Hello my friends pc is suck on windows repair here is the log.
Ran by SYSTEM at 18-10-2012 22:11:39
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10038304 2010-02-02] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3178064 2010-01-05] (Dell Inc.)
HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [887976 2011-08-23] (Ask)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-12-15] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe" [x]
HKU\ybull27\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\ybull27\...\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED [x]
HKU\ybull27\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\ybull27\...\RunOnce: [JavaInstallRetry] "C:\Users\ybull27\AppData\LocalLow\Sun\Java\JRERunOnce.exe" RUNONCE=1 SPONSORS=0 [912880 2012-10-17] (Sun Microsystems, Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-12-22] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\ybull27\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
==================== Services (Whitelisted) ===================
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502064 2012-08-23] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)
2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 WDFME; "C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe" [1858048 2010-05-10] ()
2 WDSC; "C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe" [483328 2010-05-10] ()
==================== Drivers (Whitelisted) =====================
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] ()
3 mfeavfk01; [x]
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2012-10-18 22:11 - 2012-10-18 22:11 - 00000000 ___DC C:\FRST
2012-10-18 21:48 - 2012-10-18 21:48 - 00000000 ___DC C:\Windows\System32\config\mybackup
2012-10-17 21:55 - 2012-10-17 21:55 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{62B918DB-B76D-48E8-978D-92A6A37E9FEC}
2012-10-17 21:55 - 2012-10-17 21:55 - 00000000 ___DC C:\Users\ybull27\Local Settings\{62B918DB-B76D-48E8-978D-92A6A37E9FEC}
2012-10-17 21:55 - 2012-10-17 21:55 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{62B918DB-B76D-48E8-978D-92A6A37E9FEC}
2012-10-17 01:16 - 2012-10-17 01:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{5859510B-5933-48B5-AFB5-BDFE97569963}
2012-10-17 01:16 - 2012-10-17 01:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\{5859510B-5933-48B5-AFB5-BDFE97569963}
2012-10-17 01:16 - 2012-10-17 01:16 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{5859510B-5933-48B5-AFB5-BDFE97569963}
2012-10-16 13:16 - 2012-10-16 13:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{C3048A32-3B62-47DB-8E8A-B24842DF48DA}
2012-10-16 13:16 - 2012-10-16 13:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\{C3048A32-3B62-47DB-8E8A-B24842DF48DA}
2012-10-16 13:16 - 2012-10-16 13:16 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{C3048A32-3B62-47DB-8E8A-B24842DF48DA}
2012-10-16 01:15 - 2012-10-16 01:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{1A288438-3098-4F36-8457-3FFABEE79CE3}
2012-10-16 01:15 - 2012-10-16 01:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\{1A288438-3098-4F36-8457-3FFABEE79CE3}
2012-10-16 01:15 - 2012-10-16 01:16 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{1A288438-3098-4F36-8457-3FFABEE79CE3}
2012-10-15 13:15 - 2012-10-15 13:15 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{4DC52F80-9B7C-420C-99B5-67AEA57653A1}
2012-10-15 13:15 - 2012-10-15 13:15 - 00000000 ___DC C:\Users\ybull27\Local Settings\{4DC52F80-9B7C-420C-99B5-67AEA57653A1}
2012-10-15 13:15 - 2012-10-15 13:15 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{4DC52F80-9B7C-420C-99B5-67AEA57653A1}
2012-10-14 13:16 - 2012-10-14 13:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{6E96F86F-FBD9-4B0A-B98F-5D28E61438BB}
2012-10-14 13:16 - 2012-10-14 13:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\{6E96F86F-FBD9-4B0A-B98F-5D28E61438BB}
2012-10-14 13:16 - 2012-10-14 13:16 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{6E96F86F-FBD9-4B0A-B98F-5D28E61438BB}
2012-10-13 22:42 - 2012-10-13 22:42 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{C0F6B361-0872-4018-8B7D-3AFEA8EB7C63}
2012-10-13 22:42 - 2012-10-13 22:42 - 00000000 ___DC C:\Users\ybull27\Local Settings\{C0F6B361-0872-4018-8B7D-3AFEA8EB7C63}
2012-10-13 22:42 - 2012-10-13 22:42 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{C0F6B361-0872-4018-8B7D-3AFEA8EB7C63}
2012-10-13 18:30 - 2012-10-13 18:30 - 00000000 ___DC C:\Windows\LastGood
2012-10-13 16:41 - 2012-10-13 16:41 - 00001568 ___AC C:\Users\Public\Desktop\iTunes.lnk
2012-10-13 16:41 - 2012-10-13 16:41 - 00001568 ___AC C:\Users\All Users\Desktop\iTunes.lnk
2012-10-13 16:41 - 2012-08-21 15:01 - 00033240 ___AC (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-10-13 16:39 - 2012-10-13 16:41 - 00000000 ___DC C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-13 16:39 - 2012-10-13 16:41 - 00000000 ___DC C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-13 16:39 - 2012-10-13 16:41 - 00000000 ___DC C:\Program Files\iTunes
2012-10-13 16:39 - 2012-10-13 16:39 - 00000000 ___DC C:\Program Files\iPod
2012-10-08 01:58 - 2012-10-09 23:00 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{617B938B-83B4-450B-809C-E2C23AF31094}
2012-10-08 01:58 - 2012-10-09 23:00 - 00000000 ___DC C:\Users\ybull27\Local Settings\{617B938B-83B4-450B-809C-E2C23AF31094}
2012-10-08 01:58 - 2012-10-09 23:00 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{617B938B-83B4-450B-809C-E2C23AF31094}
2012-10-06 18:08 - 2012-10-06 18:08 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{90D215AD-92AF-42B9-ACE6-1ACCBCB16770}
2012-10-06 18:08 - 2012-10-06 18:08 - 00000000 ___DC C:\Users\ybull27\Local Settings\{90D215AD-92AF-42B9-ACE6-1ACCBCB16770}
2012-10-06 18:08 - 2012-10-06 18:08 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{90D215AD-92AF-42B9-ACE6-1ACCBCB16770}
2012-10-06 01:16 - 2012-10-06 01:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{9593F18A-18D3-4BCD-952F-D0435AFBA4E8}
2012-10-06 01:16 - 2012-10-06 01:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\{9593F18A-18D3-4BCD-952F-D0435AFBA4E8}
2012-10-06 01:16 - 2012-10-06 01:16 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{9593F18A-18D3-4BCD-952F-D0435AFBA4E8}
2012-10-05 09:32 - 2012-10-05 09:32 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{0D6C542C-B821-49F2-A3BE-47DFF507D34D}
2012-10-05 09:32 - 2012-10-05 09:32 - 00000000 ___DC C:\Users\ybull27\Local Settings\{0D6C542C-B821-49F2-A3BE-47DFF507D34D}
2012-10-05 09:32 - 2012-10-05 09:32 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{0D6C542C-B821-49F2-A3BE-47DFF507D34D}
2012-10-03 19:17 - 2012-10-03 19:17 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{B3B42FD7-3039-47F8-BBDD-D8E0673BB845}
2012-10-03 19:17 - 2012-10-03 19:17 - 00000000 ___DC C:\Users\ybull27\Local Settings\{B3B42FD7-3039-47F8-BBDD-D8E0673BB845}
2012-10-03 19:17 - 2012-10-03 19:17 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{B3B42FD7-3039-47F8-BBDD-D8E0673BB845}
2012-10-02 14:17 - 2012-10-02 14:18 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{0045057B-12A7-43C0-B821-A49EB2530F73}
2012-10-02 14:17 - 2012-10-02 14:18 - 00000000 ___DC C:\Users\ybull27\Local Settings\{0045057B-12A7-43C0-B821-A49EB2530F73}
2012-10-02 14:17 - 2012-10-02 14:18 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{0045057B-12A7-43C0-B821-A49EB2530F73}
2012-10-02 00:05 - 2012-10-02 00:05 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{E9B1B8B8-06A0-4327-983B-26F80703CC7E}
2012-10-02 00:05 - 2012-10-02 00:05 - 00000000 ___DC C:\Users\ybull27\Local Settings\{E9B1B8B8-06A0-4327-983B-26F80703CC7E}
2012-10-02 00:05 - 2012-10-02 00:05 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{E9B1B8B8-06A0-4327-983B-26F80703CC7E}
2012-09-30 22:34 - 2012-09-30 22:34 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{A7C73CF9-8274-420B-B590-8C2D4ABB8B96}
2012-09-30 22:34 - 2012-09-30 22:34 - 00000000 ___DC C:\Users\ybull27\Local Settings\{A7C73CF9-8274-420B-B590-8C2D4ABB8B96}
2012-09-30 22:34 - 2012-09-30 22:34 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{A7C73CF9-8274-420B-B590-8C2D4ABB8B96}
2012-09-29 20:43 - 2012-09-29 20:43 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{6BD13AB3-05C6-4E87-9D47-E17F859D5B24}
2012-09-29 20:43 - 2012-09-29 20:43 - 00000000 ___DC C:\Users\ybull27\Local Settings\{6BD13AB3-05C6-4E87-9D47-E17F859D5B24}
2012-09-29 20:43 - 2012-09-29 20:43 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{6BD13AB3-05C6-4E87-9D47-E17F859D5B24}
2012-09-28 17:59 - 2012-09-28 17:59 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{3DD13BA4-4FA9-4962-AC9B-ED66D084602E}
2012-09-28 17:59 - 2012-09-28 17:59 - 00000000 ___DC C:\Users\ybull27\Local Settings\{3DD13BA4-4FA9-4962-AC9B-ED66D084602E}
2012-09-28 17:59 - 2012-09-28 17:59 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{3DD13BA4-4FA9-4962-AC9B-ED66D084602E}
2012-09-27 20:29 - 2012-09-27 20:29 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{4DE2A620-F794-43CC-81EA-044055DD95D4}
2012-09-27 20:29 - 2012-09-27 20:29 - 00000000 ___DC C:\Users\ybull27\Local Settings\{4DE2A620-F794-43CC-81EA-044055DD95D4}
2012-09-27 20:29 - 2012-09-27 20:29 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{4DE2A620-F794-43CC-81EA-044055DD95D4}
2012-09-26 17:36 - 2012-09-26 17:36 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{10519FF1-DF8B-4210-9D6E-0784FA50DFAA}
2012-09-26 17:36 - 2012-09-26 17:36 - 00000000 ___DC C:\Users\ybull27\Local Settings\{10519FF1-DF8B-4210-9D6E-0784FA50DFAA}
2012-09-26 17:36 - 2012-09-26 17:36 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{10519FF1-DF8B-4210-9D6E-0784FA50DFAA}
==================== 3 Months Modified Files ==================
2012-10-17 22:31 - 2011-08-14 12:44 - 00000900 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-17 22:23 - 2012-04-12 19:08 - 00000830 ___AC C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-17 22:05 - 2011-08-14 12:44 - 00000896 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-14 18:49 - 2009-07-14 00:10 - 01757610 ___AC C:\Windows\WindowsUpdate.log
2012-10-14 18:44 - 2010-08-03 16:48 - 00002760 ___AC C:\Users\ybull27\Application Data\wklnhst.dat
2012-10-14 18:44 - 2010-08-03 16:48 - 00002760 ___AC C:\Users\ybull27\AppData\Roaming\wklnhst.dat
2012-10-13 16:41 - 2012-10-13 16:41 - 00001568 ___AC C:\Users\Public\Desktop\iTunes.lnk
2012-10-13 16:41 - 2012-10-13 16:41 - 00001568 ___AC C:\Users\All Users\Desktop\iTunes.lnk
2012-10-13 16:24 - 2012-06-16 01:16 - 00006328 ___AC C:\Windows\setupact.log
2012-10-11 19:15 - 2012-08-27 23:11 - 00002340 ___AC C:\Users\Public\Desktop\Google Chrome.lnk
2012-10-11 19:15 - 2012-08-27 23:11 - 00002340 ___AC C:\Users\All Users\Desktop\Google Chrome.lnk
2012-10-10 18:04 - 2009-07-13 23:45 - 00014240 __AHC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-10 18:04 - 2009-07-13 23:45 - 00014240 __AHC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-09 23:00 - 2012-04-12 19:08 - 00696760 ___AC (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-09 23:00 - 2011-05-19 13:40 - 00073656 ___AC (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-26 17:33 - 2009-07-14 00:08 - 00000006 __AHC C:\Windows\Tasks\SA.DAT
2012-09-26 17:32 - 2010-05-16 20:27 - 00567412 ___AC C:\Windows\PFRO.log
2012-08-30 20:44 - 2012-01-19 22:59 - 00001976 ___AC C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-08-30 20:44 - 2012-01-19 22:59 - 00001976 ___AC C:\Users\All Users\Desktop\Adobe Reader 9.lnk
2012-08-21 15:01 - 2012-10-13 16:41 - 00033240 ___AC (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-08-21 15:01 - 2010-08-04 19:50 - 00125872 ___AC (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-08-21 15:01 - 2010-08-04 19:50 - 00106928 ___AC (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-08-12 16:43 - 2011-12-24 12:21 - 00001102 ___AC C:\Users\Public\Desktop\Zune.lnk
2012-08-12 16:43 - 2011-12-24 12:21 - 00001102 ___AC C:\Users\All Users\Desktop\Zune.lnk
ZeroAccess:
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\00000004.@
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\201d3dde
ZeroAccess:
C:\Users\ybull27\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}
C:\Users\ybull27\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L
C:\Users\ybull27\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
TDL4: custom:26000022 <===== ATTENTION!
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 11%
Total physical RAM: 5940.51 MB
Available physical RAM: 5250.94 MB
Total Pagefile: 5938.66 MB
Available Pagefile: 5248.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions =============================
1 Drive c: (OS) (Fixed) (Total:58.59 GB) (Free:3.94 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:2.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive d: detected. Check for MBR/Partition infection.
5 Drive g: () (Removable) (Total:7.82 GB) (Free:7.82 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 527 GB
Disk 1 No Media 0 B 0 B
Disk 2 Online 8028 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 9 GB 101 MB
Partition 3 Primary 58 GB 9 GB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 100 MB Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 9 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 58 GB Healthy
=========================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 8027 MB 336 KB
==================================================================================
Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 8027 MB Healthy
=========================================================
Last Boot: 2012-08-12 21:43
==================== End Of Log =============================
I am trying to help him through my pc please help us he only has a few more days left with me then he goes home where i can't help him. Thanks for all the help =)
CBoe/Wildersteak
Ran by SYSTEM at 18-10-2012 22:11:39
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10038304 2010-02-02] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3178064 2010-01-05] (Dell Inc.)
HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [887976 2011-08-23] (Ask)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-12-15] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe" [x]
HKU\ybull27\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\ybull27\...\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED [x]
HKU\ybull27\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\ybull27\...\RunOnce: [JavaInstallRetry] "C:\Users\ybull27\AppData\LocalLow\Sun\Java\JRERunOnce.exe" RUNONCE=1 SPONSORS=0 [912880 2012-10-17] (Sun Microsystems, Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-12-22] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\ybull27\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
==================== Services (Whitelisted) ===================
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502064 2012-08-23] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)
2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 WDFME; "C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe" [1858048 2010-05-10] ()
2 WDSC; "C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe" [483328 2010-05-10] ()
==================== Drivers (Whitelisted) =====================
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] ()
3 mfeavfk01; [x]
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2012-10-18 22:11 - 2012-10-18 22:11 - 00000000 ___DC C:\FRST
2012-10-18 21:48 - 2012-10-18 21:48 - 00000000 ___DC C:\Windows\System32\config\mybackup
2012-10-17 21:55 - 2012-10-17 21:55 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{62B918DB-B76D-48E8-978D-92A6A37E9FEC}
2012-10-17 21:55 - 2012-10-17 21:55 - 00000000 ___DC C:\Users\ybull27\Local Settings\{62B918DB-B76D-48E8-978D-92A6A37E9FEC}
2012-10-17 21:55 - 2012-10-17 21:55 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{62B918DB-B76D-48E8-978D-92A6A37E9FEC}
2012-10-17 01:16 - 2012-10-17 01:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{5859510B-5933-48B5-AFB5-BDFE97569963}
2012-10-17 01:16 - 2012-10-17 01:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\{5859510B-5933-48B5-AFB5-BDFE97569963}
2012-10-17 01:16 - 2012-10-17 01:16 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{5859510B-5933-48B5-AFB5-BDFE97569963}
2012-10-16 13:16 - 2012-10-16 13:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{C3048A32-3B62-47DB-8E8A-B24842DF48DA}
2012-10-16 13:16 - 2012-10-16 13:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\{C3048A32-3B62-47DB-8E8A-B24842DF48DA}
2012-10-16 13:16 - 2012-10-16 13:16 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{C3048A32-3B62-47DB-8E8A-B24842DF48DA}
2012-10-16 01:15 - 2012-10-16 01:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{1A288438-3098-4F36-8457-3FFABEE79CE3}
2012-10-16 01:15 - 2012-10-16 01:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\{1A288438-3098-4F36-8457-3FFABEE79CE3}
2012-10-16 01:15 - 2012-10-16 01:16 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{1A288438-3098-4F36-8457-3FFABEE79CE3}
2012-10-15 13:15 - 2012-10-15 13:15 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{4DC52F80-9B7C-420C-99B5-67AEA57653A1}
2012-10-15 13:15 - 2012-10-15 13:15 - 00000000 ___DC C:\Users\ybull27\Local Settings\{4DC52F80-9B7C-420C-99B5-67AEA57653A1}
2012-10-15 13:15 - 2012-10-15 13:15 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{4DC52F80-9B7C-420C-99B5-67AEA57653A1}
2012-10-14 13:16 - 2012-10-14 13:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{6E96F86F-FBD9-4B0A-B98F-5D28E61438BB}
2012-10-14 13:16 - 2012-10-14 13:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\{6E96F86F-FBD9-4B0A-B98F-5D28E61438BB}
2012-10-14 13:16 - 2012-10-14 13:16 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{6E96F86F-FBD9-4B0A-B98F-5D28E61438BB}
2012-10-13 22:42 - 2012-10-13 22:42 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{C0F6B361-0872-4018-8B7D-3AFEA8EB7C63}
2012-10-13 22:42 - 2012-10-13 22:42 - 00000000 ___DC C:\Users\ybull27\Local Settings\{C0F6B361-0872-4018-8B7D-3AFEA8EB7C63}
2012-10-13 22:42 - 2012-10-13 22:42 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{C0F6B361-0872-4018-8B7D-3AFEA8EB7C63}
2012-10-13 18:30 - 2012-10-13 18:30 - 00000000 ___DC C:\Windows\LastGood
2012-10-13 16:41 - 2012-10-13 16:41 - 00001568 ___AC C:\Users\Public\Desktop\iTunes.lnk
2012-10-13 16:41 - 2012-10-13 16:41 - 00001568 ___AC C:\Users\All Users\Desktop\iTunes.lnk
2012-10-13 16:41 - 2012-08-21 15:01 - 00033240 ___AC (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-10-13 16:39 - 2012-10-13 16:41 - 00000000 ___DC C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-13 16:39 - 2012-10-13 16:41 - 00000000 ___DC C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-13 16:39 - 2012-10-13 16:41 - 00000000 ___DC C:\Program Files\iTunes
2012-10-13 16:39 - 2012-10-13 16:39 - 00000000 ___DC C:\Program Files\iPod
2012-10-08 01:58 - 2012-10-09 23:00 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{617B938B-83B4-450B-809C-E2C23AF31094}
2012-10-08 01:58 - 2012-10-09 23:00 - 00000000 ___DC C:\Users\ybull27\Local Settings\{617B938B-83B4-450B-809C-E2C23AF31094}
2012-10-08 01:58 - 2012-10-09 23:00 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{617B938B-83B4-450B-809C-E2C23AF31094}
2012-10-06 18:08 - 2012-10-06 18:08 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{90D215AD-92AF-42B9-ACE6-1ACCBCB16770}
2012-10-06 18:08 - 2012-10-06 18:08 - 00000000 ___DC C:\Users\ybull27\Local Settings\{90D215AD-92AF-42B9-ACE6-1ACCBCB16770}
2012-10-06 18:08 - 2012-10-06 18:08 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{90D215AD-92AF-42B9-ACE6-1ACCBCB16770}
2012-10-06 01:16 - 2012-10-06 01:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{9593F18A-18D3-4BCD-952F-D0435AFBA4E8}
2012-10-06 01:16 - 2012-10-06 01:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\{9593F18A-18D3-4BCD-952F-D0435AFBA4E8}
2012-10-06 01:16 - 2012-10-06 01:16 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{9593F18A-18D3-4BCD-952F-D0435AFBA4E8}
2012-10-05 09:32 - 2012-10-05 09:32 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{0D6C542C-B821-49F2-A3BE-47DFF507D34D}
2012-10-05 09:32 - 2012-10-05 09:32 - 00000000 ___DC C:\Users\ybull27\Local Settings\{0D6C542C-B821-49F2-A3BE-47DFF507D34D}
2012-10-05 09:32 - 2012-10-05 09:32 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{0D6C542C-B821-49F2-A3BE-47DFF507D34D}
2012-10-03 19:17 - 2012-10-03 19:17 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{B3B42FD7-3039-47F8-BBDD-D8E0673BB845}
2012-10-03 19:17 - 2012-10-03 19:17 - 00000000 ___DC C:\Users\ybull27\Local Settings\{B3B42FD7-3039-47F8-BBDD-D8E0673BB845}
2012-10-03 19:17 - 2012-10-03 19:17 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{B3B42FD7-3039-47F8-BBDD-D8E0673BB845}
2012-10-02 14:17 - 2012-10-02 14:18 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{0045057B-12A7-43C0-B821-A49EB2530F73}
2012-10-02 14:17 - 2012-10-02 14:18 - 00000000 ___DC C:\Users\ybull27\Local Settings\{0045057B-12A7-43C0-B821-A49EB2530F73}
2012-10-02 14:17 - 2012-10-02 14:18 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{0045057B-12A7-43C0-B821-A49EB2530F73}
2012-10-02 00:05 - 2012-10-02 00:05 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{E9B1B8B8-06A0-4327-983B-26F80703CC7E}
2012-10-02 00:05 - 2012-10-02 00:05 - 00000000 ___DC C:\Users\ybull27\Local Settings\{E9B1B8B8-06A0-4327-983B-26F80703CC7E}
2012-10-02 00:05 - 2012-10-02 00:05 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{E9B1B8B8-06A0-4327-983B-26F80703CC7E}
2012-09-30 22:34 - 2012-09-30 22:34 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{A7C73CF9-8274-420B-B590-8C2D4ABB8B96}
2012-09-30 22:34 - 2012-09-30 22:34 - 00000000 ___DC C:\Users\ybull27\Local Settings\{A7C73CF9-8274-420B-B590-8C2D4ABB8B96}
2012-09-30 22:34 - 2012-09-30 22:34 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{A7C73CF9-8274-420B-B590-8C2D4ABB8B96}
2012-09-29 20:43 - 2012-09-29 20:43 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{6BD13AB3-05C6-4E87-9D47-E17F859D5B24}
2012-09-29 20:43 - 2012-09-29 20:43 - 00000000 ___DC C:\Users\ybull27\Local Settings\{6BD13AB3-05C6-4E87-9D47-E17F859D5B24}
2012-09-29 20:43 - 2012-09-29 20:43 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{6BD13AB3-05C6-4E87-9D47-E17F859D5B24}
2012-09-28 17:59 - 2012-09-28 17:59 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{3DD13BA4-4FA9-4962-AC9B-ED66D084602E}
2012-09-28 17:59 - 2012-09-28 17:59 - 00000000 ___DC C:\Users\ybull27\Local Settings\{3DD13BA4-4FA9-4962-AC9B-ED66D084602E}
2012-09-28 17:59 - 2012-09-28 17:59 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{3DD13BA4-4FA9-4962-AC9B-ED66D084602E}
2012-09-27 20:29 - 2012-09-27 20:29 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{4DE2A620-F794-43CC-81EA-044055DD95D4}
2012-09-27 20:29 - 2012-09-27 20:29 - 00000000 ___DC C:\Users\ybull27\Local Settings\{4DE2A620-F794-43CC-81EA-044055DD95D4}
2012-09-27 20:29 - 2012-09-27 20:29 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{4DE2A620-F794-43CC-81EA-044055DD95D4}
2012-09-26 17:36 - 2012-09-26 17:36 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{10519FF1-DF8B-4210-9D6E-0784FA50DFAA}
2012-09-26 17:36 - 2012-09-26 17:36 - 00000000 ___DC C:\Users\ybull27\Local Settings\{10519FF1-DF8B-4210-9D6E-0784FA50DFAA}
2012-09-26 17:36 - 2012-09-26 17:36 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{10519FF1-DF8B-4210-9D6E-0784FA50DFAA}
==================== 3 Months Modified Files ==================
2012-10-17 22:31 - 2011-08-14 12:44 - 00000900 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-17 22:23 - 2012-04-12 19:08 - 00000830 ___AC C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-17 22:05 - 2011-08-14 12:44 - 00000896 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-14 18:49 - 2009-07-14 00:10 - 01757610 ___AC C:\Windows\WindowsUpdate.log
2012-10-14 18:44 - 2010-08-03 16:48 - 00002760 ___AC C:\Users\ybull27\Application Data\wklnhst.dat
2012-10-14 18:44 - 2010-08-03 16:48 - 00002760 ___AC C:\Users\ybull27\AppData\Roaming\wklnhst.dat
2012-10-13 16:41 - 2012-10-13 16:41 - 00001568 ___AC C:\Users\Public\Desktop\iTunes.lnk
2012-10-13 16:41 - 2012-10-13 16:41 - 00001568 ___AC C:\Users\All Users\Desktop\iTunes.lnk
2012-10-13 16:24 - 2012-06-16 01:16 - 00006328 ___AC C:\Windows\setupact.log
2012-10-11 19:15 - 2012-08-27 23:11 - 00002340 ___AC C:\Users\Public\Desktop\Google Chrome.lnk
2012-10-11 19:15 - 2012-08-27 23:11 - 00002340 ___AC C:\Users\All Users\Desktop\Google Chrome.lnk
2012-10-10 18:04 - 2009-07-13 23:45 - 00014240 __AHC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-10 18:04 - 2009-07-13 23:45 - 00014240 __AHC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-09 23:00 - 2012-04-12 19:08 - 00696760 ___AC (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-09 23:00 - 2011-05-19 13:40 - 00073656 ___AC (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-26 17:33 - 2009-07-14 00:08 - 00000006 __AHC C:\Windows\Tasks\SA.DAT
2012-09-26 17:32 - 2010-05-16 20:27 - 00567412 ___AC C:\Windows\PFRO.log
2012-08-30 20:44 - 2012-01-19 22:59 - 00001976 ___AC C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-08-30 20:44 - 2012-01-19 22:59 - 00001976 ___AC C:\Users\All Users\Desktop\Adobe Reader 9.lnk
2012-08-21 15:01 - 2012-10-13 16:41 - 00033240 ___AC (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-08-21 15:01 - 2010-08-04 19:50 - 00125872 ___AC (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-08-21 15:01 - 2010-08-04 19:50 - 00106928 ___AC (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-08-12 16:43 - 2011-12-24 12:21 - 00001102 ___AC C:\Users\Public\Desktop\Zune.lnk
2012-08-12 16:43 - 2011-12-24 12:21 - 00001102 ___AC C:\Users\All Users\Desktop\Zune.lnk
ZeroAccess:
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\00000004.@
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\201d3dde
ZeroAccess:
C:\Users\ybull27\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}
C:\Users\ybull27\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L
C:\Users\ybull27\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
TDL4: custom:26000022 <===== ATTENTION!
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 11%
Total physical RAM: 5940.51 MB
Available physical RAM: 5250.94 MB
Total Pagefile: 5938.66 MB
Available Pagefile: 5248.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions =============================
1 Drive c: (OS) (Fixed) (Total:58.59 GB) (Free:3.94 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:2.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive d: detected. Check for MBR/Partition infection.
5 Drive g: () (Removable) (Total:7.82 GB) (Free:7.82 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 527 GB
Disk 1 No Media 0 B 0 B
Disk 2 Online 8028 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 9 GB 101 MB
Partition 3 Primary 58 GB 9 GB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 100 MB Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 9 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 58 GB Healthy
=========================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 8027 MB 336 KB
==================================================================================
Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 8027 MB Healthy
=========================================================
Last Boot: 2012-08-12 21:43
==================== End Of Log =============================
I am trying to help him through my pc please help us he only has a few more days left with me then he goes home where i can't help him. Thanks for all the help =)
CBoe/Wildersteak