Ukash Police virus [Closed] [Solved]
Started by
chucknorrisno1
, May 29 2012 11:40 AM
This topic is locked
#31
Posted 03 June 2012 - 11:34 AM
chucknorrisno1
- Topic Starter
-
- Member
-
- 39 posts
Member
#32
Posted 03 June 2012 - 11:38 AM
CompCav
-
- Expert
-
- 12,454 posts
Member 5k
Great here we go:
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.
Plug the flashdrive into the infected PC.
Enter System Recovery Options.
To enter System Recovery Options by using the Recovery disc:
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.
Plug the flashdrive into the infected PC.
Enter System Recovery Options.
To enter System Recovery Options by using the Recovery disc:
- Insert theRecovery disc.
- Restart your computer.
- If prompted, press any key to start Windows from the Recovery disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
- Click Repair your computer.
- Select English as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
#33
Posted 03 June 2012 - 11:45 AM
chucknorrisno1
- Topic Starter
-
- Member
-
- 39 posts
Member
[*]If prompted, press any key to start Windows from the Recovery disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
I think I need to change my BIOS settings as there is no prompt.
I think I need to change my BIOS settings as there is no prompt.
#35
Posted 03 June 2012 - 12:37 PM
chucknorrisno1
- Topic Starter
-
- Member
-
- 39 posts
Member
Finally managed to figure it out lol!!!
Scan result of Farbar Recovery Scan Tool Version: 03-06-2012
Ran by SYSTEM at 03-06-2012 19:33:07
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [CyCpIo] C:\Program Files\Cypress\TrackPad\CyCpIo.exe [2375168 2011-10-19] (Cypress Semiconductor Corporation)
HKLM\...\Run: [CyHidWin] C:\Program Files\Cypress\TrackPad\CyHidWin.exe [2354176 2011-10-18] (Cypress Semiconductor, Inc.)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [7214696 2011-05-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 [2226280 2011-05-17] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-08-05] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-08-05] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-08-05] (Intel Corporation)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [312936 2011-04-21] (NVIDIA Corporation)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10357008 2011-10-18] (Intel Corporation)
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-09-15] (Intel® Corporation)
HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [4146848 2011-07-12] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207845 2011-04-29] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
HKLM-x32\...\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 [66872 2012-02-06] ()
HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2825741 2011-04-29] ()
HKU\Al and Claire\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-05-01] (Valve Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll
Startup: C:\Users\Al and Claire\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
==================== Services (Whitelisted) ======
2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [1166848 2011-09-15] (Intel Corporation)
2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [936272 2011-10-18] (Intel Corporation)
3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [1354064 2011-10-18] (Intel Corporation)
2 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [1001808 2011-10-18] (Intel Corporation)
2 BTHSSecurityMgr; "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [134928 2011-06-03] (Intel® Corporation)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [502032 2012-03-22] (McAfee, Inc.)
4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
2 NOBU; "C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe" SERVICE [2823000 2010-08-25] (Dell, Inc.)
2 PlugPlay; C:\Windows\System32\svchost.exe -k DcomLaunch [27136 2009-07-13] (Microsoft Corporation)
2 PlugPlay; C:\Windows\SysWow64\svchost.exe -k DcomLaunch [20992 2009-07-13] (Microsoft Corporation)
3 RoxMediaDB12OEM; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-11-25] (Sonic Solutions)
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)
3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [x]
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]
========================== Drivers (Whitelisted) =============
3 AMPPAL; C:\Windows\System32\Drivers\AMPPAL.sys [299008 2011-09-15] (Windows ® Win 7 DDK provider)
3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [299008 2011-09-15] (Windows ® Win 7 DDK provider)
3 btmaux; C:\Windows\System32\Drivers\btmaux.sys [53760 2011-08-29] (Intel Corporation)
3 btmhsf; C:\Windows\System32\Drivers\btmhsf.sys [288768 2011-10-10] (Intel Corporation)
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
3 cyhid; C:\Windows\System32\Drivers\cyhid.sys [117248 2011-10-21] (Cypress Semiconductor, Inc.)
3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [13824 2011-10-18] (Cypress Semiconductor, Inc.)
3 cymfltrService; C:\Windows\System32\DRIVERS\cymfltr.sys [79872 2011-10-21] (Cypress Semiconductor, Inc.)
3 iBtFltCoex; C:\Windows\System32\Drivers\iBtFltCoex.sys [59904 2011-10-11] (Intel Corporation)
3 intaud_WaveExtensible; C:\Windows\System32\drivers\intelaud.sys [34200 2011-05-17] (Intel Corporation)
3 iwdbus; C:\Windows\System32\Drivers\iwdbus.sys [25496 2011-05-17] (Intel Corporation)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
3 NETwNs64; C:\Windows\System32\Drivers\NETwNs64.sys [8604672 2011-09-18] (Intel Corporation)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [16120 2010-11-29] (Intel® Corporation)
3 mfeavfk01; [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-06-03 19:32 - 2012-06-03 19:33 - 0000000 ____D C:\FRST
2012-06-01 12:53 - 2012-06-01 12:53 - 0000000 ____D C:\Qoobox
2012-06-01 12:51 - 2012-06-01 12:23 - 4534253 ____R (Swearware) C:\Users\Al and Claire\Desktop\ComboFix.exe
2012-06-01 12:02 - 2012-06-01 11:57 - 0595968 ____A (OldTimer Tools) C:\Users\Al and Claire\Desktop\OTL.scr
2012-06-01 11:32 - 2012-06-01 11:32 - 0000000 ____D C:\Users\Al and Claire\AppData\Local\Sonic_Solutions
2012-06-01 11:29 - 2012-06-01 11:29 - 0262144 ____A C:\Windows\Minidump\060112-16146-01.dmp
2012-06-01 11:22 - 2012-06-01 11:22 - 0001457 ____A C:\Users\Al and Claire\Desktop\aswMBR.txt
2012-06-01 11:22 - 2012-06-01 11:22 - 0000512 ____A C:\Users\Al and Claire\Desktop\MBR.dat
2012-06-01 11:13 - 2012-06-01 11:13 - 0001085 ____A C:\Users\Al and Claire\Desktop\RKreport[3].txt
2012-06-01 11:12 - 2012-06-01 11:12 - 0001444 ____A C:\Users\Al and Claire\Desktop\RKreport[2].txt
2012-06-01 11:11 - 2012-06-01 11:12 - 0000000 ____D C:\Users\Al and Claire\Desktop\RK_Quarantine
2012-06-01 11:11 - 2012-06-01 11:11 - 0001586 ____A C:\Users\Al and Claire\Desktop\RKreport[1].txt
2012-06-01 11:10 - 2012-06-01 10:35 - 4731392 ____A (AVAST Software) C:\Users\Al and Claire\Desktop\aswMBR.exe
2012-06-01 11:10 - 2012-06-01 10:35 - 0595968 ____A (OldTimer Tools) C:\Users\Al and Claire\Desktop\OTL.exe
2012-06-01 11:09 - 2012-06-01 08:35 - 1506304 ____A C:\Users\Al and Claire\Desktop\roguekiller.exe
2012-06-01 07:37 - 2012-06-01 07:37 - 0000000 ____D C:\Users\Al and Claire\AppData\Local\ElevatedDiagnostics
2012-06-01 07:22 - 2012-06-01 07:22 - 0005120 ____N C:\bootex.log
2012-06-01 07:22 - 2012-06-01 07:22 - 0003288 ____N C:\bootsqm.dat
2012-05-28 14:29 - 2012-05-28 15:36 - 0000000 ____D C:\Users\Al and Claire\AppData\Roaming\xkpoe
2012-05-28 14:26 - 2012-05-28 14:26 - 0000000 ____D C:\Users\All Users\B7E858A71F5D3D2E1CFF1250B4EB2367
2012-05-21 13:11 - 2012-05-21 13:11 - 0111809 ____A C:\Users\Al and Claire\Documents\Groupon-453DC65F2B-1.pdf
2012-05-21 13:10 - 2012-05-21 13:10 - 0108612 ____A C:\Users\Al and Claire\Downloads\Groupon-453DC65F2B.pdf
2012-05-20 13:09 - 2012-05-20 13:09 - 0002767 ____A C:\Users\Public\Desktop\SyncUP.lnk
2012-05-17 14:54 - 2012-05-17 14:54 - 0034028 ____A C:\Users\Al and Claire\Documents\Health Policy.docx
2012-05-12 09:29 - 2012-05-12 09:29 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-12 09:29 - 2012-05-12 09:29 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-12 06:41 - 2012-03-30 22:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-12 06:41 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-12 06:41 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-12 06:41 - 2012-03-30 19:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 06:41 - 2012-03-02 22:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-12 06:41 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-12 06:40 - 2012-03-30 03:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-12 06:40 - 2012-03-16 23:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-12 02:43 - 2012-05-12 02:43 - 0000000 ____D C:\Users\Al and Claire\AppData\Local\Chromium
2012-05-12 02:37 - 2012-05-12 02:37 - 0000000 ____D C:\Users\Al and Claire\AppData\Roaming\The Creative Assembly
2012-05-09 10:46 - 2012-05-09 12:16 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
============ 3 Months Modified Files and Folders =============
2012-06-03 10:12 - 2011-12-02 05:34 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-06-03 10:12 - 2011-12-02 05:01 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-06-03 10:09 - 2011-12-02 06:56 - 3137994752 __ASH C:\hiberfil.sys
2012-06-03 09:55 - 2009-07-13 20:45 - 0021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-03 09:55 - 2009-07-13 20:45 - 0021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-03 09:53 - 2011-12-02 05:05 - 1759496 ____A C:\Windows\WindowsUpdate.log
2012-06-03 09:51 - 2011-12-02 05:38 - 0000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-06-03 09:51 - 2011-12-02 05:38 - 0000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-06-02 04:33 - 2009-07-13 21:13 - 0777970 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-01 12:56 - 2012-04-27 16:02 - 174808644 ____A C:\Windows\ntbtlog.txt
2012-06-01 12:53 - 2012-06-01 12:53 - 0000000 ____D C:\Qoobox
2012-06-01 12:23 - 2012-06-01 12:51 - 4534253 ____R (Swearware) C:\Users\Al and Claire\Desktop\ComboFix.exe
2012-06-01 11:57 - 2012-06-01 12:02 - 0595968 ____A (OldTimer Tools) C:\Users\Al and Claire\Desktop\OTL.scr
2012-06-01 11:36 - 2011-12-02 05:56 - 0000000 ____D C:\Users\All Users\Roxio
2012-06-01 11:32 - 2012-06-01 11:32 - 0000000 ____D C:\Users\Al and Claire\AppData\Local\Sonic_Solutions
2012-06-01 11:32 - 2011-12-02 05:57 - 0000000 ____D C:\Users\All Users\Sonic
2012-06-01 11:29 - 2012-06-01 11:29 - 0262144 ____A C:\Windows\Minidump\060112-16146-01.dmp
2012-06-01 11:29 - 2012-04-27 16:03 - 0000000 ____D C:\Windows\Minidump
2012-06-01 11:29 - 2012-04-27 16:02 - 442651158 ____A C:\Windows\MEMORY.DMP
2012-06-01 11:22 - 2012-06-01 11:22 - 0001457 ____A C:\Users\Al and Claire\Desktop\aswMBR.txt
2012-06-01 11:22 - 2012-06-01 11:22 - 0000512 ____A C:\Users\Al and Claire\Desktop\MBR.dat
2012-06-01 11:13 - 2012-06-01 11:13 - 0001085 ____A C:\Users\Al and Claire\Desktop\RKreport[3].txt
2012-06-01 11:12 - 2012-06-01 11:12 - 0001444 ____A C:\Users\Al and Claire\Desktop\RKreport[2].txt
2012-06-01 11:12 - 2012-06-01 11:11 - 0000000 ____D C:\Users\Al and Claire\Desktop\RK_Quarantine
2012-06-01 11:11 - 2012-06-01 11:11 - 0001586 ____A C:\Users\Al and Claire\Desktop\RKreport[1].txt
2012-06-01 10:35 - 2012-06-01 11:10 - 4731392 ____A (AVAST Software) C:\Users\Al and Claire\Desktop\aswMBR.exe
2012-06-01 10:35 - 2012-06-01 11:10 - 0595968 ____A (OldTimer Tools) C:\Users\Al and Claire\Desktop\OTL.exe
2012-06-01 08:35 - 2012-06-01 11:09 - 1506304 ____A C:\Users\Al and Claire\Desktop\roguekiller.exe
2012-06-01 07:37 - 2012-06-01 07:37 - 0000000 ____D C:\Users\Al and Claire\AppData\Local\ElevatedDiagnostics
2012-06-01 07:22 - 2012-06-01 07:22 - 0005120 ____N C:\bootex.log
2012-06-01 07:22 - 2012-06-01 07:22 - 0003288 ____N C:\bootsqm.dat
2012-05-29 00:12 - 2012-04-19 05:24 - 0000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-05-29 00:12 - 2012-04-18 04:56 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-28 15:36 - 2012-05-28 14:29 - 0000000 ____D C:\Users\Al and Claire\AppData\Roaming\xkpoe
2012-05-28 15:36 - 2012-05-01 08:45 - 0000000 ____D C:\Program Files (x86)\Steam
2012-05-28 15:35 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-28 15:35 - 2009-07-13 20:51 - 0059120 ____A C:\Windows\setupact.log
2012-05-28 14:26 - 2012-05-28 14:26 - 0000000 ____D C:\Users\All Users\B7E858A71F5D3D2E1CFF1250B4EB2367
2012-05-27 14:16 - 2012-01-30 14:12 - 0000000 ____D C:\Users\Al and Claire\Documents\CLAIRE WORK FOLDER
2012-05-21 13:11 - 2012-05-21 13:11 - 0111809 ____A C:\Users\Al and Claire\Documents\Groupon-453DC65F2B-1.pdf
2012-05-21 13:10 - 2012-05-21 13:10 - 0108612 ____A C:\Users\Al and Claire\Downloads\Groupon-453DC65F2B.pdf
2012-05-21 13:05 - 2010-11-20 19:47 - 0045382 ____A C:\Windows\PFRO.log
2012-05-20 13:09 - 2012-05-20 13:09 - 0002767 ____A C:\Users\Public\Desktop\SyncUP.lnk
2012-05-20 13:07 - 2011-12-02 06:07 - 0000000 ____D C:\Users\All Users\Nero
2012-05-20 13:00 - 2012-01-06 15:06 - 0000000 ____D C:\Users\Al and Claire\AppData\Local\Nero
2012-05-17 14:54 - 2012-05-17 14:54 - 0034028 ____A C:\Users\Al and Claire\Documents\Health Policy.docx
2012-05-12 09:50 - 2009-07-13 20:45 - 0395720 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-12 09:45 - 2012-01-21 08:59 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-12 09:45 - 2012-01-06 15:00 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-12 09:36 - 2011-12-02 05:48 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-12 09:36 - 2010-11-20 23:17 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-12 09:29 - 2012-05-12 09:29 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-12 09:29 - 2012-05-12 09:29 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-12 09:29 - 2012-01-12 10:44 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-12 02:43 - 2012-05-12 02:43 - 0000000 ____D C:\Users\Al and Claire\AppData\Local\Chromium
2012-05-12 02:37 - 2012-05-12 02:37 - 0000000 ____D C:\Users\Al and Claire\AppData\Roaming\The Creative Assembly
2012-05-10 13:43 - 2012-04-19 05:24 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-05-09 12:16 - 2012-05-09 10:46 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
2012-05-07 13:32 - 2012-04-23 03:57 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-07 13:32 - 2012-04-18 04:56 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-07 13:32 - 2011-12-02 05:06 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-01 09:51 - 2012-05-01 09:51 - 0000221 ____A C:\Users\Al and Claire\Desktop\Total War SHOGUN 2.url
2012-05-01 09:05 - 2012-05-01 08:45 - 0000919 ____A C:\Users\Public\Desktop\Steam.lnk
2012-05-01 08:44 - 2012-05-01 08:43 - 0000475 ____A C:\Users\Al and Claire\Documents\installscript_log.txt
2012-05-01 08:42 - 2011-12-02 05:49 - 0217835 ____A C:\Windows\DirectX.log
2012-04-27 16:03 - 2012-04-27 16:03 - 0262144 ____A C:\Windows\Minidump\042812-22167-01.dmp
2012-04-25 14:49 - 2012-01-11 10:43 - 0002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-04-25 12:14 - 2012-01-10 15:32 - 0000000 ____D C:\Users\All Users\PCDr
2012-04-19 07:01 - 2012-03-24 09:57 - 0000000 ____D C:\Users\Al and Claire\Documents\SELF BUILD HOME
2012-04-19 05:24 - 2012-04-06 03:22 - 0000000 ____D C:\Program Files\Dell Support Center
2012-04-14 15:36 - 2009-07-13 21:08 - 0032546 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-13 16:23 - 2012-01-28 07:56 - 0000000 ____D C:\Users\Al and Claire\Documents\BUSINESS FOLDER
2012-04-07 15:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-04-03 04:15 - 2012-04-03 04:15 - 3435276 ____A C:\Users\Al and Claire\Downloads\Hotmail.zip
2012-03-30 22:05 - 2012-05-12 06:41 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-12 06:41 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-12 06:41 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-12 06:41 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 13:02 - 2012-01-06 14:41 - 0000000 ____D C:\Users\Al and Claire\AppData\LocalLow
2012-03-30 03:35 - 2012-05-12 06:40 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-23 04:39 - 2012-03-22 05:23 - 0000000 ____D C:\Program Files (x86)\EA Games
2012-03-23 03:31 - 2012-03-09 11:11 - 0000000 ____D C:\Users\Al and Claire\Documents\ORDERS
2012-03-22 08:00 - 2012-01-06 14:41 - 0103680 ____A C:\Users\Al and Claire\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-22 07:41 - 2012-03-22 06:55 - 0000000 ____D C:\Users\Al and Claire\Documents\Command and Conquer Generals Data
2012-03-22 06:52 - 2012-01-06 14:46 - 0000000 ____D C:\Users\Al and Claire\AppData\Local\VirtualStore
2012-03-22 06:46 - 2012-03-22 06:44 - 49041408 ____A (Electronic Arts, Inc.) C:\Users\Al and Claire\Downloads\TFD-102en.exe
2012-03-22 06:31 - 2012-03-22 05:42 - 0001466 ____A C:\Users\Public\Desktop\Command & Conquer The First Decade.lnk
2012-03-22 05:23 - 2011-12-02 05:22 - 0000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2012-03-21 04:43 - 2012-03-21 04:43 - 1311754 ____A C:\Users\Al and Claire\Downloads\Planning permission1.jpg
2012-03-21 03:28 - 2011-02-10 08:10 - 0764746 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-03-20 04:11 - 2012-01-10 15:31 - 0162192 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2012-03-19 16:33 - 2012-03-19 16:24 - 12420096 ____A C:\Users\Al and Claire\Downloads\Scene-9-Titanafacts-Bed.mp3
2012-03-19 16:32 - 2012-03-19 16:28 - 4476782 ____A C:\Users\Al and Claire\Downloads\Scene-3-Titanafacts.mp3
2012-03-19 16:32 - 2012-03-19 16:24 - 6212462 ____A C:\Users\Al and Claire\Downloads\Scene-10-Titanafacts.mp3
2012-03-19 16:31 - 2012-03-19 16:27 - 3688302 ____A C:\Users\Al and Claire\Downloads\Scene-5-Titanafacts.mp3
2012-03-19 16:31 - 2012-03-19 16:24 - 8406016 ____A C:\Users\Al and Claire\Downloads\Scene-8-Ambience.mp3
2012-03-19 16:30 - 2012-03-19 16:35 - 3077350 ____A C:\Users\Al and Claire\Downloads\Low-Humming - Copy.mp3
2012-03-19 16:30 - 2012-03-19 16:28 - 3077350 ____A C:\Users\Al and Claire\Downloads\Low-Humming.mp3
2012-03-19 16:30 - 2012-03-19 16:26 - 4714914 ____A C:\Users\Al and Claire\Downloads\Building-A-Ship-v02.mp3
2012-03-19 16:30 - 2012-03-19 16:24 - 5549787 ____A C:\Users\Al and Claire\Downloads\Scene-7-Titanafacts-Ambience.mp3
2012-03-19 16:29 - 2012-03-19 16:27 - 0930085 ____A C:\Users\Al and Claire\Downloads\Shipyard-Horn.mp3
2012-03-19 16:29 - 2012-03-19 16:25 - 5279159 ____A C:\Users\Al and Claire\Downloads\Scene2-Waltz-Oopmas.mp3
2012-03-19 16:27 - 2012-03-19 16:24 - 4604782 ____A C:\Users\Al and Claire\Downloads\Scene-9-Titanafacts.mp3
2012-03-19 16:26 - 2012-03-19 16:25 - 0773350 ____A C:\Users\Al and Claire\Downloads\Scene2-Waltz-01.mp3
2012-03-19 16:25 - 2012-03-19 16:25 - 0705641 ____A C:\Users\Al and Claire\Downloads\Scene2-Waltz-02.mp3
2012-03-19 16:25 - 2012-03-19 16:25 - 0247349 ____A C:\Users\Al and Claire\Downloads\Scene2-Waltz-Short-01.mp3
2012-03-19 16:25 - 2012-03-19 16:25 - 0209732 ____A C:\Users\Al and Claire\Downloads\Scene2-Waltz-Short-02.mp3
2012-03-19 16:25 - 2012-03-19 16:24 - 0264485 ____A C:\Users\Al and Claire\Downloads\Scene-9-Titanafacts-Sting.mp3
2012-03-16 23:58 - 2012-05-12 06:40 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-09 09:46 - 2012-01-14 09:03 - 0000000 ____D C:\Users\Al and Claire\Documents\HOLIDAY RESERVATIONS
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 18%
Total physical RAM: 3990.17 MB
Available physical RAM: 3257.15 MB
Total Pagefile: 3988.32 MB
Available Pagefile: 3251.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:366.02 GB) NTFS
2 Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.27 GB) (Free:0 GB) UDF
3 Drive f: () (Fixed) (Total:0.12 GB) (Free:0.1 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:10.79 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 2048 KB
Disk 1 Online 120 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 101 MB 31 KB
Partition 2 Primary 19 GB 104 MB
Partition 3 Primary 446 GB 19 GB
======================================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 101 MB Healthy Hidden
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 19 GB Healthy
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 446 GB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 120 MB 31 KB
======================================================================================================
Disk: 1
Partition 1
Type : 04
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Partition 120 MB Healthy
======================================================================================================
==========================================================
Last Boot: 2012-05-20 14:24
======================= End Of Log ==========================
Scan result of Farbar Recovery Scan Tool Version: 03-06-2012
Ran by SYSTEM at 03-06-2012 19:33:07
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [CyCpIo] C:\Program Files\Cypress\TrackPad\CyCpIo.exe [2375168 2011-10-19] (Cypress Semiconductor Corporation)
HKLM\...\Run: [CyHidWin] C:\Program Files\Cypress\TrackPad\CyHidWin.exe [2354176 2011-10-18] (Cypress Semiconductor, Inc.)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [7214696 2011-05-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 [2226280 2011-05-17] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-08-05] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-08-05] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-08-05] (Intel Corporation)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [312936 2011-04-21] (NVIDIA Corporation)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10357008 2011-10-18] (Intel Corporation)
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-09-15] (Intel® Corporation)
HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [4146848 2011-07-12] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207845 2011-04-29] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
HKLM-x32\...\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 [66872 2012-02-06] ()
HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2825741 2011-04-29] ()
HKU\Al and Claire\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-05-01] (Valve Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll
Startup: C:\Users\Al and Claire\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
==================== Services (Whitelisted) ======
2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [1166848 2011-09-15] (Intel Corporation)
2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [936272 2011-10-18] (Intel Corporation)
3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [1354064 2011-10-18] (Intel Corporation)
2 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [1001808 2011-10-18] (Intel Corporation)
2 BTHSSecurityMgr; "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [134928 2011-06-03] (Intel® Corporation)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [502032 2012-03-22] (McAfee, Inc.)
4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
2 NOBU; "C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe" SERVICE [2823000 2010-08-25] (Dell, Inc.)
2 PlugPlay; C:\Windows\System32\svchost.exe -k DcomLaunch [27136 2009-07-13] (Microsoft Corporation)
2 PlugPlay; C:\Windows\SysWow64\svchost.exe -k DcomLaunch [20992 2009-07-13] (Microsoft Corporation)
3 RoxMediaDB12OEM; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-11-25] (Sonic Solutions)
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)
3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [x]
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]
========================== Drivers (Whitelisted) =============
3 AMPPAL; C:\Windows\System32\Drivers\AMPPAL.sys [299008 2011-09-15] (Windows ® Win 7 DDK provider)
3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [299008 2011-09-15] (Windows ® Win 7 DDK provider)
3 btmaux; C:\Windows\System32\Drivers\btmaux.sys [53760 2011-08-29] (Intel Corporation)
3 btmhsf; C:\Windows\System32\Drivers\btmhsf.sys [288768 2011-10-10] (Intel Corporation)
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
3 cyhid; C:\Windows\System32\Drivers\cyhid.sys [117248 2011-10-21] (Cypress Semiconductor, Inc.)
3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [13824 2011-10-18] (Cypress Semiconductor, Inc.)
3 cymfltrService; C:\Windows\System32\DRIVERS\cymfltr.sys [79872 2011-10-21] (Cypress Semiconductor, Inc.)
3 iBtFltCoex; C:\Windows\System32\Drivers\iBtFltCoex.sys [59904 2011-10-11] (Intel Corporation)
3 intaud_WaveExtensible; C:\Windows\System32\drivers\intelaud.sys [34200 2011-05-17] (Intel Corporation)
3 iwdbus; C:\Windows\System32\Drivers\iwdbus.sys [25496 2011-05-17] (Intel Corporation)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
3 NETwNs64; C:\Windows\System32\Drivers\NETwNs64.sys [8604672 2011-09-18] (Intel Corporation)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [16120 2010-11-29] (Intel® Corporation)
3 mfeavfk01; [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-06-03 19:32 - 2012-06-03 19:33 - 0000000 ____D C:\FRST
2012-06-01 12:53 - 2012-06-01 12:53 - 0000000 ____D C:\Qoobox
2012-06-01 12:51 - 2012-06-01 12:23 - 4534253 ____R (Swearware) C:\Users\Al and Claire\Desktop\ComboFix.exe
2012-06-01 12:02 - 2012-06-01 11:57 - 0595968 ____A (OldTimer Tools) C:\Users\Al and Claire\Desktop\OTL.scr
2012-06-01 11:32 - 2012-06-01 11:32 - 0000000 ____D C:\Users\Al and Claire\AppData\Local\Sonic_Solutions
2012-06-01 11:29 - 2012-06-01 11:29 - 0262144 ____A C:\Windows\Minidump\060112-16146-01.dmp
2012-06-01 11:22 - 2012-06-01 11:22 - 0001457 ____A C:\Users\Al and Claire\Desktop\aswMBR.txt
2012-06-01 11:22 - 2012-06-01 11:22 - 0000512 ____A C:\Users\Al and Claire\Desktop\MBR.dat
2012-06-01 11:13 - 2012-06-01 11:13 - 0001085 ____A C:\Users\Al and Claire\Desktop\RKreport[3].txt
2012-06-01 11:12 - 2012-06-01 11:12 - 0001444 ____A C:\Users\Al and Claire\Desktop\RKreport[2].txt
2012-06-01 11:11 - 2012-06-01 11:12 - 0000000 ____D C:\Users\Al and Claire\Desktop\RK_Quarantine
2012-06-01 11:11 - 2012-06-01 11:11 - 0001586 ____A C:\Users\Al and Claire\Desktop\RKreport[1].txt
2012-06-01 11:10 - 2012-06-01 10:35 - 4731392 ____A (AVAST Software) C:\Users\Al and Claire\Desktop\aswMBR.exe
2012-06-01 11:10 - 2012-06-01 10:35 - 0595968 ____A (OldTimer Tools) C:\Users\Al and Claire\Desktop\OTL.exe
2012-06-01 11:09 - 2012-06-01 08:35 - 1506304 ____A C:\Users\Al and Claire\Desktop\roguekiller.exe
2012-06-01 07:37 - 2012-06-01 07:37 - 0000000 ____D C:\Users\Al and Claire\AppData\Local\ElevatedDiagnostics
2012-06-01 07:22 - 2012-06-01 07:22 - 0005120 ____N C:\bootex.log
2012-06-01 07:22 - 2012-06-01 07:22 - 0003288 ____N C:\bootsqm.dat
2012-05-28 14:29 - 2012-05-28 15:36 - 0000000 ____D C:\Users\Al and Claire\AppData\Roaming\xkpoe
2012-05-28 14:26 - 2012-05-28 14:26 - 0000000 ____D C:\Users\All Users\B7E858A71F5D3D2E1CFF1250B4EB2367
2012-05-21 13:11 - 2012-05-21 13:11 - 0111809 ____A C:\Users\Al and Claire\Documents\Groupon-453DC65F2B-1.pdf
2012-05-21 13:10 - 2012-05-21 13:10 - 0108612 ____A C:\Users\Al and Claire\Downloads\Groupon-453DC65F2B.pdf
2012-05-20 13:09 - 2012-05-20 13:09 - 0002767 ____A C:\Users\Public\Desktop\SyncUP.lnk
2012-05-17 14:54 - 2012-05-17 14:54 - 0034028 ____A C:\Users\Al and Claire\Documents\Health Policy.docx
2012-05-12 09:29 - 2012-05-12 09:29 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-12 09:29 - 2012-05-12 09:29 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-12 06:41 - 2012-03-30 22:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-12 06:41 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-12 06:41 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-12 06:41 - 2012-03-30 19:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 06:41 - 2012-03-02 22:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-12 06:41 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-12 06:40 - 2012-03-30 03:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-12 06:40 - 2012-03-16 23:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-12 02:43 - 2012-05-12 02:43 - 0000000 ____D C:\Users\Al and Claire\AppData\Local\Chromium
2012-05-12 02:37 - 2012-05-12 02:37 - 0000000 ____D C:\Users\Al and Claire\AppData\Roaming\The Creative Assembly
2012-05-09 10:46 - 2012-05-09 12:16 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
============ 3 Months Modified Files and Folders =============
2012-06-03 10:12 - 2011-12-02 05:34 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-06-03 10:12 - 2011-12-02 05:01 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-06-03 10:09 - 2011-12-02 06:56 - 3137994752 __ASH C:\hiberfil.sys
2012-06-03 09:55 - 2009-07-13 20:45 - 0021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-03 09:55 - 2009-07-13 20:45 - 0021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-03 09:53 - 2011-12-02 05:05 - 1759496 ____A C:\Windows\WindowsUpdate.log
2012-06-03 09:51 - 2011-12-02 05:38 - 0000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-06-03 09:51 - 2011-12-02 05:38 - 0000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-06-02 04:33 - 2009-07-13 21:13 - 0777970 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-01 12:56 - 2012-04-27 16:02 - 174808644 ____A C:\Windows\ntbtlog.txt
2012-06-01 12:53 - 2012-06-01 12:53 - 0000000 ____D C:\Qoobox
2012-06-01 12:23 - 2012-06-01 12:51 - 4534253 ____R (Swearware) C:\Users\Al and Claire\Desktop\ComboFix.exe
2012-06-01 11:57 - 2012-06-01 12:02 - 0595968 ____A (OldTimer Tools) C:\Users\Al and Claire\Desktop\OTL.scr
2012-06-01 11:36 - 2011-12-02 05:56 - 0000000 ____D C:\Users\All Users\Roxio
2012-06-01 11:32 - 2012-06-01 11:32 - 0000000 ____D C:\Users\Al and Claire\AppData\Local\Sonic_Solutions
2012-06-01 11:32 - 2011-12-02 05:57 - 0000000 ____D C:\Users\All Users\Sonic
2012-06-01 11:29 - 2012-06-01 11:29 - 0262144 ____A C:\Windows\Minidump\060112-16146-01.dmp
2012-06-01 11:29 - 2012-04-27 16:03 - 0000000 ____D C:\Windows\Minidump
2012-06-01 11:29 - 2012-04-27 16:02 - 442651158 ____A C:\Windows\MEMORY.DMP
2012-06-01 11:22 - 2012-06-01 11:22 - 0001457 ____A C:\Users\Al and Claire\Desktop\aswMBR.txt
2012-06-01 11:22 - 2012-06-01 11:22 - 0000512 ____A C:\Users\Al and Claire\Desktop\MBR.dat
2012-06-01 11:13 - 2012-06-01 11:13 - 0001085 ____A C:\Users\Al and Claire\Desktop\RKreport[3].txt
2012-06-01 11:12 - 2012-06-01 11:12 - 0001444 ____A C:\Users\Al and Claire\Desktop\RKreport[2].txt
2012-06-01 11:12 - 2012-06-01 11:11 - 0000000 ____D C:\Users\Al and Claire\Desktop\RK_Quarantine
2012-06-01 11:11 - 2012-06-01 11:11 - 0001586 ____A C:\Users\Al and Claire\Desktop\RKreport[1].txt
2012-06-01 10:35 - 2012-06-01 11:10 - 4731392 ____A (AVAST Software) C:\Users\Al and Claire\Desktop\aswMBR.exe
2012-06-01 10:35 - 2012-06-01 11:10 - 0595968 ____A (OldTimer Tools) C:\Users\Al and Claire\Desktop\OTL.exe
2012-06-01 08:35 - 2012-06-01 11:09 - 1506304 ____A C:\Users\Al and Claire\Desktop\roguekiller.exe
2012-06-01 07:37 - 2012-06-01 07:37 - 0000000 ____D C:\Users\Al and Claire\AppData\Local\ElevatedDiagnostics
2012-06-01 07:22 - 2012-06-01 07:22 - 0005120 ____N C:\bootex.log
2012-06-01 07:22 - 2012-06-01 07:22 - 0003288 ____N C:\bootsqm.dat
2012-05-29 00:12 - 2012-04-19 05:24 - 0000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-05-29 00:12 - 2012-04-18 04:56 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-28 15:36 - 2012-05-28 14:29 - 0000000 ____D C:\Users\Al and Claire\AppData\Roaming\xkpoe
2012-05-28 15:36 - 2012-05-01 08:45 - 0000000 ____D C:\Program Files (x86)\Steam
2012-05-28 15:35 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-28 15:35 - 2009-07-13 20:51 - 0059120 ____A C:\Windows\setupact.log
2012-05-28 14:26 - 2012-05-28 14:26 - 0000000 ____D C:\Users\All Users\B7E858A71F5D3D2E1CFF1250B4EB2367
2012-05-27 14:16 - 2012-01-30 14:12 - 0000000 ____D C:\Users\Al and Claire\Documents\CLAIRE WORK FOLDER
2012-05-21 13:11 - 2012-05-21 13:11 - 0111809 ____A C:\Users\Al and Claire\Documents\Groupon-453DC65F2B-1.pdf
2012-05-21 13:10 - 2012-05-21 13:10 - 0108612 ____A C:\Users\Al and Claire\Downloads\Groupon-453DC65F2B.pdf
2012-05-21 13:05 - 2010-11-20 19:47 - 0045382 ____A C:\Windows\PFRO.log
2012-05-20 13:09 - 2012-05-20 13:09 - 0002767 ____A C:\Users\Public\Desktop\SyncUP.lnk
2012-05-20 13:07 - 2011-12-02 06:07 - 0000000 ____D C:\Users\All Users\Nero
2012-05-20 13:00 - 2012-01-06 15:06 - 0000000 ____D C:\Users\Al and Claire\AppData\Local\Nero
2012-05-17 14:54 - 2012-05-17 14:54 - 0034028 ____A C:\Users\Al and Claire\Documents\Health Policy.docx
2012-05-12 09:50 - 2009-07-13 20:45 - 0395720 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-12 09:45 - 2012-01-21 08:59 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-12 09:45 - 2012-01-06 15:00 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-12 09:36 - 2011-12-02 05:48 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-12 09:36 - 2010-11-20 23:17 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-12 09:29 - 2012-05-12 09:29 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-12 09:29 - 2012-05-12 09:29 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-12 09:29 - 2012-01-12 10:44 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-12 02:43 - 2012-05-12 02:43 - 0000000 ____D C:\Users\Al and Claire\AppData\Local\Chromium
2012-05-12 02:37 - 2012-05-12 02:37 - 0000000 ____D C:\Users\Al and Claire\AppData\Roaming\The Creative Assembly
2012-05-10 13:43 - 2012-04-19 05:24 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-05-09 12:16 - 2012-05-09 10:46 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
2012-05-07 13:32 - 2012-04-23 03:57 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-07 13:32 - 2012-04-18 04:56 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-07 13:32 - 2011-12-02 05:06 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-01 09:51 - 2012-05-01 09:51 - 0000221 ____A C:\Users\Al and Claire\Desktop\Total War SHOGUN 2.url
2012-05-01 09:05 - 2012-05-01 08:45 - 0000919 ____A C:\Users\Public\Desktop\Steam.lnk
2012-05-01 08:44 - 2012-05-01 08:43 - 0000475 ____A C:\Users\Al and Claire\Documents\installscript_log.txt
2012-05-01 08:42 - 2011-12-02 05:49 - 0217835 ____A C:\Windows\DirectX.log
2012-04-27 16:03 - 2012-04-27 16:03 - 0262144 ____A C:\Windows\Minidump\042812-22167-01.dmp
2012-04-25 14:49 - 2012-01-11 10:43 - 0002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-04-25 12:14 - 2012-01-10 15:32 - 0000000 ____D C:\Users\All Users\PCDr
2012-04-19 07:01 - 2012-03-24 09:57 - 0000000 ____D C:\Users\Al and Claire\Documents\SELF BUILD HOME
2012-04-19 05:24 - 2012-04-06 03:22 - 0000000 ____D C:\Program Files\Dell Support Center
2012-04-14 15:36 - 2009-07-13 21:08 - 0032546 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-13 16:23 - 2012-01-28 07:56 - 0000000 ____D C:\Users\Al and Claire\Documents\BUSINESS FOLDER
2012-04-07 15:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-04-03 04:15 - 2012-04-03 04:15 - 3435276 ____A C:\Users\Al and Claire\Downloads\Hotmail.zip
2012-03-30 22:05 - 2012-05-12 06:41 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-12 06:41 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-12 06:41 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-12 06:41 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 13:02 - 2012-01-06 14:41 - 0000000 ____D C:\Users\Al and Claire\AppData\LocalLow
2012-03-30 03:35 - 2012-05-12 06:40 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-23 04:39 - 2012-03-22 05:23 - 0000000 ____D C:\Program Files (x86)\EA Games
2012-03-23 03:31 - 2012-03-09 11:11 - 0000000 ____D C:\Users\Al and Claire\Documents\ORDERS
2012-03-22 08:00 - 2012-01-06 14:41 - 0103680 ____A C:\Users\Al and Claire\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-22 07:41 - 2012-03-22 06:55 - 0000000 ____D C:\Users\Al and Claire\Documents\Command and Conquer Generals Data
2012-03-22 06:52 - 2012-01-06 14:46 - 0000000 ____D C:\Users\Al and Claire\AppData\Local\VirtualStore
2012-03-22 06:46 - 2012-03-22 06:44 - 49041408 ____A (Electronic Arts, Inc.) C:\Users\Al and Claire\Downloads\TFD-102en.exe
2012-03-22 06:31 - 2012-03-22 05:42 - 0001466 ____A C:\Users\Public\Desktop\Command & Conquer The First Decade.lnk
2012-03-22 05:23 - 2011-12-02 05:22 - 0000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2012-03-21 04:43 - 2012-03-21 04:43 - 1311754 ____A C:\Users\Al and Claire\Downloads\Planning permission1.jpg
2012-03-21 03:28 - 2011-02-10 08:10 - 0764746 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-03-20 04:11 - 2012-01-10 15:31 - 0162192 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2012-03-19 16:33 - 2012-03-19 16:24 - 12420096 ____A C:\Users\Al and Claire\Downloads\Scene-9-Titanafacts-Bed.mp3
2012-03-19 16:32 - 2012-03-19 16:28 - 4476782 ____A C:\Users\Al and Claire\Downloads\Scene-3-Titanafacts.mp3
2012-03-19 16:32 - 2012-03-19 16:24 - 6212462 ____A C:\Users\Al and Claire\Downloads\Scene-10-Titanafacts.mp3
2012-03-19 16:31 - 2012-03-19 16:27 - 3688302 ____A C:\Users\Al and Claire\Downloads\Scene-5-Titanafacts.mp3
2012-03-19 16:31 - 2012-03-19 16:24 - 8406016 ____A C:\Users\Al and Claire\Downloads\Scene-8-Ambience.mp3
2012-03-19 16:30 - 2012-03-19 16:35 - 3077350 ____A C:\Users\Al and Claire\Downloads\Low-Humming - Copy.mp3
2012-03-19 16:30 - 2012-03-19 16:28 - 3077350 ____A C:\Users\Al and Claire\Downloads\Low-Humming.mp3
2012-03-19 16:30 - 2012-03-19 16:26 - 4714914 ____A C:\Users\Al and Claire\Downloads\Building-A-Ship-v02.mp3
2012-03-19 16:30 - 2012-03-19 16:24 - 5549787 ____A C:\Users\Al and Claire\Downloads\Scene-7-Titanafacts-Ambience.mp3
2012-03-19 16:29 - 2012-03-19 16:27 - 0930085 ____A C:\Users\Al and Claire\Downloads\Shipyard-Horn.mp3
2012-03-19 16:29 - 2012-03-19 16:25 - 5279159 ____A C:\Users\Al and Claire\Downloads\Scene2-Waltz-Oopmas.mp3
2012-03-19 16:27 - 2012-03-19 16:24 - 4604782 ____A C:\Users\Al and Claire\Downloads\Scene-9-Titanafacts.mp3
2012-03-19 16:26 - 2012-03-19 16:25 - 0773350 ____A C:\Users\Al and Claire\Downloads\Scene2-Waltz-01.mp3
2012-03-19 16:25 - 2012-03-19 16:25 - 0705641 ____A C:\Users\Al and Claire\Downloads\Scene2-Waltz-02.mp3
2012-03-19 16:25 - 2012-03-19 16:25 - 0247349 ____A C:\Users\Al and Claire\Downloads\Scene2-Waltz-Short-01.mp3
2012-03-19 16:25 - 2012-03-19 16:25 - 0209732 ____A C:\Users\Al and Claire\Downloads\Scene2-Waltz-Short-02.mp3
2012-03-19 16:25 - 2012-03-19 16:24 - 0264485 ____A C:\Users\Al and Claire\Downloads\Scene-9-Titanafacts-Sting.mp3
2012-03-16 23:58 - 2012-05-12 06:40 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-09 09:46 - 2012-01-14 09:03 - 0000000 ____D C:\Users\Al and Claire\Documents\HOLIDAY RESERVATIONS
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 18%
Total physical RAM: 3990.17 MB
Available physical RAM: 3257.15 MB
Total Pagefile: 3988.32 MB
Available Pagefile: 3251.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:366.02 GB) NTFS
2 Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.27 GB) (Free:0 GB) UDF
3 Drive f: () (Fixed) (Total:0.12 GB) (Free:0.1 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:10.79 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 2048 KB
Disk 1 Online 120 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 101 MB 31 KB
Partition 2 Primary 19 GB 104 MB
Partition 3 Primary 446 GB 19 GB
======================================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 101 MB Healthy Hidden
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 19 GB Healthy
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 446 GB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 120 MB 31 KB
======================================================================================================
Disk: 1
Partition 1
Type : 04
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Partition 120 MB Healthy
======================================================================================================
==========================================================
Last Boot: 2012-05-20 14:24
======================= End Of Log ==========================
#36
Posted 03 June 2012 - 01:37 PM
CompCav
-
- Expert
-
- 12,454 posts
Member 5k
Great job getting the file 
Step 1.
Download the enclosed file.
fixlist.txt 203bytes
122 downloads
Save it in the USB drive. Click yes that you want to replace the existing file if it asks.
Insert the USB drive into the ailing computer. Run FRST as you did before with the recovery disk, except that this time around click on the Fix button.
The tool will make a log on the flashdrive (Fixlog.txt) please post it it your reply.
Step 2.
Attempt to boot in Normal Mode. If successful, run Combofix as follows:
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Step 1.
Download the enclosed file.
fixlist.txt 203bytes
122 downloadsSave it in the USB drive. Click yes that you want to replace the existing file if it asks.
Insert the USB drive into the ailing computer. Run FRST as you did before with the recovery disk, except that this time around click on the Fix button.
The tool will make a log on the flashdrive (Fixlog.txt) please post it it your reply.
Step 2.
Attempt to boot in Normal Mode. If successful, run Combofix as follows:
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
#37
Posted 03 June 2012 - 01:45 PM
chucknorrisno1
- Topic Starter
-
- Member
-
- 39 posts
Member
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 03-06-2012
Ran by SYSTEM at 2012-06-03 20:42:52 Run:1
Running from F:\
==============================================
C:\Users\Al and Claire\AppData\Roaming\xkpoe moved successfully.
C:\Users\All Users\B7E858A71F5D3D2E1CFF1250B4EB2367 moved successfully.
==== End of Fixlog ====
Ran by SYSTEM at 2012-06-03 20:42:52 Run:1
Running from F:\
==============================================
C:\Users\Al and Claire\AppData\Roaming\xkpoe moved successfully.
C:\Users\All Users\B7E858A71F5D3D2E1CFF1250B4EB2367 moved successfully.
==== End of Fixlog ====
#38
Posted 03 June 2012 - 01:47 PM
chucknorrisno1
- Topic Starter
-
- Member
-
- 39 posts
Member
When I restarted a black screen came up "Invalid partition drive". This has popped up a few times. I shut down and restarted and it has gone away.
#39
Posted 03 June 2012 - 01:56 PM
chucknorrisno1
- Topic Starter
-
- Member
-
- 39 posts
Member
I disabled my antivirus/spyware application and ran Combofix. However it has come up with an error
"Not Admin !!
You need Administrative privileges to run this tool"
"Not Admin !!
You need Administrative privileges to run this tool"
#40
Posted 03 June 2012 - 01:58 PM
CompCav
-
- Expert
-
- 12,454 posts
Member 5k
Did you right click on it and then select run as administrator?
#41
Posted 03 June 2012 - 02:04 PM
chucknorrisno1
- Topic Starter
-
- Member
-
- 39 posts
Member
Networking - I still do not have wireless connection. The Intel My Wifi technology application is saying that a Network Adapter Not Found.
Office - I then tried to test Microsoft Office and it is saying that it cannot verify the license for this product.
Steam - Error code 11003.
Most of the programs say unexpected error and then shutdown.
Office - I then tried to test Microsoft Office and it is saying that it cannot verify the license for this product.
Steam - Error code 11003.
Most of the programs say unexpected error and then shutdown.
#42
Posted 03 June 2012 - 02:05 PM
chucknorrisno1
- Topic Starter
-
- Member
-
- 39 posts
Member
Yes I did. I had read in another forum that in Windows 7 you must right click.
#43
Posted 03 June 2012 - 02:22 PM
CompCav
-
- Expert
-
- 12,454 posts
Member 5k
OK let's try another fix:
Download the enclosed file. Attached File fixlist.txt
fixlist.txt 27bytes
125 downloads
Save it in the USB drive.
Insert the USB drive into the ailing computer. Run FRST as you did before, except that this time around click on the Fix button.
The tool will make a log on the flashdrive (Fixlog.txt) please post it it your reply.
Attempt to boot in Normal Mode. If successful, run Combofix as follows:
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Download the enclosed file. Attached File fixlist.txt
fixlist.txt 27bytes
125 downloadsSave it in the USB drive.
Insert the USB drive into the ailing computer. Run FRST as you did before, except that this time around click on the Fix button.
The tool will make a log on the flashdrive (Fixlog.txt) please post it it your reply.
Attempt to boot in Normal Mode. If successful, run Combofix as follows:
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
#44
Posted 03 June 2012 - 02:46 PM
chucknorrisno1
- Topic Starter
-
- Member
-
- 39 posts
Member
Ok from FRST -
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 03-06-2012
Ran by SYSTEM at 2012-06-03 21:42:37 Run:2
Running from F:\
==============================================
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.
==== End of Fixlog ====
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 03-06-2012
Ran by SYSTEM at 2012-06-03 21:42:37 Run:2
Running from F:\
==============================================
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.
==== End of Fixlog ====
#45
Posted 03 June 2012 - 02:50 PM
chucknorrisno1
- Topic Starter
-
- Member
-
- 39 posts
Member
Its starting to look good CompCav!!! I have network connection etc
Its asking me if I want to scan and fix Local Disk (E:)? "There might be a problem with some files on this device or disc. This can happen if you remove the device or disc before all files have been written to it"
Then two options -
"Scan and fix (recommended)or
Continue without scanning"
Should I do as it asks before the ComboFix or after if it pops up again?
Its asking me if I want to scan and fix Local Disk (E:)? "There might be a problem with some files on this device or disc. This can happen if you remove the device or disc before all files have been written to it"
Then two options -
"Scan and fix (recommended)or
Continue without scanning"
Should I do as it asks before the ComboFix or after if it pops up again?
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
