Solved Windows delayed write failed and system check help

Squadmissile · Jan 19, 2012

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/19 18:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/01/19 18:33:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/19 15:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/01/19 15:17:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/19 15:17:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/19 15:17:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/19 15:17:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/19 15:17:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/15 20:22:23 | 000,000,000 | ---D | C] -- C:\Boot
[2012/01/10 21:26:54 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\McAfee
[2012/01/10 18:17:31 | 000,000,000 | ---D | C] -- C:\FRST
[2012/01/09 22:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/09 22:18:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/09 17:51:28 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Malwarebytes
[2012/01/09 11:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/01/08 21:36:41 | 000,000,000 | ---D | C] -- C:\found.000
[2012/01/08 21:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/06 20:20:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bugfixer 1.1 for Baron Samedi's Submods Compilation V4.1
[2012/01/06 20:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Patch 1.1 for Baron Samedi's Submods Compilation V4.0
[2012/01/06 20:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baron Samedi's Gameplay Enhancing Submods Compilation V4.0
[2012/01/02 16:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/02 16:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/02 16:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/29 16:29:49 | 000,063,760 | ---- | C] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2011/12/29 16:29:42 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\Trusteer
[2011/12/29 16:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport
[2011/12/29 16:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trusteer
[2011/12/29 16:28:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer
[2011/12/29 15:32:28 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\NVIDIA
[2011/12/29 15:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Delcam
[2011/12/29 15:23:58 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\PowerSHAPE
[2011/12/29 15:23:15 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Delcam
[2011/12/29 15:23:14 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\POV-Ray for Windows v3.62
[2011/12/29 15:23:04 | 000,000,000 | ---D | C] -- C:\Users\Ian\Documents\POV-Ray
[2011/12/29 15:23:04 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\POV-Ray
[2011/12/29 15:22:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delcam
[2011/12/29 15:22:40 | 000,102,400 | ---- | C] (TechSmith Corporation) -- C:\Windows\SysWow64\tsccvid.dll
[2011/12/29 15:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delcam
[2011/12/29 15:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Delcam
[2011/12/29 15:21:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Delcam
[2011/12/29 15:20:44 | 000,145,448 | ---- | C] (SafeNet, Inc.) -- C:\Windows\SysNative\drivers\sentinel64.sys
[2011/12/29 15:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel
[2011/12/29 15:20:34 | 000,000,000 | ---D | C] -- C:\Users\Ian\Documents\Downloaded Installations
[2011/12/29 15:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\Delcam
[2011/12/24 07:36:35 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 2of2)
[2011/12/24 07:30:07 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 1of2)
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/19 18:59:05 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3724166915-1268323807-2214438749-1001UA.job
[2012/01/19 18:59:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3724166915-1268323807-2214438749-1001Core.job
[2012/01/19 18:40:47 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/19 18:40:47 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/19 18:37:32 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012/01/19 18:33:42 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/01/19 18:33:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/19 18:32:56 | 3153,727,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/19 18:03:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3724166915-1268323807-2214438749-1001UA.job
[2012/01/19 15:29:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/19 15:29:08 | 000,000,506 | -H-- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/01/19 14:37:28 | 000,000,512 | ---- | M] () -- C:\Users\Ian\Desktop\MBR.dat
[2012/01/17 21:03:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3724166915-1268323807-2214438749-1001Core.job
[2012/01/15 15:23:26 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/01/15 14:28:10 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/15 14:28:10 | 000,664,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/15 14:28:10 | 000,125,696 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/13 17:53:37 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/01/10 20:51:46 | 000,150,480 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/01/09 23:44:10 | 000,005,480 | ---- | M] () -- C:\Users\Ian\Documents\Attach.zip
[2012/01/09 22:18:54 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/09 21:07:10 | 000,000,047 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/01/09 11:47:22 | 001,478,942 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/01/08 21:18:56 | 000,000,679 | ---- | M] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/07 11:59:44 | 000,002,393 | ---- | M] () -- C:\Users\Ian\Desktop\Google Chrome.lnk
[2012/01/04 18:04:07 | 000,765,178 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/04 14:33:58 | 000,063,760 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2012/01/02 16:52:20 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/29 15:41:27 | 000,357,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/29 15:23:15 | 000,000,703 | ---- | M] () -- C:\Users\Ian\Desktop\Sample POV-Ray 3.6 Scenes.lnk
[2011/12/29 15:23:14 | 000,002,287 | ---- | M] () -- C:\Users\Ian\Desktop\POV-Ray for Windows v3.62.lnk
[2011/12/29 11:57:54 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/12/22 21:19:19 | 000,047,616 | ---- | M] () -- C:\Users\Ian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/21 08:05:45 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/19 15:17:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/19 15:17:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/19 15:17:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/19 15:17:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/19 15:17:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/19 14:37:28 | 000,000,512 | ---- | C] () -- C:\Users\Ian\Desktop\MBR.dat
[2012/01/15 21:05:49 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2012/01/10 21:24:48 | 000,002,168 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Virtual Technician.lnk
[2012/01/10 20:51:46 | 000,150,480 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/01/09 23:44:10 | 000,005,480 | ---- | C] () -- C:\Users\Ian\Documents\Attach.zip
[2012/01/09 22:18:54 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/09 21:07:10 | 000,000,047 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012/01/09 20:49:49 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\Intel(R) Wireless Display.lnk
[2012/01/09 20:49:49 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/01/09 20:49:49 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/09 20:49:49 | 000,001,686 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/01/09 20:49:49 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/09 20:49:49 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012/01/09 20:49:49 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/01/09 20:49:49 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/09 20:49:44 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/01/09 20:49:44 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/01/09 20:49:44 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/09 20:49:44 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2012/01/09 20:49:44 | 000,002,114 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) Wireless Display.lnk
[2012/01/09 20:49:44 | 000,001,939 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2012/01/09 20:49:44 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/01/09 20:49:44 | 000,001,460 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/01/09 20:49:44 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/01/09 20:49:44 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/01/09 20:49:44 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/01/09 20:49:44 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/01/09 20:49:44 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/01/09 20:49:44 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/01/09 20:49:44 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/01/09 20:49:44 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/01/09 20:49:44 | 000,001,156 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/09 20:49:44 | 000,000,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zinio Reader 4.lnk
[2012/01/09 11:46:58 | 001,478,942 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/01/08 21:22:11 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012/01/08 21:18:56 | 000,000,679 | ---- | C] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2011/12/29 15:23:15 | 000,000,703 | ---- | C] () -- C:\Users\Ian\Desktop\Sample POV-Ray 3.6 Scenes.lnk
[2011/12/29 15:23:14 | 000,002,287 | ---- | C] () -- C:\Users\Ian\Desktop\POV-Ray for Windows v3.62.lnk
[2011/12/29 11:57:54 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/11/20 17:58:30 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/08/15 12:13:08 | 000,000,017 | ---- | C] () -- C:\Users\Ian\AppData\Local\resmon.resmoncfg
[2011/08/10 23:41:12 | 000,047,616 | ---- | C] () -- C:\Users\Ian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/04 05:09:30 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/08/04 05:08:42 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/08/04 05:08:39 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/08/04 05:08:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/08/03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/02/10 16:10:51 | 000,765,178 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2012/01/14 01:18:07 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\BitTorrent
[2011/08/09 18:12:08 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\coupons
[2011/09/14 14:06:55 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\DAEMON Tools Lite
[2011/12/29 15:23:15 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Delcam
[2011/08/08 17:35:26 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Fingertapps
[2011/10/13 00:19:37 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Mount&Blade Warband
[2011/08/09 16:02:51 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\PCDr
[2011/12/29 15:23:04 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\POV-Ray
[2012/01/01 09:50:06 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\PowerSHAPE
[2012/01/18 18:37:59 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Spotify
[2011/09/22 19:42:08 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\SystemRequirementsLab
[2011/08/09 15:23:45 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\The Creative Assembly
[2011/11/22 20:22:59 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\VshareComplete
[2012/01/17 21:03:00 | 000,000,898 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3724166915-1268323807-2214438749-1001Core.job
[2012/01/19 18:03:00 | 000,000,920 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3724166915-1268323807-2214438749-1001UA.job
[2012/01/13 17:53:37 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/01/09 00:07:29 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/19 15:29:08 | 000,000,506 | -H-- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/11/21 03:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2012/01/19 15:40:41 | 000,023,742 | ---- | M] () -- C:\ComboFix.txt
[2011/08/04 04:48:50 | 000,004,087 | R--- | M] () -- C:\dell.sdr
[2011/08/04 03:43:23 | 000,001,136 | ---- | M] () -- C:\freefallprotection.log
[2012/01/19 18:32:56 | 3153,727,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/18 02:01:23 | 000,000,640 | ---- | M] () -- C:\log.txt
[2012/01/19 18:33:01 | 4204,969,984 | -HS- | M] () -- C:\pagefile.sys
[2012/01/09 19:44:59 | 000,000,361 | ---- | M] () -- C:\rkill.log

< %systemroot%\Fonts\*.com >
[2009/07/14 05:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 05:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 05:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 05:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 20:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 07:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 04:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/08/08 18:00:34 | 000,000,221 | -HS- | M] () -- C:\Users\Ian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 21:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/08/08 17:34:55 | 000,000,402 | -HS- | M] () -- C:\Users\Ian\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp

FC5A2B2

< End of report >

Broni · Jan 19, 2012

I can't proceed because you didn't answer my question:

How is computer doing?

Squadmissile · Jan 19, 2012

I thought i did sorry. Its working fine, i haven't noticed any problems or slow running as of yet. Working just as well as pre-infection i think

Broni · Jan 19, 2012

Very good

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
IE - HKU\S-1-5-21-3724166915-1268323807-2214438749-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
[2011/07/11 18:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\85savfl6.default\searchplugins\startsear.xml
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O15 - HKU\S-1-5-21-3724166915-1268323807-2214438749-1001\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3724166915-1268323807-2214438749-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3724166915-1268323807-2214438749-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

===============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Do NOT post JavaRa log.

==============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

Broni · Jan 25, 2012

Still with me?

Squadmissile · Jan 25, 2012

Got past the java but the network I am on won't let me download the security check, sorry for the slow reply

Broni · Jan 25, 2012

the network I am on won't let me download the security check

Explain.

I still need a log from OTL fix.

Squadmissile · Jan 31, 2012

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3724166915-1268323807-2214438749-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Prefs.js: "Web Search" removed from browser.search.defaultengine
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.order.1
File C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\85savfl6.default\searchplugins\startsear.xml not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry key HKEY_USERS\S-1-5-21-3724166915-1268323807-2214438749-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ not found.
Registry key HKEY_USERS\S-1-5-21-3724166915-1268323807-2214438749-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
Registry key HKEY_USERS\S-1-5-21-3724166915-1268323807-2214438749-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
Unable to delete ADS C:\ProgramData\Temp

FC5A2B2 .
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

I mean to say i am at university and when i click on the link it considers the page to be malware and won't let me view it

Broni · Jan 31, 2012

I uploaded Security Check here: http://www.filedropper.com/securitycheck_1

Squadmissile · Jan 31, 2012

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
McAfee Virtual Technician
McAfee SecurityCenter
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 30
Adobe Reader X (10.1.2)
Mozilla Firefox (x86 en-GB..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

Squadmissile · Jan 31, 2012

Farbar Service Scanner Version: 31-01-2012 01
Ran by Ian (administrator) on 01-02-2012 at 02:24:28
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Yahoo IP returend error: Yahoo IP is offline

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Squadmissile · Jan 31, 2012

C:\Users\Ian\Downloads\cnet_SopCast_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Ian\Downloads\download_using_mediaget.exe Win32/MediaGet application cleaned by deleting - quarantined
C:\Users\Ian\Downloads\YouTubeDownloaderSetup33.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined

Broni · Jan 31, 2012

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

Squadmissile · Jan 31, 2012

Great stuff

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Ian
->Temp folder emptied: 971 bytes
->Temporary Internet Files folder emptied: 36325 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 307661418 bytes
->Flash cache emptied: 814 bytes

User: Public
->Temp folder emptied: 0 bytes

Broni · Jan 31, 2012

Way to go!!

Good luck and stay safe

Solved Windows delayed write failed and system check help

Squadmissile

Posts: 22 +0

Broni

Posts: 56,041 +517

Squadmissile

Posts: 22 +0

Broni

Posts: 56,041 +517

Broni

Posts: 56,041 +517

Squadmissile

Posts: 22 +0

Broni

Posts: 56,041 +517

Squadmissile

Posts: 22 +0

Broni

Posts: 56,041 +517

Squadmissile

Posts: 22 +0

Squadmissile

Posts: 22 +0

Squadmissile

Posts: 22 +0

Broni

Posts: 56,041 +517

Squadmissile

Posts: 22 +0

Broni

Posts: 56,041 +517

Similar threads

Latest posts