Inactive Virus/Malware Help

finnclrk4

Posts: 44   +0
A few days ago my PC started acting strangely. I keep getting notifications from windows action center telling me to enable virus protection and a firewall. When I try to enable my virus protection software (Norton 360) it does nothing and when I try to enable windows firewall I get the message "Action Center can't turn on Windows Firewall." Then when I click on "Turn Windows Firewall on manually." it tells me to Update my firewall settings, so clicked on "Use recommended settings" and it comes up with the message "Windows Firewall can't change some of your settings. Error code 0x8007042c."
When I try to open Norton, nothing happens and Windows tells me that it is turned off but I can't open it in anyway. I also cannot download any Anti-virus software as the download will crash. I even tried doing a scan from Norton Bootable Recovery Tools but the scan gets stuck on "Preparing Scan". I looked this up and apparently this is because the infection is stopping Norton from accessing my drive?

I can download malware removal tools though such as MalwareBytes and Spybot Search & Destroy but any programs like this tell me that there is no problem with my computer or my computer will BSOD or the scan will crash. I also get BSODs frequently, all with different errors and I can't keep any program open for more then half an hour without it crashing and anytime I try to run a program like Norton Power Eraser it crashes!

I also got an error on Internet Explorer which said "A malfunctioning or malicious add-on has caused Internet Explorer to close this webpage" and when I tried to click on "Manage Add-ons" I got a BSOD! After this BSOD I tried to go on "manage add-ons" again but every time I tried Internet Explorer would crash. I restarted the PC and tried again and this time I got onto the manage add ons but I could not see anything that could be harmful.

I have no idea what to do as I have tried everything. Please help!
 
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
I could not run an Anti Virus scan as any anti virus program I try to download or update crashes but here are the MalwareBytes and DDS logs:
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.31.01

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Finn :: FINN-PC [administrator]

Protection: Disabled

31/05/2013 01:33:29
mbam-log-2013-05-31 (01-33-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205940
Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
DDS log.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385
Run by Finn at 1:44:23 on 2013-05-31
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.6143.4705 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Microsoft Security Essentials *Enabled/Outdated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Norton 360\Engine\5.0.2.1\ccSvcHst.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mWinlogon: Userinit = userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.0.2.1\CoIEPlg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.0.2.1\IPS\IPSBHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.0.2.1\CoIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.0.2.1\CoIEPlg.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{A651C1AC-EC57-4725-8865-F7B31D3BA313} : DHCPNameServer = 192.168.1.254
SSODL: WebCheck - <orphaned>
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0500020.001\SymDS64.sys [2013-5-23 450608]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0500020.001\SymEFA64.sys [2013-5-23 802864]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20101201.001\IDSviA64.sys [2013-5-23 476792]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0500020.001\symnets.sys [2013-5-23 382072]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.0.2.1\ccSvcHst.exe [2013-5-23 130000]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-5-30 1153368]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2013-5-23 953904]
S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0500020.001\Ironx64.sys [2013-5-23 171128]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2013-05-31 00:30:5925928----a-w-C:\Windows\System32\drivers\mbam.sys
2013-05-31 00:02:25--------d-----w-C:\Program Files (x86)\Microsoft Security Client
2013-05-31 00:02:15--------d-----w-C:\Program Files\Microsoft Security Client
2013-05-31 00:02:00374664----a-w-C:\Windows\System32\drivers\netio.sys
2013-05-31 00:02:001898376----a-w-C:\Windows\System32\drivers\tcpip.sys
2013-05-30 21:49:03333312-c----w-C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_WinD_56a819e11c4b31de61f89786f9c5a4b6a71435c_cab_0b26557f\lsm.exe
2013-05-30 21:46:59247808-c----w-C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_WinD_513faba674c7a3d5a9afa85f673794f9c1be1ef_cab_076c72ed\ieui.dll
2013-05-30 20:00:242622464----a-w-C:\Windows\System32\wucltux.dll
2013-05-30 18:52:434167680----a-w-C:\Program Files (x86)\GUT279D.tmp
2013-05-30 18:52:43--------d-----w-C:\Program Files (x86)\GUM278D.tmp
2013-05-30 17:54:42--------d-----w-C:\ProgramData\Spybot - Search & Destroy
2013-05-30 17:54:42--------d-----w-C:\Program Files (x86)\Spybot - Search & Destroy
2013-05-30 14:54:289460464----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5AF81219-F756-431E-9F96-42A282D02778}\mpengine.dll
2013-05-30 14:54:28278800------w-C:\Windows\System32\MpSigStub.exe
2013-05-29 22:02:571579520----a-w-C:\Windows\System32\athrx.sys
2013-05-29 21:54:131579520----a-w-C:\Windows\System32\drivers\athrx.sys
2013-05-29 19:40:40--------d-----w-C:\Users\Finn\AppData\Roaming\Spotify
2013-05-29 18:24:48--------d--h--w-C:\VritualRoot
2013-05-29 18:05:12--------d-----w-C:\ProgramData\Comodo
2013-05-29 18:05:09--------d-----w-C:\Program Files\COMODO
2013-05-29 17:24:00--------d-----w-C:\Users\Finn\AppData\Roaming\SUPERAntiSpyware.com
2013-05-29 17:23:54--------d-----w-C:\ProgramData\SUPERAntiSpyware.com
2013-05-29 17:23:54--------d-----w-C:\Program Files\SUPERAntiSpyware
2013-05-29 17:14:32--------d-----w-C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-05-29 16:44:36--------d-----w-C:\Users\Finn\AppData\Local\NPE
2013-05-29 15:20:02--------d-----w-C:\Users\Finn\AppData\Roaming\Malwarebytes
2013-05-29 15:19:52--------d-----w-C:\ProgramData\Malwarebytes
2013-05-29 15:19:51--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-29 15:19:39--------d-----w-C:\Users\Finn\AppData\Local\Programs
2013-05-29 13:32:20--------d-----w-C:\Users\Finn\AppData\Roaming\uTorrent
2013-05-29 12:57:00--------d-----w-C:\ProgramData\AVAST Software
2013-05-29 12:57:00--------d-----w-C:\Program Files\AVAST Software
2013-05-29 12:34:59--------d-----w-C:\Windows\SysWow64\%LOCALAPPDATA%
2013-05-29 11:50:16--------d-----w-C:\Users\Finn\AppData\Local\Google
2013-05-29 11:49:56--------d-----w-C:\Users\Finn\AppData\Local\Apps
2013-05-29 11:49:55--------d-----w-C:\Users\Finn\AppData\Local\Deployment
2013-05-29 10:26:03--------d-----w-C:\ProgramData\TP-LINK
2013-05-28 22:23:16--------d-----w-C:\Windows\System32\%LOCALAPPDATA%
2013-05-28 13:49:225371088----a-w-C:\ProgramData\pclunst.exe
2013-05-28 13:49:15--------d-----w-C:\ProgramData\PC1Data
2013-05-28 13:49:15--------d-----w-C:\ProgramData\PC Cleaners
2013-05-28 12:38:58--------d-----w-C:\Users\Finn\AppData\Local\Diagnostics
2013-05-27 21:24:22--------d-----w-C:\Program Files (x86)\Common Files\Symantec Shared
2013-05-26 17:03:44--------d-----w-C:\Users\Finn\AppData\Roaming\Mount&Blade Warband
2013-05-26 15:39:59--------d-----w-C:\Users\Finn\AppData\Local\CrashDumps
2013-05-26 15:36:42--------d-----w-C:\Program Files (x86)\NVIDIA Corporation
2013-05-26 15:35:48--------d-----w-C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-05-26 15:28:39--------d-----w-C:\Program Files (x86)\2K Games
2013-05-26 12:44:33--------d-----w-C:\Users\Finn\AppData\Local\2K Games
2013-05-26 12:29:45--------d-----w-C:\Program Files (x86)\Rockstar Games
2013-05-26 12:29:24696320----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2013-05-26 12:29:2457344----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2013-05-26 12:29:245632----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2013-05-26 12:29:2432768----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2013-05-26 12:29:24237568----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2013-05-26 12:29:24155648----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2013-05-26 12:29:23282756----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2013-05-26 12:29:23163972----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2013-05-26 11:50:00--------d-----w-C:\Users\Finn\AppData\Local\Microsoft Games
2013-05-24 03:49:14--------d-----w-C:\NBRT
2013-05-23 19:19:53--------d-----w-C:\Windows\System32\drivers\N360x64\0500020.001
2013-05-23 19:19:53--------d-----w-C:\Windows\System32\drivers\N360x64
2013-05-23 19:19:51--------d-----w-C:\ProgramData\Norton
2013-05-23 19:19:51--------d-----w-C:\Program Files (x86)\Norton 360
2013-05-23 19:18:08--------d-----w-C:\ProgramData\NortonInstaller
2013-05-23 19:18:08--------d-----w-C:\Program Files (x86)\NortonInstaller
2013-05-23 19:10:53--------d-----w-C:\Users\Finn\AppData\Local\Skyrim
2013-05-23 19:08:5981768----a-w-C:\Windows\SysWow64\xinput1_3.dll
2013-05-23 19:01:18--------d-----w-C:\Program Files (x86)\The Elder Scrolls V Skyrim
2013-05-23 18:59:33--------d-----w-C:\Users\Finn\AppData\Local\ElevatedDiagnostics
2013-05-23 17:48:48--------d-----w-C:\Program Files (x86)\Steam
2013-05-23 17:48:17--------d-----w-C:\Users\Finn\048298C9A4D3490B9FF9AB023A9238F3.TMP
2013-05-23 17:48:16--------d-sh--w-C:\Windows\Installer
2013-05-23 07:48:13--------d-----w-C:\Windows\Panther
2013-05-23 07:47:58--------d-sh--w-C:\Boot
2013-05-23 00:48:37651264----a-r-C:\Windows\SysWow64\libeay32.dll
2013-05-23 00:48:37450560----a-r-C:\Windows\SysWow64\AegisE5.dll
2013-05-23 00:48:37327680----a-r-C:\Windows\SysWow64\AegisE2.dll
2013-05-23 00:48:37147456----a-r-C:\Windows\SysWow64\ssleay32.dll
2013-05-23 00:48:37114688----a-w-C:\Windows\SysWow64\athcfg10.dll
2013-05-23 00:17:53--------d-----w-C:\Users\Finn\AppData\Local\Innovative Solutions
2013-05-23 00:16:38--------d-----w-C:\Program Files (x86)\Elaborate Bytes
2013-05-22 23:12:46--------dc----w-C:\Users\Finn\AppData\Local\MigWiz
2013-05-22 23:02:27--------d-sh--w-C:\Recovery
2013-05-20 19:12:26--------d-----w-C:\Games
2013-05-19 10:54:2797176----a-w-C:\Windows\SysWow64\ElbyCDIO.dll
2013-05-19 02:00:52--------d-----w-C:\d6196d965d6b437a870f139d18359e
2013-05-16 15:00:06--------d-----w-C:\Uninstall
2013-05-16 15:00:06--------d-----w-C:\src
2013-05-14 19:39:02--------d-----w-C:\SWSetup
2013-05-13 18:27:46--------d-----w-C:\NVIDIA
2013-05-12 20:46:45--------d-----w-C:\08fc8c25c373be2b65
.
==================== Find3M ====================
.
2013-05-23 19:20:24174640----a-w-C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-04-25 01:37:57129944----a-w-C:\Windows\SysWow64\ElbyVCD.dll
2013-03-11 00:49:1236352----a-w-C:\Windows\System32\drivers\VClone.sys
2013-03-04 12:24:2740344----a-w-C:\Windows\System32\drivers\ElbyCDIO.sys
.

============= FINISH: 1:44:44.01 ===============
 
And the DDS Attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 22/05/2013 23:55:56
System Uptime: 31/05/2013 01:26:07 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Berkeley
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | CPU 1 | 2331/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 253.197 GiB free.
D: is FIXED (NTFS) - 373 GiB total, 370.458 GiB free.
E: is CDROM ()
F: is Removable
G: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP33: 30/05/2013 20:59:24 - Windows Backup
RP34: 30/05/2013 20:59:39 - Windows Update
RP35: 30/05/2013 21:01:34 - Windows Backup
RP36: 31/05/2013 01:01:16 - Windows Update
.
==== Installed Programs ======================
.
Grand Theft Auto Vice City
Mafia II
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Norton 360
NVIDIA PhysX
PC Cleaners
Spybot - Search & Destroy
TL-WN851ND Driver
VirtualCloneDrive
WinRAR 5.00 beta 4 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
31/05/2013 01:42:32, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR8.
31/05/2013 01:34:31, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start.
31/05/2013 01:34:31, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007042c Error description: The dependency service or group failed to start.
31/05/2013 01:34:31, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007042c Error description: The dependency service or group failed to start.
31/05/2013 01:34:31, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
31/05/2013 01:34:30, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.
31/05/2013 01:34:30, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
31/05/2013 01:34:30, Error: Service Control Manager [7001] - The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error: The dependency service or group failed to start.
31/05/2013 01:33:55, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007000d Error description: The data is invalid.
31/05/2013 01:33:55, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007000d Error description: The data is invalid.
31/05/2013 01:33:55, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007000d Error description: The data is invalid.
31/05/2013 01:31:34, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
31/05/2013 01:30:00, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
31/05/2013 01:30:00, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
31/05/2013 01:29:58, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR7.
31/05/2013 01:28:23, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Windows\System32\config\COMPONENTS' was corrupted and it has been recovered. Some data might have been lost.
31/05/2013 01:26:39, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 SymIRON
31/05/2013 01:26:35, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff88006b51418, 0xfffff88006b50c70, 0xfffff80002a5936d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053113-21902-01.
31/05/2013 01:26:32, Error: Service Control Manager [7023] - The Diagnostic Policy Service service terminated with the following error: Access is denied.
31/05/2013 01:26:32, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
31/05/2013 01:24:23, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
31/05/2013 01:24:23, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
31/05/2013 01:24:23, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
31/05/2013 01:24:23, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
31/05/2013 01:24:23, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
31/05/2013 01:24:23, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
31/05/2013 01:24:23, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
31/05/2013 01:24:23, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
31/05/2013 01:24:23, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
31/05/2013 01:24:23, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
31/05/2013 01:24:23, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
31/05/2013 01:24:23, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
31/05/2013 01:24:23, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
31/05/2013 01:23:17, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff96000169f72, 0xfffff880049f7060, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053113-24632-01.
31/05/2013 01:18:19, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: Finn-PC\Finn Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007042c Error description: The dependency service or group failed to start.
31/05/2013 01:18:18, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: Finn-PC\Finn Error Code: 0x8007042c Error description: The dependency service or group failed to start.
31/05/2013 01:18:18, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: Finn-PC\Finn Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
31/05/2013 01:18:08, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Finn-PC\Finn Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007000d Error description: The data is invalid.
31/05/2013 01:18:08, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Finn-PC\Finn Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007000d Error description: The data is invalid.
31/05/2013 01:14:45, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
31/05/2013 01:14:45, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
31/05/2013 00:59:53, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
30/05/2013 23:35:23, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff80002bba36b, 0xfffff88002b796f8, 0xfffff88002b78f50). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053013-18517-01.
30/05/2013 23:29:07, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000034 (0x0000000000050830, 0xfffff88002fb0768, 0xfffff88002faffc0, 0xfffff80002e3e06b). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053013-21980-01.
30/05/2013 23:23:35, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume1.
30/05/2013 23:23:33, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
30/05/2013 23:17:47, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff880076e2848, 0xfffff880076e20a0, 0xfffff88001504dbb). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053013-22167-01.
30/05/2013 23:10:02, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffda80059e55b8, 0x0000000000000001, 0xfffff80002a6d85e, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053013-19359-01.
30/05/2013 23:04:10, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffd8a003156b68, 0x0000000000000000, 0xfffff80002bfa0bf, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053013-19172-01.
30/05/2013 23:01:26, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 3 time(s).
30/05/2013 23:01:26, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 3 time(s).
30/05/2013 23:01:26, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
30/05/2013 23:01:26, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147023174
30/05/2013 23:01:20, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Cryptographic Services service, but this action failed with the following error: An instance of the service is already running.
30/05/2013 23:01:15, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 2 time(s).
30/05/2013 23:01:15, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
30/05/2013 23:00:20, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
30/05/2013 23:00:20, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
30/05/2013 23:00:20, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
30/05/2013 23:00:20, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
30/05/2013 22:59:03, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffda8005178728, 0x0000000000000000, 0xfffff80002ba50bf, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053013-43914-01.
30/05/2013 22:49:03, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
30/05/2013 22:46:59, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
30/05/2013 22:38:09, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xffffda8005581460, 0x0000000000000002, 0x0000000000000001, 0xfffff80002a920d6). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053013-21559-01.
30/05/2013 21:12:36, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024d00f: Windows Update Setup Handler.
30/05/2013 21:12:23, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffffff00000000, 0x0000000000000001, 0xfffff80002e3681b, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053013-32526-01.
30/05/2013 21:01:31, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
30/05/2013 20:58:38, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
30/05/2013 20:55:02, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
30/05/2013 20:55:02, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
30/05/2013 20:55:02, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
30/05/2013 20:55:02, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
30/05/2013 20:54:02, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
30/05/2013 20:54:02, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
30/05/2013 20:54:02, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
30/05/2013 20:54:02, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
30/05/2013 20:54:02, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
30/05/2013 20:54:02, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
30/05/2013 20:54:02, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
30/05/2013 20:54:02, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
30/05/2013 20:54:02, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
30/05/2013 20:54:02, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
30/05/2013 20:14:44, Error: Service Control Manager [7003] - The UPnP Device Host service depends the following service: SSDPSRV. This service might not be installed.
30/05/2013 20:13:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1075" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
30/05/2013 20:00:33, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff88006d29758, 0xfffff88006d28fb0, 0xfffff80002aa49ba). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053013-57408-01.
30/05/2013 19:22:22, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041201, 0xfffff68000001c88, 0x81d000012f92d867, 0xfffffa8007d1cee0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053013-20685-01.
30/05/2013 18:48:25, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
30/05/2013 18:48:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
30/05/2013 18:48:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
30/05/2013 18:48:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
30/05/2013 18:48:17, Error: Microsoft-Windows-Eventlog [106] - Corruption was detected in the log for the Microsoft-Windows-Known Folders API Service channel and some data was erased.
30/05/2013 18:48:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
30/05/2013 18:48:09, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache eeCtrl ElbyCDIO IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6
30/05/2013 15:48:37, Error: Service Control Manager [7023] - The DHCP Client service terminated with the following error: Access is denied.
30/05/2013 15:48:37, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The operation completed successfully.
30/05/2013 15:48:37, Error: Microsoft-Windows-Dhcp-Client [50038] - An error occurred in initializing DHCPv4. Error Code is 0x5
30/05/2013 15:48:37, Error: Microsoft-Windows-Dhcp-Client [1004] - Error occurred in stopping the Dhcpv4 Client service. Error code is 0x5. ShutDown Flag value is 0
30/05/2013 15:45:06, Error: Service Control Manager [7024] - The Network Location Awareness service terminated with service-specific error %%-1073741288.
30/05/2013 15:45:06, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The operation completed successfully.
30/05/2013 15:44:51, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The service has not been started.
30/05/2013 15:44:42, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
29/05/2013 22:51:41, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.
29/05/2013 21:11:11, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 9 time(s).
29/05/2013 21:11:03, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Error Reporting Service service, but this action failed with the following error: An instance of the service is already running.
29/05/2013 21:10:55, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 8 time(s).
29/05/2013 21:10:39, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 7 time(s).
29/05/2013 21:10:23, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 6 time(s).
29/05/2013 21:10:07, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 5 time(s).
29/05/2013 21:09:51, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 4 time(s).
29/05/2013 21:09:35, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 3 time(s).
29/05/2013 21:09:19, Error: Service Control Manager [7031] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
29/05/2013 21:09:03, Error: Service Control Manager [7031] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/05/2013 21:06:45, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl
29/05/2013 21:06:42, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffd8a002fdea60, 0x0000000000000000, 0xfffff80002fa7d9c, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052913-17394-01.
29/05/2013 20:59:10, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffd8a002e88a40, 0x0000000000000000, 0xfffff80002f525ba, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052913-18813-01.
29/05/2013 20:52:58, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x0000000000000003, 0xfffff8a011e17820, 0xfffff8a011e17820, 0x0000000010000230). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052913-20436-01.
29/05/2013 19:43:16, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cmdGuard discache eeCtrl ElbyCDIO SASDIFSV SASKUTIL spldr Wanarpv6
29/05/2013 19:43:14, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffd900c29c6010, 0x0000000000000000, 0xfffff80002dedf8c, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052913-19890-01.
29/05/2013 19:16:29, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
29/05/2013 19:11:29, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
29/05/2013 19:11:29, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
29/05/2013 19:11:29, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
29/05/2013 19:11:29, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
29/05/2013 19:11:29, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
29/05/2013 19:11:29, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
29/05/2013 19:11:29, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/05/2013 19:11:29, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
29/05/2013 19:11:29, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/05/2013 19:11:29, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
29/05/2013 19:06:11, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
29/05/2013 19:00:47, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
29/05/2013 18:54:31, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff88008dd6578, 0xfffff88008dd5dd0, 0xfffff8800129b933). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052913-17440-01.
29/05/2013 18:26:55, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffffa8106097269, 0x0000000000000000, 0xfffff80002c82922, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052913-16988-01.
29/05/2013 18:05:32, Error: Service Control Manager [7024] - The Norton 360 service terminated with service-specific error %%-1.
29/05/2013 17:54:34, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffd8a002e27ba0, 0x0000000000000000, 0xfffff88001262ae2, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052913-17565-01.
29/05/2013 17:48:30, Error: Service Control Manager [7038] - The wscsvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
29/05/2013 17:48:30, Error: Service Control Manager [7038] - The WinDefend service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
29/05/2013 17:48:30, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not start due to a logon failure.
29/05/2013 17:48:30, Error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The service did not start due to a logon failure.
29/05/2013 17:48:03, Error: LsaSrv [5000] - The security package Microsoft Unified Security Protocol Provider generated an exception. The exception information is the data.
29/05/2013 14:58:43, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffd900c23f3300, 0x0000000000000000, 0xfffff80002db6f8c, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052913-32557-01.
29/05/2013 14:23:22, Error: Service Control Manager [7030] - The Panda Software Controller service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
29/05/2013 13:47:08, Error: Service Control Manager [7034] - The Norton 360 service terminated unexpectedly. It has done this 4 time(s).
29/05/2013 13:40:08, Error: Service Control Manager [7034] - The Norton 360 service terminated unexpectedly. It has done this 3 time(s).
29/05/2013 13:37:44, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Norton 360 service, but this action failed with the following error: An instance of the service is already running.
29/05/2013 13:35:44, Error: Service Control Manager [7031] - The Norton 360 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/05/2013 13:34:59, Error: Service Control Manager [7031] - The Norton 360 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/05/2013 12:42:59, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffda80051786a8, 0x0000000000000000, 0xfffff80002bbc0bf, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052913-18938-01.
29/05/2013 12:03:49, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff880087e8758, 0xfffff880087e7fb0, 0xfffff80002ad69ba). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052913-21528-01.
29/05/2013 11:29:24, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: Access is denied.
29/05/2013 11:29:24, Error: Microsoft-Windows-Time-Service [46] - The time service encountered an error and was forced to shut down. The error was: 0x80070005: Access is denied.
28/05/2013 23:46:58, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000008884, 0xfffffa8003da33a0, 0xfffffa8003da03d0, 0x0000000000000502). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052813-16738-01.
28/05/2013 23:23:16, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: A system shutdown has already been scheduled.
28/05/2013 23:23:16, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled.
28/05/2013 23:23:16, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
28/05/2013 23:23:16, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
28/05/2013 23:23:16, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
28/05/2013 22:01:23, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff88004197d90, 0xfffff88005abe6a8, 0xfffff88005abdf00). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052813-15537-01.
28/05/2013 21:44:05, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80002ab5d84, 0xfffff88007da4960, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052813-16255-01.
28/05/2013 20:31:51, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffd8a007eee7f0, 0x0000000000000000, 0xfffff80002c05f8c, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052813-18844-01.
28/05/2013 20:01:49, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\DEFAULT' was corrupted and it has been recovered. Some data might have been lost.
28/05/2013 15:31:10, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR7.
28/05/2013 14:52:30, Error: Service Control Manager [7023] - The System Event Notification Service service terminated with the following error: Overlapped I/O operation is in progress.
28/05/2013 14:48:03, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x0000000000000022, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052813-327765-01.
28/05/2013 14:00:33, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR6.
28/05/2013 14:00:30, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
28/05/2013 13:43:44, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{c5549319-c331-11e2-a6f4-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{DB425F82-1722-4938-9BEC-D63C09D7B1DE}' was corrupted and it has been recovered. Some data might have been lost.
28/05/2013 13:43:00, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{c5549319-c331-11e2-a6f4-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{84268FB6-2872-44F8-8ABC-66FFCA5C71EE}' was corrupted and it has been recovered. Some data might have been lost.
28/05/2013 13:42:21, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{c5549319-c331-11e2-a6f4-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{6E52AD4A-C13D-4146-B221-0A3F9B681AEA}' was corrupted and it has been recovered. Some data might have been lost.
28/05/2013 13:41:29, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{c5549319-c331-11e2-a6f4-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{C1C72267-E27F-47E3-99F4-151C431E56B3}' was corrupted and it has been recovered. Some data might have been lost.
28/05/2013 13:40:17, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{c5549319-c331-11e2-a6f4-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{9A050859-D653-4C48-B3D6-D5644D802520}' was corrupted and it has been recovered. Some data might have been lost.
28/05/2013 13:39:30, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{c5549319-c331-11e2-a6f4-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D90E7332-D081-4066-8845-E48E9C149C89}' was corrupted and it has been recovered. Some data might have been lost.
28/05/2013 13:39:21, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{c5549319-c331-11e2-a6f4-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{33CE4826-D25A-4521-B0C6-5A30994F5D27}' was corrupted and it has been recovered. Some data might have been lost.
28/05/2013 13:38:33, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{c5549319-c331-11e2-a6f4-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{A48FC115-DB45-4637-9884-817557DA8E1C}' was corrupted and it has been recovered. Some data might have been lost.
.

==== End Of File ===========================
 
redtarget.gif
You're running two AV programs, MSE and Norton.
You must uninstall one of them.
If Norton use this tool: http://www.majorgeeks.com/files/details/norton_removal_tool.html

redtarget.gif
Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
RK Reports:
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Finn [Admin rights]
Mode : Scan -- Date : 05/31/2013 02:47:03
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200AAJS-65RYA0 ATA Device +++++
--- User ---
[MBR] 505c8e6daae433b29e0d25c7b28eb9c6
[BSP] 8e5db028d4964658b6060ac891226926 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 15 | Size: 305242 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Hitachi HDT725040VLA380 ATA Device +++++
--- User ---
[MBR] 2c043df87f43e5ae63cb9097c9d4de92
[BSP] 85ddd80b716ade4e5b6d4d08cf29ed94 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 381552 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: SanDisk Cruzer Edge USB Device +++++
--- User ---
[MBR] e79c919aca87a83678b308fedbf91267
[BSP] 1b38f8ae3e328652e35f8d6920e043a3 : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0x6e) [VISIBLE] Offset (sectors): 1948285285 | Size: 831044 Mo
3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 28049408 | Size: 0 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1]_S_05312013_02d0247.txt >>
RKreport[1]_S_05312013_02d0247.txt

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Finn [Admin rights]
Mode : Remove -- Date : 05/31/2013 02:49:23
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200AAJS-65RYA0 ATA Device +++++
--- User ---
[MBR] 505c8e6daae433b29e0d25c7b28eb9c6
[BSP] 8e5db028d4964658b6060ac891226926 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 15 | Size: 305242 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Hitachi HDT725040VLA380 ATA Device +++++
--- User ---
[MBR] 2c043df87f43e5ae63cb9097c9d4de92
[BSP] 85ddd80b716ade4e5b6d4d08cf29ed94 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 381552 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: SanDisk Cruzer Edge USB Device +++++
--- User ---
[MBR] e79c919aca87a83678b308fedbf91267
[BSP] 1b38f8ae3e328652e35f8d6920e043a3 : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0x6e) [VISIBLE] Offset (sectors): 1948285285 | Size: 831044 Mo
3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 28049408 | Size: 0 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2]_D_05312013_02d0249.txt >>
RKreport[1]_S_05312013_02d0247.txt ; RKreport[2]_D_05312013_02d0249.txt
 
MBAR Log:
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org
Database version: v2013.05.31.03
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Finn :: FINN-PC [administrator]
31/05/2013 13:34:14
mbar-log-2013-05-31 (13-34-14).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 240786
Time elapsed: 10 minute(s), 46 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)

System Log:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7600 Windows 7 x64
Account is Administrative
Internet Explorer version: 8.0.7600.16385
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.327000 GHz
Memory total: 6441721856, free: 5028560896
Downloaded database version: v2013.05.31.03
Downloaded database version: v2013.05.22.01
Initializing...
------------ Kernel report ------------
05/31/2013 13:34:09
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\e1e6032e.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\VClone.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\WinUsb.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\gdi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\usp10.dll
\Windows\System32\nsi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\iertutil.dll
\Windows\System32\normaliz.dll
\Windows\System32\urlmon.dll
\Windows\System32\msctf.dll
\Windows\System32\psapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\imagehlp.dll
\Windows\System32\shell32.dll
\Windows\System32\sechost.dll
\Windows\System32\Wldap32.dll
\Windows\System32\advapi32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\user32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\lpk.dll
\Windows\System32\ws2_32.dll
\Windows\System32\ole32.dll
\Windows\System32\wininet.dll
\Windows\System32\imm32.dll
\Windows\System32\setupapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR7
Upper Device Object: 0xfffffa8005aba060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007b\
Lower Device Object: 0xfffffa80056156b0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa800721e060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000070\
Lower Device Object: 0xfffffa8007229060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa800721d060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006f\
Lower Device Object: 0xfffffa8007228060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800721c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006e\
Lower Device Object: 0xfffffa8007227b70
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800721b060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006d\
Lower Device Object: 0xfffffa800720a060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8006195790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
Lower Device Object: 0xfffffa8005ca5060
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006194330
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-2\
Lower Device Object: 0xfffffa8005ca9060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006194330, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006195040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006194330, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005174e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005ca9060, DeviceName: \Device\Ide\IdeDeviceP0T1L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 15 Numsec = 625136823
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320072933376 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-14-625122448-625142448)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8006195790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006196040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006195790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005ca3520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005ca5060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B3AE006C
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 781418496
Partition file system is NTFS
Partition is not bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 400088457216 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800721b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800721a430, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800721b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800720a060, DeviceName: \Device\0000006d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800721c060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800721bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800721c060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007227b70, DeviceName: \Device\0000006e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa800721d060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800721cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800721d060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007228060, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa800721e060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800721db90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800721e060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007229060, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 512
Drive: 6, DevicePointer: 0xfffffa8005aba060, DeviceName: \Device\Harddisk6\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800554e7b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005aba060, DeviceName: \Device\Harddisk6\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80056156b0, DeviceName: \Device\0000007b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk6\DR7\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 6
Scanning MBR on drive 6...
Inspecting partition table:
Partition information:
This drive is a Single Partition removable Drive.
Partition file system is FAT32
Partition is not bootable
Disk Size: 4022337024 bytes
Sector size: 512 bytes
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_15_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_1_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_6_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_6_r.mbam...
Removal finished
 
redtarget.gif
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

redtarget.gif
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
I tried to run ComboFix three times, each time combofix crashed with a BSOD. Now on the 4th try I have gotten an error saying "!! ALERT !! It is NOT SAFE to continue! The contents of the ComboFix package has been compromised. Please download a fresh copy from: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Note: You may be infected with a file patching virus 'Virut'

How should I proceed?

Please answer A.S.A.P
 
Virut (if it checks out) is not a good news.

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
 
I run ComboFix and it gets to Stage 50 and tells me that I have some infected files and then reboots my computer but once my computer has started up again, nothing happens. Is ComboFix done?
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.[/*]
  • Press Scan button.[/*]
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.[/*]
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.[/*]
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2013 01
Ran by Finn (administrator) on 31-05-2013 19:42:33
Running from C:\Users\Finn\Desktop
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://uk.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=GB&ver=5
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
PDF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
PDF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
PDF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000}
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Chrome:
=======
CHR RestoreOnStartup: "hxxp://google.co.uk/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Extension: (Angry Birds) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0
CHR Extension: (Google Docs) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Burning Guitar) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdiejcapkjkibllbcobbohjibfkoogmj\1_0
CHR Extension: (YouTube) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Facebook Disconnect) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.13_0
CHR Extension: (Gmail) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Finn\AppData\Local\Temp\catchme.sys [x]
R1 ElbyCDIO; System32\Drivers\ElbyCDIO.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-31 19:42 - 2013-05-31 19:42 - 00000000 ____D C:\FRST
2013-05-31 19:42 - 2013-05-31 19:40 - 01915980 ____A (Farbar) C:\Users\Finn\Desktop\FRST64.exe
2013-05-31 19:21 - 2013-05-31 19:29 - 00000000 ____D C:\ComboFix
2013-05-31 19:15 - 2013-05-31 19:16 - 00000161 ____A C:\Users\Finn\Desktop\catchme.log
2013-05-31 19:08 - 2013-05-31 19:05 - 05076038 ____R (Swearware) C:\Users\Finn\Desktop\ComboFix.exe
2013-05-31 19:00 - 2013-05-31 19:00 - 00287096 ____A C:\Windows\Minidump\053113-23961-01.dmp
2013-05-31 18:41 - 2013-05-31 18:41 - 00000070 ____A C:\Users\Finn\Desktop\ESETScan.txt
2013-05-31 17:55 - 2013-05-31 17:55 - 00286840 ____A C:\Windows\Minidump\053113-29359-01.dmp
2013-05-31 17:48 - 2013-05-31 17:48 - 00000000 ___HD C:\Windows\AxInstSV
2013-05-31 17:48 - 2013-05-31 17:48 - 00000000 ____D C:\Program Files (x86)\ESET
2013-05-31 17:27 - 2013-05-31 17:27 - 00285520 ____A C:\Windows\Minidump\053113-28735-01.dmp
2013-05-31 17:14 - 2013-05-31 17:14 - 00286000 ____A C:\Windows\Minidump\053113-28594-01.dmp
2013-05-31 17:11 - 2013-05-31 19:29 - 00000000 ____D C:\Windows\erdnt
2013-05-31 17:11 - 2013-05-31 17:11 - 00000000 ____D C:\Qoobox
2013-05-31 17:11 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe
2013-05-31 17:11 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe
2013-05-31 17:11 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-05-31 17:11 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-05-31 17:11 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-05-31 17:11 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe
2013-05-31 17:11 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe
2013-05-31 17:11 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe
2013-05-31 16:46 - 2013-05-31 16:46 - 00000000 ____D C:\Windows\System32\Macromed
2013-05-31 13:32 - 2013-05-31 13:46 - 00000000 ____D C:\Users\Finn\Desktop\mbar
2013-05-31 12:49 - 2013-05-31 12:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-05-31 03:37 - 2013-05-31 03:37 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-05-31 03:36 - 2013-05-31 19:29 - 00000000 ____D C:\ProgramData\NVIDIA
2013-05-31 03:36 - 2013-02-26 00:32 - 00061216 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2013-05-31 03:36 - 2013-02-26 00:32 - 00053024 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-05-31 03:36 - 2013-01-18 16:00 - 06390048 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2013-05-31 03:36 - 2013-01-18 16:00 - 03460896 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2013-05-31 03:36 - 2013-01-18 16:00 - 02558240 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2013-05-31 03:36 - 2013-01-18 16:00 - 00884512 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2013-05-31 03:36 - 2013-01-18 16:00 - 00118560 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2013-05-31 03:36 - 2013-01-18 16:00 - 00063776 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2013-05-31 03:35 - 2013-05-31 03:37 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-05-31 03:35 - 2013-05-31 03:35 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-05-31 03:24 - 2013-05-31 03:24 - 00288008 ____A C:\Windows\Minidump\053113-21340-01.dmp
2013-05-31 03:22 - 2013-05-31 03:22 - 00000000 ____D C:\Windows\CheckSur
2013-05-31 03:17 - 2013-05-31 13:04 - 00004369 ____A C:\Windows\IE9_main.log
2013-05-31 03:09 - 2012-03-01 07:54 - 00022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2013-05-31 03:09 - 2012-03-01 07:45 - 00220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-05-31 03:09 - 2012-03-01 07:40 - 00080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2013-05-31 03:09 - 2012-03-01 07:35 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2013-05-31 03:09 - 2012-03-01 06:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-05-31 03:09 - 2012-03-01 06:45 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-05-31 03:09 - 2012-03-01 06:40 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2013-05-31 03:01 - 2010-03-04 05:32 - 00243712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
2013-05-31 02:49 - 2013-05-31 02:49 - 00002052 ____A C:\Users\Finn\Desktop\RKreport[2]_D_05312013_02d0249.txt
2013-05-31 02:47 - 2013-05-31 02:47 - 00001999 ____A C:\Users\Finn\Desktop\RKreport[1]_S_05312013_02d0247.txt
2013-05-31 02:45 - 2013-05-31 02:45 - 00791040 ____A C:\Users\Finn\Desktop\RogueKillerX64.exe
2013-05-31 02:41 - 2013-05-31 02:48 - 00000000 ____D C:\Users\Finn\Desktop\RK_Quarantine
2013-05-31 01:45 - 2013-05-31 01:45 - 00048194 ____A C:\Users\Finn\Desktop\attach.txt
2013-05-31 01:45 - 2013-05-31 01:44 - 00013380 ____A C:\Users\Finn\Desktop\dds.txt
2013-05-31 01:42 - 2013-05-31 01:41 - 00688992 ____R (Swearware) C:\Users\Finn\Desktop\dds.com
2013-05-31 01:31 - 2013-05-31 01:31 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-31 01:30 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-31 01:26 - 2013-05-31 01:26 - 00284872 ____A C:\Windows\Minidump\053113-21902-01.dmp
2013-05-31 01:23 - 2013-05-31 01:23 - 00285256 ____A C:\Windows\Minidump\053113-24632-01.dmp
2013-05-31 01:17 - 2012-05-14 06:20 - 00956416 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2013-05-31 01:13 - 2012-09-25 23:39 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2013-05-31 01:13 - 2012-09-25 22:55 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-05-31 01:13 - 2012-06-16 06:25 - 00850944 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-31 01:13 - 2012-06-16 06:25 - 00609792 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-31 01:13 - 2012-06-16 05:37 - 00428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-31 01:13 - 2012-06-16 05:36 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-31 01:13 - 2012-04-07 13:18 - 03213824 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2013-05-31 01:13 - 2012-04-07 12:34 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2013-05-31 01:12 - 2013-03-02 06:49 - 01499648 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-31 01:12 - 2013-03-02 06:49 - 01198080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-31 01:12 - 2013-03-02 06:49 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-31 01:12 - 2013-03-02 06:44 - 01026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2013-05-31 01:12 - 2013-03-02 06:43 - 09377280 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-31 01:12 - 2013-03-02 06:43 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-31 01:12 - 2013-03-02 06:43 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-31 01:12 - 2013-03-02 06:43 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-31 01:12 - 2013-03-02 06:43 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-31 01:12 - 2013-03-02 06:43 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-31 01:12 - 2013-03-02 06:42 - 12405760 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-31 01:12 - 2013-03-02 06:42 - 02463744 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-31 01:12 - 2013-03-02 06:42 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-31 01:12 - 2013-03-02 06:42 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-31 01:12 - 2013-03-02 06:42 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-31 01:12 - 2013-03-02 06:06 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-31 01:12 - 2013-03-02 06:05 - 01230848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-31 01:12 - 2013-03-02 06:05 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-31 01:12 - 2013-03-02 06:02 - 06032384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-31 01:12 - 2013-03-02 06:02 - 00627200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-31 01:12 - 2013-03-02 06:02 - 00606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2013-05-31 01:12 - 2013-03-02 06:02 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-31 01:12 - 2013-03-02 06:02 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-05-31 01:12 - 2013-03-02 06:01 - 11019776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-31 01:12 - 2013-03-02 06:01 - 02077184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-31 01:12 - 2013-03-02 06:01 - 00381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-05-31 01:12 - 2013-03-02 06:01 - 00185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-05-31 01:12 - 2013-03-02 06:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-31 01:12 - 2013-03-02 06:01 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-31 01:12 - 2013-03-02 05:38 - 00482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-31 01:12 - 2013-03-02 05:03 - 00386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-05-31 01:12 - 2013-03-02 04:56 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-31 01:12 - 2013-03-02 04:56 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-31 01:12 - 2013-03-02 04:30 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-05-31 01:12 - 2013-03-02 04:29 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-31 01:12 - 2013-03-02 04:29 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-05-31 01:11 - 2013-01-24 06:41 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-05-31 01:11 - 2012-07-04 23:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2013-05-31 01:11 - 2012-07-04 23:01 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2013-05-31 01:11 - 2012-07-04 23:01 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2013-05-31 01:11 - 2012-07-04 22:26 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2013-05-31 01:11 - 2012-07-04 22:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2013-05-31 01:11 - 2012-05-05 09:30 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2013-05-31 01:11 - 2012-05-05 08:44 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2013-05-31 01:11 - 2011-02-18 07:33 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\prevhost.exe
2013-05-31 01:11 - 2011-02-18 06:33 - 00031232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2013-05-31 01:03 - 2013-05-31 01:03 - 00002154 ____A C:\Windows\epplauncher.mif
2013-05-31 01:02 - 2013-05-31 01:03 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-31 01:02 - 2013-05-31 01:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-05-31 01:02 - 2010-04-09 12:06 - 01898376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-05-31 01:02 - 2010-04-09 12:06 - 00374664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2013-05-31 00:59 - 2013-03-19 07:19 - 05497688 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-05-31 00:59 - 2013-03-19 06:54 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-05-31 00:59 - 2013-03-19 06:06 - 03958120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-05-31 00:59 - 2013-03-19 06:06 - 03902312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-05-31 00:59 - 2013-03-19 05:53 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-05-31 00:59 - 2013-03-19 04:19 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-05-30 23:35 - 2013-05-30 23:35 - 00284792 ____A C:\Windows\Minidump\053013-18517-01.dmp
2013-05-30 23:29 - 2013-05-30 23:29 - 00285112 ____A C:\Windows\Minidump\053013-21980-01.dmp
2013-05-30 23:17 - 2013-05-30 23:17 - 00284952 ____A C:\Windows\Minidump\053013-22167-01.dmp
2013-05-30 23:09 - 2013-05-30 23:10 - 00285448 ____A C:\Windows\Minidump\053013-19359-01.dmp
2013-05-30 23:04 - 2013-05-30 23:04 - 00284632 ____A C:\Windows\Minidump\053013-19172-01.dmp
2013-05-30 22:59 - 2013-05-30 22:59 - 00285896 ____A C:\Windows\Minidump\053013-43914-01.dmp
2013-05-30 22:51 - 2011-12-16 09:42 - 00634368 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2013-05-30 22:51 - 2011-12-16 08:59 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2013-05-30 22:51 - 2011-10-15 07:25 - 00723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2013-05-30 22:51 - 2011-10-15 06:48 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2013-05-30 22:51 - 2011-08-27 06:40 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2013-05-30 22:51 - 2011-08-27 06:40 - 00331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2013-05-30 22:51 - 2011-08-27 05:43 - 00571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-05-30 22:51 - 2011-08-27 05:43 - 00233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2013-05-30 22:51 - 2011-05-24 12:21 - 00404992 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2013-05-30 22:51 - 2011-05-24 11:34 - 00145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2013-05-30 22:51 - 2011-05-24 11:34 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2013-05-30 22:51 - 2011-05-24 11:34 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2013-05-30 22:51 - 2011-05-24 11:32 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2013-05-30 22:51 - 2011-02-23 06:15 - 00286720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2013-05-30 22:51 - 2011-02-23 06:15 - 00157696 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2013-05-30 22:51 - 2011-02-23 06:15 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2013-05-30 22:51 - 2011-02-23 06:15 - 00090624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2013-05-30 22:51 - 2011-02-12 07:14 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe
2013-05-30 22:51 - 2011-02-05 13:41 - 00640896 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2013-05-30 22:51 - 2011-02-05 13:41 - 00556928 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2013-05-30 22:51 - 2011-02-05 13:41 - 00020352 ____A (Microsoft Corporation) C:\Windows\System32\kdusb.dll
2013-05-30 22:51 - 2011-02-05 13:41 - 00019328 ____A (Microsoft Corporation) C:\Windows\System32\kd1394.dll
2013-05-30 22:51 - 2011-02-05 13:41 - 00017792 ____A (Microsoft Corporation) C:\Windows\System32\kdcom.dll
2013-05-30 22:51 - 2011-02-05 13:39 - 00603976 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2013-05-30 22:51 - 2011-02-05 13:39 - 00518160 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2013-05-30 22:51 - 2010-12-18 07:12 - 03138048 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-05-30 22:51 - 2010-12-18 07:08 - 01097216 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-05-30 22:51 - 2010-12-18 06:30 - 02690560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-05-30 22:51 - 2010-12-18 06:26 - 01034240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-05-30 22:51 - 2010-10-16 06:23 - 00112000 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-30 22:51 - 2010-08-31 05:32 - 00954752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc40.dll
2013-05-30 22:51 - 2010-08-31 05:32 - 00954288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc40u.dll
2013-05-30 22:51 - 2009-08-29 08:50 - 00046592 ____A (Microsoft Corporation) C:\Windows\System32\msasn1.dll
2013-05-30 22:51 - 2009-08-29 07:57 - 00034816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msasn1.dll
2013-05-30 22:50 - 2011-11-19 16:07 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2013-05-30 22:50 - 2011-11-19 15:06 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2013-05-30 22:50 - 2011-11-17 08:14 - 01739160 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-05-30 22:50 - 2011-11-17 06:41 - 01292592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-05-30 22:50 - 2010-10-16 06:17 - 00720896 ____A (Microsoft Corporation) C:\Windows\System32\odbc32.dll
2013-05-30 22:50 - 2010-10-16 05:34 - 00573440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbc32.dll
2013-05-30 22:50 - 2010-08-27 07:14 - 00236032 ____A (Microsoft Corporation) C:\Windows\System32\srvsvc.dll
2013-05-30 22:50 - 2010-08-27 06:46 - 00009728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2013-05-30 22:50 - 2010-08-27 04:38 - 00463360 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2013-05-30 22:50 - 2010-08-27 04:37 - 00402944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2013-05-30 22:50 - 2010-08-27 04:37 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2013-05-30 22:38 - 2013-05-30 22:38 - 00284216 ____A C:\Windows\Minidump\053013-21559-01.dmp
2013-05-30 21:12 - 2013-05-30 21:12 - 00287304 ____A C:\Windows\Minidump\053013-32526-01.dmp
2013-05-30 21:00 - 2012-06-02 23:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2013-05-30 21:00 - 2012-06-02 23:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2013-05-30 21:00 - 2012-06-02 23:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2013-05-30 21:00 - 2012-06-02 23:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-05-30 20:40 - 2013-05-30 20:40 - 00001340 ____A C:\Users\Finn\Desktop\Norton Installation Files.lnk
2013-05-30 20:40 - 2013-05-30 20:40 - 00001244 ____A C:\Users\Finn\Desktop\Norton Download Manager.lnk
2013-05-30 20:00 - 2013-05-31 19:00 - 632796628 ____A C:\Windows\MEMORY.DMP
2013-05-30 20:00 - 2013-05-30 20:00 - 00286376 ____A C:\Windows\Minidump\053013-57408-01.dmp
2013-05-30 19:52 - 2013-05-30 19:52 - 04167680 ____A C:\Program Files (x86)\GUT279D.tmp
2013-05-30 19:52 - 2013-05-30 19:52 - 00000000 ____D C:\Program Files (x86)\GUM278D.tmp
2013-05-30 18:54 - 2013-05-30 19:17 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-05-30 18:54 - 2013-05-30 18:57 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-05-30 18:54 - 2013-05-30 18:54 - 00001262 ____A C:\Users\Finn\Desktop\Spybot - Search & Destroy.lnk
2013-05-30 18:42 - 2013-05-30 18:42 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-05-30 16:11 - 2013-05-30 16:11 - 151247144 ____A (COMODO) C:\Users\Finn\Downloads\cispremium_installer.exe
2013-05-30 16:08 - 2013-05-30 16:08 - 98142048 ____A (COMODO) C:\Users\Finn\Downloads\cfw_installer.exe
2013-05-30 15:55 - 2012-06-02 23:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2013-05-30 15:55 - 2012-06-02 23:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2013-05-30 15:55 - 2012-06-02 23:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2013-05-30 15:55 - 2012-06-02 15:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-05-30 15:55 - 2012-06-02 15:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-05-30 15:54 - 2013-05-02 16:29 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-29 23:02 - 2011-08-17 19:39 - 01579520 ____A (Atheros Communications, Inc.) C:\Windows\System32\athrx.sys
2013-05-29 23:02 - 2011-08-17 19:39 - 00007634 ____A C:\Windows\System32\athrextx.cat
2013-05-29 22:54 - 2011-04-11 10:33 - 01579520 ____A (Atheros Communications, Inc.) C:\Windows\System32\Drivers\athrx.sys
2013-05-29 20:40 - 2013-05-29 20:41 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Spotify
2013-05-29 20:31 - 2013-05-29 20:31 - 00002962 ____A C:\Users\Finn\Desktop\Rkill.txt
2013-05-29 19:24 - 2013-05-29 19:24 - 00000000 ____D C:\VritualRoot
2013-05-29 19:05 - 2013-05-30 07:43 - 00000000 ____D C:\ProgramData\Comodo
2013-05-29 19:05 - 2013-05-29 19:05 - 00000000 ____D C:\Program Files\COMODO
2013-05-29 18:24 - 2013-05-29 18:24 - 00000000 ____D C:\Users\Finn\AppData\Roaming\SUPERAntiSpyware.com
2013-05-29 18:23 - 2013-05-30 07:43 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-05-29 18:23 - 2013-05-29 18:23 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-05-29 18:14 - 2013-05-31 13:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-05-29 17:44 - 2013-05-29 17:46 - 00000000 ____D C:\Users\Finn\AppData\Local\NPE
2013-05-29 16:20 - 2013-05-29 16:20 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Malwarebytes
2013-05-29 16:19 - 2013-05-31 01:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-29 16:19 - 2013-05-29 16:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-29 16:09 - 2013-05-30 07:43 - 00000000 ____D C:\Users\Finn\Documents\Security
2013-05-29 14:32 - 2013-05-30 19:29 - 00000000 ____D C:\Users\Finn\AppData\Roaming\uTorrent
2013-05-29 13:57 - 2013-05-29 13:58 - 00000000 ____D C:\ProgramData\AVAST Software
2013-05-29 13:57 - 2013-05-29 13:58 - 00000000 ____D C:\Program Files\AVAST Software
2013-05-29 13:34 - 2013-05-29 13:34 - 00000000 ____D C:\Windows\SysWOW64\%LOCALAPPDATA%
2013-05-29 13:24 - 2013-05-30 20:40 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-05-29 13:09 - 2013-05-29 13:09 - 00000000 ____D C:\Users\Finn\Documents\GTA Vice City Mods
2013-05-29 12:50 - 2013-05-30 19:52 - 00000000 ____D C:\Program Files (x86)\Google
2013-05-29 12:50 - 2013-05-29 12:52 - 00000000 ____D C:\Users\Finn\AppData\Local\Google
2013-05-29 12:49 - 2013-05-30 19:52 - 00000000 ____D C:\Users\Finn\AppData\Local\Deployment
2013-05-29 12:49 - 2013-05-30 18:41 - 00000000 ____D C:\Users\Finn\AppData\Local\Apps\2.0
2013-05-29 12:33 - 2013-05-29 12:33 - 00000000 ____D C:\Users\Finn\Documents\Symantec
2013-05-29 11:26 - 2013-05-30 19:29 - 00000000 ____D C:\ProgramData\TP-LINK
2013-05-28 23:23 - 2013-05-30 07:43 - 00000000 ____D C:\Windows\System32\%LOCALAPPDATA%
2013-05-28 23:13 - 2013-05-29 23:14 - 00000000 ____D C:\Users\Finn\Documents\Mount&Blade Warband Savegames
2013-05-28 21:06 - 2013-05-28 21:06 - 00003133 ____A C:\Users\Finn\Desktop\M&B Warband.lnk
2013-05-28 20:57 - 2013-05-28 23:19 - 00000000 ____D C:\Users\Finn\Documents\Mount&Blade Warband
2013-05-28 20:10 - 2013-05-28 20:10 - 00001298 ____A C:\Users\Finn\Desktop\GTA Vice City.lnk
2013-05-28 14:49 - 2013-05-28 14:49 - 00000735 ____A C:\Users\Finn\Desktop\PC Cleaner Pro.lnk
2013-05-28 14:49 - 2013-05-28 14:49 - 00000000 ____D C:\ProgramData\PC1Data
2013-05-28 14:49 - 2013-05-28 14:49 - 00000000 ____D C:\ProgramData\PC Cleaners
2013-05-28 14:49 - 2013-05-28 14:22 - 05371088 ____A (PC Cleaners) C:\ProgramData\pclunst.exe
2013-05-28 14:47 - 2013-05-31 19:29 - 00007108 ____A C:\Windows\setupact.log
2013-05-28 14:47 - 2013-05-28 14:47 - 00000000 ____A C:\Windows\setuperr.log
2013-05-26 18:03 - 2013-05-29 00:07 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Mount&Blade Warband
2013-05-26 16:39 - 2013-05-31 17:36 - 00000000 ____D C:\Users\Finn\AppData\Local\CrashDumps
2013-05-26 16:36 - 2013-05-31 03:37 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-05-26 16:35 - 2013-05-26 16:35 - 00002105 ____A C:\Users\Public\Desktop\Mafia II.lnk
2013-05-26 16:28 - 2013-05-26 16:28 - 00000000 ____D C:\Program Files (x86)\2K Games
2013-05-26 15:21 - 2013-05-26 15:46 - 00000000 ____D C:\Users\Finn\Documents\GTA Vice City User Files
2013-05-26 13:44 - 2013-05-26 13:44 - 00000000 ____D C:\Users\Finn\AppData\Local\2K Games
2013-05-26 13:29 - 2013-05-26 13:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-26 13:29 - 2013-05-26 13:29 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2013-05-26 12:50 - 2013-05-31 17:47 - 00000000 ____D C:\Users\Finn\AppData\Local\Microsoft Games
2013-05-24 04:49 - 2013-05-24 04:49 - 00000000 ____D C:\NBRT
2013-05-23 20:20 - 2013-05-31 02:36 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-05-23 20:20 - 2013-05-23 20:20 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Tific
2013-05-23 20:20 - 2013-05-23 20:20 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Macromedia
2013-05-23 20:20 - 2013-05-23 20:20 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Adobe
2013-05-23 20:20 - 2013-05-23 20:20 - 00000000 ____D C:\Users\Finn\AppData\Local\Symantec
2013-05-23 20:20 - 2010-08-21 04:59 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2013-05-23 20:20 - 2010-08-21 04:59 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2013-05-23 20:20 - 2010-08-21 04:59 - 00034152 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2013-05-23 20:19 - 2013-05-31 14:12 - 00000000 ____D C:\ProgramData\Norton
2013-05-23 20:19 - 2013-05-30 07:43 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2013-05-23 20:13 - 2011-11-10 15:06 - 01880400 ___RA (Bethesda Softworks) C:\Users\Finn\Desktop\Skyrim.exe
2013-05-23 20:10 - 2013-05-23 20:10 - 00000000 ____D C:\Users\Finn\Documents\My Games
2013-05-23 20:10 - 2013-05-23 20:10 - 00000000 ____D C:\Users\Finn\AppData\Local\Skyrim
2013-05-23 20:09 - 2010-02-04 10:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2013-05-23 20:09 - 2010-02-04 10:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-05-23 20:09 - 2010-02-04 10:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-05-23 20:09 - 2010-02-04 10:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2013-05-23 20:09 - 2010-02-04 10:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2013-05-23 20:09 - 2010-02-04 10:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-05-23 20:09 - 2010-02-04 10:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2013-05-23 20:09 - 2010-02-04 10:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-05-23 20:09 - 2009-09-04 17:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2013-05-23 20:09 - 2009-09-04 17:44 - 00515416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-05-23 20:09 - 2009-09-04 17:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-05-23 20:09 - 2009-09-04 17:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2013-05-23 20:09 - 2009-09-04 17:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2013-05-23 20:09 - 2009-09-04 17:44 - 00069464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-05-23 20:09 - 2009-09-04 17:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2013-05-23 20:09 - 2009-09-04 17:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-05-23 20:09 - 2009-09-04 17:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2013-05-23 20:09 - 2009-09-04 17:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2013-05-23 20:09 - 2009-09-04 17:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-05-23 20:09 - 2009-09-04 17:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-05-23 20:09 - 2009-09-04 17:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2013-05-23 20:09 - 2009-09-04 17:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-05-23 20:09 - 2009-09-04 17:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2013-05-23 20:09 - 2009-09-04 17:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-05-23 20:09 - 2009-03-16 14:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2013-05-23 20:09 - 2009-03-16 14:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-05-23 20:09 - 2009-03-16 14:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-05-23 20:09 - 2009-03-16 14:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2013-05-23 20:09 - 2009-03-16 14:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2013-05-23 20:09 - 2009-03-16 14:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-05-23 20:09 - 2009-03-09 15:27 - 05425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2013-05-23 20:09 - 2009-03-09 15:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-05-23 20:09 - 2009-03-09 15:27 - 02430312 ____A (Microsoft Corporation)
 
FRST.txt continued

C:\Windows\System32\D3DCompiler_41.dll
2013-05-23 20:09 - 2009-03-09 15:27 - 01846632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2013-05-23 20:09 - 2009-03-09 15:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
2013-05-23 20:09 - 2009-03-09 15:27 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2013-05-23 20:09 - 2008-10-27 10:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2013-05-23 20:09 - 2008-10-27 10:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-05-23 20:09 - 2008-10-27 10:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-05-23 20:09 - 2008-10-27 10:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2013-05-23 20:09 - 2008-10-27 10:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2013-05-23 20:09 - 2008-10-27 10:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-05-23 20:09 - 2008-10-27 10:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2013-05-23 20:09 - 2008-10-27 10:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-05-23 20:09 - 2008-10-15 06:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2013-05-23 20:09 - 2008-10-15 06:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-05-23 20:09 - 2008-10-15 06:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2013-05-23 20:09 - 2008-10-15 06:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-05-23 20:09 - 2008-10-15 06:22 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2013-05-23 20:09 - 2008-10-15 06:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-05-23 20:09 - 2008-07-31 10:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-05-23 20:09 - 2008-07-31 10:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2013-05-23 20:09 - 2008-07-31 10:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2013-05-23 20:09 - 2008-07-31 10:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-05-23 20:09 - 2008-07-31 10:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2013-05-23 20:09 - 2008-07-31 10:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-05-23 20:09 - 2008-07-10 11:01 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-05-23 20:09 - 2008-07-10 11:00 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2013-05-23 20:09 - 2008-07-10 11:00 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-05-23 20:09 - 2008-07-10 11:00 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2013-05-23 20:09 - 2008-07-10 11:00 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-05-23 20:09 - 2008-07-10 11:00 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2013-05-23 20:09 - 2008-05-30 14:19 - 00511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
2013-05-23 20:09 - 2008-05-30 14:19 - 00507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-05-23 20:09 - 2008-05-30 14:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-05-23 20:09 - 2008-05-30 14:18 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
2013-05-23 20:09 - 2008-05-30 14:17 - 00068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
2013-05-23 20:09 - 2008-05-30 14:17 - 00065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-05-23 20:09 - 2008-05-30 14:17 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-05-23 20:09 - 2008-05-30 14:16 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
2013-05-23 20:09 - 2008-05-30 14:11 - 04991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
2013-05-23 20:09 - 2008-05-30 14:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-05-23 20:09 - 2008-05-30 14:11 - 01941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
2013-05-23 20:09 - 2008-05-30 14:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-05-23 20:09 - 2008-05-30 14:11 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
2013-05-23 20:09 - 2008-05-30 14:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-05-23 20:09 - 2008-03-05 16:04 - 00489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
2013-05-23 20:09 - 2008-03-05 16:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-05-23 20:09 - 2008-03-05 16:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-05-23 20:09 - 2008-03-05 16:03 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
2013-05-23 20:09 - 2008-03-05 16:00 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
2013-05-23 20:09 - 2008-03-05 16:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-05-23 20:09 - 2008-03-05 15:56 - 04910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
2013-05-23 20:09 - 2008-03-05 15:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-05-23 20:09 - 2008-03-05 15:56 - 01860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
2013-05-23 20:09 - 2008-03-05 15:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-05-23 20:09 - 2008-02-05 23:07 - 00529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
2013-05-23 20:09 - 2008-02-05 23:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-05-23 20:09 - 2007-10-22 03:40 - 00411656 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
2013-05-23 20:09 - 2007-10-22 03:39 - 00267272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-05-23 20:09 - 2007-10-22 03:37 - 00021000 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
2013-05-23 20:09 - 2007-10-22 03:37 - 00017928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-05-23 20:09 - 2007-10-12 15:14 - 05081608 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
2013-05-23 20:09 - 2007-10-12 15:14 - 03734536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-05-23 20:09 - 2007-10-12 15:14 - 02006552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
2013-05-23 20:09 - 2007-10-12 15:14 - 01374232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-05-23 20:09 - 2007-10-02 09:56 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
2013-05-23 20:09 - 2007-10-02 09:56 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-05-23 20:09 - 2007-07-20 00:57 - 00411496 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
2013-05-23 20:09 - 2007-07-20 00:57 - 00267112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-05-23 20:09 - 2007-07-19 18:14 - 05073256 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
2013-05-23 20:09 - 2007-07-19 18:14 - 03727720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2013-05-23 20:09 - 2007-07-19 18:14 - 01985904 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
2013-05-23 20:09 - 2007-07-19 18:14 - 01358192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-05-23 20:09 - 2007-07-19 18:14 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
2013-05-23 20:09 - 2007-07-19 18:14 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-05-23 20:09 - 2007-06-20 20:49 - 00409960 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
2013-05-23 20:09 - 2007-06-20 20:46 - 00266088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-05-23 20:09 - 2007-05-16 16:45 - 04496232 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
2013-05-23 20:09 - 2007-05-16 16:45 - 03497832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-05-23 20:09 - 2007-05-16 16:45 - 01401200 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
2013-05-23 20:09 - 2007-05-16 16:45 - 01124720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-05-23 20:09 - 2007-05-16 16:45 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
2013-05-23 20:09 - 2007-05-16 16:45 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-05-23 20:08 - 2013-05-26 13:33 - 00010843 ____A C:\Windows\DirectX.log
2013-05-23 20:08 - 2007-04-04 18:55 - 00403304 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
2013-05-23 20:08 - 2007-04-04 18:55 - 00261480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-05-23 20:08 - 2007-04-04 18:54 - 00107368 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
2013-05-23 20:08 - 2007-04-04 18:53 - 00081768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2013-05-23 20:08 - 2007-03-15 16:57 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
2013-05-23 20:08 - 2007-03-15 16:57 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-05-23 20:08 - 2007-03-12 16:42 - 04494184 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
2013-05-23 20:08 - 2007-03-12 16:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-05-23 20:08 - 2007-03-12 16:42 - 01400176 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
2013-05-23 20:08 - 2007-03-12 16:42 - 01123696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-05-23 20:08 - 2007-03-05 12:42 - 00017688 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
2013-05-23 20:08 - 2007-03-05 12:42 - 00015128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-05-23 20:08 - 2007-01-24 15:27 - 00393576 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
2013-05-23 20:08 - 2007-01-24 15:27 - 00255848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-05-23 20:08 - 2006-12-08 12:02 - 00251672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-05-23 20:08 - 2006-12-08 12:00 - 00390424 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
2013-05-23 20:08 - 2006-11-29 13:06 - 04398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2013-05-23 20:08 - 2006-11-29 13:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-05-23 20:08 - 2006-11-29 13:06 - 00469264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
2013-05-23 20:08 - 2006-11-29 13:06 - 00440080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-05-23 20:08 - 2006-09-28 16:05 - 03977496 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
2013-05-23 20:08 - 2006-09-28 16:05 - 02414360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-05-23 20:08 - 2006-09-28 16:05 - 00237848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-05-23 20:08 - 2006-09-28 16:04 - 00364824 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
2013-05-23 20:08 - 2006-07-28 09:31 - 00083736 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
2013-05-23 20:08 - 2006-07-28 09:30 - 00363288 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
2013-05-23 20:08 - 2006-07-28 09:30 - 00236824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-05-23 20:08 - 2006-07-28 09:30 - 00062744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-05-23 20:08 - 2006-05-31 07:24 - 00230168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-05-23 20:08 - 2006-05-31 07:22 - 00354072 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
2013-05-23 20:08 - 2006-03-31 12:41 - 03927248 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
2013-05-23 20:08 - 2006-03-31 12:40 - 02388176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2013-05-23 20:08 - 2006-03-31 12:40 - 00352464 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
2013-05-23 20:08 - 2006-03-31 12:39 - 00229584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-05-23 20:08 - 2006-03-31 12:39 - 00083664 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
2013-05-23 20:08 - 2006-03-31 12:39 - 00062672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-05-23 20:08 - 2006-02-03 08:43 - 03830992 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
2013-05-23 20:08 - 2006-02-03 08:43 - 02332368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-05-23 20:08 - 2006-02-03 08:42 - 00355536 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
2013-05-23 20:08 - 2006-02-03 08:42 - 00230096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-05-23 20:08 - 2006-02-03 08:41 - 00016592 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
2013-05-23 20:08 - 2006-02-03 08:41 - 00014032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-05-23 20:08 - 2005-12-05 18:09 - 03815120 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
2013-05-23 20:08 - 2005-12-05 18:09 - 02323664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-05-23 20:08 - 2005-07-22 19:59 - 03807440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
2013-05-23 20:08 - 2005-07-22 19:59 - 02319568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-05-23 20:08 - 2005-05-26 15:34 - 03767504 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
2013-05-23 20:08 - 2005-05-26 15:34 - 02297552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-05-23 20:08 - 2005-03-18 17:19 - 03823312 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
2013-05-23 20:08 - 2005-03-18 17:19 - 02337488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-05-23 20:08 - 2005-02-05 19:45 - 03544272 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
2013-05-23 20:08 - 2005-02-05 19:45 - 02222800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-05-23 20:01 - 2013-05-23 20:10 - 00000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim
2013-05-23 19:58 - 2013-05-30 20:21 - 00246442 ____A C:\Windows\ntbtlog.txt.bak
2013-05-23 18:48 - 2013-05-24 04:19 - 00000000 ____D C:\Users\Finn\048298C9A4D3490B9FF9AB023A9238F3.TMP
2013-05-23 18:48 - 2013-05-24 04:19 - 00000000 ____D C:\Program Files (x86)\Steam
2013-05-23 18:45 - 2013-05-23 18:45 - 00000000 ___AH C:\Users\Finn\Documents\Default.rdp
2013-05-23 18:42 - 2013-05-31 19:29 - 00023852 ____A C:\Windows\PFRO.log
2013-05-23 08:48 - 2013-05-22 23:55 - 00000000 ____D C:\Windows\Panther
2013-05-23 08:47 - 2009-07-14 02:38 - 00383562 _RASH C:\bootmgr
2013-05-23 08:08 - 2013-05-12 22:13 - 00000211 ____H C:\Boot.BAK
2013-05-23 01:58 - 2013-05-23 01:56 - 21707032 ____A (Hewlett-Packard Company ) C:\Users\Finn\Documents\sp47895.exe
2013-05-23 01:53 - 2013-05-30 07:43 - 00000000 ____D C:\Users\Finn\Documents\2Wire_Vista64USBdriver_In_Autorun_v3.0
2013-05-23 01:48 - 2003-05-31 20:15 - 00114688 ____A (Atheros) C:\Windows\SysWOW64\athcfg10.dll
2013-05-23 01:48 - 2003-05-31 20:10 - 00651264 ___RA C:\Windows\SysWOW64\libeay32.dll
2013-05-23 01:48 - 2003-05-31 20:10 - 00450560 ___RA (Meetinghouse Data Communications) C:\Windows\SysWOW64\AegisE5.dll
2013-05-23 01:48 - 2003-05-31 20:10 - 00327680 ___RA (Meetinghouse Data Communications) C:\Windows\SysWOW64\AegisE2.dll
2013-05-23 01:48 - 2003-05-31 20:10 - 00147456 ___RA C:\Windows\SysWOW64\ssleay32.dll
2013-05-23 01:17 - 2013-05-23 01:17 - 00001254 ____A C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2013-05-23 01:17 - 2013-05-23 01:17 - 00000000 ____D C:\Users\Finn\AppData\Local\Innovative Solutions
2013-05-23 01:16 - 2013-05-23 01:16 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-05-23 01:16 - 2013-05-23 01:12 - 01588760 ____A C:\Users\Finn\Documents\SetupVirtualCloneDrive5460.exe
2013-05-23 01:16 - 2013-05-23 01:10 - 07009736 ____A (Innovative Solutions ) C:\Users\Finn\Documents\drivermax_7_13_cnet.exe
2013-05-23 01:03 - 2013-05-30 07:43 - 00000000 ____D C:\Users\Finn\Documents\802.11g PCI Turbo Wireless Adapter
2013-05-23 01:03 - 2013-05-23 01:03 - 00000000 ____D C:\Users\Finn\AppData\Roaming\WinRAR
2013-05-23 01:03 - 2013-05-23 01:03 - 00000000 ____D C:\Program Files\WinRAR
2013-05-23 00:12 - 2013-05-31 03:29 - 00058016 ____A C:\Users\Finn\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-23 00:12 - 2013-05-28 14:52 - 00000000 ___DC C:\Users\Finn\AppData\Local\MigWiz
2013-05-23 00:11 - 2013-05-31 19:00 - 00000000 ____D C:\Windows\Minidump
2013-05-23 00:07 - 2013-05-23 00:07 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-05-23 00:04 - 2013-05-29 22:51 - 00000000 ____D C:\users\Finn
2013-05-23 00:04 - 2013-05-23 00:04 - 00000020 ___SH C:\Users\Finn\ntuser.ini
2013-05-23 00:04 - 2013-05-23 00:04 - 00000000 ____D C:\Users\Finn\AppData\Local\VirtualStore
2013-05-23 00:03 - 2013-05-23 00:03 - 00171136 _RASH C:\w7ldr
2013-05-23 00:02 - 2013-05-23 00:02 - 00000000 ____D C:\Recovery
2013-05-22 23:52 - 2013-05-22 23:52 - 00001313 ____A C:\Windows\TSSysprep.log
2013-05-22 23:51 - 2013-05-31 19:28 - 01884134 ____A C:\Windows\WindowsUpdate.log
2013-05-22 22:55 - 2013-05-23 08:48 - 00008192 _RASH C:\BOOTSECT.BAK
2013-05-20 20:12 - 2013-05-20 20:12 - 00000000 ____D C:\Games
2013-05-19 11:54 - 2013-05-19 11:54 - 00097176 ____A (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll
2013-05-19 03:00 - 2013-05-19 03:01 - 00000000 ____D C:\d6196d965d6b437a870f139d18359e
2013-05-18 18:24 - 2013-05-18 18:24 - 00001020 ____A C:\GEARDIFx_uninstall.log
2013-05-17 22:39 - 2013-05-17 22:39 - 00003982 ____A C:\GEARDIFx_install.log
2013-05-16 16:00 - 2013-05-16 16:01 - 00000000 ____D C:\Uninstall
2013-05-16 16:00 - 2013-05-16 16:00 - 00000000 ____D C:\src
2013-05-15 16:36 - 2004-08-27 17:26 - 00002155 ____A C:\hotfix.txt
2013-05-15 16:36 - 2004-08-27 17:03 - 65792018 ____A C:\KB835221_ALL_OS_ALL_LOC.zip
2013-05-15 16:36 - 2004-03-17 11:27 - 00005243 ____A C:\KB835221_Readme.txt
2013-05-14 20:39 - 2013-05-23 01:58 - 00000000 ____D C:\SWSetup
2013-05-13 19:27 - 2013-05-13 19:27 - 00000000 ____D C:\NVIDIA
2013-05-12 21:46 - 2013-05-22 20:39 - 00000000 ____D C:\08fc8c25c373be2b65
2013-05-12 21:34 - 2008-04-14 00:01 - 00250048 _RASH C:\ntldr
2013-05-12 21:34 - 2008-04-13 22:13 - 00047564 _RASH C:\NTDETECT.COM
2013-05-12 21:24 - 2013-05-23 08:47 - 00000355 _RASH C:\Boot.ini.saved
2013-05-12 20:35 - 2013-05-12 20:35 - 00000000 _RASH C:\MSDOS.SYS
2013-05-12 20:35 - 2013-05-12 20:35 - 00000000 _RASH C:\IO.SYS
2013-05-12 20:35 - 2013-05-12 20:35 - 00000000 ____A C:\CONFIG.SYS
2013-05-12 20:35 - 2013-05-12 20:35 - 00000000 ____A C:\AUTOEXEC.BAT

==================== One Month Modified Files and Folders =======

2013-05-31 19:42 - 2013-05-31 19:42 - 00000000 ____D C:\FRST
2013-05-31 19:40 - 2013-05-31 19:42 - 01915980 ____A (Farbar) C:\Users\Finn\Desktop\FRST64.exe
2013-05-31 19:34 - 2013-05-22 23:51 - 01884134 ____A C:\Windows\WindowsUpdate.log
2013-05-31 19:34 - 2009-07-14 05:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-31 19:34 - 2009-07-14 05:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-31 19:33 - 2009-07-14 06:13 - 00722200 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-31 19:29 - 2013-05-31 19:21 - 00000000 ____D C:\ComboFix
2013-05-31 19:29 - 2013-05-31 17:11 - 00000000 ____D C:\Windows\erdnt
2013-05-31 19:29 - 2013-05-31 03:36 - 00000000 ____D C:\ProgramData\NVIDIA
2013-05-31 19:29 - 2013-05-28 14:47 - 00007108 ____A C:\Windows\setupact.log
2013-05-31 19:29 - 2013-05-23 18:42 - 00023852 ____A C:\Windows\PFRO.log
2013-05-31 19:29 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-31 19:29 - 2009-07-14 03:34 - 00000215 ____A C:\Windows\system.ini
2013-05-31 19:16 - 2013-05-31 19:15 - 00000161 ____A C:\Users\Finn\Desktop\catchme.log
2013-05-31 19:05 - 2013-05-31 19:08 - 05076038 ____R (Swearware) C:\Users\Finn\Desktop\ComboFix.exe
2013-05-31 19:00 - 2013-05-31 19:00 - 00287096 ____A C:\Windows\Minidump\053113-23961-01.dmp
2013-05-31 19:00 - 2013-05-30 20:00 - 632796628 ____A C:\Windows\MEMORY.DMP
2013-05-31 19:00 - 2013-05-23 00:11 - 00000000 ____D C:\Windows\Minidump
2013-05-31 18:41 - 2013-05-31 18:41 - 00000070 ____A C:\Users\Finn\Desktop\ESETScan.txt
2013-05-31 17:55 - 2013-05-31 17:55 - 00286840 ____A C:\Windows\Minidump\053113-29359-01.dmp
2013-05-31 17:48 - 2013-05-31 17:48 - 00000000 ___HD C:\Windows\AxInstSV
2013-05-31 17:48 - 2013-05-31 17:48 - 00000000 ____D C:\Program Files (x86)\ESET
2013-05-31 17:47 - 2013-05-26 12:50 - 00000000 ____D C:\Users\Finn\AppData\Local\Microsoft Games
2013-05-31 17:36 - 2013-05-26 16:39 - 00000000 ____D C:\Users\Finn\AppData\Local\CrashDumps
2013-05-31 17:34 - 2009-07-14 06:08 - 00017726 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-31 17:27 - 2013-05-31 17:27 - 00285520 ____A C:\Windows\Minidump\053113-28735-01.dmp
2013-05-31 17:14 - 2013-05-31 17:14 - 00286000 ____A C:\Windows\Minidump\053113-28594-01.dmp
2013-05-31 17:11 - 2013-05-31 17:11 - 00000000 ____D C:\Qoobox
2013-05-31 16:46 - 2013-05-31 16:46 - 00000000 ____D C:\Windows\System32\Macromed
2013-05-31 14:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-05-31 14:12 - 2013-05-23 20:19 - 00000000 ____D C:\ProgramData\Norton
2013-05-31 13:46 - 2013-05-31 13:32 - 00000000 ____D C:\Users\Finn\Desktop\mbar
2013-05-31 13:46 - 2013-05-29 18:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-05-31 13:04 - 2013-05-31 03:17 - 00004369 ____A C:\Windows\IE9_main.log
2013-05-31 12:49 - 2013-05-31 12:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-05-31 03:37 - 2013-05-31 03:37 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-05-31 03:37 - 2013-05-31 03:35 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-05-31 03:37 - 2013-05-26 16:36 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-05-31 03:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2013-05-31 03:35 - 2013-05-31 03:35 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-05-31 03:29 - 2013-05-23 00:12 - 00058016 ____A C:\Users\Finn\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-31 03:27 - 2009-07-14 05:45 - 00275712 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-31 03:24 - 2013-05-31 03:24 - 00288008 ____A C:\Windows\Minidump\053113-21340-01.dmp
2013-05-31 03:22 - 2013-05-31 03:22 - 00000000 ____D C:\Windows\CheckSur
2013-05-31 02:49 - 2013-05-31 02:49 - 00002052 ____A C:\Users\Finn\Desktop\RKreport[2]_D_05312013_02d0249.txt
2013-05-31 02:48 - 2013-05-31 02:41 - 00000000 ____D C:\Users\Finn\Desktop\RK_Quarantine
2013-05-31 02:47 - 2013-05-31 02:47 - 00001999 ____A C:\Users\Finn\Desktop\RKreport[1]_S_05312013_02d0247.txt
2013-05-31 02:45 - 2013-05-31 02:45 - 00791040 ____A C:\Users\Finn\Desktop\RogueKillerX64.exe
2013-05-31 02:36 - 2013-05-23 20:20 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-05-31 01:45 - 2013-05-31 01:45 - 00048194 ____A C:\Users\Finn\Desktop\attach.txt
2013-05-31 01:44 - 2013-05-31 01:45 - 00013380 ____A C:\Users\Finn\Desktop\dds.txt
2013-05-31 01:41 - 2013-05-31 01:42 - 00688992 ____R (Swearware) C:\Users\Finn\Desktop\dds.com
2013-05-31 01:31 - 2013-05-31 01:31 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-31 01:31 - 2013-05-29 16:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-31 01:26 - 2013-05-31 01:26 - 00284872 ____A C:\Windows\Minidump\053113-21902-01.dmp
2013-05-31 01:23 - 2013-05-31 01:23 - 00285256 ____A C:\Windows\Minidump\053113-24632-01.dmp
2013-05-31 01:03 - 2013-05-31 01:03 - 00002154 ____A C:\Windows\epplauncher.mif
2013-05-31 01:03 - 2013-05-31 01:02 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-31 01:02 - 2013-05-31 01:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-05-30 23:35 - 2013-05-30 23:35 - 00284792 ____A C:\Windows\Minidump\053013-18517-01.dmp
2013-05-30 23:29 - 2013-05-30 23:29 - 00285112 ____A C:\Windows\Minidump\053013-21980-01.dmp
2013-05-30 23:17 - 2013-05-30 23:17 - 00284952 ____A C:\Windows\Minidump\053013-22167-01.dmp
2013-05-30 23:10 - 2013-05-30 23:09 - 00285448 ____A C:\Windows\Minidump\053013-19359-01.dmp
2013-05-30 23:04 - 2013-05-30 23:04 - 00284632 ____A C:\Windows\Minidump\053013-19172-01.dmp
2013-05-30 22:59 - 2013-05-30 22:59 - 00285896 ____A C:\Windows\Minidump\053013-43914-01.dmp
2013-05-30 22:38 - 2013-05-30 22:38 - 00284216 ____A C:\Windows\Minidump\053013-21559-01.dmp
2013-05-30 21:12 - 2013-05-30 21:12 - 00287304 ____A C:\Windows\Minidump\053013-32526-01.dmp
2013-05-30 20:40 - 2013-05-30 20:40 - 00001340 ____A C:\Users\Finn\Desktop\Norton Installation Files.lnk
2013-05-30 20:40 - 2013-05-30 20:40 - 00001244 ____A C:\Users\Finn\Desktop\Norton Download Manager.lnk
2013-05-30 20:40 - 2013-05-29 13:24 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-05-30 20:21 - 2013-05-23 19:58 - 00246442 ____A C:\Windows\ntbtlog.txt.bak
2013-05-30 20:00 - 2013-05-30 20:00 - 00286376 ____A C:\Windows\Minidump\053013-57408-01.dmp
2013-05-30 19:52 - 2013-05-30 19:52 - 04167680 ____A C:\Program Files (x86)\GUT279D.tmp
2013-05-30 19:52 - 2013-05-30 19:52 - 00000000 ____D C:\Program Files (x86)\GUM278D.tmp
2013-05-30 19:52 - 2013-05-29 12:50 - 00000000 ____D C:\Program Files (x86)\Google
2013-05-30 19:52 - 2013-05-29 12:49 - 00000000 ____D C:\Users\Finn\AppData\Local\Deployment
2013-05-30 19:29 - 2013-05-29 14:32 - 00000000 ____D C:\Users\Finn\AppData\Roaming\uTorrent
2013-05-30 19:29 - 2013-05-29 11:26 - 00000000 ____D C:\ProgramData\TP-LINK
2013-05-30 19:17 - 2013-05-30 18:54 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-05-30 18:57 - 2013-05-30 18:54 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-05-30 18:54 - 2013-05-30 18:54 - 00001262 ____A C:\Users\Finn\Desktop\Spybot - Search & Destroy.lnk
2013-05-30 18:42 - 2013-05-30 18:42 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-05-30 18:41 - 2013-05-29 12:49 - 00000000 ____D C:\Users\Finn\AppData\Local\Apps\2.0
2013-05-30 16:11 - 2013-05-30 16:11 - 151247144 ____A (COMODO) C:\Users\Finn\Downloads\cispremium_installer.exe
2013-05-30 16:08 - 2013-05-30 16:08 - 98142048 ____A (COMODO) C:\Users\Finn\Downloads\cfw_installer.exe
2013-05-30 07:43 - 2013-05-29 19:05 - 00000000 ____D C:\ProgramData\Comodo
2013-05-30 07:43 - 2013-05-29 18:23 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-05-30 07:43 - 2013-05-29 16:09 - 00000000 ____D C:\Users\Finn\Documents\Security
2013-05-30 07:43 - 2013-05-28 23:23 - 00000000 ____D C:\Windows\System32\%LOCALAPPDATA%
2013-05-30 07:43 - 2013-05-23 20:19 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2013-05-30 07:43 - 2013-05-23 01:53 - 00000000 ____D C:\Users\Finn\Documents\2Wire_Vista64USBdriver_In_Autorun_v3.0
2013-05-30 07:43 - 2013-05-23 01:03 - 00000000 ____D C:\Users\Finn\Documents\802.11g PCI Turbo Wireless Adapter
2013-05-30 07:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-05-30 07:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-05-29 23:14 - 2013-05-28 23:13 - 00000000 ____D C:\Users\Finn\Documents\Mount&Blade Warband Savegames
2013-05-29 22:51 - 2013-05-23 00:04 - 00000000 ____D C:\users\Finn
2013-05-29 20:41 - 2013-05-29 20:40 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Spotify
2013-05-29 20:31 - 2013-05-29 20:31 - 00002962 ____A C:\Users\Finn\Desktop\Rkill.txt
2013-05-29 19:24 - 2013-05-29 19:24 - 00000000 ____D C:\VritualRoot
2013-05-29 19:05 - 2013-05-29 19:05 - 00000000 ____D C:\Program Files\COMODO
2013-05-29 18:24 - 2013-05-29 18:24 - 00000000 ____D C:\Users\Finn\AppData\Roaming\SUPERAntiSpyware.com
2013-05-29 18:23 - 2013-05-29 18:23 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-05-29 17:46 - 2013-05-29 17:44 - 00000000 ____D C:\Users\Finn\AppData\Local\NPE
2013-05-29 16:20 - 2013-05-29 16:20 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Malwarebytes
2013-05-29 16:19 - 2013-05-29 16:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-29 13:58 - 2013-05-29 13:57 - 00000000 ____D C:\ProgramData\AVAST Software
2013-05-29 13:58 - 2013-05-29 13:57 - 00000000 ____D C:\Program Files\AVAST Software
2013-05-29 13:34 - 2013-05-29 13:34 - 00000000 ____D C:\Windows\SysWOW64\%LOCALAPPDATA%
2013-05-29 13:09 - 2013-05-29 13:09 - 00000000 ____D C:\Users\Finn\Documents\GTA Vice City Mods
2013-05-29 12:52 - 2013-05-29 12:50 - 00000000 ____D C:\Users\Finn\AppData\Local\Google
2013-05-29 12:33 - 2013-05-29 12:33 - 00000000 ____D C:\Users\Finn\Documents\Symantec
2013-05-29 00:07 - 2013-05-26 18:03 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Mount&Blade Warband
2013-05-28 23:19 - 2013-05-28 20:57 - 00000000 ____D C:\Users\Finn\Documents\Mount&Blade Warband
2013-05-28 21:06 - 2013-05-28 21:06 - 00003133 ____A C:\Users\Finn\Desktop\M&B Warband.lnk
2013-05-28 20:10 - 2013-05-28 20:10 - 00001298 ____A C:\Users\Finn\Desktop\GTA Vice City.lnk
2013-05-28 14:52 - 2013-05-23 00:12 - 00000000 ___DC C:\Users\Finn\AppData\Local\MigWiz
2013-05-28 14:49 - 2013-05-28 14:49 - 00000735 ____A C:\Users\Finn\Desktop\PC Cleaner Pro.lnk
2013-05-28 14:49 - 2013-05-28 14:49 - 00000000 ____D C:\ProgramData\PC1Data
2013-05-28 14:49 - 2013-05-28 14:49 - 00000000 ____D C:\ProgramData\PC Cleaners
2013-05-28 14:47 - 2013-05-28 14:47 - 00000000 ____A C:\Windows\setuperr.log
2013-05-28 14:22 - 2013-05-28 14:49 - 05371088 ____A (PC Cleaners) C:\ProgramData\pclunst.exe
2013-05-26 16:35 - 2013-05-26 16:35 - 00002105 ____A C:\Users\Public\Desktop\Mafia II.lnk
2013-05-26 16:28 - 2013-05-26 16:28 - 00000000 ____D C:\Program Files (x86)\2K Games
2013-05-26 15:46 - 2013-05-26 15:21 - 00000000 ____D C:\Users\Finn\Documents\GTA Vice City User Files
2013-05-26 13:44 - 2013-05-26 13:44 - 00000000 ____D C:\Users\Finn\AppData\Local\2K Games
2013-05-26 13:33 - 2013-05-23 20:08 - 00010843 ____A C:\Windows\DirectX.log
2013-05-26 13:29 - 2013-05-26 13:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-26 13:29 - 2013-05-26 13:29 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2013-05-24 04:49 - 2013-05-24 04:49 - 00000000 ____D C:\NBRT
2013-05-24 04:19 - 2013-05-23 18:48 - 00000000 ____D C:\Users\Finn\048298C9A4D3490B9FF9AB023A9238F3.TMP
2013-05-24 04:19 - 2013-05-23 18:48 - 00000000 ____D C:\Program Files (x86)\Steam
2013-05-23 20:20 - 2013-05-23 20:20 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Tific
2013-05-23 20:20 - 2013-05-23 20:20 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Macromedia
2013-05-23 20:20 - 2013-05-23 20:20 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Adobe
2013-05-23 20:20 - 2013-05-23 20:20 - 00000000 ____D C:\Users\Finn\AppData\Local\Symantec
2013-05-23 20:10 - 2013-05-23 20:10 - 00000000 ____D C:\Users\Finn\Documents\My Games
2013-05-23 20:10 - 2013-05-23 20:10 - 00000000 ____D C:\Users\Finn\AppData\Local\Skyrim
2013-05-23 20:10 - 2013-05-23 20:01 - 00000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim
2013-05-23 18:45 - 2013-05-23 18:45 - 00000000 ___AH C:\Users\Finn\Documents\Default.rdp
2013-05-23 08:48 - 2013-05-22 22:55 - 00008192 _RASH C:\BOOTSECT.BAK
2013-05-23 08:47 - 2013-05-12 21:24 - 00000355 _RASH C:\Boot.ini.saved
2013-05-23 08:47 - 2009-07-14 06:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2013-05-23 08:47 - 2009-07-14 06:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2013-05-23 08:47 - 2009-07-14 05:45 - 00000000 ____D C:\Windows\Setup
2013-05-23 01:58 - 2013-05-14 20:39 - 00000000 ____D C:\SWSetup
2013-05-23 01:56 - 2013-05-23 01:58 - 21707032 ____A (Hewlett-Packard Company ) C:\Users\Finn\Documents\sp47895.exe
2013-05-23 01:17 - 2013-05-23 01:17 - 00001254 ____A C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2013-05-23 01:17 - 2013-05-23 01:17 - 00000000 ____D C:\Users\Finn\AppData\Local\Innovative Solutions
2013-05-23 01:16 - 2013-05-23 01:16 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-05-23 01:16 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\System32\restore
2013-05-23 01:12 - 2013-05-23 01:16 - 01588760 ____A C:\Users\Finn\Documents\SetupVirtualCloneDrive5460.exe
2013-05-23 01:10 - 2013-05-23 01:16 - 07009736 ____A (Innovative Solutions ) C:\Users\Finn\Documents\drivermax_7_13_cnet.exe
2013-05-23 01:03 - 2013-05-23 01:03 - 00000000 ____D C:\Users\Finn\AppData\Roaming\WinRAR
2013-05-23 01:03 - 2013-05-23 01:03 - 00000000 ____D C:\Program Files\WinRAR
2013-05-23 00:07 - 2013-05-23 00:07 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-05-23 00:04 - 2013-05-23 00:04 - 00000020 ___SH C:\Users\Finn\ntuser.ini
2013-05-23 00:04 - 2013-05-23 00:04 - 00000000 ____D C:\Users\Finn\AppData\Local\VirtualStore
2013-05-23 00:03 - 2013-05-23 00:03 - 00171136 _RASH C:\w7ldr
2013-05-23 00:02 - 2013-05-23 00:02 - 00000000 ____D C:\Recovery
2013-05-23 00:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\Recovery
2013-05-22 23:55 - 2013-05-23 08:48 - 00000000 ____D C:\Windows\Panther
2013-05-22 23:52 - 2013-05-22 23:52 - 00001313 ____A C:\Windows\TSSysprep.log
2013-05-22 23:52 - 2009-07-14 05:46 - 00001774 ____A C:\Windows\DtcInstall.log
2013-05-22 23:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\sysprep
2013-05-22 23:49 - 2009-07-14 08:46 - 00000000 ____D C:\Windows\CSC
2013-05-22 20:39 - 2013-05-12 21:46 - 00000000 ____D C:\08fc8c25c373be2b65
2013-05-20 20:12 - 2013-05-20 20:12 - 00000000 ____D C:\Games
2013-05-19 11:54 - 2013-05-19 11:54 - 00097176 ____A (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll
2013-05-19 03:01 - 2013-05-19 03:00 - 00000000 ____D C:\d6196d965d6b437a870f139d18359e
2013-05-18 18:24 - 2013-05-18 18:24 - 00001020 ____A C:\GEARDIFx_uninstall.log
2013-05-17 22:39 - 2013-05-17 22:39 - 00003982 ____A C:\GEARDIFx_install.log
2013-05-16 16:01 - 2013-05-16 16:00 - 00000000 ____D C:\Uninstall
2013-05-16 16:00 - 2013-05-16 16:00 - 00000000 ____D C:\src
2013-05-13 19:27 - 2013-05-13 19:27 - 00000000 ____D C:\NVIDIA
2013-05-12 22:13 - 2013-05-23 08:08 - 00000211 ____H C:\Boot.BAK
2013-05-12 20:35 - 2013-05-12 20:35 - 00000000 _RASH C:\MSDOS.SYS
2013-05-12 20:35 - 2013-05-12 20:35 - 00000000 _RASH C:\IO.SYS
2013-05-12 20:35 - 2013-05-12 20:35 - 00000000 ____A C:\CONFIG.SYS
2013-05-12 20:35 - 2013-05-12 20:35 - 00000000 ____A C:\AUTOEXEC.BAT
2013-05-02 16:29 - 2013-05-30 15:54 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

Other Malware:
===========
C:\ProgramData\pclunst.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-05-27 22:33


==================== End Of Log ============================
 
Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05-2013 01
Ran by Finn at 2013-05-31 19:43:08 Run:
Running from C:\Users\Finn\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

ESET Online Scanner v3
Grand Theft Auto Vice City (Version: 1.00.000)
Mafia II
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
NVIDIA 3D Vision Driver 311.06 (Version: 311.06)
NVIDIA Control Panel 311.06 (Version: 311.06)
NVIDIA Graphics Driver 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (Version: 9.10.0513)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
PC Cleaners
Spybot - Search & Destroy (Version: 1.6.2)
TL-WN851ND Driver (Version: 1.00.0000)
VirtualCloneDrive
WinRAR 5.00 beta 4 (64-bit) (Version: 5.00.4)

==================== Restore Points =========================

30-05-2013 19:59:24 Windows Backup
30-05-2013 19:59:39 Windows Update
30-05-2013 20:01:34 Windows Backup
31-05-2013 00:01:16 Windows Update
31-05-2013 02:00:21 Windows Update
31-05-2013 02:33:20 Windows Update
31-05-2013 11:55:22 Windows Update
31-05-2013 15:48:10 31/05/13 Before Virus fix attempt 16:48
31-05-2013 15:51:30 Windows Backup

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2013 07:02:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7600.16385, time stamp: 0x4a5be07e
Exception code: 0xc0000005
Fault offset: 0x000000000005890b
Faulting process id: 0x218
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3

Error: (05/31/2013 06:51:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.17267, time stamp: 0x5131789a
Faulting module name: mshtml.dll, version: 8.0.7600.17267, time stamp: 0x513191fa
Exception code: 0xc0000005
Fault offset: 0x0000000000677f68
Faulting process id: 0x59c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (05/31/2013 06:17:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7600.16385, time stamp: 0x4a5be07e
Exception code: 0xc0000005
Fault offset: 0x0000000000018778
Faulting process id: 0x970
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3

Error: (05/31/2013 06:06:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7600.16385, time stamp: 0x4a5be07e
Exception code: 0xc0000005
Fault offset: 0x0000000000016d11
Faulting process id: 0x238
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3

Error: (05/31/2013 05:36:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: mb_warband.exe, version: 1.0.0.0, time stamp: 0x4fba4acc
Faulting module name: nvwgf2um.dll, version: 9.18.13.1106, time stamp: 0x50f9458d
Exception code: 0xc0000005
Fault offset: 0x000f788c
Faulting process id: 0x124
Faulting application start time: 0xmb_warband.exe0
Faulting application path: mb_warband.exe1
Faulting module path: mb_warband.exe2
Report Id: mb_warband.exe3

Error: (05/31/2013 05:36:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: mb_warband.exe, version: 1.0.0.0, time stamp: 0x4fba4acc
Faulting module name: nvwgf2um.dll, version: 9.18.13.1106, time stamp: 0x50f9458d
Exception code: 0xc0000005
Fault offset: 0x000f788c
Faulting process id: 0x14c
Faulting application start time: 0xmb_warband.exe0
Faulting application path: mb_warband.exe1
Faulting module path: mb_warband.exe2
Report Id: mb_warband.exe3

Error: (05/31/2013 05:34:48 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: wuaueng.dll, version: 7.6.7600.256, time stamp: 0x4fca9088
Exception code: 0xc0000005
Fault offset: 0x00000000001c8c8c
Faulting process id: 0xb78
Faulting application start time: 0xsvchost.exe_wuauserv0
Faulting application path: svchost.exe_wuauserv1
Faulting module path: svchost.exe_wuauserv2
Report Id: svchost.exe_wuauserv3

Error: (05/31/2013 05:32:56 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: wuaueng.dll, version: 7.6.7600.256, time stamp: 0x4fca9088
Exception code: 0xc0000005
Fault offset: 0x00000000001c8c8c
Faulting process id: 0x2ec
Faulting application start time: 0xsvchost.exe_wuauserv0
Faulting application path: svchost.exe_wuauserv1
Faulting module path: svchost.exe_wuauserv2
Report Id: svchost.exe_wuauserv3

Error: (05/31/2013 05:32:01 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (748) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -1018.

Error: (05/31/2013 05:32:01 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (748) SUS20ClientDataStore: Unable to read page 4748 of database C:\Windows\SoftwareDistribution\DataStore\DataStore.edb. Error -1018.


System errors:
=============
Error: (05/31/2013 07:41:40 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR7.

Error: (05/31/2013 07:41:38 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR7.

Error: (05/31/2013 07:33:47 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service hung on starting.

Error: (05/31/2013 07:29:32 PM) (Source: Service Control Manager) (User: )
Description: The Diagnostic Policy Service service terminated with the following error:
%%5

Error: (05/31/2013 07:28:34 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (05/31/2013 07:25:24 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (05/31/2013 07:21:36 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service hung on starting.

Error: (05/31/2013 07:17:20 PM) (Source: Service Control Manager) (User: )
Description: The Diagnostic Policy Service service terminated with the following error:
%%5

Error: (05/31/2013 07:16:19 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (05/31/2013 07:16:06 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\Finn\AppData\Local\Temp\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Microsoft Office Sessions:
=========================
Error: (05/31/2013 07:02:09 PM) (Source: Application Error)(User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7600.163854a5be07ec0000005000000000005890b21801ce5e28c0fa5239C:\Windows\System32\svchost.exec:\windows\system32\sysmain.dll35f9d27b-ca1c-11e2-bbfc-001bfcc5334d

Error: (05/31/2013 06:51:16 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7600.172675131789amshtml.dll8.0.7600.17267513191fac00000050000000000677f6859c01ce5e262b0a06ceC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\System32\mshtml.dllb0b41cd7-ca1a-11e2-8081-001bfcc5334d

Error: (05/31/2013 06:17:38 PM) (Source: Application Error)(User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7600.163854a5be07ec0000005000000000001877897001ce5e212384391aC:\Windows\System32\svchost.exec:\windows\system32\sysmain.dllfda573b4-ca15-11e2-8081-001bfcc5334d

Error: (05/31/2013 06:06:02 PM) (Source: Application Error)(User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7600.163854a5be07ec00000050000000000016d1123801ce5e1f9ac5192aC:\Windows\System32\svchost.exec:\windows\system32\sysmain.dll5ed1c514-ca14-11e2-8081-001bfcc5334d

Error: (05/31/2013 05:36:42 PM) (Source: Application Error)(User: )
Description: mb_warband.exe1.0.0.04fba4accnvwgf2um.dll9.18.13.110650f9458dc0000005000f788c12401ce5e1d06476522C:\Users\Finn\Documents\Mount&Blade Warband\mb_warband.exeC:\Windows\system32\nvwgf2um.dll45af61f6-ca10-11e2-a13a-001bfcc5334d

Error: (05/31/2013 05:36:26 PM) (Source: Application Error)(User: )
Description: mb_warband.exe1.0.0.04fba4accnvwgf2um.dll9.18.13.110650f9458dc0000005000f788c14c01ce5e1cf7235affC:\Users\Finn\Documents\Mount&Blade Warband\mb_warband.exeC:\Windows\system32\nvwgf2um.dll3c14a07c-ca10-11e2-a13a-001bfcc5334d

Error: (05/31/2013 05:34:48 PM) (Source: Application Error)(User: )
Description: svchost.exe_wuauserv6.1.7600.163854a5bc3c1wuaueng.dll7.6.7600.2564fca9088c000000500000000001c8c8cb7801ce5e1ca321c349C:\Windows\system32\svchost.exec:\windows\system32\wuaueng.dll01daf3f8-ca10-11e2-a13a-001bfcc5334d

Error: (05/31/2013 05:32:56 PM) (Source: Application Error)(User: )
Description: svchost.exe_wuauserv6.1.7600.163854a5bc3c1wuaueng.dll7.6.7600.2564fca9088c000000500000000001c8c8c2ec01ce5e1bc802e78fC:\Windows\system32\svchost.exec:\windows\system32\wuaueng.dllbf5292ef-ca0f-11e2-a13a-001bfcc5334d

Error: (05/31/2013 05:32:01 PM) (Source: ESENT)(User: )
Description: wuaueng.dll748SUS20ClientDataStore: -1018

Error: (05/31/2013 05:32:01 PM) (Source: ESENT)(User: )
Description: wuaueng.dll748SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\DataStore.edb4748-1018


CodeIntegrity Errors:
===================================
Date: 2013-05-31 19:16:06.570
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Finn\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-31 19:16:06.554
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Finn\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-31 19:16:06.523
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Finn\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-31 19:16:06.492
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Finn\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-31 19:15:55.931
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Finn\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-31 19:15:55.899
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Finn\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 6143.3 MB
Available physical RAM: 5020.43 MB
Total Pagefile: 12284.75 MB
Available Pagefile: 11115.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.09 GB) (Free:247.53 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:372.61 GB) (Free:333.64 GB) NTFS (Disk=1 Partition=1)
Drive k: () (Removable) (Total:3.74 GB) (Free:1.02 GB) FAT32 (Disk=2 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 373 GB) (Disk ID: B3AE006C)
Partition 1: (Active) - (Size=373 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 4 GB) (Disk ID: 500A0DFF)
Partition 1: (Not Active) - (Size=812 GB) - (Type=6E)
Partition 2: (Not Active) - (Size=0) - (Type=74)
Partition 4: (Not Active) - (Size=221 KB) - (Type=00)

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    269 bytes · Views: 5
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-05-2013 01
Ran by Natalie at 2013-05-31 20:08:15 Run:1
Running from C:\Users\Natalie\Desktop
Boot Mode: Normal
==============================================

C:\Users\Finn\Desktop\PC Cleaner Pro.lnk => File/Directory not found.
C:\ProgramData\PC Cleaners => File/Directory not found.
C:\ProgramData\pclunst.exe => File/Directory not found.

==== End of Fixlog ====
 
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
This is the correct fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-05-2013 01
Ran by Finn at 2013-05-31 20:13:53 Run:1
Running from C:\Users\Finn\Desktop
Boot Mode: Normal
==============================================
C:\Users\Finn\Desktop\PC Cleaner Pro.lnk => Moved successfully.
C:\ProgramData\PC Cleaners => Moved successfully.
C:\ProgramData\pclunst.exe => Moved successfully.
==== End of Fixlog ====
 
Back