TechSpot

Windows delayed write failed and system check help

By Squadmissile
Jan 9, 2012
  1. Hello. Yesterday i got back home from a friends and i when i attempted to turn my laptop on, on startup a black screen appeared with all my shortcuts disappeared. Moments later tons of error messages appear titled windows-delayed write failed and a system check box saying there are multiple things wrong with my computer. Even to my limited knowlege of computers it looked like gibberish to try and make me buy a false product. I'm hoping that it can be removed as i have looked through previous threads which looks like most have been solved. It is essential that i get this removed ASAP as i have a period of exams in the forthcoming week. Any help that can be provided is very very welcome
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =========================================================

    Start with this manual: http://www.bleepingcomputer.com/virus-removal/remove-system-check
     
  3. Squadmissile

    Squadmissile TS Rookie Topic Starter Posts: 22

    Thank you very much for your help broni. there is still a system check desktop icon appearing, what should i do with this? also while running malwarebytes an error message appears saying [Open event] failed to perform desired action. error code 2. Other than that, on the face of it everything appears back to normal. can you advise any further steps?
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
     
  5. Squadmissile

    Squadmissile TS Rookie Topic Starter Posts: 22

    This it the first one when i first ran it in the first instructions you gave me

    Malwarebytes Anti-Malware (Trial) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.09.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Ian :: IAN-PC [administrator]

    Protection: Enabled

    09/01/2012 17:53:39
    mbam-log-2012-01-09 (17-53-39).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 195008
    Time elapsed: 13 minute(s), 11 second(s)

    Memory Processes Detected: 2
    C:\ProgramData\uEwKkQfYkoLVFj.exe (Rogue.FakeHDD) -> 468 -> Delete on reboot.
    C:\ProgramData\RRtkfVhJTo9j26.exe (Trojan.FakeAlert) -> 5432 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 12
    HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Quarantined and deleted successfully.
    HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
    HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
    HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
    HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
    HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

    Registry Values Detected: 3
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|uEwKkQfYkoLVFj.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\uEwKkQfYkoLVFj.exe -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: VShareTB -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: -> Quarantined and deleted successfully.

    Registry Data Items Detected: 4
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=1&cf=b9ace203-1547-11e1-a5d4-14feb5bf4e78) Good: (http://www.google.com) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=1&cf=b9ace203-1547-11e1-a5d4-14feb5bf4e78) Good: (http://www.google.com) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\ProgramData\uEwKkQfYkoLVFj.exe (Rogue.FakeHDD) -> Delete on reboot.
    C:\ProgramData\RRtkfVhJTo9j26.exe (Trojan.FakeAlert) -> Delete on reboot.
    C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Quarantined and deleted successfully.

    (end)

    and this is it after running it a second time

    Malwarebytes Anti-Malware (Trial) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.09.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Ian :: IAN-PC [administrator]

    Protection: Disabled

    09/01/2012 22:02:51
    mbam-log-2012-01-09 (22-02-51).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 195329
    Time elapsed: 7 minute(s), 34 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    the gmer came up with nothing that i could save and i ran it 3 times

    these are the results of the dds

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Ian at 23:17:23 on 2012-01-09
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4010.2333 [GMT 0:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\mfevtps.exe
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files\mcafee.com\agent\mcagent.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\System32\svchost.exe -k NetworkService
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111229140434.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [Google Update] "C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Facebook Update] "C:\Users\Ian\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
    TCP: DhcpNameServer = 164.11.133.20 164.11.132.35
    TCP: Interfaces\{38495FB8-4CD6-4389-886C-35C31C5F77F7} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{E5FCD7CB-CE80-4757-8484-12C66A013FF7} : DhcpNameServer = 164.11.133.20 164.11.132.35
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111229140434.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
    mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\85savfl6.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
    FF - prefs.js: network.proxy.type - 2
    FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
    FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Ian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\Ian\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R1 nvkflt;nvkflt;C:\Windows\system32\DRIVERS\nvkflt.sys --> C:\Windows\system32\DRIVERS\nvkflt.sys [?]
    R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-29 397520]
    R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-12-14 55056]
    R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-12-14 61712]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-8-4 98208]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-8-4 199272]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-8-4 208536]
    R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
    R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-4 2255464]
    R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-12-14 931640]
    R2 Sentinel64;Sentinel64;C:\Windows\system32\Drivers\Sentinel64.sys --> C:\Windows\system32\Drivers\Sentinel64.sys [?]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-8-4 1688384]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-4 2656280]
    R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
    R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
    S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
    S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-8-4 224704]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
    S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\drivers\nvstusb.sys --> C:\Windows\system32\drivers\nvstusb.sys [?]
    S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-12-14 25072]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\system32\DRIVERS\SNTUSB64.SYS --> C:\Windows\system32\DRIVERS\SNTUSB64.SYS [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-01-09 22:18:49 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-01-09 22:18:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-01-09 17:51:28 -------- d-----w- C:\Users\Ian\AppData\Roaming\Malwarebytes
    2012-01-09 11:44:42 -------- d-----w- C:\ProgramData\PC Tools
    2012-01-08 21:36:41 -------- d-sh--w- C:\found.000
    2012-01-08 21:31:59 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-01-02 16:51:34 -------- d-----w- C:\Program Files\iPod
    2012-01-02 16:51:33 -------- d-----w- C:\Program Files\iTunes
    2011-12-29 16:29:49 63760 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
    2011-12-29 16:29:42 -------- d-----w- C:\Users\Ian\AppData\Local\Trusteer
    2011-12-29 16:29:38 -------- d-----w- C:\Program Files (x86)\Trusteer
    2011-12-29 16:28:41 -------- d-----w- C:\ProgramData\Trusteer
    2011-12-29 15:32:28 -------- d-----w- C:\Users\Ian\AppData\Roaming\NVIDIA
    2011-12-29 15:28:45 -------- d-----w- C:\Program Files\Common Files\Delcam
    2011-12-29 15:23:58 -------- d-----w- C:\Users\Ian\AppData\Roaming\PowerSHAPE
    2011-12-29 15:23:15 -------- d-----w- C:\Users\Ian\AppData\Roaming\Delcam
    2011-12-29 15:23:14 159744 ----a-r- C:\Users\Ian\AppData\Roaming\Microsoft\Installer\{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}\PVEngine.ProgramMe_D0CE053E0E5E4C129BAED0F36021E911.exe
    2011-12-29 15:23:14 159744 ----a-r- C:\Users\Ian\AppData\Roaming\Microsoft\Installer\{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}\NewShortcut2_D0CE053E0E5E4C129BAED0F36021E911.exe
    2011-12-29 15:23:04 -------- d-----w- C:\Users\Ian\AppData\Roaming\POV-Ray
    2011-12-29 15:22:43 -------- d-----w- C:\Program Files (x86)\Delcam
    2011-12-29 15:22:40 102400 ----a-w- C:\Windows\SysWow64\tsccvid.dll
    2011-12-29 15:21:55 -------- d-----w- C:\Program Files (x86)\Common Files\Delcam
    2011-12-29 15:20:44 145448 ----a-w- C:\Windows\System32\drivers\sentinel64.sys
    2011-12-29 15:20:38 -------- d-----w- C:\Program Files (x86)\Common Files\SafeNet Sentinel
    2011-12-29 15:20:26 -------- d-----w- C:\Program Files\Delcam
    2011-12-18 13:29:47 28760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
    2011-12-14 14:16:53 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2011-12-14 14:16:52 3145216 ----a-w- C:\Windows\System32\win32k.sys
    2011-12-14 14:16:51 723456 ----a-w- C:\Windows\System32\EncDec.dll
    2011-12-14 14:16:51 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2011-12-14 14:16:40 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-12-14 14:16:40 2048 ----a-w- C:\Windows\System32\tzres.dll
    .
    ==================== Find3M ====================
    .
    2011-11-20 13:59:08 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
    2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-10-24 14:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 14:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2011-10-18 14:32:28 161168 ----a-w- C:\Windows\System32\mfevtps.exe
    2011-10-15 13:16:16 75808 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
    2011-10-15 13:16:16 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
    2011-10-15 13:16:16 647080 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
    2011-10-15 13:16:16 481768 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
    2011-10-15 13:16:16 284648 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
    2011-10-15 13:16:16 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
    2011-10-15 13:16:16 160280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
    2011-10-15 13:16:16 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
    2011-10-15 13:16:16 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
    .
    ============= FINISH: 23:31:47.84 ===============

    second attached file is attached
     

    Attached Files:

  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Good job :)

    All logs have to pasted, so please paste Attach.txt in your next reply (no zipping).

    Then....

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.

    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. Squadmissile

    Squadmissile TS Rookie Topic Starter Posts: 22

    i don't seem to be able to run the aswMRB file, should i continue through the steps?
     
  8. Squadmissile

    Squadmissile TS Rookie Topic Starter Posts: 22

    oh and the attach file, sorry for double post
     

    Attached Files:

  9. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    No attaching.
    Please pay attention.

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  10. Squadmissile

    Squadmissile TS Rookie Topic Starter Posts: 22

    oh sorry about that pal

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 08/08/2011 18:30:11
    System Uptime: 09/01/2012 22:12:56 (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0YR8NN
    Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | CPU | 2301/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 446 GiB total, 324.62 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Virtual WiFi Miniport Adapter
    Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&CF9FB2B&0&02
    Manufacturer: Microsoft
    Name: Microsoft Virtual WiFi Miniport Adapter #2
    PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&CF9FB2B&0&02
    Service: vwifimp
    .
    ==== System Restore Points ===================
    .
    RP74: 03/01/2012 01:43:30 - Scheduled Checkpoint
    RP75: 04/01/2012 18:00:11 - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    AccelerometerP11
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader X (10.1.1) MUI
    Advanced Audio FX Engine
    Apple Application Support
    Apple Software Update
    Baron Samedi's Gameplay Enhancing Submods Compilation V4.0
    BitTorrent
    Brink
    Bugfixer 1.1 for Baron Samedi's Submods Compilation V4.1
    Click to Call with Skype
    D3DX10
    DAEMON Tools Lite
    DarthMod Ultimate Commander Edition
    DarthMod Ultimate Commander Edition
    Delcam PS-Tutorials 2011 R3 (32-bit)
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Getting Started Guide
    Dell MusicStage
    Dell PhotoStage
    Dell Stage
    Dell VideoStage
    Dell Webcam Central
    DirectX 9 Runtime
    eBay
    Empire: Total War
    Europa Universalis III
    Facebook Video Calling 1.0.0.8953
    Google Chrome
    Heir to the Throne
    High-Definition Video Playback
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Wireless Display
    Java Auto Updater
    Java(TM) 6 Update 26
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.60.0.1800
    McAfee SecurityCenter
    Medieval II: Total War
    Medieval II: Total War Kingdoms
    Mesh Runtime
    Messenger Companion
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2010
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Standard 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mount&Blade Warband
    Mozilla Firefox 8.0.1 (x86 en-GB)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 10 Movie ThemePack Basic
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero Update
    NVIDIA 3D Vision Controller Driver
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Patch 1.1 for Baron Samedi's Submods Compilation V4.0
    PhotoShowExpress
    QuickTime
    Rapport
    Realtek High Definition Audio Driver
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Creator Starter
    Roxio Express Labeler 3
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Sentinel System Driver Installer 7.5.1
    Skype™ 5.3
    Sonic CinePlayer Decoder Pack
    SopCast 3.4.0
    Spotify
    Steam
    SyncUP
    System Requirements Lab
    System Requirements Lab for Intel
    Team Fortress 2
    The Elder Scrolls IV: Oblivion
    Third Age - Total War 3.0 (Part 1of2)
    Third Age - Total War 3.0 (Part 2of2)
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    Veetle TV
    vShare.tv plugin 1.3
    VshareComplete
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Yahoo! Detect
    YouTube Downloader 3.3
    Zinio Reader 4
    .
    ==== Event Viewer Messages From Past Week ========
    .
    09/01/2012 23:25:06, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    09/01/2012 22:16:30, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
    09/01/2012 22:14:30, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    09/01/2012 22:14:30, Error: Service Control Manager [7031] - The Telephony service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    09/01/2012 22:14:30, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    09/01/2012 22:14:30, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    09/01/2012 22:14:30, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    09/01/2012 22:11:08, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
    09/01/2012 22:11:08, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
    09/01/2012 20:50:26, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    09/01/2012 19:46:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
    09/01/2012 19:46:38, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
    09/01/2012 19:39:46, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
    09/01/2012 19:39:39, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    09/01/2012 19:39:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    09/01/2012 19:39:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    09/01/2012 19:39:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    09/01/2012 19:39:31, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache RapportKE64 spldr Wanarpv6
    09/01/2012 19:39:31, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    09/01/2012 19:38:01, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: Access is denied.
    09/01/2012 19:38:01, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: Access is denied.
    09/01/2012 19:38:01, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80070005.
    09/01/2012 19:02:04, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
    09/01/2012 18:44:20, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 9 time(s).
    09/01/2012 18:36:24, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 8 time(s).
    09/01/2012 18:23:20, Error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 3 time(s).
    09/01/2012 18:23:20, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 7 time(s).
    09/01/2012 18:21:37, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 6 time(s).
    09/01/2012 18:20:05, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 5 time(s).
    09/01/2012 18:18:38, Error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 3 time(s).
    09/01/2012 18:18:38, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 4 time(s).
    09/01/2012 18:16:56, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 3 time(s).
    09/01/2012 18:16:56, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 3 time(s).
    09/01/2012 18:16:56, Error: Service Control Manager [7031] - The Telephony service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    09/01/2012 18:15:30, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 2 time(s).
    09/01/2012 18:15:30, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    09/01/2012 18:15:30, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    09/01/2012 18:15:30, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    09/01/2012 18:11:49, Error: NetBT [4321] - The name "IAN-PC :20" could not be registered on the interface with IP address 169.254.207.212. The computer with the IP address 164.11.60.206 did not allow the name to be claimed by this computer.
    09/01/2012 18:11:49, Error: NetBT [4321] - The name "IAN-PC :0" could not be registered on the interface with IP address 169.254.207.212. The computer with the IP address 164.11.60.206 did not allow the name to be claimed by this computer.
    09/01/2012 18:09:59, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 14 time(s).
    09/01/2012 18:08:09, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 13 time(s).
    09/01/2012 18:06:39, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 12 time(s).
    09/01/2012 18:04:57, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 11 time(s).
    09/01/2012 18:03:27, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 10 time(s).
    09/01/2012 16:59:47, Error: bowser [8003] - The master browser has received a server announcement from the computer TOYA that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E5FCD7CB-CE80-4757-8484-12C66A013FF7}. The master browser is stopping or an election is being forced.
    09/01/2012 16:50:46, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 3 time(s).
    09/01/2012 16:48:39, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Workstation service, but this action failed with the following error: An instance of the service is already running.
    09/01/2012 16:02:06, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    09/01/2012 16:01:58, Error: Service Control Manager [7022] - The Peer Name Resolution Protocol service hung on starting.
    09/01/2012 11:38:49, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Cryptographic Services service, but this action failed with the following error: An instance of the service is already running.
    09/01/2012 11:22:12, Error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 4 time(s).
    08/01/2012 21:40:23, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    08/01/2012 21:40:23, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    08/01/2012 21:40:06, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    08/01/2012 21:39:52, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    08/01/2012 21:39:52, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    08/01/2012 21:39:04, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Ian\ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.
    08/01/2012 21:38:53, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.
    07/01/2012 18:28:36, Error: bowser [8003] - The master browser has received a server announcement from the computer YANNIS-TOSH that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E5FCD7CB-CE80-4757-8484-12C66A013FF7}. The master browser is stopping or an election is being forced.
    07/01/2012 11:18:44, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 164.11.60.206. The computer with the IP address 164.11.60.192 did not allow the name to be claimed by this computer.
    06/01/2012 12:14:14, Error: bowser [8003] - The master browser has received a server announcement from the computer JADE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E5FCD7CB-CE80-4757-8484-12C66A013FF7}. The master browser is stopping or an election is being forced.
    04/01/2012 23:47:14, Error: NetBT [4300] - The driver could not be created.
    04/01/2012 23:47:02, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
    04/01/2012 15:47:08, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 169.254.209.175, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
    03/01/2012 02:56:40, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    03/01/2012 02:56:40, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    03/01/2012 02:56:40, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    03/01/2012 02:56:40, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    03/01/2012 02:56:40, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    02/01/2012 22:59:09, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    02/01/2012 12:07:27, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================

    and the bootkit file

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000004`e8800000

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
     
  11. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

    • Double click on downloaded file to run it.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log (FRST.txt) on your desktop.
    • Please copy and paste it to your reply.
     
  12. Squadmissile

    Squadmissile TS Rookie Topic Starter Posts: 22

    Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.2
    Ran by Ian at 2012-01-10 18:18:04
    Running from C:\Users\Ian\Downloads
    Service Pack 1 (X64) OS Language: English(US)
    Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

    ========================== Registry (Whitelisted) =============

    HKLM\...\Winlogon: [Userinit]
    HKLM-x32\...\Winlogon: [Userinit]
    HKLM\...\Winlogon: [Shell]
    HKLM-x32\...\Winlogon: [Shell] [x x] ()

    ==================== Services (Whitelisted) ======


    ========================== Drivers (Whitelisted) =============


    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============

    2012-01-10 18:16 - 2012-01-10 18:17 - 1379209 ____A C:\Users\Ian\Downloads\FRST64.exe
    2012-01-10 17:42 - 2012-01-10 17:42 - 0044607 ____A C:\Users\Ian\Downloads\bootkit_remover.zip
    2012-01-10 13:22 - 2012-01-10 13:22 - 4713472 ____A (AVAST Software) C:\Users\Ian\Downloads\aswMBR(2).exe
    2012-01-10 00:03 - 2012-01-10 00:03 - 4713472 ____A (AVAST Software) C:\Users\Ian\Downloads\aswMBR(1).exe
    2012-01-10 00:01 - 2012-01-10 00:02 - 4713472 ____A (AVAST Software) C:\Users\Ian\Downloads\aswMBR.exe
    2012-01-09 23:44 - 2012-01-09 23:44 - 0005480 ____A C:\Users\Ian\Documents\Attach.zip
    2012-01-09 23:42 - 2012-01-09 23:42 - 0022833 ____A C:\Users\Ian\Documents\Attach.txt
    2012-01-09 23:17 - 2012-01-09 23:17 - 0607260 ____R (Swearware) C:\Users\Ian\Downloads\dds(2).scr
    2012-01-09 22:21 - 2012-01-09 22:21 - 0302592 ____A C:\Users\Ian\Downloads\8wmhu3ik(1).exe
    2012-01-09 22:18 - 2012-01-09 22:19 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-01-09 22:18 - 2012-01-09 22:18 - 0001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-01-09 22:17 - 2012-01-09 22:18 - 10847608 ____A (Malwarebytes Corporation ) C:\Users\Ian\Downloads\mbam-setup-1.60.0.1800(1).exe
    2012-01-09 21:42 - 2012-01-09 21:42 - 0607260 ____A (Swearware) C:\Users\Ian\Downloads\dds(1).scr
    2012-01-09 21:26 - 2012-01-09 21:26 - 1558406 ____A C:\Users\Ian\Downloads\tdsskiller.zip
    2012-01-09 21:23 - 2012-01-09 21:23 - 1578288 ____A (Kaspersky Lab ZAO) C:\Users\Ian\Downloads\tdsskiller.exe
    2012-01-09 21:07 - 2012-01-09 21:07 - 0000047 ____A C:\Windows\NeroDigital.ini
    2012-01-09 20:49 - 2012-01-02 16:52 - 0001785 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-01-09 20:49 - 2011-12-21 08:05 - 0000969 ____A C:\Users\Public\Desktop\BitTorrent.lnk
    2012-01-09 20:49 - 2011-12-02 15:26 - 0001686 ____A C:\Users\Public\Desktop\Defraggler.lnk
    2012-01-09 20:49 - 2011-09-17 01:43 - 0002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
    2012-01-09 20:49 - 2011-08-14 20:49 - 0000784 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-01-09 20:49 - 2011-08-08 19:49 - 0000919 ____A C:\Users\Public\Desktop\Steam.lnk
    2012-01-09 20:49 - 2011-08-08 18:23 - 0001144 ___AT C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-01-09 20:49 - 2011-08-04 03:50 - 0002102 ____A C:\Users\Public\Desktop\Intel(R) Wireless Display.lnk
    2012-01-09 20:49 - 2009-07-14 04:54 - 0000174 __ASH C:\Users\All Users\Start Menu\Programs\Startup\desktop.ini
    2012-01-09 19:48 - 2012-01-09 19:48 - 0684297 ____A C:\Users\Ian\Downloads\unhide.exe
    2012-01-09 19:43 - 2012-01-09 19:44 - 0000361 ____A C:\rkill.log
    2012-01-09 19:41 - 2012-01-09 19:41 - 1008141 ____A C:\Users\Ian\Downloads\iExplore.exe
    2012-01-09 19:39 - 2012-01-09 19:39 - 0104630 ____A C:\Windows\ntbtlog.txt
    2012-01-09 19:33 - 2012-01-09 19:33 - 0607260 ____A (Swearware) C:\Users\Ian\Downloads\dds.scr
    2012-01-09 19:32 - 2012-01-09 19:32 - 0000000 ____A C:\Users\Ian\Documents\gmer.log
    2012-01-09 18:35 - 2012-01-09 18:35 - 0302592 ____A C:\Users\Ian\Downloads\8wmhu3ik.exe
    2012-01-09 17:51 - 2012-01-09 17:51 - 0000000 ____D C:\Users\Ian\AppData\Roaming\Malwarebytes
    2012-01-09 17:30 - 2012-01-09 17:30 - 10847608 ____A (Malwarebytes Corporation ) C:\Users\Ian\Downloads\mbam-setup-1.60.0.1800.exe
    2012-01-09 11:46 - 2012-01-09 11:47 - 1478942 ____A C:\Windows\System32\Drivers\Cat.DB
    2012-01-09 11:44 - 2012-01-09 20:56 - 0000000 ____D C:\Users\All Users\PC Tools
    2012-01-09 11:44 - 2012-01-09 20:56 - 0000000 ____D C:\ProgramData\PC Tools
    2012-01-08 21:38 - 2012-01-08 21:38 - 0003288 ____N C:\bootsqm.dat
    2012-01-08 21:36 - 2012-01-08 21:36 - 0000000 __SHD C:\found.000
    2012-01-08 21:31 - 2012-01-08 21:31 - 0000000 ____D C:\Users\All Users\Malwarebytes
    2012-01-08 21:31 - 2012-01-08 21:31 - 0000000 ____D C:\ProgramData\Malwarebytes
    2012-01-08 21:22 - 2012-01-10 12:03 - 0001790 ____A C:\Users\Public\Desktop\McAfee Security Center.lnk
    2012-01-08 21:18 - 2012-01-08 21:18 - 0000655 ____A C:\Users\Ian\Desktop\System Check.lnk
    2012-01-06 22:12 - 2012-01-06 22:14 - 8147420 ____A C:\Users\Ian\Downloads\Original Don - Major Lazer Ft. The Partysquad - Electronic - HQ 2011.mp3
    2012-01-06 16:46 - 2012-01-06 16:56 - 6545170 ____A C:\Users\Ian\Downloads\Jay-ZLinkin Park - NumbEncore lyrics.mp3
    2012-01-06 16:32 - 2012-01-06 16:55 - 10438071 ____A C:\Users\Ian\Downloads\Cazzette vs Adele -- Set Fire to the Rain (A Stupid Hole Bootleg).mp3
    2012-01-06 16:27 - 2012-01-06 16:51 - 7940920 ____A C:\Users\Ian\Downloads\Avicii - Levels (Cazzette NYC Mode Mix) [LE7ELS] AT NIGHT MANAGEMENT.mp3
    2012-01-05 12:58 - 2012-01-05 13:24 - 7109188 ____A C:\Users\Ian\Downloads\LETHAL BIZZLE - POW 2011 (OFFICAL VIDEO).mp3
    2012-01-05 12:50 - 2012-01-05 13:25 - 6397819 ____A C:\Users\Ian\Downloads\Rusko - Woo Boost.mp3
    2012-01-05 12:43 - 2012-01-05 13:24 - 7087468 ____A C:\Users\Ian\Downloads\Breakage ft Newham Generals - Hard.mp3
    2012-01-05 12:40 - 2012-01-05 13:25 - 13275756 ____A C:\Users\Ian\Downloads\Magnetic Man - MAD.mp3
    2012-01-05 12:38 - 2012-01-05 14:32 - 8723599 ____A C:\Users\Ian\Downloads\Skream - Clap Your Hands (full).mp3
    2012-01-02 21:42 - 2012-01-02 23:25 - 6831667 ____A C:\Users\Ian\Downloads\Sway ft Kano - Still Speedin' [Remix] - OUT NOW!!!!.mp3
    2012-01-02 21:17 - 2012-01-02 23:25 - 5926640 ____A C:\Users\Ian\Downloads\Ms Dynamite ft Redlight- What You Talkin About (dubstep).mp3
    2012-01-02 21:12 - 2012-01-02 23:26 - 6572525 ____A C:\Users\Ian\Downloads\Youngman - Who Knows.mp3
    2012-01-02 21:08 - 2012-01-02 23:25 - 5468535 ____A C:\Users\Ian\Downloads\Redlight - Get Out My Head.mp3
    2012-01-02 16:51 - 2012-01-02 16:52 - 0000000 ____D C:\Program Files\iTunes
    2012-01-02 16:51 - 2012-01-02 16:51 - 0000000 ____D C:\Program Files\iPod
    2011-12-29 16:29 - 2011-12-29 16:29 - 0000000 ____D C:\Users\Ian\AppData\Local\Trusteer
    2011-12-29 16:29 - 2011-12-29 16:29 - 0000000 ____D C:\Program Files (x86)\Trusteer
    2011-12-29 16:29 - 2011-12-14 12:23 - 0063760 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKE64.sys
    2011-12-29 16:28 - 2011-12-29 16:28 - 0000000 ____D C:\Users\All Users\Trusteer
    2011-12-29 16:28 - 2011-12-29 16:28 - 0000000 ____D C:\ProgramData\Trusteer
    2011-12-29 15:41 - 2012-01-09 21:28 - 0005816 ____A C:\Windows\PFRO.log
    2011-12-29 15:32 - 2011-12-29 15:32 - 0000000 ____D C:\Users\Ian\AppData\Roaming\NVIDIA
    2011-12-29 15:28 - 2011-12-29 15:29 - 0000000 ____D C:\Program Files\Common Files\Delcam
    2011-12-29 15:23 - 2012-01-01 09:50 - 0000000 ____D C:\Users\Ian\AppData\Roaming\PowerSHAPE
    2011-12-29 15:23 - 2011-12-29 15:23 - 0002287 ____A C:\Users\Ian\Desktop\POV-Ray for Windows v3.62.lnk
    2011-12-29 15:23 - 2011-12-29 15:23 - 0000703 ____A C:\Users\Ian\Desktop\Sample POV-Ray 3.6 Scenes.lnk
    2011-12-29 15:23 - 2011-12-29 15:23 - 0000000 ____D C:\Users\Ian\Documents\POV-Ray
    2011-12-29 15:23 - 2011-12-29 15:23 - 0000000 ____D C:\Users\Ian\AppData\Roaming\POV-Ray
    2011-12-29 15:23 - 2011-12-29 15:23 - 0000000 ____D C:\Users\Ian\AppData\Roaming\Delcam
    2011-12-29 15:22 - 2011-12-29 15:22 - 0000000 ____D C:\Program Files (x86)\Delcam
    2011-12-29 15:22 - 2005-06-15 03:00 - 0102400 ____A (TechSmith Corporation) C:\Windows\SysWOW64\tsccvid.dll
    2011-12-29 15:21 - 2011-12-29 15:21 - 0000000 ____D C:\Users\Public\Documents\Delcam
    2011-12-29 15:20 - 2012-01-01 13:25 - 0000000 ____D C:\Program Files\Delcam
    2011-12-29 15:20 - 2011-12-29 15:20 - 0000000 ____D C:\Users\Ian\Documents\Downloaded Installations
    2011-12-29 15:20 - 2009-09-17 07:05 - 0145448 ____A (SafeNet, Inc.) C:\Windows\System32\Drivers\sentinel64.sys
    2011-12-29 11:57 - 2011-12-29 11:57 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
    2011-12-28 17:52 - 2012-01-10 11:59 - 0002779 ____A C:\Windows\setupact.log
    2011-12-28 17:52 - 2011-12-28 17:52 - 0000000 ____A C:\Windows\setuperr.log
    2011-12-28 16:42 - 2012-01-10 16:36 - 1908696 ____A C:\Windows\WindowsUpdate.log
    2011-12-24 07:02 - 2011-12-24 07:02 - 0090624 ____A (Squid) C:\Users\Ian\Downloads\Kingdoms Launcher App.exe
    2011-12-23 14:28 - 2011-12-23 14:28 - 5584041 ____A () C:\Users\Ian\Downloads\TATW_3.1_Patch.exe
    2011-12-21 08:04 - 2011-12-21 08:04 - 6053744 ____A (BitTorrent, Inc.) C:\Users\Ian\Downloads\BitTorrent-7.6.exe
    2011-12-21 08:01 - 2011-12-21 08:01 - 0801580 ____A (MediaGet LLC) C:\Users\Ian\Downloads\download_using_mediaget.exe
    2011-12-17 09:08 - 2012-01-10 12:13 - 0000506 ___AH C:\Windows\Tasks\SystemToolsDailyTest.job
    2011-12-17 09:08 - 2011-12-18 11:58 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    2011-12-14 15:21 - 2011-11-04 02:38 - 17786368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2011-12-14 15:21 - 2011-11-04 01:59 - 10886656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2011-12-14 15:21 - 2011-11-04 01:53 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2011-12-14 15:21 - 2011-11-04 01:46 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2011-12-14 15:21 - 2011-11-04 01:44 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2011-12-14 15:21 - 2011-11-04 01:44 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2011-12-14 15:21 - 2011-11-04 01:43 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2011-12-14 15:21 - 2011-11-04 01:41 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2011-12-14 15:21 - 2011-11-04 01:39 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2011-12-14 15:21 - 2011-11-04 01:36 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2011-12-14 15:21 - 2011-11-04 01:35 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2011-12-14 15:21 - 2011-11-04 01:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2011-12-14 15:21 - 2011-11-04 01:30 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2011-12-14 15:21 - 2011-11-03 23:02 - 12279808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2011-12-14 15:21 - 2011-11-03 22:47 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2011-12-14 15:21 - 2011-11-03 22:46 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2011-12-14 15:21 - 2011-11-03 22:40 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2011-12-14 15:21 - 2011-11-03 22:40 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2011-12-14 15:21 - 2011-11-03 22:39 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2011-12-14 15:21 - 2011-11-03 22:38 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2011-12-14 15:21 - 2011-11-03 22:37 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2011-12-14 15:21 - 2011-11-03 22:34 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2011-12-14 15:21 - 2011-11-03 22:32 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2011-12-14 15:21 - 2011-11-03 22:32 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2011-12-14 15:21 - 2011-11-03 22:31 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2011-12-14 15:21 - 2011-11-03 22:28 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2011-12-14 14:16 - 2011-11-24 04:52 - 3145216 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2011-12-14 14:16 - 2011-11-05 05:32 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2011-12-14 14:16 - 2011-11-05 04:26 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2011-12-14 14:16 - 2011-10-26 05:21 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2011-12-14 14:16 - 2011-10-15 06:31 - 0723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
    2011-12-14 14:16 - 2011-10-15 05:38 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll


    ============ 3 Months Modified Files and Folders =============

    2012-01-10 18:18 - 2012-01-10 18:17 - 0000000 ____D C:\FRST
    2012-01-10 18:18 - 2011-08-08 17:30 - 0000000 ____D C:\Users\Ian\AppData\Local\SoftThinks
    2012-01-10 18:17 - 2012-01-10 18:16 - 1379209 ____A C:\Users\Ian\Downloads\FRST64.exe
    2012-01-10 18:03 - 2011-10-17 19:58 - 0000920 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3724166915-1268323807-2214438749-1001UA.job
    2012-01-10 17:59 - 2011-08-09 10:43 - 0000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3724166915-1268323807-2214438749-1001UA.job
    2012-01-10 17:42 - 2012-01-10 17:42 - 0044607 ____A C:\Users\Ian\Downloads\bootkit_remover.zip
    2012-01-10 16:58 - 2011-08-08 18:02 - 0000000 ____D C:\Users\Ian\AppData\Local\Nero
    2012-01-10 16:36 - 2011-12-28 16:42 - 1908696 ____A C:\Windows\WindowsUpdate.log
    2012-01-10 13:22 - 2012-01-10 13:22 - 4713472 ____A (AVAST Software) C:\Users\Ian\Downloads\aswMBR(2).exe
    2012-01-10 13:20 - 2011-08-08 18:23 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-01-10 12:13 - 2011-12-17 09:08 - 0000506 ___AH C:\Windows\Tasks\SystemToolsDailyTest.job
    2012-01-10 12:06 - 2009-07-14 04:45 - 0021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-01-10 12:06 - 2009-07-14 04:45 - 0021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-01-10 12:03 - 2012-01-08 21:22 - 0001790 ____A C:\Users\Public\Desktop\McAfee Security Center.lnk
    2012-01-10 12:00 - 2011-08-08 19:49 - 0000000 ____D C:\Program Files (x86)\Steam
    2012-01-10 11:59 - 2011-12-28 17:52 - 0002779 ____A C:\Windows\setupact.log
    2012-01-10 11:59 - 2011-09-22 19:53 - 0000434 ____A C:\Windows\System32\Drivers\etc\hosts.ics
    2012-01-10 11:59 - 2011-08-04 05:30 - 0000000 ____D C:\Users\All Users\NVIDIA
    2012-01-10 11:59 - 2011-08-04 05:30 - 0000000 ____D C:\ProgramData\NVIDIA
    2012-01-10 11:59 - 2011-08-04 05:28 - 3153727488 __ASH C:\hiberfil.sys
    2012-01-10 11:59 - 2011-08-04 03:55 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
    2012-01-10 11:59 - 2009-07-14 05:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-01-10 00:03 - 2012-01-10 00:03 - 4713472 ____A (AVAST Software) C:\Users\Ian\Downloads\aswMBR(1).exe
    2012-01-10 00:02 - 2012-01-10 00:01 - 4713472 ____A (AVAST Software) C:\Users\Ian\Downloads\aswMBR.exe
    2012-01-09 23:44 - 2012-01-09 23:44 - 0005480 ____A C:\Users\Ian\Documents\Attach.zip
    2012-01-09 23:42 - 2012-01-09 23:42 - 0022833 ____A C:\Users\Ian\Documents\Attach.txt
    2012-01-09 23:17 - 2012-01-09 23:17 - 0607260 ____R (Swearware) C:\Users\Ian\Downloads\dds(2).scr
    2012-01-09 22:21 - 2012-01-09 22:21 - 0302592 ____A C:\Users\Ian\Downloads\8wmhu3ik(1).exe
    2012-01-09 22:19 - 2012-01-09 22:18 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-01-09 22:18 - 2012-01-09 22:18 - 0001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-01-09 22:18 - 2012-01-09 22:17 - 10847608 ____A (Malwarebytes Corporation ) C:\Users\Ian\Downloads\mbam-setup-1.60.0.1800(1).exe
    2012-01-09 21:42 - 2012-01-09 21:42 - 0607260 ____A (Swearware) C:\Users\Ian\Downloads\dds(1).scr
    2012-01-09 21:28 - 2011-12-29 15:41 - 0005816 ____A C:\Windows\PFRO.log
    2012-01-09 21:26 - 2012-01-09 21:26 - 1558406 ____A C:\Users\Ian\Downloads\tdsskiller.zip
    2012-01-09 21:23 - 2012-01-09 21:23 - 1578288 ____A (Kaspersky Lab ZAO) C:\Users\Ian\Downloads\tdsskiller.exe
    2012-01-09 21:07 - 2012-01-09 21:07 - 0000047 ____A C:\Windows\NeroDigital.ini
    2012-01-09 21:05 - 2011-09-08 15:34 - 0000000 ____D C:\Users\Ian\Downloads\Games
    2012-01-09 21:03 - 2011-10-17 19:58 - 0000898 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3724166915-1268323807-2214438749-1001Core.job
    2012-01-09 20:56 - 2012-01-09 11:44 - 0000000 ____D C:\Users\All Users\PC Tools
    2012-01-09 20:56 - 2012-01-09 11:44 - 0000000 ____D C:\ProgramData\PC Tools
    2012-01-09 20:51 - 2011-08-04 04:19 - 0000000 ____D C:\Users\All Users\Sonic
    2012-01-09 20:51 - 2011-08-04 04:19 - 0000000 ____D C:\ProgramData\Sonic
    2012-01-09 19:48 - 2012-01-09 19:48 - 0684297 ____A C:\Users\Ian\Downloads\unhide.exe
    2012-01-09 19:44 - 2012-01-09 19:43 - 0000361 ____A C:\rkill.log
    2012-01-09 19:41 - 2012-01-09 19:41 - 1008141 ____A C:\Users\Ian\Downloads\iExplore.exe
    2012-01-09 19:39 - 2012-01-09 19:39 - 0104630 ____A C:\Windows\ntbtlog.txt
    2012-01-09 19:33 - 2012-01-09 19:33 - 0607260 ____A (Swearware) C:\Users\Ian\Downloads\dds.scr
    2012-01-09 19:32 - 2012-01-09 19:32 - 0000000 ____A C:\Users\Ian\Documents\gmer.log
    2012-01-09 18:59 - 2011-08-09 10:43 - 0000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3724166915-1268323807-2214438749-1001Core.job
    2012-01-09 18:35 - 2012-01-09 18:35 - 0302592 ____A C:\Users\Ian\Downloads\8wmhu3ik.exe
    2012-01-09 18:08 - 2011-11-22 20:22 - 0000000 ____D C:\Program Files (x86)\vShare.tv plugin
    2012-01-09 17:51 - 2012-01-09 17:51 - 0000000 ____D C:\Users\Ian\AppData\Roaming\Malwarebytes
    2012-01-09 17:30 - 2012-01-09 17:30 - 10847608 ____A (Malwarebytes Corporation ) C:\Users\Ian\Downloads\mbam-setup-1.60.0.1800.exe
    2012-01-09 11:47 - 2012-01-09 11:46 - 1478942 ____A C:\Windows\System32\Drivers\Cat.DB
    2012-01-09 00:07 - 2009-07-14 05:08 - 0032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-01-08 21:53 - 2011-08-08 17:30 - 0000000 ____D C:\users\Ian
    2012-01-08 21:38 - 2012-01-08 21:38 - 0003288 ____N C:\bootsqm.dat
    2012-01-08 21:36 - 2012-01-08 21:36 - 0000000 __SHD C:\found.000
    2012-01-08 21:31 - 2012-01-08 21:31 - 0000000 ____D C:\Users\All Users\Malwarebytes
    2012-01-08 21:31 - 2012-01-08 21:31 - 0000000 ____D C:\ProgramData\Malwarebytes
    2012-01-08 21:18 - 2012-01-08 21:18 - 0000655 ____A C:\Users\Ian\Desktop\System Check.lnk
    2012-01-07 11:59 - 2011-08-09 10:46 - 0002393 ____A C:\Users\Ian\Desktop\Google Chrome.lnk
    2012-01-06 22:14 - 2012-01-06 22:12 - 8147420 ____A C:\Users\Ian\Downloads\Original Don - Major Lazer Ft. The Partysquad - Electronic - HQ 2011.mp3
    2012-01-06 16:56 - 2012-01-06 16:46 - 6545170 ____A C:\Users\Ian\Downloads\Jay-ZLinkin Park - NumbEncore lyrics.mp3
    2012-01-06 16:55 - 2012-01-06 16:32 - 10438071 ____A C:\Users\Ian\Downloads\Cazzette vs Adele -- Set Fire to the Rain (A Stupid Hole Bootleg).mp3
    2012-01-06 16:51 - 2012-01-06 16:27 - 7940920 ____A C:\Users\Ian\Downloads\Avicii - Levels (Cazzette NYC Mode Mix) [LE7ELS] AT NIGHT MANAGEMENT.mp3
    2012-01-06 16:42 - 2011-10-16 15:35 - 0000000 ____D C:\Users\Ian\AppData\Roaming\Spotify
    2012-01-06 16:27 - 2011-10-16 15:35 - 0000000 ____D C:\Users\Ian\AppData\Local\Spotify
    2012-01-05 14:32 - 2012-01-05 12:38 - 8723599 ____A C:\Users\Ian\Downloads\Skream - Clap Your Hands (full).mp3
    2012-01-05 13:25 - 2012-01-05 12:50 - 6397819 ____A C:\Users\Ian\Downloads\Rusko - Woo Boost.mp3
    2012-01-05 13:25 - 2012-01-05 12:40 - 13275756 ____A C:\Users\Ian\Downloads\Magnetic Man - MAD.mp3
    2012-01-05 13:25 - 2011-08-22 15:02 - 7708660 ____A C:\Users\Ian\Downloads\Tempa T - Next Hype.mp3
    2012-01-05 13:24 - 2012-01-05 12:58 - 7109188 ____A C:\Users\Ian\Downloads\LETHAL BIZZLE - POW 2011 (OFFICAL VIDEO).mp3
    2012-01-05 13:24 - 2012-01-05 12:43 - 7087468 ____A C:\Users\Ian\Downloads\Breakage ft Newham Generals - Hard.mp3
    2012-01-04 18:04 - 2011-02-10 16:10 - 0765178 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-01-04 18:04 - 2009-07-14 05:13 - 0765178 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-01-03 16:13 - 2011-08-09 22:07 - 0000000 ____D C:\Users\Ian\AppData\Roaming\BitTorrent
    2012-01-02 23:26 - 2012-01-02 21:12 - 6572525 ____A C:\Users\Ian\Downloads\Youngman - Who Knows.mp3
    2012-01-02 23:25 - 2012-01-02 21:42 - 6831667 ____A C:\Users\Ian\Downloads\Sway ft Kano - Still Speedin' [Remix] - OUT NOW!!!!.mp3
    2012-01-02 23:25 - 2012-01-02 21:17 - 5926640 ____A C:\Users\Ian\Downloads\Ms Dynamite ft Redlight- What You Talkin About (dubstep).mp3
    2012-01-02 23:25 - 2012-01-02 21:08 - 5468535 ____A C:\Users\Ian\Downloads\Redlight - Get Out My Head.mp3
    2012-01-02 16:52 - 2012-01-09 20:49 - 0001785 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-01-02 16:52 - 2012-01-02 16:51 - 0000000 ____D C:\Program Files\iTunes
    2012-01-02 16:52 - 2011-11-20 14:10 - 0000000 ____D C:\Program Files (x86)\iTunes
    2012-01-02 16:51 - 2012-01-02 16:51 - 0000000 ____D C:\Program Files\iPod
    2012-01-01 13:25 - 2011-12-29 15:20 - 0000000 ____D C:\Program Files\Delcam
    2012-01-01 09:50 - 2011-12-29 15:23 - 0000000 ____D C:\Users\Ian\AppData\Roaming\PowerSHAPE
    2011-12-30 18:09 - 2011-08-04 04:14 - 0000000 ____D C:\Program Files (x86)\McAfee
    2011-12-29 16:29 - 2011-12-29 16:29 - 0000000 ____D C:\Users\Ian\AppData\Local\Trusteer
    2011-12-29 16:29 - 2011-12-29 16:29 - 0000000 ____D C:\Program Files (x86)\Trusteer
    2011-12-29 16:28 - 2011-12-29 16:28 - 0000000 ____D C:\Users\All Users\Trusteer
    2011-12-29 16:28 - 2011-12-29 16:28 - 0000000 ____D C:\ProgramData\Trusteer
    2011-12-29 15:57 - 2011-08-08 17:30 - 0083544 ____A C:\Users\Ian\AppData\Local\GDIPFONTCACHEV1.DAT
    2011-12-29 15:41 - 2009-07-14 04:45 - 0357432 ____A C:\Windows\System32\FNTCACHE.DAT
    2011-12-29 15:32 - 2011-12-29 15:32 - 0000000 ____D C:\Users\Ian\AppData\Roaming\NVIDIA
    2011-12-29 15:29 - 2011-12-29 15:28 - 0000000 ____D C:\Program Files\Common Files\Delcam
    2011-12-29 15:23 - 2011-12-29 15:23 - 0002287 ____A C:\Users\Ian\Desktop\POV-Ray for Windows v3.62.lnk
    2011-12-29 15:23 - 2011-12-29 15:23 - 0000703 ____A C:\Users\Ian\Desktop\Sample POV-Ray 3.6 Scenes.lnk
    2011-12-29 15:23 - 2011-12-29 15:23 - 0000000 ____D C:\Users\Ian\Documents\POV-Ray
    2011-12-29 15:23 - 2011-12-29 15:23 - 0000000 ____D C:\Users\Ian\AppData\Roaming\POV-Ray
    2011-12-29 15:23 - 2011-12-29 15:23 - 0000000 ____D C:\Users\Ian\AppData\Roaming\Delcam
    2011-12-29 15:22 - 2011-12-29 15:22 - 0000000 ____D C:\Program Files (x86)\Delcam
    2011-12-29 15:21 - 2011-12-29 15:21 - 0000000 ____D C:\Users\Public\Documents\Delcam
    2011-12-29 15:20 - 2011-12-29 15:20 - 0000000 ____D C:\Users\Ian\Documents\Downloaded Installations
    2011-12-29 15:17 - 2011-08-04 03:59 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
    2011-12-29 12:11 - 2011-08-23 19:20 - 0000000 ____D C:\Users\All Users\Microsoft Help
    2011-12-29 12:11 - 2011-08-23 19:20 - 0000000 ____D C:\ProgramData\Microsoft Help
    2011-12-29 11:57 - 2011-12-29 11:57 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
    2011-12-28 17:52 - 2011-12-28 17:52 - 0000000 ____A C:\Windows\setuperr.log
    2011-12-24 07:02 - 2011-12-24 07:02 - 0090624 ____A (Squid) C:\Users\Ian\Downloads\Kingdoms Launcher App.exe
    2011-12-23 14:28 - 2011-12-23 14:28 - 5584041 ____A () C:\Users\Ian\Downloads\TATW_3.1_Patch.exe
    2011-12-22 21:19 - 2011-08-10 23:41 - 0047616 ____A C:\Users\Ian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2011-12-21 08:05 - 2012-01-09 20:49 - 0000969 ____A C:\Users\Public\Desktop\BitTorrent.lnk
    2011-12-21 08:05 - 2011-08-09 22:08 - 0000000 ____D C:\Program Files (x86)\BitTorrent
    2011-12-21 08:04 - 2011-12-21 08:04 - 6053744 ____A (BitTorrent, Inc.) C:\Users\Ian\Downloads\BitTorrent-7.6.exe
    2011-12-21 08:01 - 2011-12-21 08:01 - 0801580 ____A (MediaGet LLC) C:\Users\Ian\Downloads\download_using_mediaget.exe
    2011-12-18 14:17 - 2009-07-14 03:20 - 0000000 ____D C:\Windows\rescache
    2011-12-18 12:02 - 2009-07-14 03:20 - 0000000 ____D C:\Windows\System32\NDF
    2011-12-18 11:58 - 2011-12-17 09:08 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    2011-12-17 09:08 - 2011-08-04 04:14 - 0000000 ____D C:\Program Files\Dell Support Center
    2011-12-14 15:22 - 2011-08-10 12:41 - 54867776 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2011-12-14 12:23 - 2011-12-29 16:29 - 0063760 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKE64.sys
    2011-12-11 01:25 - 2011-11-20 17:58 - 0000023 ____A C:\Windows\BlendSettings.ini
    2011-12-02 15:26 - 2012-01-09 20:49 - 0001686 ____A C:\Users\Public\Desktop\Defraggler.lnk
    2011-12-02 15:26 - 2011-12-02 15:25 - 3463432 ____A (Piriform Ltd) C:\Users\Ian\Downloads\dfsetup208.exe
    2011-12-02 15:26 - 2011-08-14 23:00 - 0000000 ____D C:\Program Files\Defraggler
    2011-12-01 13:24 - 2011-08-09 00:11 - 0000000 ____D C:\Users\Ian\AppData\Local\Apple Computer
    2011-11-30 23:20 - 2011-11-30 23:20 - 0026974 ____A C:\Users\Ian\Documents\AHAHA.jpg
    2011-11-27 13:37 - 2011-11-27 13:37 - 0010359 ____A C:\Users\Ian\Documents\Essential information.docx
    2011-11-27 13:13 - 2011-11-27 13:13 - 0115248 ____A C:\Users\Ian\Desktop\Insurance statement Document.pdf
    2011-11-27 13:08 - 2011-11-27 13:08 - 0904225 ____A C:\Users\Ian\Desktop\Ian insurance 2011-06-27.pdf
    2011-11-26 19:19 - 2011-11-26 19:19 - 0904225 ____A C:\Users\Ian\Documents\policy info.pdf
    2011-11-24 04:52 - 2011-12-14 14:16 - 3145216 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2011-11-23 18:08 - 2011-11-23 17:22 - 7312332 ____A C:\Users\Ian\Downloads\Wolfgang Gartner feat. will.i.am - Forever (Official Video).mp3
    2011-11-23 17:06 - 2011-08-04 04:06 - 0000000 ____D C:\Program Files (x86)\Creative
    2011-11-23 17:06 - 2009-07-14 05:32 - 0000000 ____D C:\Windows\Downloaded Program Files
    2011-11-23 12:37 - 2011-11-23 11:16 - 6298343 ____A C:\Users\Ian\Downloads\Skream - Anticipate ft. Sam Frank.mp3
    2011-11-23 12:37 - 2011-11-23 11:06 - 5950630 ____A C:\Users\Ian\Downloads\Laidback Luke vs Example - 'Natural Disaster' (Official Video).mp3
    2011-11-23 12:12 - 2011-11-23 11:12 - 8981662 ____A C:\Users\Ian\Downloads\Yasmin ft Shy FX & Ms Dynamite - 'Light Up (The World)' (Out 15.01.12).mp3
    2011-11-23 12:12 - 2011-11-23 11:03 - 8208442 ____A C:\Users\Ian\Downloads\Yogi ft Ayah Marar - 'Follow U' (Xilent Remix).mp3
    2011-11-23 12:10 - 2011-08-12 17:06 - 3513247 ____A C:\Users\Ian\Downloads\Professor Green - At Your Inconvenience (Official Video).mp3
    2011-11-23 12:09 - 2011-11-23 12:08 - 4943321 ____A C:\Users\Ian\Downloads\Enter Shikari - Anything Can Happen In The Next Half Hour....mp3
    2011-11-23 12:09 - 2011-11-23 11:51 - 5488603 ____A C:\Users\Ian\Downloads\Foreign Beggars - Badman Riddim.mp3
    2011-11-23 12:09 - 2011-11-23 11:28 - 6541855 ____A C:\Users\Ian\Downloads\In The Air (feat. Professor Green & Maverick Sabre).mp3
    2011-11-23 12:09 - 2011-11-23 11:00 - 8860685 ____A C:\Users\Ian\Downloads\Ellie Goulding - Lights (Bassnectar Remix).mp3
    2011-11-23 11:25 - 2011-11-23 11:25 - 6996085 ____A C:\Users\Ian\Downloads\Professor Green - At Your Inconvenience.mp3
    2011-11-22 20:23 - 2011-11-22 20:22 - 0000000 ____D C:\Program Files (x86)\VshareComplete
    2011-11-22 20:22 - 2011-11-22 20:22 - 1106672 ____A C:\Users\Ian\Downloads\vshare-plugin.exe
    2011-11-22 20:22 - 2011-11-22 20:22 - 0000000 ____D C:\Users\Ian\AppData\Roaming\VshareComplete
    2011-11-21 13:58 - 2011-08-04 03:37 - 0000000 ____D C:\users\UpdatusUser
    2011-11-20 17:56 - 2011-11-20 17:56 - 0000000 ____D C:\Users\Ian\Documents\My Games
    2011-11-20 17:56 - 2011-11-20 17:56 - 0000000 ____D C:\Users\Ian\AppData\Local\Oblivion
    2011-11-20 13:59 - 2011-08-08 19:42 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2011-11-16 10:27 - 2009-07-14 03:20 - 0000000 ____D C:\Program Files\Common Files\System
    2011-11-06 21:39 - 2011-11-06 21:33 - 102159326 ____A C:\Users\Ian\Downloads\excision-shambhala-2011-dubstep-mix.mp3
    2011-11-05 05:32 - 2011-12-14 14:16 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2011-11-05 04:26 - 2011-12-14 14:16 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2011-11-04 02:38 - 2011-12-14 15:21 - 17786368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2011-11-04 01:59 - 2011-12-14 15:21 - 10886656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2011-11-04 01:53 - 2011-12-14 15:21 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2011-11-04 01:46 - 2011-12-14 15:21 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2011-11-04 01:44 - 2011-12-14 15:21 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2011-11-04 01:44 - 2011-12-14 15:21 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2011-11-04 01:43 - 2011-12-14 15:21 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2011-11-04 01:41 - 2011-12-14 15:21 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2011-11-04 01:39 - 2011-12-14 15:21 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2011-11-04 01:36 - 2011-12-14 15:21 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2011-11-04 01:35 - 2011-12-14 15:21 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2011-11-04 01:34 - 2011-12-14 15:21 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2011-11-04 01:30 - 2011-12-14 15:21 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2011-11-03 23:02 - 2011-12-14 15:21 - 12279808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2011-11-03 22:47 - 2011-12-14 15:21 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2011-11-03 22:46 - 2011-12-14 15:21 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2011-11-03 22:40 - 2011-12-14 15:21 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2011-11-03 22:40 - 2011-12-14 15:21 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2011-11-03 22:39 - 2011-12-14 15:21 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2011-11-03 22:38 - 2011-12-14 15:21 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2011-11-03 22:37 - 2011-12-14 15:21 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2011-11-03 22:34 - 2011-12-14 15:21 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2011-11-03 22:32 - 2011-12-14 15:21 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2011-11-03 22:32 - 2011-12-14 15:21 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2011-11-03 22:31 - 2011-12-14 15:21 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2011-11-03 22:28 - 2011-12-14 15:21 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2011-11-03 02:09 - 2011-11-01 16:06 - 9753226 ____A C:\Users\Ian\Downloads\Flux Pavilion - Excuse Me [HD].mp3
    2011-11-01 18:42 - 2011-11-01 16:32 - 6179651 ____A C:\Users\Ian\Downloads\Chase & Status - End credits [HD].mp3
    2011-11-01 17:18 - 2011-11-01 16:08 - 11216894 ____A C:\Users\Ian\Downloads\Flux Pavillion - Got 2 Know [HD].mp3
    2011-11-01 17:17 - 2011-11-01 16:48 - 13021645 ____A C:\Users\Ian\Downloads\deadmau5 - Sofi Needs a Ladder.mp3
    2011-10-31 19:07 - 2011-10-31 19:07 - 0296086 ____A C:\Users\Ian\Downloads\DMUC 7.0+Formations Beta (update4).zip
    2011-10-30 18:39 - 2011-10-30 18:39 - 0000000 ____D C:\Program Files (x86)\QuickTime
    2011-10-30 18:37 - 2011-08-09 00:09 - 0000000 ____D C:\Program Files\Common Files\Apple
    2011-10-28 16:34 - 2011-08-04 04:09 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2011-10-28 02:53 - 2009-07-14 03:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2011-10-28 02:51 - 2011-08-23 19:23 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
    2011-10-28 02:50 - 2009-07-14 02:34 - 0000510 ____A C:\Windows\win.ini
    2011-10-28 02:49 - 2011-10-28 02:49 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
    2011-10-28 02:49 - 2011-10-28 02:49 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
    2011-10-26 05:21 - 2011-12-14 14:16 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2011-10-24 14:29 - 2011-10-24 14:29 - 0094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
    2011-10-24 14:29 - 2011-10-24 14:29 - 0069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
    2011-10-18 16:20 - 2011-08-09 16:00 - 0000000 ____D C:\Users\All Users\PCDr
    2011-10-18 16:20 - 2011-08-09 16:00 - 0000000 ____D C:\ProgramData\PCDr
    2011-10-18 14:32 - 2011-08-04 04:14 - 0161168 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    2011-10-17 19:58 - 2011-10-17 19:58 - 0493520 ____A (Facebook Inc.) C:\Users\Ian\Downloads\FacebookVideoCallSetup_v1.2.203.0.exe
    2011-10-17 19:58 - 2011-10-17 19:58 - 0000000 ____D C:\Users\Ian\AppData\Local\Facebook
    2011-10-16 18:15 - 2011-10-16 17:44 - 8380714 ____A C:\Users\Ian\Downloads\ENTER SHIKARI - 'Sorry Youre Not A Winner' official promo video.mp3
    2011-10-16 18:14 - 2011-10-16 17:32 - 6982353 ____A C:\Users\Ian\Downloads\ENTER SHIKARI - SSSNAKEPIT - OFFICIAL HD PROMO.mp3
    2011-10-16 17:42 - 2011-10-16 17:37 - 2574196 ____A C:\Users\Ian\Downloads\ENTER SHIKARI - DESTABILISE (official promo video) - OCT 2010.mp3
    2011-10-16 15:35 - 2011-10-16 15:35 - 6836552 ____A C:\Users\Ian\Downloads\Spotify Installer.exe
    2011-10-16 15:35 - 2011-10-16 15:35 - 0000911 ____A C:\Users\Ian\Desktop\Spotify.lnk
    2011-10-15 13:16 - 2011-08-04 04:14 - 0010248 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeclnk.sys
    2011-10-15 13:16 - 2011-03-13 16:20 - 0647080 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfehidk.sys
    2011-10-15 13:16 - 2011-03-13 16:20 - 0481768 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfefirek.sys
    2011-10-15 13:16 - 2011-03-13 16:20 - 0284648 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfewfpk.sys
    2011-10-15 13:16 - 2011-03-13 16:20 - 0229528 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeavfk.sys
    2011-10-15 13:16 - 2011-03-13 16:20 - 0160280 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeapfk.sys
    2011-10-15 13:16 - 2011-03-13 16:20 - 0100912 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdet.sys
    2011-10-15 13:16 - 2011-03-13 16:20 - 0075808 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfenlfk.sys
    2011-10-15 13:16 - 2011-03-13 16:20 - 0065264 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\cfwids.sys
    2011-10-15 06:31 - 2011-12-14 14:16 - 0723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
    2011-10-15 05:38 - 2011-12-14 14:16 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
    2011-10-13 10:12 - 2011-10-13 10:12 - 0836536 ____A C:\Users\Ian\Downloads\ge_resources_2.5.exe
    2011-10-13 00:19 - 2011-09-02 15:45 - 0000000 ____D C:\Users\Ian\AppData\Roaming\Mount&Blade Warband

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit

    C:\Windows\System32\wininit.exe => MD5 is legit

    C:\Windows\explorer.exe => MD5 is legit

    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ========================= Memory info ======================

    Percentage of memory in use: 52%
    Total physical RAM: 4010.17 MB
    Available physical RAM: 1895.13 MB
    Total Pagefile: 8018.54 MB
    Available Pagefile: 4992.09 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.87 MB

    ======================= Partitions =========================

    1 Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:324.45 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 101 MB 31 KB
    Partition 2 Primary 19 GB 104 MB
    Partition 3 Primary 446 GB 19 GB
    Partition 4 Primary 1016 KB 465 GB

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 RECOVERY NTFS Partition 19 GB Healthy System

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 446 GB Healthy Boot

    Disk: 0
    Partition 4
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: Yes

    There is no volume associated with this partition.

    ==========================================================

    Last Boot: 2012-01-03 01:36

    ======================= End Of Log ==========================
     
  13. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    We have the newest TDL rootkit there.

    WARNING!
    Proceed with extreme caution!
    Deleting wrong partition will result with your computer being unusable.
    If you have any doubts, ask.


    ===========================================================================================

    Download gparted-live-0.10.0-3.iso (115.1 MB)

    Burn it to a CD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

    Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    Boot off of the newly created Gparted CD.

    You should be here:
    [​IMG]
    Press Enter.

    By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER:
    [​IMG]

    Choose your language and press ENTER. English is default [33]:
    [​IMG]

    Once again, at this prompt, press ENTER:
    [​IMG]

    You will now be taken to the main GUI screen below:
    [​IMG]
    According to your logs, the partition that you want to delete is the small partition of 1016 KB.
    Click on it to highlight it.
    Click the trash can icon to delete and then click Apply.

    You should now be here confirming your actions:
    [​IMG]

    Now you should be here:
    [​IMG]

    Is "boot" next to your OS drive?
    [​IMG]

    If "boot" is NOT next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags.

    In the menu that pops up, place a checkmark in boot like the picture below:
    [​IMG]

    Now double-click the [​IMG] button.

    You should receive a small pop up like this:
    [​IMG]

    Choose reboot and then press OK.

    Post new Bootkit Remover log.
     
  14. Squadmissile

    Squadmissile TS Rookie Topic Starter Posts: 22

    right ok, i will need to get my hands on a cd, i will inform you as soon as possible
     
  15. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    OK........................
     
  16. Squadmissile

    Squadmissile TS Rookie Topic Starter Posts: 22

    I went through those steps exactly and a message appears on start up saying BOOTMGR is missing
    Press Ctrl+Alt+Del to restart
    What should I do from here??
     
  17. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please Boot to the System Recovery Options
    If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
    It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...
    NOTE. If none of the above apply you can create System Repair Disc (link in "Option two") and boot from it.

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt

    Choose Command Prompt
    You should see X:\SOURCES>...

    Execute the following commands in bold.
    Press Enter after every one of them.

    bootrec /fixmbr (<--- there is a "space" after "bootrec")

    bootrec /fixboot (<--- there is a "space" after "bootrec")

    exit

    Restart computer.
     
  18. Squadmissile

    Squadmissile TS Rookie Topic Starter Posts: 22

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000004`e8800000

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
     
  19. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    I assume it boots just fine?

    See if you can run aswMBR and Combofix now.
     
  20. Squadmissile

    Squadmissile TS Rookie Topic Starter Posts: 22

    Sure thing, heres aswMRB:
    aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-19 14:04:51
    -----------------------------
    14:04:51.034 OS Version: Windows x64 6.1.7601 Service Pack 1
    14:04:51.034 Number of processors: 4 586 0x2A07
    14:04:51.035 ComputerName: IAN-PC UserName: Ian
    14:04:53.021 Initialize success
    14:07:29.444 AVAST engine defs: 12011901
    14:08:11.131 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    14:08:11.133 Disk 0 Vendor: ST950042 0001 Size: 476940MB BusType: 3
    14:08:11.158 Disk 0 MBR read successfully
    14:08:11.160 Disk 0 MBR scan
    14:08:11.176 Disk 0 Windows 7 default MBR code
    14:08:11.184 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
    14:08:11.209 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 20000 MB offset 212992
    14:08:11.228 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 456835 MB offset 41172992
    14:08:11.245 Service scanning
    14:08:21.397 Modules scanning
    14:08:21.419 Disk 0 trace - called modules:
    14:08:21.444 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
    14:08:21.456 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006655060]
    14:08:21.469 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8006506a90]
    14:08:21.719 5 stdcfltn.sys[fffff88001b14c52] -> nt!IofCallDriver -> [0xfffffa8004b0d6e0]
    14:08:21.734 7 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b15050]
    14:08:25.917 AVAST engine scan C:\Windows
    14:08:28.100 AVAST engine scan C:\Windows\system32
    14:11:05.984 AVAST engine scan C:\Windows\system32\drivers
    14:11:20.378 AVAST engine scan C:\Users\Ian
    14:28:00.341 AVAST engine scan C:\ProgramData
    14:31:48.104 Scan finished successfully
    14:37:28.190 Disk 0 MBR has been saved successfully to "C:\Users\Ian\Desktop\MBR.dat"
    14:37:28.198 The log file has been saved successfully to "C:\Users\Ian\Desktop\aswMBR.txt"


    and the Combofix log:

    ComboFix 12-01-18.04 - Ian 19/01/2012 15:18:58.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4010.2440 [GMT 0:00]
    Running from: c:\users\Ian\Downloads\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Roaming
    c:\users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    c:\users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
    c:\users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-19 to 2012-01-19 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-19 15:27 . 2012-01-19 15:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-01-19 15:27 . 2012-01-19 15:27 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-16 15:13 . 2012-01-16 15:13 -------- d-----w- c:\users\Default\AppData\Local\Trusteer
    2012-01-15 20:22 . 2012-01-15 21:05 -------- d-----w- C:\Boot
    2012-01-11 18:00 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
    2012-01-11 18:00 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
    2012-01-11 18:00 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-01-11 18:00 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-01-11 18:00 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-11 18:00 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
    2012-01-11 18:00 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
    2012-01-11 18:00 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2012-01-11 09:12 . 2012-01-11 09:12 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
    2012-01-11 09:12 . 2012-01-11 09:12 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
    2012-01-11 09:12 . 2012-01-11 09:12 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
    2012-01-11 09:12 . 2012-01-11 09:12 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
    2012-01-10 21:26 . 2012-01-10 21:26 -------- d-----w- c:\users\Ian\AppData\Roaming\McAfee
    2012-01-10 18:17 . 2012-01-10 18:19 -------- d-----w- C:\FRST
    2012-01-09 22:18 . 2012-01-09 22:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-01-09 17:51 . 2012-01-09 17:51 -------- d-----w- c:\users\Ian\AppData\Roaming\Malwarebytes
    2012-01-09 11:44 . 2012-01-09 20:56 -------- d-----w- c:\programdata\PC Tools
    2012-01-08 21:36 . 2012-01-08 21:36 -------- d-----w- C:\found.000
    2012-01-08 21:31 . 2012-01-08 21:31 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
    2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2012-01-02 16:51 . 2012-01-02 16:51 -------- d-----w- c:\program files\iPod
    2012-01-02 16:51 . 2012-01-02 16:52 -------- d-----w- c:\program files\iTunes
    2011-12-29 16:29 . 2012-01-04 14:33 63760 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
    2011-12-29 16:29 . 2011-12-29 16:29 -------- d-----w- c:\users\Ian\AppData\Local\Trusteer
    2011-12-29 16:29 . 2011-12-29 16:29 -------- d-----w- c:\program files (x86)\Trusteer
    2011-12-29 16:28 . 2011-12-29 16:28 -------- d-----w- c:\programdata\Trusteer
    2011-12-29 15:32 . 2011-12-29 15:32 -------- d-----w- c:\users\Ian\AppData\Roaming\NVIDIA
    2011-12-29 15:28 . 2011-12-29 15:29 -------- d-----w- c:\program files\Common Files\Delcam
    2011-12-29 15:23 . 2012-01-01 09:50 -------- d-----w- c:\users\Ian\AppData\Roaming\PowerSHAPE
    2011-12-29 15:23 . 2011-12-29 15:23 -------- d-----w- c:\users\Ian\AppData\Roaming\Delcam
    2011-12-29 15:23 . 2011-12-29 15:23 159744 ----a-r- c:\users\Ian\AppData\Roaming\Microsoft\Installer\{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}\PVEngine.ProgramMe_D0CE053E0E5E4C129BAED0F36021E911.exe
    2011-12-29 15:23 . 2011-12-29 15:23 159744 ----a-r- c:\users\Ian\AppData\Roaming\Microsoft\Installer\{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}\NewShortcut2_D0CE053E0E5E4C129BAED0F36021E911.exe
    2011-12-29 15:23 . 2011-12-29 15:23 -------- d-----w- c:\users\Ian\AppData\Roaming\POV-Ray
    2011-12-29 15:22 . 2011-12-29 15:22 -------- d-----w- c:\program files (x86)\Delcam
    2011-12-29 15:22 . 2005-06-15 03:00 102400 ----a-w- c:\windows\SysWow64\tsccvid.dll
    2011-12-29 15:21 . 2011-12-29 15:21 -------- d-----w- c:\program files (x86)\Common Files\Delcam
    2011-12-29 15:20 . 2009-09-17 07:05 145448 ----a-w- c:\windows\system32\drivers\sentinel64.sys
    2011-12-29 15:20 . 2011-12-29 15:20 -------- d-----w- c:\program files (x86)\Common Files\SafeNet Sentinel
    2011-12-29 15:20 . 2012-01-01 13:25 -------- d-----w- c:\program files\Delcam
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-24 04:52 . 2011-12-14 14:16 3145216 ----a-w- c:\windows\system32\win32k.sys
    2011-11-20 13:59 . 2011-08-08 19:42 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-05 05:32 . 2011-12-14 14:16 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-05 04:26 . 2011-12-14 14:16 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2011-11-04 01:53 . 2011-12-14 15:21 2309120 ----a-w- c:\windows\system32\jscript9.dll
    2011-11-04 01:44 . 2011-12-14 15:21 1390080 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 01:44 . 2011-12-14 15:21 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 01:34 . 2011-12-14 15:21 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-11-03 22:47 . 2011-12-14 15:21 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
    2011-11-03 22:40 . 2011-12-14 15:21 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-11-03 22:39 . 2011-12-14 15:21 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-11-03 22:31 . 2011-12-14 15:21 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-10-26 05:21 . 2011-12-14 14:16 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-24 14:29 . 2011-10-24 14:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 14:29 . 2011-10-24 14:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-08 1242448]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
    "Facebook Update"="c:\users\Ian\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-17 137536]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-04-29 75064]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
    "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
    "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
    "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
    R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [x]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
    S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [x]
    S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-29 397520]
    S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-01-04 55056]
    S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-01-04 61712]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
    S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-01-04 931640]
    S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [x]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-05-16 1688384]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
    S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3724166915-1268323807-2214438749-1001Core.job
    - c:\users\Ian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-17 19:58]
    .
    2012-01-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3724166915-1268323807-2214438749-1001UA.job
    - c:\users\Ian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-17 19:58]
    .
    2012-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3724166915-1268323807-2214438749-1001Core.job
    - c:\users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-09 10:43]
    .
    2012-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3724166915-1268323807-2214438749-1001UA.job
    - c:\users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-09 10:43]
    .
    2012-01-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
    .
    2012-01-19 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08337871-0e50-4031-9110-3bd21ca3c065}]
    2011-11-09 02:54 167416 ----a-w- c:\users\Ian\AppData\Roaming\VshareComplete\64\VshareComplete64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
    "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
    "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-25 4479648]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-08-03 335976]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    TCP: DhcpNameServer = 164.11.133.20 164.11.132.35
    FF - ProfilePath - c:\users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\85savfl6.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
    FF - prefs.js: network.proxy.type - 2
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
    c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    c:\program files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-19 15:40:37 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-19 15:40
    .
    Pre-Run: 340,310,134,784 bytes free
    Post-Run: 340,135,747,584 bytes free
    .
    - - End Of File - - D5F591A35136D6D0B8979B40984D280B
     
  21. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  22. Squadmissile

    Squadmissile TS Rookie Topic Starter Posts: 22

    It's working prety well, just like before the infection

    Extras

    OTL Extras logfile created on: 1/19/2012 6:55:21 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ian\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.92 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 66.26% Memory free
    7.83 Gb Paging File | 5.82 Gb Available in Paging File | 74.37% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 446.13 Gb Total Space | 316.61 Gb Free Space | 70.97% Space Free | Partition Type: NTFS

    Computer Name: IAN-PC | User Name: Ian | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3724166915-1268323807-2214438749-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
    "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
    "{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi Software
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 280.26
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.4.28
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}" = POV-Ray for Windows v3.62
    "{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
    "{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "CCleaner" = CCleaner
    "Defraggler" = Defraggler
    "Dell Support Center" = Dell Support Center
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "ProInst" = Intel PROSet Wireless
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinRAR archiver" = WinRAR 4.01 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{39901B4C-E954-4471-ADAB-E786AEE326D1}" = Dell Stage
    "{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
    "{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
    "{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.2) MUI
    "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B4750ECE-3B5F-462F-8950-614D1E0B2204}" = Facebook Video Calling 1.1.0.13
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{BF9E346B-5ECE-4A18-9510-55729FD08323}" = Sentinel System Driver Installer 7.5.1
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
    "{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
    "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1" = VshareComplete
    "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
    "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Baron Samedi's Gameplay Enhancing Submods Compilation V4.0" = Baron Samedi's Gameplay Enhancing Submods Compilation V4.0
    "BitTorrent" = BitTorrent
    "Bugfixer 1.1 for Baron Samedi's Submods Compilation V4.1" = Bugfixer 1.1 for Baron Samedi's Submods Compilation V4.1
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "DarthMod Ultimate Commander Edition" = DarthMod Ultimate Commander Edition
    "Delcam PS-Tutorials11300" = Delcam PS-Tutorials 2011 R3 (32-bit)
    "Dell Webcam Central" = Dell Webcam Central
    "Heir to the Throne_is1" = Heir to the Throne
    "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "McAfee Virtual Technician" = McAfee Virtual Technician
    "Mount&Blade Warband" = Mount&Blade Warband
    "Mozilla Firefox 9.0.1 (x86 en-GB)" = Mozilla Firefox 9.0.1 (x86 en-GB)
    "MSC" = McAfee SecurityCenter
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Patch 1.1 for Baron Samedi's Submods Compilation V4.0" = Patch 1.1 for Baron Samedi's Submods Compilation V4.0
    "Rapport_msi" = Rapport
    "SopCast" = SopCast 3.4.0
    "STANDARDR" = Microsoft Office Standard 2007
    "Steam App 10500" = Empire: Total War
    "Steam App 22330" = The Elder Scrolls IV: Oblivion
    "Steam App 22350" = Brink
    "Steam App 440" = Team Fortress 2
    "Steam App 4700" = Medieval II: Total War
    "Steam App 4780" = Medieval II: Total War Kingdoms
    "SystemRequirementsLab" = System Requirements Lab
    "Veetle TV" = Veetle TV
    "vShare.tv plugin" = vShare.tv plugin 1.3
    "WinLiveSuite" = Windows Live Essentials
    "YTdetect" = Yahoo! Detect
    "ZinioReader4" = Zinio Reader 4

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3724166915-1268323807-2214438749-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "DarthMod Ultimate Commander Edition " = DarthMod Ultimate Commander Edition
    "Google Chrome" = Google Chrome
    "Spotify" = Spotify
    "Third Age - Total War 3.0 (Part 1of2)" = Third Age - Total War 3.0 (Part 1of2)
    "Third Age - Total War 3.0 (Part 2of2)" = Third Age - Total War 3.0 (Part 2of2)

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/13/2012 10:17:48 AM | Computer Name = Ian-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 448987

    Error - 1/13/2012 10:17:49 AM | Computer Name = Ian-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 1/13/2012 10:17:49 AM | Computer Name = Ian-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 450313

    Error - 1/13/2012 10:17:49 AM | Computer Name = Ian-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 450313

    Error - 1/13/2012 10:17:51 AM | Computer Name = Ian-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 1/13/2012 10:17:51 AM | Computer Name = Ian-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 451498

    Error - 1/13/2012 10:17:51 AM | Computer Name = Ian-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 451498

    Error - 1/13/2012 10:17:52 AM | Computer Name = Ian-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 1/13/2012 10:17:52 AM | Computer Name = Ian-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 452699

    Error - 1/13/2012 10:17:52 AM | Computer Name = Ian-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 452699

    [ System Events ]
    Error - 1/19/2012 2:35:42 PM | Computer Name = Ian-PC | Source = Service Control Manager | ID = 7001
    Description = The MBAMService service depends on the MBAMProtector service which
    failed to start because of the following error: %%2

    Error - 1/19/2012 2:38:09 PM | Computer Name = Ian-PC | Source = ipnathlp | ID = 31004
    Description =

    Error - 1/19/2012 2:41:12 PM | Computer Name = Ian-PC | Source = ipnathlp | ID = 31004
    Description =

    Error - 1/19/2012 2:42:22 PM | Computer Name = Ian-PC | Source = ipnathlp | ID = 31004
    Description =

    Error - 1/19/2012 2:51:15 PM | Computer Name = Ian-PC | Source = ipnathlp | ID = 31004
    Description =

    Error - 1/19/2012 3:03:02 PM | Computer Name = Ian-PC | Source = ipnathlp | ID = 31004
    Description =

    Error - 1/19/2012 3:06:34 PM | Computer Name = Ian-PC | Source = ipnathlp | ID = 31004
    Description =

    Error - 1/19/2012 3:08:08 PM | Computer Name = Ian-PC | Source = ipnathlp | ID = 31004
    Description =

    Error - 1/19/2012 3:10:07 PM | Computer Name = Ian-PC | Source = ipnathlp | ID = 31004
    Description =

    Error - 1/19/2012 3:14:02 PM | Computer Name = Ian-PC | Source = ipnathlp | ID = 31004
    Description =


    < End of report >
     
  23. Squadmissile

    Squadmissile TS Rookie Topic Starter Posts: 22

    The OTL.txt is too long to post
     
  24. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Split it between couple of replies (as our board rules say).
     
  25. Squadmissile

    Squadmissile TS Rookie Topic Starter Posts: 22

    OTL logfile created on: 1/19/2012 6:55:21 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ian\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.92 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 66.26% Memory free
    7.83 Gb Paging File | 5.82 Gb Available in Paging File | 74.37% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 446.13 Gb Total Space | 316.61 Gb Free Space | 70.97% Space Free | Partition Type: NTFS

    Computer Name: IAN-PC | User Name: Ian | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/01/19 18:10:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ian\Downloads\OTL.exe
    PRC - [2012/01/04 14:33:42 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2012/01/04 14:33:42 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/10/17 19:58:35 | 000,137,536 | ---- | M] (Facebook Inc.) -- C:\Users\Ian\AppData\Local\Facebook\Update\FacebookUpdate.exe
    PRC - [2011/08/03 11:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/08/03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011/08/02 07:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    PRC - [2011/05/30 09:30:00 | 000,885,760 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
    PRC - [2011/05/17 00:10:24 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    PRC - [2011/05/16 15:33:06 | 002,748,736 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    PRC - [2011/05/16 15:30:18 | 001,688,384 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    PRC - [2011/04/29 21:11:08 | 003,110,184 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
    PRC - [2011/04/13 15:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    PRC - [2010/12/20 23:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/20 23:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/12/17 15:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    PRC - [2010/11/17 15:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    PRC - [2010/05/04 17:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/01/04 18:05:06 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
    MOD - [2012/01/04 18:04:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
    MOD - [2012/01/04 14:37:48 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
    MOD - [2011/11/10 16:11:00 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
    MOD - [2011/10/12 17:31:51 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\273292e88c7b60ecbae9d85e94cd097e\WindowsFormsIntegration.ni.dll
    MOD - [2011/10/12 17:31:30 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\88f32d62a8df469e8b9f12a8d3093627\System.Xml.Linq.ni.dll
    MOD - [2011/10/12 17:31:26 | 009,921,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\de785592a16c949cfb67da6781acd156\System.Data.Entity.ni.dll
    MOD - [2011/10/12 17:30:43 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
    MOD - [2011/10/12 17:30:11 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\76692f411b404f1db0c95d81dd537c37\System.Runtime.Serialization.ni.dll
    MOD - [2011/10/12 15:27:06 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
    MOD - [2011/10/12 15:26:52 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll
    MOD - [2011/10/12 15:26:52 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll
    MOD - [2011/10/12 15:26:51 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
    MOD - [2011/10/12 15:26:48 | 001,117,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f78fa584bb78607b65e8872d925a96af\System.DirectoryServices.ni.dll
    MOD - [2011/10/12 15:26:47 | 001,044,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Printing\a18184c1609b655455395c522bd9054f\System.Printing.ni.dll
    MOD - [2011/10/12 15:26:46 | 002,157,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\eb6d83d30262cb6d1b6f2a47dcf8a37d\ReachFramework.ni.dll
    MOD - [2011/10/12 15:26:44 | 001,658,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\79f71b891de1584cdcce378e22f047ee\PresentationUI.ni.dll
    MOD - [2011/10/12 15:26:43 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
    MOD - [2011/10/12 15:26:32 | 000,039,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\7681b87de3ecee06390331f0fab14c93\PresentationCFFRasterizer.ni.dll
    MOD - [2011/10/12 15:26:30 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
    MOD - [2011/10/12 15:26:23 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
    MOD - [2011/10/12 15:26:22 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\dd2070ee8e6e28ac8dc658404c50ebde\System.Deployment.ni.dll
    MOD - [2011/10/12 15:26:21 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\ccba14fc93de40f4f53d401f07b9bcb8\System.Security.ni.dll
    MOD - [2011/10/12 15:26:21 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\93df5ea9646ad11a21517e4ab1d803d9\UIAutomationTypes.ni.dll
    MOD - [2011/10/12 15:26:21 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
    MOD - [2011/10/12 15:26:21 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
    MOD - [2011/10/12 15:26:18 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
    MOD - [2011/10/12 15:26:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
    MOD - [2011/10/12 15:26:15 | 000,015,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\3cb6023aa6ab962babcee9c0ec8991de\Microsoft.VisualC.ni.dll
    MOD - [2011/10/12 15:26:14 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
    MOD - [2011/10/12 15:26:05 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
    MOD - [2011/10/12 15:26:02 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
    MOD - [2011/10/12 15:25:58 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
    MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/05/30 09:30:00 | 000,885,760 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
    MOD - [2011/05/30 09:25:10 | 007,938,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
    MOD - [2011/05/30 09:25:10 | 002,225,664 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
    MOD - [2011/05/16 15:33:06 | 002,748,736 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    MOD - [2011/04/29 21:11:02 | 000,251,688 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\System.ComponentModel.Composition.dll
    MOD - [2011/04/29 21:11:00 | 000,891,688 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\System.Data.SQLite.dll
    MOD - [2010/12/17 15:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    MOD - [2010/11/25 03:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
    MOD - [2010/11/21 03:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2010/11/17 15:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    MOD - [2009/06/10 21:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/10/18 14:32:28 | 000,161,168 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
    SRV:64bit: - [2011/10/18 14:23:24 | 000,208,536 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
    SRV:64bit: - [2011/10/18 14:23:06 | 000,199,272 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV:64bit: - [2011/03/17 21:39:40 | 000,501,768 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\VirusScan\mcods.exe -- (McODS)
    SRV:64bit: - [2011/03/08 22:00:50 | 000,224,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)
    SRV:64bit: - [2011/01/27 23:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
    SRV:64bit: - [2011/01/27 23:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV:64bit: - [2011/01/27 23:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
    SRV:64bit: - [2011/01/27 23:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV:64bit: - [2011/01/27 23:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV:64bit: - [2011/01/27 23:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV:64bit: - [2011/01/27 23:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV:64bit: - [2010/12/17 19:41:32 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2010/12/17 19:26:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2010/12/17 13:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2010/11/29 20:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
    SRV:64bit: - [2010/09/22 23:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/11/18 02:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/01/04 14:33:42 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/08/08 19:52:18 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011/08/03 11:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/08/03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2011/05/16 15:30:18 | 001,688,384 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
    SRV - [2010/12/20 23:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2010/12/20 23:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2010/11/25 10:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
    SRV - [2010/11/25 10:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
    SRV - [2010/08/26 01:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
    SRV - [2010/05/04 17:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/01/04 14:33:58 | 000,063,760 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
    DRV:64bit: - [2011/10/15 13:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
    DRV:64bit: - [2011/10/15 13:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
    DRV:64bit: - [2011/10/15 13:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
    DRV:64bit: - [2011/10/15 13:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
    DRV:64bit: - [2011/10/15 13:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
    DRV:64bit: - [2011/10/15 13:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
    DRV:64bit: - [2011/10/15 13:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
    DRV:64bit: - [2011/10/15 13:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
    DRV:64bit: - [2011/09/02 15:14:42 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2011/08/03 11:50:00 | 000,246,888 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
    DRV:64bit: - [2011/08/03 11:50:00 | 000,027,240 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
    DRV:64bit: - [2011/08/01 14:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
    DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/03/26 09:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/17 01:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/02/10 22:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2011/02/10 22:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2011/01/20 16:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV:64bit: - [2011/01/13 01:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/12/22 09:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
    DRV:64bit: - [2010/12/17 17:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/12/13 17:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
    DRV:64bit: - [2010/12/12 14:18:36 | 000,121,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
    DRV:64bit: - [2010/12/01 10:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
    DRV:64bit: - [2010/11/29 20:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2010/11/21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/10/15 16:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2010/08/20 18:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
    DRV:64bit: - [2010/07/13 02:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
    DRV:64bit: - [2010/03/19 08:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2010/02/27 07:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/09/17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
    DRV:64bit: - [2009/09/17 07:05:02 | 000,058,792 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SNTUSB64.SYS -- (SNTUSB64)
    DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2006/11/01 17:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2012/01/04 14:33:58 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
    DRV - [2012/01/04 14:33:56 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
    DRV - [2011/12/29 17:10:18 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
    DRV - [2009/12/18 10:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
    DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




    IE - HKU\S-1-5-21-3724166915-1268323807-2214438749-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-21-3724166915-1268323807-2214438749-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    IE - HKU\S-1-5-21-3724166915-1268323807-2214438749-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3724166915-1268323807-2214438749-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Web Search"
    FF - prefs.js..browser.search.defaultenginename: "Web Search"
    FF - prefs.js..browser.search.order.1: "Web Search"
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
    FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
    FF - prefs.js..network.proxy.autoconfig_url: "http://www.uwe.ac.uk/proxy.pac"
    FF - prefs.js..network.proxy.type: 2

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ian\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ian\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011/12/29 15:41:09 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/11 09:12:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/15 15:23:26 | 000,000,000 | ---D | M]

    [2011/08/08 18:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ian\AppData\Roaming\Mozilla\Extensions
    [2012/01/05 23:47:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\85savfl6.default\extensions
    [2011/07/11 18:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\85savfl6.default\searchplugins\startsear.xml
    [2011/11/23 07:42:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/12/29 15:41:09 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
    () (No name found) -- C:\USERS\IAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\85SAVFL6.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    [2012/01/11 09:12:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/10/03 09:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
    [2012/01/11 09:12:26 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/01/11 09:12:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/01/11 09:12:26 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/01/11 09:12:26 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/01/11 09:12:26 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2012/01/19 15:29:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (VshareComplete) - {08337871-0e50-4031-9110-3bd21ca3c065} - C:\Users\Ian\AppData\Roaming\VshareComplete\64\VshareComplete64.dll (SimplyGen)
    O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20111229140434.dll (McAfee, Inc.)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20111229140434.dll (McAfee, Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
    O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
    O4 - HKU\S-1-5-21-3724166915-1268323807-2214438749-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3724166915-1268323807-2214438749-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-3724166915-1268323807-2214438749-1001..\Run: [Facebook Update] C:\Users\Ian\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKU\S-1-5-21-3724166915-1268323807-2214438749-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - HKU\S-1-5-21-3724166915-1268323807-2214438749-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-3724166915-1268323807-2214438749-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3724166915-1268323807-2214438749-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-3724166915-1268323807-2214438749-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3724166915-1268323807-2214438749-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-3724166915-1268323807-2214438749-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-3724166915-1268323807-2214438749-1001\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKU\S-1-5-21-3724166915-1268323807-2214438749-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-3724166915-1268323807-2214438749-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 164.11.133.20 164.11.132.35
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38495FB8-4CD6-4389-886C-35C31C5F77F7}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5FCD7CB-CE80-4757-8484-12C66A013FF7}: DhcpNameServer = 164.11.133.20 164.11.132.35
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
    O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...