41 - 00136808 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_14.41.47_log.txt
2012-06-09 14:40 - 2012-06-09 14:38 - 00243538 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_14.38.25_log.txt
2012-06-09 14:39 - 2012-06-09 14:39 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-09 03:14 - 2011-11-05 00:18 - 00000000 ____D C:\Users\All Users\Origin
2012-06-08 18:16 - 2012-01-12 19:53 - 00000000 ____D C:\Program Files (x86)\Steam
2012-06-08 18:16 - 2011-11-04 23:38 - 00025640 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2012-06-08 18:02 - 2012-01-12 18:54 - 00000000 __SHD C:\Users\Dave\AppData\Local\{d94b65d8-1389-32bb-aef9-51ffcf99ae71}
2012-06-08 17:48 - 2011-11-05 00:27 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3025507441-877397348-3401498447-1000UA.job
2012-06-08 17:39 - 2012-06-08 17:39 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-08 17:39 - 2012-06-08 17:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-08 17:39 - 2011-11-05 00:58 - 00743538 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-08 17:39 - 2011-11-05 00:58 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-08 17:12 - 2011-11-06 15:45 - 00001736 ____A C:\Users\Dave\Desktop\PeerBlock.lnk
2012-06-08 17:12 - 2011-11-06 15:45 - 00000000 ____D C:\Program Files\PeerBlock
2012-06-08 17:04 - 2012-03-30 15:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-08 16:53 - 2012-06-08 01:04 - 00000000 ____D C:\Program Files (x86)\GameFly
2012-06-08 16:53 - 2009-07-14 06:13 - 00729944 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-08 01:46 - 2012-03-10 16:08 - 00000000 ____D C:\Users\All Users\EA Logs
2012-06-08 01:04 - 2012-06-08 01:04 - 00001106 ____A C:\Program Files (x86)\InstLog.txt
2012-06-08 01:04 - 2012-06-08 01:04 - 00000000 ____D C:\Users\Dave\AppData\Roaming\GameFly
2012-06-08 00:48 - 2011-11-05 00:27 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3025507441-877397348-3401498447-1000Core.job
2012-06-08 00:38 - 2012-06-08 00:38 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-08 00:38 - 2012-06-08 00:38 - 00000000 ____D C:\Users\All Users\Mozilla
2012-06-08 00:38 - 2012-06-08 00:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-08 00:38 - 2012-06-08 00:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-07 21:23 - 2012-03-05 00:02 - 00000406 _RASH C:\Users\All Users\ntuser.pol
2012-06-07 15:41 - 2012-06-07 15:41 - 00000000 ____D C:\Users\Dave\Documents\Rockstar Games
2012-06-07 15:41 - 2012-06-07 15:41 - 00000000 ____D C:\Users\Dave\AppData\Local\Chromium
2012-06-07 15:37 - 2012-06-07 14:50 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2012-06-07 15:36 - 2011-11-05 22:45 - 00168547 ____A C:\Windows\DirectX.log
2012-06-07 14:50 - 2012-06-07 14:50 - 00000000 ____D C:\Users\All Users\Rockstar Games
2012-06-07 14:50 - 2011-11-04 22:38 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-07 12:28 - 2011-11-15 00:12 - 00000000 ____D C:\Program Files (x86)\Smart File Advisor
2012-06-07 09:49 - 2012-06-07 09:49 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-07 06:56 - 2011-11-05 00:18 - 00000000 ____D C:\Program Files (x86)\Origin
2012-06-07 00:21 - 2012-06-07 00:21 - 00000378 ____A C:\Windows\SysWOW64\mprdin.ocx
2012-06-07 00:20 - 2012-06-07 00:20 - 01775104 ____A C:\Windows\SysWOW64\mprdin.dll
2012-06-06 22:14 - 2012-03-03 15:54 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2012-06-05 22:56 - 2012-04-22 23:36 - 00001013 ____A C:\Users\Dave\Desktop\Dropbox.lnk
2012-06-05 20:06 - 2012-06-05 20:06 - 07401371 ____A C:\Users\Dave\Desktop\P1040780.jpg
2012-06-05 15:29 - 2012-06-07 20:56 - 733769728 ____A C:\Users\Dave\Desktop\RESCUERS 2.avi
2012-06-05 10:53 - 2012-05-02 07:30 - 00000000 ____D C:\Users\All Users\Sony Ericsson
2012-06-05 10:53 - 2012-05-02 07:08 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
2012-06-05 10:43 - 2012-06-05 10:43 - 09568689 ____A C:\Users\Dave\Desktop\P1040774.jpg
2012-06-05 10:35 - 2011-11-05 00:42 - 00020796 ____A C:\Windows\PFRO.log
2012-06-04 20:09 - 2012-01-22 00:21 - 00002491 ____A C:\Users\Public\Desktop\Safari.lnk
2012-06-04 20:09 - 2012-01-22 00:21 - 00000000 ____D C:\Program Files (x86)\Safari
2012-06-04 20:08 - 2012-06-04 20:08 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-04 20:08 - 2012-06-04 20:08 - 00000000 ____D C:\Program Files\iTunes
2012-06-04 20:08 - 2012-06-04 20:08 - 00000000 ____D C:\Program Files\iPod
2012-06-04 20:08 - 2012-06-04 20:08 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-06-04 20:06 - 2012-05-26 12:49 - 00001360 ____A C:\Users\Dave\Desktop\CopyTrans Control Center.lnk
2012-06-04 20:05 - 2012-06-04 20:05 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-04 20:05 - 2012-06-04 20:05 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-06-04 19:37 - 2012-06-04 19:37 - 00002206 ____A C:\Users\Public\Desktop\Videora iPod Converter.lnk
2012-06-04 19:37 - 2012-06-04 19:37 - 00000000 ____D C:\Program Files (x86)\Red Kawa
2012-06-04 19:37 - 2012-06-04 19:37 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2012-06-04 15:58 - 2012-06-04 15:56 - 00171249 ____A C:\Users\Dave\Desktop\photo1.jpg
2012-06-04 00:28 - 2012-06-04 00:28 - 00067310 ____A C:\Users\Dave\Desktop\photo.jpg
2012-06-03 10:59 - 2012-06-03 10:59 - 11093576 ____A C:\Users\Dave\Desktop\P6030030.jpg
2012-05-30 21:26 - 2012-05-30 21:07 - 10995748 ____A C:\Users\Dave\Desktop\P5200004.jpg
2012-05-30 21:10 - 2012-05-30 21:10 - 04014974 ____A C:\Users\Dave\Desktop\P520000.jpg
2012-05-30 21:07 - 2012-05-30 21:07 - 11130622 ____A C:\Users\Dave\Desktop\P5200003.jpg
2012-05-30 21:01 - 2012-05-30 21:01 - 08851959 ____A C:\Users\Dave\Desktop\P5200001.jpg
2012-05-30 20:54 - 2012-05-02 07:26 - 00193964 ____A C:\Windows\DPINST.LOG
2012-05-30 20:53 - 2012-05-02 07:25 - 00002026 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2012-05-27 09:19 - 2012-05-27 09:19 - 00000000 ____D C:\Users\Dave\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-05-27 09:19 - 2012-05-27 09:19 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Adobe Mini Bridge CS5.1
2012-05-27 08:07 - 2012-04-21 18:19 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Imagenomic
2012-05-27 07:56 - 2012-04-21 18:06 - 00000000 ____D C:\Program Files (x86)\Imagenomic
2012-05-27 07:46 - 2012-05-27 07:45 - 00000000 ____D C:\Program Files (x86)\Portrait Professional Studio
2012-05-26 12:54 - 2012-05-26 12:49 - 00000000 ____D C:\Users\All Users\WindSolutions
2012-05-24 22:49 - 2011-11-05 00:27 - 00002391 ____A C:\Users\Dave\Desktop\Google Chrome.lnk
2012-05-21 20:42 - 2012-05-21 20:41 - 00000000 ____D C:\Users\Jenny\AppData\Local\Intuit
2012-05-21 20:41 - 2011-11-09 22:15 - 00120304 ____A C:\Users\Jenny\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-21 00:15 - 2012-05-21 00:15 - 06450129 ____A C:\Users\Dave\Desktop\dans.jpg
2012-05-17 19:08 - 2012-05-17 13:33 - 00000000 ____D C:\Users\All Users\SQL Anywhere 11
2012-05-17 18:51 - 2012-05-17 18:51 - 00000000 ____D C:\Program Files\Common Files\Intuit
2012-05-17 18:47 - 2012-05-17 13:33 - 00000000 ____D C:\Users\All Users\Intuit
2012-05-17 18:47 - 2009-07-14 05:45 - 05006624 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-17 13:38 - 2011-11-04 23:43 - 00120304 ____A C:\Users\Dave\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-17 13:36 - 2012-05-17 13:36 - 00002113 ____A C:\Users\Public\Desktop\QuickBooks Pro Plus 2011.lnk
2012-05-17 13:36 - 2012-05-17 13:36 - 00001368 ____A C:\Users\Public\Desktop\Process Credit Cards & eChecks in QuickBooks.lnk
2012-05-17 13:36 - 2012-05-17 13:36 - 00001326 ____A C:\Users\Public\Desktop\Checks & More for QuickBooks.lnk
2012-05-17 13:36 - 2012-05-17 13:36 - 00001274 ____A C:\Users\Public\Desktop\Payroll for QuickBooks.lnk
2012-05-17 13:36 - 2012-05-17 13:36 - 00001220 ____A C:\Users\Public\Desktop\Support for QuickBooks.lnk
2012-05-17 13:36 - 2012-05-17 13:36 - 00001180 ____A C:\Users\Public\Desktop\Get More Customers with Intuit.lnk
2012-05-17 13:36 - 2012-05-17 13:33 - 00000095 ____A C:\Windows\QBChanUtil_Trigger.ini
2012-05-17 13:33 - 2012-05-17 13:33 - 00000000 ____D C:\Users\Public\Documents\Intuit
2012-05-17 13:33 - 2012-05-17 13:33 - 00000000 ____D C:\Users\All Users\Nuance
2012-05-17 13:33 - 2012-05-17 13:33 - 00000000 ____D C:\Program Files (x86)\Intuit
2012-05-17 13:28 - 2012-05-17 13:28 - 00000000 ____D C:\Windows\Intuit
2012-05-15 19:54 - 2012-05-15 19:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-15 19:54 - 2012-05-15 19:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-13 23:31 - 2012-05-13 23:31 - 00275231 ____A C:\Users\Dave\Documents\posing_guide_for_children.pdf
2012-05-13 21:31 - 2012-05-13 20:58 - 06621199 ____A C:\Users\Dave\Desktop\dan.jpg
2012-05-13 21:25 - 2012-05-13 21:25 - 00001211 ____A C:\Users\Dave\Desktop\Awesome Duplicate Photo Finder.lnk
2012-05-13 21:25 - 2012-04-21 11:30 - 00000000 ____D C:\Program Files (x86)\Awesome Duplicate Photo Finder
2012-05-13 21:24 - 2012-05-13 21:24 - 00048191 ____A C:\Users\Dave\Desktop\63059_496808795960_713800960_7261011_7790920_n.jpg
2012-05-12 15:23 - 2011-11-07 19:11 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-12 15:23 - 2011-11-05 00:26 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-12 15:16 - 2009-07-14 08:46 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-07 12:55 - 2011-11-15 18:45 - 00000000 ____D C:\Users\Dave\AppData\Local\ElevatedDiagnostics
2012-05-07 12:25 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2012-05-06 20:01 - 2012-01-12 02:25 - 00000000 ____D C:\Program Files\Adobe
2012-05-06 20:01 - 2011-11-07 10:44 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-05-06 19:59 - 2012-01-12 02:33 - 00000000 ____D C:\Users\Dave\Desktop\Untitled Export
2012-05-06 18:04 - 2012-03-30 16:04 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-06 18:04 - 2012-03-30 15:55 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-06 18:04 - 2011-11-04 23:49 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-04 15:08 - 2009-07-14 06:08 - 00032616 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-02 22:16 - 2012-05-02 22:16 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2012-05-02 07:35 - 2012-05-02 07:32 - 00000000 ____D C:\Flashtool
2012-05-02 07:25 - 2012-05-02 07:25 - 00000000 ____D C:\Users\All Users\Sony
2012-05-02 07:25 - 2012-05-02 07:25 - 00000000 ____D C:\Program Files (x86)\Sony
2012-05-02 07:12 - 2012-05-02 07:12 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggsemc_01007.Wdf
2012-05-02 07:12 - 2012-05-02 07:12 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggflt_01007.Wdf
2012-05-02 07:09 - 2012-05-02 07:09 - 00027176 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggsemc.sys
2012-05-02 07:09 - 2012-05-02 07:09 - 00013352 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggflt.sys
2012-05-02 07:09 - 2012-05-02 07:09 - 00001245 ____A C:\Users\Dave\Desktop\Update Service.lnk
2012-05-01 23:55 - 2012-04-23 01:27 - 00000000 ____D C:\Users\Dave\Tracing
2012-05-01 18:50 - 2012-04-23 00:23 - 00000000 ____D C:\Users\Dave\AppData\Local\Windows Live
2012-05-01 18:49 - 2012-05-01 18:49 - 00000000 ____D C:\Users\Dave\AppData\Local\{FBF0847A-B5C6-4C53-8595-552F16F17700}
2012-05-01 18:49 - 2012-05-01 18:49 - 00000000 ____D C:\Users\Dave\AppData\Local\{9FAD5520-2527-4EA1-820C-75D6E365E89B}
2012-04-30 20:43 - 2012-04-30 20:43 - 00000000 ____D C:\Users\Dave\AppData\Local\{40CC0615-C74B-4175-A6A9-FC149FBB8177}
2012-04-30 20:43 - 2012-04-30 20:43 - 00000000 ____D C:\Users\Dave\AppData\Local\{3D86780D-94F7-48E5-8248-9ECC633B1776}
2012-04-28 19:55 - 2012-04-28 19:55 - 00000000 ____D C:\Users\Dave\AppData\Local\{F202833E-CB1D-4B4E-904E-F661FEE2545F}
2012-04-28 19:55 - 2012-04-28 19:54 - 00000000 ____D C:\Users\Dave\AppData\Local\{1FC823FB-C70E-4182-AB09-50DBBDB11B75}
2012-04-25 20:46 - 2012-04-23 22:16 - 00000000 ____D C:\Users\Dave\Documents\2012-04-23
2012-04-25 20:37 - 2012-04-25 20:37 - 00000000 ____D C:\Users\Dave\AppData\Local\{AC62039C-71CB-41EB-8226-5CD377446109}
2012-04-25 20:37 - 2012-04-25 20:37 - 00000000 ____D C:\Users\Dave\AppData\Local\{98D8ADF2-73F6-4809-888A-348E3BDA6625}
2012-04-25 20:37 - 2012-04-25 20:37 - 00000000 ____D C:\Users\Dave\AppData\Local\{7683E989-190D-4BD2-8942-D906AE7B0C59}
2012-04-23 21:11 - 2012-04-23 21:11 - 00000000 ____D C:\Users\Dave\AppData\Local\{4DD858DE-B5D0-4BE1-93F3-3B77D840C7C1}
2012-04-23 21:11 - 2012-04-23 21:11 - 00000000 ____D C:\Users\Dave\AppData\Local\{26F5A7D6-BC11-408F-931B-AB2AB5934776}
2012-04-23 02:02 - 2011-11-13 19:03 - 00000000 ____D C:\Program Files (x86)\Nero
2012-04-23 02:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Cursors
2012-04-23 02:02 - 2009-07-14 03:34 - 00001633 ____A C:\Windows\System32\Drivers\etc\hosts
2012-04-23 02:01 - 2012-04-23 02:01 - 00002797 ____A C:\Users\Public\Desktop\Nero Video 11.lnk
2012-04-23 02:00 - 2012-04-23 02:00 - 00002109 ____A C:\Users\Public\Desktop\Nero Kwik Media.lnk
2012-04-23 01:59 - 2012-04-22 23:02 - 00000000 ____D C:\Users\All Users\Nero
2012-04-23 01:41 - 2012-04-23 01:34 - 00002283 ____A C:\Users\Dave\Documents\My Movie.wlmp
2012-04-23 01:35 - 2012-04-23 01:34 - 00002281 ____A C:\Users\Dave\Documents\My Movie slowed down.wlmp
2012-04-23 01:32 - 2012-04-23 01:31 - 00000000 ____D C:\Users\Dave\AppData\Local\{E093AC04-2A02-442A-91CF-A26642ED3273}
2012-04-23 01:31 - 2012-04-23 01:31 - 00000000 ____D C:\Users\Dave\AppData\Local\{AF257C83-7C42-4B9E-9B41-E25DF521FA4B}
2012-04-23 01:27 - 2012-04-23 01:27 - 00000000 ____D C:\Users\Dave\AppData\Local\{14F47A5C-0E1B-4949-BDFD-BF0B1BBF7148}
2012-04-23 00:58 - 2012-04-23 00:31 - 00000000 ____D C:\Program Files (x86)\Windows Live
2012-04-23 00:56 - 2012-04-23 00:56 - 00000000 ____D C:\Windows\en
2012-04-23 00:45 - 2011-11-07 19:14 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-04-23 00:31 - 2012-04-23 00:29 - 00000000 ____D C:\Program Files\Windows Live
2012-04-23 00:30 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-04-22 23:22 - 2012-04-22 23:20 - 202523813 ____A C:\Users\Dave\Desktop\edit2.mp4
2012-04-22 23:18 - 2012-04-22 23:18 - 00000000 ____D C:\Users\Dave\AppData\Roaming\NeroDigital
2012-04-22 23:17 - 2012-04-22 23:02 - 00000000 ____D C:\Users\Dave\AppData\Local\Nero
2012-04-22 23:02 - 2012-04-22 23:02 - 00000000 ____D C:\Users\Dave\Documents\NeroVideo
2012-04-22 22:57 - 2012-04-22 22:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2012-04-22 22:49 - 2012-04-22 22:59 - 185015964 ____A C:\Users\Dave\Desktop\edit2.mpg
2012-04-21 13:19 - 2012-04-21 13:19 - 00000000 ____D C:\Program Files (x86)\VisiPics
2012-04-21 13:15 - 2012-02-21 18:26 - 00000000 ____D C:\Windows\SysWOW64\NV
2012-04-21 13:15 - 2012-02-21 18:26 - 00000000 ____D C:\Windows\System32\NV
2012-04-21 11:29 - 2012-04-21 11:27 - 00000000 ____D C:\Users\Dave\Documents\Strobist Lighting Seminar DVD Box Set
2012-04-21 11:27 - 2012-04-21 11:27 - 00000000 ____D C:\Users\Dave\Documents\Understanding_the_Canon_Speedlight_
2012-04-21 10:53 - 2012-04-21 10:53 - 08514240 ____A C:\Users\Dave\Desktop\Attachments_2012_04_21.zip
2012-04-21 10:00 - 2012-04-21 10:00 - 02034202 ____A C:\Users\Dave\Desktop\1.jpg
2012-04-19 20:59 - 2012-04-19 20:58 - 00000000 ____D C:\Users\Dave\Documents\KelbyTraining.com - Photographing with One Light (Joe McNally)
2012-04-19 00:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF
2012-04-18 20:56 - 2012-04-18 20:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 20:56 - 2012-04-18 20:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-04-17 22:34 - 2011-11-07 10:44 - 00000000 ____D C:\Users\All Users\Adobe
2012-04-17 18:20 - 2012-03-17 00:39 - 00002026 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2012-04-17 15:54 - 2012-04-17 15:54 - 00000000 ____D C:\Users\Jenny\AppData\Local\Adobe
2012-04-17 15:54 - 2011-11-09 22:31 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\Adobe
2012-04-16 06:57 - 2012-04-16 06:57 - 00000000 ____D C:\Users\All Users\boost_interprocess
2012-04-06 15:53 - 2012-04-06 15:53 - 00000000 ____D C:\Users\Dave\AppData\Local\Ilivid Player
2012-04-06 15:28 - 2012-04-06 15:28 - 00000000 ____D C:\Users\Dave\Documents\TomTom
2012-04-06 15:28 - 2012-04-06 15:28 - 00000000 ____D C:\Program Files (x86)\TomTom International B.V
2012-04-06 15:27 - 2012-04-06 15:27 - 00000000 ____D C:\Program Files (x86)\TomTom HOME 2
2012-04-05 08:13 - 2012-04-05 07:59 - 00000000 ____D C:\Users\Dave\Documents\2012-04-05
2012-04-05 08:03 - 2011-11-07 10:44 - 00000000 ____D C:\Users\Dave\AppData\Local\Adobe
2012-04-03 23:11 - 2012-04-03 23:11 - 05890949 ____A C:\Users\Dave\Documents\EOS-1DMarkIII_HG_EN.pdf
2012-04-03 17:04 - 2012-04-03 16:56 - 00234065 ____A C:\Users\Dave\Documents\DSC_0105.jpg
2012-04-03 16:56 - 2012-04-03 16:56 - 00000034 ___AH C:\Users\Dave\Documents\.picasa.ini
2012-04-02 00:29 - 2012-04-01 23:24 - 00057193 ____A C:\Users\Dave\Desktop\Jay Collier1273458.snp
2012-04-02 00:29 - 2012-04-01 23:24 - 00015498 ____A C:\Users\Dave\Desktop\J273457.snp
2012-04-01 23:25 - 2012-04-01 23:25 - 00000000 ____D C:\Program Files (x86)\Snapshot Viewer
2012-03-31 11:19 - 2012-03-31 11:19 - 00001106 ____A C:\Users\Public\Desktop\Picasa 3.lnk
2012-03-31 11:19 - 2012-03-31 11:18 - 00000000 ____D C:\Program Files (x86)\Google
2012-03-31 10:46 - 2012-03-31 10:46 - 00000000 ____D C:\Program Files (x86)\Canon
2012-03-31 10:45 - 2012-03-31 10:45 - 00000000 ____D C:\Program Files\Nikon
2012-03-31 10:45 - 2012-03-31 10:45 - 00000000 ____D C:\Program Files\Common Files\Nikon
2012-03-31 10:45 - 2012-03-31 10:45 - 00000000 ____D C:\Program Files (x86)\Nikon
2012-03-31 07:05 - 2012-05-12 14:39 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-31 05:39 - 2012-05-12 14:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-31 05:39 - 2012-05-12 14:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-31 04:10 - 2012-05-12 14:39 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 12:35 - 2012-05-12 14:36 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-24 16:16 - 2012-03-24 16:16 - 04723513 ____A C:\Users\Dave\Desktop\AJOL9777.jpg
2012-03-22 20:12 - 2012-03-22 20:12 - 04435968 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2012-03-20 20:44 - 2012-03-20 20:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 20:44 - 2012-03-20 20:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-19 23:58 - 2012-03-19 23:58 - 00018660 ____A C:\Windows\System32\iglhxs64.vp
2012-03-19 23:44 - 2012-03-19 23:44 - 05888792 ____A (Intel Corporation) C:\Windows\System32\GfxUI.exe
2012-03-19 23:44 - 2012-03-19 23:44 - 00509720 ____A (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
2012-03-19 23:44 - 2012-03-19 23:44 - 00439064 ____A (Intel Corporation) C:\Windows\System32\igfxpers.exe
2012-03-19 23:44 - 2012-03-19 23:44 - 00398616 ____A (Intel Corporation) C:\Windows\System32\hkcmd.exe
2012-03-19 23:44 - 2012-03-19 23:44 - 00276248 ____A (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2012-03-19 23:44 - 2012-03-19 23:44 - 00250136 ____A (Intel Corporation) C:\Windows\System32\igfxext.exe
2012-03-19 23:44 - 2012-03-19 23:44 - 00184600 ____A (Intel Corporation) C:\Windows\System32\difx64.exe
2012-03-19 23:44 - 2012-03-19 23:44 - 00170264 ____A (Intel Corporation) C:\Windows\System32\igfxtray.exe
2012-03-19 23:42 - 2012-03-19 23:42 - 00090112 ____A (Intel Corporation) C:\Windows\System32\igfxCoIn_v2696.dll
2012-03-19 23:32 - 2012-03-19 23:32 - 14745600 ____A (Intel Corporation) C:\Windows\System32\Drivers\igdkmd64.sys
2012-03-19 23:31 - 2012-03-19 23:31 - 08087040 ____A (Intel Corporation) C:\Windows\System32\igdumd64.dll
2012-03-19 23:31 - 2012-03-19 23:31 - 00079360 ____A C:\Windows\System32\igdde64.dll
2012-03-19 23:26 - 2012-03-19 23:26 - 06120960 ____A (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2012-03-19 23:25 - 2012-03-19 23:25 - 00058880 ____A C:\Windows\SysWOW64\igdde32.dll
2012-03-19 23:22 - 2012-03-19 23:22 - 09605632 ____A (Intel Corporation) C:\Windows\System32\igd10umd64.dll
2012-03-19 23:11 - 2012-03-19 23:11 - 07795200 ____A (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2012-03-19 22:31 - 2012-03-19 22:31 - 18137088 ____A C:\Windows\System32\ig4icd64.dll
2012-03-19 22:21 - 2012-03-19 22:21 - 13212672 ____A C:\Windows\SysWOW64\ig4icd32.dll
2012-03-19 22:19 - 2012-03-19 22:19 - 00221877 ____A C:\Windows\System32\Gfxres.th-TH.resources
2012-03-19 22:19 - 2012-03-19 22:19 - 00144790 ____A C:\Windows\System32\Gfxres.ro-RO.resources
2012-03-19 22:19 - 2012-03-19 22:19 - 00143564 ____A C:\Windows\System32\Gfxres.tr-TR.resources
2012-03-19 22:19 - 2012-03-19 22:19 - 00141854 ____A C:\Windows\System32\Gfxres.sv-SE.resources
2012-03-19 22:19 - 2012-03-19 22:19 - 00140548 ____A C:\Windows\System32\Gfxres.sk-SK.resources
2012-03-19 22:19 - 2012-03-19 22:19 - 00139901 ____A C:\Windows\System32\Gfxres.hr-HR.resources
2012-03-19 22:19 - 2012-03-19 22:19 - 00136850 ____A C:\Windows\System32\Gfxres.sl-SI.resources
2012-03-19 22:19 - 2012-03-19 22:19 - 00125306 ____A C:\Windows\System32\Gfxres.zh-TW.resources
2012-03-19 22:19 - 2012-03-19 22:19 - 00123778 ____A C:\Windows\System32\Gfxres.zh-CN.resources
2012-03-19 22:18 - 2012-03-19 22:18 - 00440320 ____A (Intel Corporation) C:\Windows\System32\igfxrell.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00439808 ____A (Intel Corporation) C:\Windows\System32\igfxrfra.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00439808 ____A (Intel Corporation) C:\Windows\System32\igfxresn.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00439296 ____A (Intel Corporation) C:\Windows\System32\igfxrrus.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00439296 ____A (Intel Corporation) C:\Windows\System32\igfxrrom.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrptg.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrplk.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrnld.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrita.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrhrv.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrdeu.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00438272 ____A (Intel Corporation) C:\Windows\System32\igfxrsky.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00438272 ____A (Intel Corporation) C:\Windows\System32\igfxrhun.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00438272 ____A (Intel Corporation) C:\Windows\System32\igfxrfin.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00438272 ____A (Intel Corporation) C:\Windows\System32\igfxrcsy.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00437760 ____A (Intel Corporation) C:\Windows\System32\igfxrtrk.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00437760 ____A (Intel Corporation) C:\Windows\System32\igfxrsve.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00437760 ____A (Intel Corporation) C:\Windows\System32\igfxrslv.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00437760 ____A (Intel Corporation) C:\Windows\System32\igfxrptb.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00437760 ____A (Intel Corporation) C:\Windows\System32\igfxrnor.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00437248 ____A (Intel Corporation) C:\Windows\System32\igfxrtha.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00437248 ____A (Intel Corporation) C:\Windows\System32\igfxrdan.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00435712 ____A (Intel Corporation) C:\Windows\System32\igfxrheb.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00435712 ____A (Intel Corporation) C:\Windows\System32\igfxrara.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00432128 ____A (Intel Corporation) C:\Windows\System32\igfxrjpn.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00430592 ____A (Intel Corporation) C:\Windows\System32\igfxrkor.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00429056 ____A (Intel Corporation) C:\Windows\System32\igfxrcht.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00428544 ____A (Intel Corporation) C:\Windows\System32\igfxrchs.lrc
2012-03-19 22:18 - 2012-03-19 22:18 - 00410624 ____A (Intel Corporation) C:\Windows\System32\igfxTMM.dll
2012-03-19 22:18 - 2012-03-19 22:18 - 00386560 ____A (Intel Corporation) C:\Windows\System32\igfxpph.dll
2012-03-19 22:18 - 2012-03-19 22:18 - 00208522 ____A C:\Windows\System32\Gfxres.el-GR.resources
2012-03-19 22:18 - 2012-03-19 22:18 - 00192378 ____A C:\Windows\System32\Gfxres.ru-RU.resources
2012-03-19 22:18 - 2012-03-19 22:18 - 00164821 ____A C:\Windows\System32\Gfxres.ar-SA.resources
2012-03-19 22:18 - 2012-03-19 22:18 - 00162150 ____A C:\Windows\System32\Gfxres.ja-JP.resources
2012-03-19 22:18 - 2012-03-19 22:18 - 00157713 ____A C:\Windows\System32\Gfxres.he-IL.resources
2012-03-19 22:18 - 2012-03-19 22:18 - 00148461 ____A C:\Windows\System32\Gfxres.it-IT.resources
2012-03-19 22:18 - 2012-03-19 22:18 - 00147116 ____A C:\Windows\System32\Gfxres.ko-KR.resources
2012-03-19 22:18 - 2012-03-19 22:18 - 00146125 ____A C:\Windows\System32\Gfxres.es-ES.resources
2012-03-19 22:18 - 2012-03-19 22:18 - 00146008 ____A C:\Windows\System32\Gfxres.de-DE.resources
2012-03-19 22:18 - 2012-03-19 22:18 - 00144267 ____A C:\Windows\System32\Gfxres.fr-FR.resources
2012-03-19 22:18 - 2012-03-19 22:18 - 00143112 ____A C:\Windows\System32\Gfxres.pt-BR.resources
2012-03-19 22:18 - 2012-03-19 22:18 - 00142797 ____A C:\Windows\System32\Gfxres.nl-NL.resources
2012-03-19 22:18 - 2012-03-19 22:18 - 00142606 ____A C:\Windows\System32\Gfxres.hu-HU.resources
2012-03-19 22:18 - 2012-03-19 22:18 - 00142079 ____A C:\Windows\System32\Gfxres.pt-PT.resources
2012-03-19 22:18 - 2012-03-19 22:18 - 00141421 ____A C:\Windows\System32\Gfxres.pl-PL.resources
2012-03-19 22:18 - 2012-03-19 22:18 - 00141297 ____A C:\Windows\System32\Gfxres.cs-CZ.resources
2012-03-19 22:18 - 2012-03-19 22:18 - 00140949 ____A C:\Windows\System32\Gfxres.fi-FI.resources
2012-03-19 22:18 - 2012-03-19 22:18 - 00136778 ____A C:\Windows\System32\Gfxres.nb-NO.resources
2012-03-19 22:18 - 2012-03-19 22:18 - 00136261 ____A C:\Windows\System32\Gfxres.da-DK.resources
2012-03-19 22:18 - 2012-03-19 22:18 - 00131674 ____A C:\Windows\System32\Gfxres.en-US.resources
2012-03-19 22:18 - 2012-03-19 22:18 - 00126976 ____A (Intel Corporation) C:\Windows\System32\igfxcpl.cpl
2012-03-19 22:17 - 2012-03-19 22:17 - 00434688 ____A (Intel Corporation) C:\Windows\System32\igfxdev.dll
2012-03-19 22:17 - 2012-03-19 22:17 - 00172032 ____A (Intel Corporation) C:\Windows\System32\gfxSrvc.dll
2012-03-19 22:17 - 2012-03-19 22:17 - 00028672 ____A (Intel Corporation) C:\Windows\System32\igfxexps.dll
2012-03-19 22:17 - 2012-03-19 22:17 - 00009216 ____A ( ) C:\Windows\System32\IGFXDEVLib.dll
2012-03-19 22:17 - 2011-08-31 20:21 - 00063488 ____A (Intel Corporation) C:\Windows\System32\igfxsrvc.dll
2012-03-19 22:17 - 2011-08-31 20:20 - 00110592 ____A (Intel Corporation) C:\Windows\System32\hccutils.dll
2012-03-19 22:16 - 2012-03-19 22:16 - 09007616 ____A (Intel Corporation) C:\Windows\System32\igfxress.dll
2012-03-19 22:16 - 2012-03-19 22:16 - 00286208 ____A (Intel Corporation) C:\Windows\System32\igfxrenu.lrc
2012-03-19 22:16 - 2012-03-19 22:16 - 00142336 ____A (Intel Corporation) C:\Windows\System32\igfxdo.dll
2012-03-19 22:12 - 2012-03-19 22:12 - 00025088 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2012-03-19 22:11 - 2012-03-19 22:11 - 00325120 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2012-03-17 08:58 - 2012-05-12 14:37 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-17 01:24 - 2012-03-17 01:24 - 00000000 ____D C:\Users\Dave\AppData\Roaming\NVIDIA
2012-03-17 01:11 - 2012-03-17 01:11 - 00000000 ____D C:\Users\Dave\AppData\Roaming\com.adobe.dmp.contentviewer
2012-03-17 01:05 - 2012-03-17 01:05 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-03-17 00:51 - 2012-01-12 02:25 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-03-17 00:48 - 2012-03-17 00:48 - 00000000 ____D C:\Users\All Users\ALM
2012-03-17 00:42 - 2012-03-17 00:42 - 00000000 ____D C:\Users\Dave\Adobe Flash Builder 4.5
2012-03-17 00:37 - 2012-03-17 00:37 - 00001085 ____A C:\Users\Public\Desktop\Adobe Content Viewer.lnk
2012-03-17 00:36 - 2012-03-17 00:36 - 00000000 ____D C:\Program Files (x86)\Adobe Story
2012-03-17 00:34 - 2012-03-17 00:34 - 00000000 ____D C:\Program Files (x86)\My Company Name
ZeroAccess:
C:\Windows\Installer\{d94b65d8-1389-32bb-aef9-51ffcf99ae71}
C:\Windows\Installer\{d94b65d8-1389-32bb-aef9-51ffcf99ae71}\@
C:\Windows\Installer\{d94b65d8-1389-32bb-aef9-51ffcf99ae71}\L
C:\Windows\Installer\{d94b65d8-1389-32bb-aef9-51ffcf99ae71}\n
C:\Windows\Installer\{d94b65d8-1389-32bb-aef9-51ffcf99ae71}\U
ZeroAccess:
C:\Users\Dave\AppData\Local\{d94b65d8-1389-32bb-aef9-51ffcf99ae71}
C:\Users\Dave\AppData\Local\{d94b65d8-1389-32bb-aef9-51ffcf99ae71}\@
C:\Users\Dave\AppData\Local\{d94b65d8-1389-32bb-aef9-51ffcf99ae71}\L
C:\Users\Dave\AppData\Local\{d94b65d8-1389-32bb-aef9-51ffcf99ae71}\U
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!
========================= Memory info ======================
Percentage of memory in use: 31%
Total physical RAM: 4013.12 MB
Available physical RAM: 2733.27 MB
Total Pagefile: 8024.43 MB
Available Pagefile: 6756.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:244.11 GB) (Free:34.4 GB) NTFS
2 Drive d: () (Fixed) (Total:221.63 GB) (Free:33.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
7 Drive I: () (Removable) (Total:3.83 GB) (Free:3.77 GB) NTFS
DiskPart has encountered an error: The RPC server is unavailable.
See the System Event Log for more information.

==========================================================
Last Boot: 2012-06-01 00:01
======================= End Of Log ==========================
 
Very well :)

Before we run any fix we need to find a replacement for one infected system file.

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to BartPe and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.
 
I've eventually managed too get access too system recovery ..got the following from the search

Farbar Recovery Scan Tool Version: 09-06-2012
Ran by Dave at 2012-06-11 20:26:41
Running from J:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======
 
Very well because you didn't do it in your original scan:
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.
You need to re-run the tool from RE and post new log.
 
Sorry I couldn't get access too the recovery mode previously so managed get it from safe mode.. I've managed too get a start up disc sorted so I will redo it correctly from recovery mode now.
 
I've tried again used a Windows 7 64bit startup disc too get access too recovery and it says Windows 7 on drive (D: ) , So ive tried running the search and scan but they all seem be related too drive (C: ) and Vista

Scan result of Farbar Recovery Scan Tool Version: 09-06-2012
Ran by SYSTEM at 11-06-2012 21:11:09
Running from J:\
Windows Vista (TM) Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
ATTENTION!:=====> THE OPERATING SYSTEM IS A X86 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X64 SYSTEM DISK.

:(
 
1. Delete following folders from Windows 7 installation:
- C:\Users\Dave\AppData\Local\{d94b65d8-1389-32bb-aef9-51ffcf99ae71}
- C:\Windows\Installer\{d94b65d8-1389-32bb-aef9-51ffcf99ae71}

2. Navigate to C:\Windows\System32 folder and rename services.exe to services.old.
Copy services.exe file from C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1 folder and paste it to C:\Windows\System32 folder.

See if you can boot to Windows 7 normally.
 
Thanks
I've deleted the files and at the moment Windows 7 appears too not have the dreaded critical error so far :D do I need too do anything else now or is it still about somewhere on my drive ?
 
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.11.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dave :: DAVE-PC [administrator]

Protection: Enabled

11/06/2012 23:34:19
mbam-log-2012-06-11 (23-34-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252449
Time elapsed: 14 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-12 00:32:40
Windows 6.1.7601 Service Pack 1
Running: shiqw599.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a3a7bb402
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a3a7bb402@0013a9462429 0xBC 0x8D 0xEC 0x63 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a3a7bb402@00125a69554e 0xE4 0xA5 0x1E 0xC9 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a3a7bb402 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a3a7bb402@0013a9462429 0xBC 0x8D 0xEC 0x63 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a3a7bb402@00125a69554e 0xE4 0xA5 0x1E 0xC9 ...

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Dave at 1:05:54 on 2012-06-12
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4013.1714 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Realtek\LanOptimizer\LanOptimizer.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe
C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\mmc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\werfault.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManagerComHandler.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Google Update] "C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Spotify] "C:\Users\Dave\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [AdobeBridge]
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [EPSON Stylus DX6000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBIE.EXE /FU "C:\Users\Dave\AppData\Local\Temp\E_S10C2.tmp" /EF "HKCU"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Smart File Advisor] "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc
mRun: [ServiceManager.exe] "C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN
mRun: [DHSClient.exe] "C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe" /AUTORUN
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Dave\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: dyndns.org\dlplant
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {0920DBB1-D098-4ACE-9DDD-7A6F18A9ED66} - hxxps://britishgastopup.paypoint.com/HomeVend.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} - hxxps://bg.itronenergypoint.net/IHVConnect/KeyBoxControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2287BB51-5D7A-40FD-81F4-3B327D48AC6F} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F0291062-DD95-4B70-96C5-1008C376C504} : DhcpNameServer = 192.168.43.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [Smart File Advisor] "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc
mRun-x64: [ServiceManager.exe] "C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN
mRun-x64: [DHSClient.exe] "C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe" /AUTORUN
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [(Default)]
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\vh91drvc.default\
FF - prefs.js: network.proxy.http - 117.240.242.115
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Dave\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Dave\AppData\Local\Roblox\Versions\version-21cdb2fff9fb4df2\NPRobloxProxy.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys --> C:\Windows\system32\DRIVERS\NBVol.sys [?]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys --> C:\Windows\system32\DRIVERS\NBVolUp.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\system32\DRIVERS\ndisrd.sys --> C:\Windows\system32\DRIVERS\ndisrd.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 HsdService;HsdService;C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe [2011-12-10 1406264]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-11 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-21 2348352]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2010-9-17 1251840]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]
R2 ServicepointService;ServicepointService;C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe [2011-12-10 689464]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-11-4 114688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-1-23 92592]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 257696]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 BDA_Capture_225;USB Digital-TV receiver. Driver 3.0.1.18;C:\Windows\system32\Drivers\BDA_Capture_225_x64.sys --> C:\Windows\system32\Drivers\BDA_Capture_225_x64.sys [?]
S3 BDA_Loader_225;USB Digital-TV Receiver. Firmware Loader 7.1.9.0;C:\Windows\system32\Drivers\BDA_Loader_225_x64.sys --> C:\Windows\system32\Drivers\BDA_Loader_225_x64.sys [?]
S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-11-7 25640]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 GemCCID;GemCCID;C:\Windows\system32\Drivers\GemCCID.sys --> C:\Windows\system32\Drivers\GemCCID.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys --> C:\Windows\system32\DRIVERS\ggflt.sys [?]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-11-4 30528]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-8 113120]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2011-11-6 24176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVlan60.sys --> C:\Windows\system32\DRIVERS\RtVlan60.sys [?]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-5-2 155320]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-11 23:42:4169000----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E565028-C8EC-4EAD-B113-087F020A6C43}\offreg.dll
2012-06-11 22:29:42--------d-----w-C:\Users\Dave\AppData\Roaming\Malwarebytes
2012-06-11 22:29:28--------d-----w-C:\ProgramData\Malwarebytes
2012-06-11 22:29:2624904----a-w-C:\Windows\System32\drivers\mbam.sys
2012-06-11 22:29:26--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-11 21:38:16328704----a-w-C:\Windows\System32\services.exe
2012-06-11 18:06:19--------d-----w-C:\Windows\pss
2012-06-11 17:42:33927800----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BC8263E9-2E3E-4AF7-97FC-1EEBBB171545}\gapaengine.dll
2012-06-11 17:42:308955792----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E565028-C8EC-4EAD-B113-087F020A6C43}\mpengine.dll
2012-06-11 16:40:13--------d-----w-C:\Users\Dave\New folder
2012-06-11 16:34:41--------d-----w-C:\FRST
2012-06-09 13:53:15--------d-----w-C:\Windows Loader
2012-06-09 13:39:30--------d-----w-C:\TDSSKiller_Quarantine
2012-06-08 16:39:35--------d-----w-C:\Program Files (x86)\Microsoft Security Client
2012-06-08 16:39:33--------d-----w-C:\Program Files\Microsoft Security Client
2012-06-08 00:04:45--------d-----w-C:\Users\Dave\AppData\Roaming\GameFly
2012-06-08 00:04:31--------d-----w-C:\Program Files (x86)\GameFly
2012-06-07 23:39:01--------d-----w-C:\Users\Dave\AppData\Local\Mozilla
2012-06-07 14:41:04--------d-----w-C:\Users\Dave\AppData\Local\Chromium
2012-06-07 13:50:38--------d-----w-C:\ProgramData\Rockstar Games
2012-06-07 13:50:38--------d-----w-C:\Program Files (x86)\Rockstar Games
2012-06-07 08:49:35--------d-sh--w-C:\Windows\System32\%APPDATA%
2012-06-06 23:20:581775104----a-w-C:\Windows\SysWow64\mprdin.dll
2012-06-04 19:08:06--------d-----w-C:\Program Files\iPod
2012-06-04 19:08:05--------d-----w-C:\Program Files\iTunes
2012-06-04 19:08:05--------d-----w-C:\Program Files (x86)\iTunes
2012-06-04 19:05:14159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-04 19:05:14159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-04 19:05:14159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-04 19:05:14159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-04 19:05:14159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-04 19:05:14159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-04 19:05:14159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-06-04 18:37:51--------d-----w-C:\Users\Dave\AppData\Local\Geckofx
2012-06-04 18:37:34--------d-----w-C:\Program Files (x86)\AviSynth 2.5
2012-06-04 18:37:29--------d-----w-C:\Program Files (x86)\Red Kawa
2012-05-27 08:19:53--------d-----w-C:\Users\Dave\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-05-27 08:19:53--------d-----w-C:\Users\Dave\AppData\Roaming\Adobe Mini Bridge CS5.1
2012-05-27 06:45:15--------d-----w-C:\Program Files (x86)\Portrait Professional Studio
2012-05-26 11:49:19--------d-----w-C:\Users\Dave\AppData\Roaming\WindSolutions
2012-05-26 11:49:18--------d-----w-C:\ProgramData\WindSolutions
2012-05-17 17:51:28--------d-----w-C:\Program Files\Common Files\Intuit
2012-05-17 12:41:14--------d-----w-C:\Users\Dave\AppData\Local\Intuit
2012-05-17 12:33:50--------d-----w-C:\ProgramData\Nuance
2012-05-17 12:33:50--------d-----w-C:\ProgramData\Intuit
2012-05-17 12:33:50--------d-----w-C:\Program Files (x86)\Intuit
2012-05-17 12:33:50--------d-----w-C:\Program Files (x86)\Common Files\Intuit
2012-05-17 12:33:36--------d-----w-C:\ProgramData\SQL Anywhere 11
2012-05-17 12:33:36--------d-----w-C:\ProgramData\COMMON FILES
2012-05-17 12:28:04--------d-----w-C:\Windows\Intuit
.
==================== Find3M ====================
.
2012-06-11 23:42:5425640----a-w-C:\Windows\gdrv.sys
2012-05-06 17:04:2770304----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 17:04:27419488----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-06 17:04:118744608----a-w-C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-02 06:09:3127176----a-w-C:\Windows\System32\drivers\ggsemc.sys
2012-05-02 06:09:3113352----a-w-C:\Windows\System32\drivers\ggflt.sys
2012-04-18 19:56:3094208----a-w-C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-18 19:56:3069632----a-w-C:\Windows\SysWow64\QuickTime.qts
2012-03-31 06:05:575559664----a-w-C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:373968368----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:373913072----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:033146240----a-w-C:\Windows\System32\win32k.sys
2012-03-30 11:35:471918320----a-w-C:\Windows\System32\drivers\tcpip.sys
2012-03-22 19:12:124435968----a-w-C:\Windows\SysWow64\GPhotos.scr
2012-03-20 19:44:1298688----a-w-C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-20 19:44:12203888----a-w-C:\Windows\System32\drivers\MpFilter.sys
2012-03-19 22:44:205888792----a-w-C:\Windows\System32\GfxUI.exe
2012-03-19 22:44:20509720----a-w-C:\Windows\System32\igfxsrvc.exe
2012-03-19 22:44:20439064----a-w-C:\Windows\System32\igfxpers.exe
2012-03-19 22:44:20398616----a-w-C:\Windows\System32\hkcmd.exe
2012-03-19 22:44:20276248----a-w-C:\Windows\SysWow64\IntelCpHeciSvc.exe
2012-03-19 22:44:20250136----a-w-C:\Windows\System32\igfxext.exe
2012-03-19 22:44:20184600----a-w-C:\Windows\System32\difx64.exe
2012-03-19 22:44:20170264----a-w-C:\Windows\System32\igfxtray.exe
2012-03-19 22:42:0890112----a-w-C:\Windows\System32\igfxCoIn_v2696.dll
2012-03-19 22:32:0414745600----a-w-C:\Windows\System32\drivers\igdkmd64.sys
2012-03-19 22:31:568087040----a-w-C:\Windows\System32\igdumd64.dll
2012-03-19 22:31:1479360----a-w-C:\Windows\System32\igdde64.dll
2012-03-19 22:26:566120960----a-w-C:\Windows\SysWow64\igdumd32.dll
2012-03-19 22:25:5858880----a-w-C:\Windows\SysWow64\igdde32.dll
2012-03-19 22:22:109605632----a-w-C:\Windows\System32\igd10umd64.dll
2012-03-19 22:11:387795200----a-w-C:\Windows\SysWow64\igd10umd32.dll
2012-03-19 21:31:1418137088----a-w-C:\Windows\System32\ig4icd64.dll
2012-03-19 21:21:1413212672----a-w-C:\Windows\SysWow64\ig4icd32.dll
2012-03-19 21:17:5628672----a-w-C:\Windows\System32\igfxexps.dll
2012-03-19 21:17:4663488----a-w-C:\Windows\System32\igfxsrvc.dll
2012-03-19 21:17:22110592----a-w-C:\Windows\System32\hccutils.dll
2012-03-19 21:17:149216----a-w-C:\Windows\System32\IGFXDEVLib.dll
2012-03-19 21:17:14434688----a-w-C:\Windows\System32\igfxdev.dll
2012-03-19 21:17:14172032----a-w-C:\Windows\System32\gfxSrvc.dll
2012-03-19 21:16:40286208----a-w-C:\Windows\System32\igfxrenu.lrc
2012-03-19 21:16:38142336----a-w-C:\Windows\System32\igfxdo.dll
2012-03-19 21:16:369007616----a-w-C:\Windows\System32\igfxress.dll
2012-03-19 21:12:0625088----a-w-C:\Windows\SysWow64\igfxexps32.dll
2012-03-19 21:11:22325120----a-w-C:\Windows\SysWow64\igfxdv32.dll
2012-03-17 07:58:5775120----a-w-C:\Windows\System32\drivers\partmgr.sys
.
============= FINISH: 1:06:07.72 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 04/11/2011 21:19:41
System Uptime: 12/06/2012 00:41:53 (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | Z68AP-D3
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | Socket 1155 | 3601/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 244 GiB total, 26.38 GiB free.
D: is FIXED (NTFS) - 222 GiB total, 33.651 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000110B-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&3205BF01&0&0013A9462429_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000110B-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&3205BF01&0&0013A9462429_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&3205BF01&0&0013A9462429_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&3205BF01&0&0013A9462429_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000111E-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&3205BF01&0&0013A9462429_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000111E-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&3205BF01&0&0013A9462429_C00000000
Service:
.
==== System Restore Points ===================
.
RP148: 08/06/2012 17:50:24 - Windows Update
RP149: 08/06/2012 18:17:18 - Windows Update
RP150: 11/06/2012 18:41:56 - Windows Update
.
==== Installed Programs ======================
.
@BIOS
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5.5 Master Collection
Adobe Reader X (10.1.3)
Adobe Story
Adobe Widget Browser
Android SDK Tools
Apple Application Support
Apple Software Update
AutoGreen B10.1021.1
AviSynth 2.5
Awesome Duplicate Photo Finder v. 1.0.1
Battlefield 3™
Battlelog Web Plugins
Bing Bar
BitTorrent
Burnout(TM) Paradise The Ultimate Box
Canon RAW Codec
CopyTrans Suite Remove Only
D3DX10
DC Universe Online
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
Easy Tune 6 B11.0512.1
ESN Sonar
Etron USB3.0 Host Controller
Flashtool
GameFly
Google Chrome
High-Definition Video Playback
inSSIDer
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
IsoBuster 2.8
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
LanOptimizer
Malwarebytes Anti-Malware version 1.61.0.1400
Max Payne 3
Mesh Runtime
Messenger Companion
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 13.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NEF Codec
Nero 11 Cliparts
Nero 11 Collection 1
Nero 11 Disc Menus 1
Nero 11 Disc Menus 2
Nero 11 Disc Menus 3
Nero 11 Disc Menus Basic
Nero 11 Effects Basic
Nero 11 Image Samples
Nero 11 Kwik Themes 1
Nero 11 Kwik Themes 2
Nero 11 Kwik Themes 3
Nero 11 Kwik Themes 4
Nero 11 Kwik Themes Basic
Nero 11 PiP Effects 1
Nero 11 PiP Effects Basic
Nero 11 Video Samples
Nero 11 Video Transitions 1
Nero Audio Pack 1
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 11
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero Video 11
Nero Video 11 Help (CHM)
nero.prerequisites.msi
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
ON_OFF Charge B11.0110.1
Origin
PDF Settings CS5
Picasa 3
Portrait Professional Studio
PunkBuster Services
PxMergeModule
QuickBooks
QuickBooks Pro 2011
QuickTime
Radialpoint Security Advisor 2.5.19
Realtek Ethernet Controller Driver
Realtek Ethernet Diagnostic Utility
Realtek High Definition Audio Driver
Rockstar Games Social Club
Safari
Saints Row: The Third
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Smart 6 B11.0512.1
Smart File Advisor 1.1.1
Snapshot Viewer
Sony Ericsson Update Engine
Sony Ericsson Update Service
Sony PC Companion 2.10.065
Steam
System Requirements Lab
System Requirements Lab CYRI
The Elder Scrolls V: Skyrim
TomTom HOME 2.8.3.2499
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Videora iPod Converter 6
Virgin Media Digital Home Support 2.1.27
Virgin Media Service Manager 3.7.47
VisiPics V1.30
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
12/06/2012 00:44:53, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
12/06/2012 00:44:53, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
12/06/2012 00:42:51, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
12/06/2012 00:42:44, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
12/06/2012 00:42:43, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
12/06/2012 00:42:27, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
11/06/2012 23:00:37, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
11/06/2012 22:24:39, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:632 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.127.1752.0, AS: 1.127.1752.0, NIS: 11.0.0.0 Engine Version: AM: 1.1.8403.0, NIS: 2.0.8001.0
 
Back