Scan result of Farbar Recovery Scan Tool Version: 28-01-2012 Ran by SYSTEM at 2012-02-08 19:17:05 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1808680 2009-06-25] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.) HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2009-06-30] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [385560 2009-06-30] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365080 2009-06-30] (Intel Corporation) HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.) HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.) HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe" [3432448 2010-03-17] (Alcatel-Lucent) HKLM\...\Run: [dlcxmon.exe] "C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe" [292336 2007-01-12] () HKLM\...\Run: [MemoryCardManager] "C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe" [304008 2006-11-03] () HKLM\...\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\DLCXtime.dll,RunDLLEntry [31744 2006-10-15] () HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.) HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd) HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [494064 2009-06-18] () HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.) HKLM-x32\...\Run: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [111856 2009-02-23] (Yahoo! Inc) HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2011-11-22] (McAfee, Inc.) HKLM-x32\...\Run: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM [206120 2010-09-02] (SupportSoft, Inc.) HKLM-x32\...\Run: [PC Pitstop Diskmd3 Reminder] C:\Program Files (x86)\PCPitstop\DiskMD3\Reminder-Diskmd3.exe [x] HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-06-07] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-11-13] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.) HKU\Bill Riley\...\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-23] (Yahoo! Inc) HKU\Bill Riley\...\Run: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun [1179648 2011-10-11] (W3i, LLC) HKU\Vicki\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-11-10] (Microsoft Corporation) HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation) HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2010-07-21] (Softthinks) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X] Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.11.1 ==================== Services (Whitelisted) ====== 2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.) 2 dlcx_device; C:\Windows\system32\dlcxcoms.exe -service [561152 2006-10-11] ( ) 2 IHA_MessageCenter; "C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" [290832 2011-12-12] (Verizon) 2 McAfee SiteAdvisor Service; "C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe" [102608 2011-08-10] (McAfee, Inc.) 2 McciCMService; "C:\Program Files (x86)\Common Files\Motive\McciCMService.exe" [319488 2010-03-17] (Alcatel-Lucent) 2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-03-17] (Alcatel-Lucent) 3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe" [227232 2010-09-03] (McAfee, Inc.) 2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [501768 2011-03-17] (McAfee, Inc.) 2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2011-10-18] (McAfee, Inc.) 2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [208536 2011-10-18] (McAfee, Inc.) 2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [161168 2011-10-18] (McAfee, Inc.) 2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 sprtsvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe /service /p verizondm [206120 2010-09-02] (SupportSoft, Inc.) 2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.) 2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [386424 2010-02-24] (SupportSoft, Inc.) 2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe /p verizondm [185640 2010-09-02] (SupportSoft, Inc.) ========================== Drivers (Whitelisted) ============= 3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2011-10-15] (McAfee, Inc.) 3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160280 2011-10-15] (McAfee, Inc.) 3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2011-10-15] (McAfee, Inc.) 3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481768 2011-10-15] (McAfee, Inc.) 0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647080 2011-10-15] (McAfee, Inc.) 1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75808 2011-10-15] (McAfee, Inc.) 3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2011-10-15] (McAfee, Inc.) 1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [284648 2011-10-15] (McAfee, Inc.) 3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA)) 3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA)) 3 mfeavfk01; [x] 3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x] 3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x] 3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x] 3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-02-08 19:16 - 2012-02-08 19:17 - 0000000 ____D C:\FRST 2012-02-08 13:28 - 2012-02-08 13:29 - 0080520 ____A C:\TDSSKiller.2.7.10.0_08.02.2012_13.28.11_log.txt 2012-02-08 13:28 - 2012-02-08 13:28 - 0000000 ____D C:\TDSSKiller_Quarantine 2012-02-08 13:27 - 2012-02-08 13:36 - 0000000 ____D C:\Users\Bill Riley\My Documents\tdsskiller 2012-02-08 13:27 - 2012-02-08 13:36 - 0000000 ____D C:\Users\Bill Riley\Documents\tdsskiller 2012-02-08 13:27 - 2012-02-08 13:27 - 2041778 ____A C:\Users\Bill Riley\My Documents\tdsskiller.zip 2012-02-08 13:27 - 2012-02-08 13:27 - 2041778 ____A C:\Users\Bill Riley\Documents\tdsskiller.zip 2012-02-05 16:54 - 2012-02-05 16:54 - 58531840 ____A C:\Windows\System32\config\software.iobit 2012-02-05 16:54 - 2012-02-05 16:54 - 20971520 ____A C:\Windows\System32\config\system.iobit 2012-02-05 16:54 - 2012-02-05 16:54 - 0475136 ____A C:\Windows\System32\config\default.iobit 2012-02-05 16:54 - 2012-02-05 16:54 - 0057344 ____A C:\Windows\System32\config\sam.iobit 2012-02-05 16:54 - 2012-02-05 16:54 - 0024576 ____A C:\Windows\System32\config\security.iobit 2012-02-05 16:40 - 2012-02-05 16:40 - 0000000 ____D C:\Users\Bill Riley\Application Data\IObit 2012-02-05 16:40 - 2012-02-05 16:40 - 0000000 ____D C:\Users\Bill Riley\AppData\Roaming\IObit 2012-02-05 16:40 - 2012-02-05 16:40 - 0000000 ____D C:\Users\All Users\IObit 2012-02-05 16:40 - 2012-02-05 16:40 - 0000000 ____D C:\Users\All Users\Application Data\IObit 2012-02-05 16:40 - 2012-02-05 16:40 - 0000000 ____D C:\ProgramData\IObit 2012-02-05 16:39 - 2012-02-05 16:39 - 0000000 ____D C:\Program Files (x86)\IObit 2012-01-15 13:33 - 2012-01-15 13:33 - 2492946 ____A C:\Users\Bill Riley\My Documents\Tower_instructions.pdf 2012-01-15 13:33 - 2012-01-15 13:33 - 2492946 ____A C:\Users\Bill Riley\Documents\Tower_instructions.pdf ============ 3 Months Modified Files and Folders ============= 2012-02-08 19:17 - 2012-02-08 19:16 - 0000000 ____D C:\FRST 2012-02-08 14:21 - 2009-10-25 17:37 - 0000000 ____D C:\users\Vicki 2012-02-08 14:21 - 2009-10-25 11:15 - 0000000 ____D C:\users\Bill Riley 2012-02-08 14:20 - 2011-05-28 21:03 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-02-08 14:20 - 2011-03-20 20:45 - 0000000 ____D C:\Program Files\Dl_cats 2012-02-08 14:20 - 2011-03-13 14:14 - 0000000 ____D C:\Users\All Users\McAfee Security Scan 2012-02-08 14:20 - 2011-03-13 14:14 - 0000000 ____D C:\Users\All Users\Application Data\McAfee Security Scan 2012-02-08 14:20 - 2011-03-13 14:14 - 0000000 ____D C:\ProgramData\McAfee Security Scan 2012-02-08 14:20 - 2009-12-28 20:11 - 0000000 __SHD C:\Windows\System32\%APPDATA% 2012-02-08 14:20 - 2009-11-01 21:07 - 0000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2012-02-08 14:20 - 2009-10-31 17:23 - 0000000 ____D C:\Users\All Users\Yahoo! Companion 2012-02-08 14:20 - 2009-10-31 17:23 - 0000000 ____D C:\Users\All Users\Application Data\Yahoo! Companion 2012-02-08 14:20 - 2009-10-31 17:23 - 0000000 ____D C:\ProgramData\Yahoo! Companion 2012-02-08 14:20 - 2009-10-25 20:49 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-02-08 14:20 - 2009-09-21 06:18 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2012-02-08 14:20 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\Windows Portable Devices 2012-02-08 14:20 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices 2012-02-08 14:20 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\sysprep 2012-02-08 14:20 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\registration 2012-02-08 14:20 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\AppCompat 2012-02-08 14:20 - 2009-07-13 22:20 - 0000000 ____D C:\Program Files\Common Files\System 2012-02-08 14:20 - 2009-07-13 22:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared 2012-02-08 14:19 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\servicing 2012-02-08 14:18 - 2009-10-31 17:23 - 0000000 ____D C:\Users\Bill Riley\Application Data\Yahoo! 2012-02-08 14:18 - 2009-10-31 17:23 - 0000000 ____D C:\Users\Bill Riley\AppData\Roaming\Yahoo! 2012-02-08 14:18 - 2009-10-25 11:19 - 0000000 ____D C:\Users\Bill Riley\Local Settings\VirtualStore 2012-02-08 14:18 - 2009-10-25 11:19 - 0000000 ____D C:\Users\Bill Riley\Local Settings\Application Data\VirtualStore 2012-02-08 14:18 - 2009-10-25 11:19 - 0000000 ____D C:\Users\Bill Riley\AppData\Local\VirtualStore 2012-02-08 14:18 - 2009-10-25 11:15 - 0000000 ____D C:\Users\Bill Riley\AppData\LocalLow 2012-02-08 14:17 - 2009-09-21 06:12 - 0000000 ____D C:\Users\All Users\Application Data\Adobe 2012-02-08 14:17 - 2009-09-21 06:12 - 0000000 ____D C:\Users\All Users\Adobe 2012-02-08 14:17 - 2009-09-21 06:12 - 0000000 ____D C:\ProgramData\Adobe 2012-02-08 14:16 - 2009-10-29 10:52 - 0000000 __RHD C:\MSOCache 2012-02-08 14:16 - 2009-09-21 06:12 - 0000000 ____D C:\Program Files (x86)\Adobe 2012-02-08 14:00 - 2009-10-25 20:49 - 0000000 ____D C:\Users\Bill Riley\Application Data\Malwarebytes 2012-02-08 14:00 - 2009-10-25 20:49 - 0000000 ____D C:\Users\Bill Riley\AppData\Roaming\Malwarebytes 2012-02-08 13:36 - 2012-02-08 13:27 - 0000000 ____D C:\Users\Bill Riley\My Documents\tdsskiller 2012-02-08 13:36 - 2012-02-08 13:27 - 0000000 ____D C:\Users\Bill Riley\Documents\tdsskiller 2012-02-08 13:29 - 2012-02-08 13:28 - 0080520 ____A C:\TDSSKiller.2.7.10.0_08.02.2012_13.28.11_log.txt 2012-02-08 13:28 - 2012-02-08 13:28 - 0000000 ____D C:\TDSSKiller_Quarantine 2012-02-08 13:27 - 2012-02-08 13:27 - 2041778 ____A C:\Users\Bill Riley\My Documents\tdsskiller.zip 2012-02-08 13:27 - 2012-02-08 13:27 - 2041778 ____A C:\Users\Bill Riley\Documents\tdsskiller.zip 2012-02-08 13:12 - 2009-11-09 20:20 - 0000000 ____D C:\Users\Bill Riley\Local Settings\SoftThinks 2012-02-08 13:12 - 2009-11-09 20:20 - 0000000 ____D C:\Users\Bill Riley\Local Settings\Application Data\SoftThinks 2012-02-08 13:12 - 2009-11-09 20:20 - 0000000 ____D C:\Users\Bill Riley\AppData\Local\SoftThinks 2012-02-08 13:11 - 2009-09-21 08:02 - 3190050816 __ASH C:\hiberfil.sys 2012-02-05 16:54 - 2012-02-05 16:54 - 58531840 ____A C:\Windows\System32\config\software.iobit 2012-02-05 16:54 - 2012-02-05 16:54 - 20971520 ____A C:\Windows\System32\config\system.iobit 2012-02-05 16:54 - 2012-02-05 16:54 - 0475136 ____A C:\Windows\System32\config\default.iobit 2012-02-05 16:54 - 2012-02-05 16:54 - 0057344 ____A C:\Windows\System32\config\sam.iobit 2012-02-05 16:54 - 2012-02-05 16:54 - 0024576 ____A C:\Windows\System32\config\security.iobit 2012-02-05 16:40 - 2012-02-05 16:40 - 0000000 ____D C:\Users\Bill Riley\Application Data\IObit 2012-02-05 16:40 - 2012-02-05 16:40 - 0000000 ____D C:\Users\Bill Riley\AppData\Roaming\IObit 2012-02-05 16:40 - 2012-02-05 16:40 - 0000000 ____D C:\Users\All Users\IObit 2012-02-05 16:40 - 2012-02-05 16:40 - 0000000 ____D C:\Users\All Users\Application Data\IObit 2012-02-05 16:40 - 2012-02-05 16:40 - 0000000 ____D C:\ProgramData\IObit 2012-02-05 16:39 - 2012-02-05 16:39 - 0000000 ____D C:\Program Files (x86)\IObit 2012-02-03 09:46 - 2009-11-01 17:35 - 0000000 ____D C:\Users\Bill Riley\Local Settings\Application Data\Adobe 2012-02-03 09:46 - 2009-11-01 17:35 - 0000000 ____D C:\Users\Bill Riley\Local Settings\Adobe 2012-02-03 09:46 - 2009-11-01 17:35 - 0000000 ____D C:\Users\Bill Riley\AppData\Local\Adobe 2012-01-28 15:10 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\config\TxR 2012-01-28 15:09 - 2009-11-01 21:07 - 0000000 ____D C:\Users\Bill Riley\Local Settings\Thunderbird 2012-01-28 15:09 - 2009-11-01 21:07 - 0000000 ____D C:\Users\Bill Riley\Local Settings\Application Data\Thunderbird 2012-01-28 15:09 - 2009-11-01 21:07 - 0000000 ____D C:\Users\Bill Riley\AppData\Local\Thunderbird 2012-01-15 13:33 - 2012-01-15 13:33 - 2492946 ____A C:\Users\Bill Riley\My Documents\Tower_instructions.pdf 2012-01-15 13:33 - 2012-01-15 13:33 - 2492946 ____A C:\Users\Bill Riley\Documents\Tower_instructions.pdf 2012-01-03 11:56 - 2010-03-06 09:15 - 0000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-01-03 11:45 - 2009-07-14 00:10 - 1395804 ____A C:\Windows\WindowsUpdate.log 2012-01-03 10:21 - 2010-04-16 10:10 - 0001749 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk 2012-01-03 10:21 - 2010-04-16 10:10 - 0001749 ____A C:\Users\All Users\Desktop\McAfee Total Protection.lnk 2012-01-03 10:21 - 2009-07-14 00:13 - 0713888 ____A C:\Windows\System32\PerfStringBackup.INI 2012-01-03 10:20 - 2009-07-13 23:45 - 0014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-01-03 10:20 - 2009-07-13 23:45 - 0014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-01-03 10:16 - 2010-03-06 09:15 - 0000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-01-03 10:13 - 2009-07-14 00:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT 2012-01-03 10:13 - 2009-07-13 23:51 - 0088937 ____A C:\Windows\setupact.log 2011-12-28 16:05 - 2009-09-21 08:02 - 0555566 ____A C:\Windows\PFRO.log 2011-12-26 23:11 - 2011-12-26 23:11 - 0000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin 2011-12-26 23:11 - 2011-12-26 23:11 - 0000000 ____D C:\Program Files (x86)\W3i 2011-12-26 23:09 - 2011-12-26 23:09 - 0037606 ____A C:\Windows\SysWOW64\msg-instll-log.txt 2011-12-26 23:09 - 2011-12-26 23:09 - 0000650 ____A C:\Windows\System32\msg-instll-log.txt 2011-12-26 23:09 - 2011-12-26 23:09 - 0000260 ____A C:\Windows\SysWOW64\cmdVBS.vbs 2011-12-26 23:09 - 2011-12-26 23:09 - 0000256 ____A C:\Windows\SysWOW64\MSIevent.bat 2011-12-26 23:09 - 2010-06-28 21:09 - 0000000 ____D C:\Program Files\Verizon 2011-12-26 23:09 - 2010-06-28 21:09 - 0000000 ____D C:\Program Files (x86)\Verizon 2011-12-18 14:43 - 2011-12-18 14:43 - 0335323 ____A C:\Users\Bill Riley\My Documents\canon recipt.docx 2011-12-18 14:43 - 2011-12-18 14:43 - 0335323 ____A C:\Users\Bill Riley\Documents\canon recipt.docx 2011-12-16 15:58 - 2011-06-12 20:08 - 0002346 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2011-12-16 15:58 - 2011-06-12 20:08 - 0002346 ____A C:\Users\All Users\Desktop\Google Chrome.lnk 2011-12-10 13:39 - 2011-12-10 13:00 - 0003753 ____A C:\Users\Bill Riley\My Documents\xmaslist_2011.csv 2011-12-10 13:39 - 2011-12-10 13:00 - 0003753 ____A C:\Users\Bill Riley\Documents\xmaslist_2011.csv 2011-12-10 12:59 - 2008-12-10 19:43 - 0025600 ____A C:\Users\Bill Riley\My Documents\xmas card list.xls 2011-12-10 12:59 - 2008-12-10 19:43 - 0025600 ____A C:\Users\Bill Riley\Documents\xmas card list.xls 2011-11-22 19:59 - 2011-11-22 19:59 - 0002133 ____A C:\Users\Public\Desktop\Google Earth.lnk 2011-11-22 19:59 - 2011-11-22 19:59 - 0002133 ____A C:\Users\All Users\Desktop\Google Earth.lnk 2011-11-22 19:59 - 2009-12-13 16:04 - 0000000 ____D C:\Program Files (x86)\Google 2011-11-19 21:01 - 2011-11-19 21:01 - 0001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk 2011-11-19 21:01 - 2011-11-19 21:01 - 0001847 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk 2011-11-19 21:01 - 2011-11-19 21:01 - 0000000 ____D C:\Program Files (x86)\QuickTime 2011-11-19 20:56 - 2011-11-19 20:56 - 0000628 ____A C:\Windows\System32\mapisvc.inf 2011-11-19 20:56 - 2011-10-22 16:42 - 0000000 ____D C:\Program Files\Common Files\Apple 2011-11-19 20:50 - 2011-11-19 20:50 - 0001785 ____A C:\Users\Public\Desktop\iTunes.lnk 2011-11-19 20:50 - 2011-11-19 20:50 - 0001785 ____A C:\Users\All Users\Desktop\iTunes.lnk 2011-11-19 20:50 - 2011-11-19 20:49 - 0000000 ____D C:\Program Files\iTunes 2011-11-19 20:50 - 2011-10-22 16:43 - 0000000 ____D C:\Program Files (x86)\iTunes 2011-11-19 20:49 - 2011-11-19 20:49 - 0000000 ____D C:\Program Files\iPod 2011-11-19 20:29 - 2009-11-01 21:07 - 0000000 ____D C:\Users\Bill Riley\Application Data\Mozilla 2011-11-19 20:29 - 2009-11-01 21:07 - 0000000 ____D C:\Users\Bill Riley\AppData\Roaming\Mozilla 2011-11-15 14:29 - 2009-11-15 18:43 - 0270720 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ========================= Memory info ====================== Percentage of memory in use: 14% Total physical RAM: 4056.36 MB Available physical RAM: 3464.6 MB Total Pagefile: 4054.51 MB Available Pagefile: 3437.27 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:446.59 GB) (Free:352.64 GB) NTFS 3 Drive e: (RECOVERY) (Fixed) (Total:18.87 GB) (Free:14.29 GB) NTFS ==>[System with boot components (obtained from reading drive)] 4 Drive f: () (Removable) (Total:1.91 GB) (Free:1.68 GB) FAT 6 Drive h: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS 7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 465 GB 0 B Disk 1 No Media 0 B 0 B Disk 2 Online 1953 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 298 MB 31 KB Partition 2 Primary 18 GB 299 MB Partition 3 Primary 446 GB 19 GB Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 6 FAT Partition 298 MB Healthy Hidden Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 E RECOVERY NTFS Partition 18 GB Healthy Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 C OS NTFS Partition 446 GB Healthy Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1952 MB 122 KB Disk: 2 Partition 1 Type : 06 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 F FAT Removable 1952 MB Healthy ========================================================== TDL4: custom:26000022 ========================================================== Last Boot: 2012-01-30 16:47 ======================= End Of Log ==========================