TechSpot

Virus/Malware Help

Inactive
By finnclrk4
May 30, 2013
  1. A few days ago my PC started acting strangely. I keep getting notifications from windows action center telling me to enable virus protection and a firewall. When I try to enable my virus protection software (Norton 360) it does nothing and when I try to enable windows firewall I get the message "Action Center can't turn on Windows Firewall." Then when I click on "Turn Windows Firewall on manually." it tells me to Update my firewall settings, so clicked on "Use recommended settings" and it comes up with the message "Windows Firewall can't change some of your settings. Error code 0x8007042c."
    When I try to open Norton, nothing happens and Windows tells me that it is turned off but I can't open it in anyway. I also cannot download any Anti-virus software as the download will crash. I even tried doing a scan from Norton Bootable Recovery Tools but the scan gets stuck on "Preparing Scan". I looked this up and apparently this is because the infection is stopping Norton from accessing my drive?

    I can download malware removal tools though such as MalwareBytes and Spybot Search & Destroy but any programs like this tell me that there is no problem with my computer or my computer will BSOD or the scan will crash. I also get BSODs frequently, all with different errors and I can't keep any program open for more then half an hour without it crashing and anytime I try to run a program like Norton Power Eraser it crashes!

    I also got an error on Internet Explorer which said "A malfunctioning or malicious add-on has caused Internet Explorer to close this webpage" and when I tried to click on "Manage Add-ons" I got a BSOD! After this BSOD I tried to go on "manage add-ons" again but every time I tried Internet Explorer would crash. I restarted the PC and tried again and this time I got onto the manage add ons but I could not see anything that could be harmful.

    I have no idea what to do as I have tried everything. Please help!
     
  2. Broni

    Broni Malware Annihilator Posts: 47,082   +259

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    I could not run an Anti Virus scan as any anti virus program I try to download or update crashes but here are the MalwareBytes and DDS logs:
    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.05.31.01

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    Finn :: FINN-PC [administrator]

    Protection: Disabled

    31/05/2013 01:33:29
    mbam-log-2013-05-31 (01-33-29).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 205940
    Time elapsed: 4 minute(s), 9 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  4. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    DDS log.

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7600.16385
    Run by Finn at 1:44:23 on 2013-05-31
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.6143.4705 [GMT 1:00]
    .
    AV: Microsoft Security Essentials *Enabled/Outdated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Microsoft Security Essentials *Enabled/Outdated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Norton 360\Engine\5.0.2.1\ccSvcHst.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    c:\program files\windows defender\MpCmdRun.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    mWinlogon: Userinit = userinit.exe
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.0.2.1\CoIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.0.2.1\IPS\IPSBHO.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.0.2.1\CoIEPlg.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.0.2.1\CoIEPlg.dll
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{A651C1AC-EC57-4725-8865-F7B31D3BA313} : DHCPNameServer = 192.168.1.254
    SSODL: WebCheck - <orphaned>
    x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0500020.001\SymDS64.sys [2013-5-23 450608]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0500020.001\SymEFA64.sys [2013-5-23 802864]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20101201.001\IDSviA64.sys [2013-5-23 476792]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0500020.001\symnets.sys [2013-5-23 382072]
    R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.0.2.1\ccSvcHst.exe [2013-5-23 130000]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-5-30 1153368]
    S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2013-5-23 953904]
    S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0500020.001\Ironx64.sys [2013-5-23 171128]
    S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    .
    =============== Created Last 30 ================
    .
    2013-05-31 00:30:5925928----a-w-C:\Windows\System32\drivers\mbam.sys
    2013-05-31 00:02:25--------d-----w-C:\Program Files (x86)\Microsoft Security Client
    2013-05-31 00:02:15--------d-----w-C:\Program Files\Microsoft Security Client
    2013-05-31 00:02:00374664----a-w-C:\Windows\System32\drivers\netio.sys
    2013-05-31 00:02:001898376----a-w-C:\Windows\System32\drivers\tcpip.sys
    2013-05-30 21:49:03333312-c----w-C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_WinD_56a819e11c4b31de61f89786f9c5a4b6a71435c_cab_0b26557f\lsm.exe
    2013-05-30 21:46:59247808-c----w-C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_WinD_513faba674c7a3d5a9afa85f673794f9c1be1ef_cab_076c72ed\ieui.dll
    2013-05-30 20:00:242622464----a-w-C:\Windows\System32\wucltux.dll
    2013-05-30 18:52:434167680----a-w-C:\Program Files (x86)\GUT279D.tmp
    2013-05-30 18:52:43--------d-----w-C:\Program Files (x86)\GUM278D.tmp
    2013-05-30 17:54:42--------d-----w-C:\ProgramData\Spybot - Search & Destroy
    2013-05-30 17:54:42--------d-----w-C:\Program Files (x86)\Spybot - Search & Destroy
    2013-05-30 14:54:289460464----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5AF81219-F756-431E-9F96-42A282D02778}\mpengine.dll
    2013-05-30 14:54:28278800------w-C:\Windows\System32\MpSigStub.exe
    2013-05-29 22:02:571579520----a-w-C:\Windows\System32\athrx.sys
    2013-05-29 21:54:131579520----a-w-C:\Windows\System32\drivers\athrx.sys
    2013-05-29 19:40:40--------d-----w-C:\Users\Finn\AppData\Roaming\Spotify
    2013-05-29 18:24:48--------d--h--w-C:\VritualRoot
    2013-05-29 18:05:12--------d-----w-C:\ProgramData\Comodo
    2013-05-29 18:05:09--------d-----w-C:\Program Files\COMODO
    2013-05-29 17:24:00--------d-----w-C:\Users\Finn\AppData\Roaming\SUPERAntiSpyware.com
    2013-05-29 17:23:54--------d-----w-C:\ProgramData\SUPERAntiSpyware.com
    2013-05-29 17:23:54--------d-----w-C:\Program Files\SUPERAntiSpyware
    2013-05-29 17:14:32--------d-----w-C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2013-05-29 16:44:36--------d-----w-C:\Users\Finn\AppData\Local\NPE
    2013-05-29 15:20:02--------d-----w-C:\Users\Finn\AppData\Roaming\Malwarebytes
    2013-05-29 15:19:52--------d-----w-C:\ProgramData\Malwarebytes
    2013-05-29 15:19:51--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-05-29 15:19:39--------d-----w-C:\Users\Finn\AppData\Local\Programs
    2013-05-29 13:32:20--------d-----w-C:\Users\Finn\AppData\Roaming\uTorrent
    2013-05-29 12:57:00--------d-----w-C:\ProgramData\AVAST Software
    2013-05-29 12:57:00--------d-----w-C:\Program Files\AVAST Software
    2013-05-29 12:34:59--------d-----w-C:\Windows\SysWow64\%LOCALAPPDATA%
    2013-05-29 11:50:16--------d-----w-C:\Users\Finn\AppData\Local\Google
    2013-05-29 11:49:56--------d-----w-C:\Users\Finn\AppData\Local\Apps
    2013-05-29 11:49:55--------d-----w-C:\Users\Finn\AppData\Local\Deployment
    2013-05-29 10:26:03--------d-----w-C:\ProgramData\TP-LINK
    2013-05-28 22:23:16--------d-----w-C:\Windows\System32\%LOCALAPPDATA%
    2013-05-28 13:49:225371088----a-w-C:\ProgramData\pclunst.exe
    2013-05-28 13:49:15--------d-----w-C:\ProgramData\PC1Data
    2013-05-28 13:49:15--------d-----w-C:\ProgramData\PC Cleaners
    2013-05-28 12:38:58--------d-----w-C:\Users\Finn\AppData\Local\Diagnostics
    2013-05-27 21:24:22--------d-----w-C:\Program Files (x86)\Common Files\Symantec Shared
    2013-05-26 17:03:44--------d-----w-C:\Users\Finn\AppData\Roaming\Mount&Blade Warband
    2013-05-26 15:39:59--------d-----w-C:\Users\Finn\AppData\Local\CrashDumps
    2013-05-26 15:36:42--------d-----w-C:\Program Files (x86)\NVIDIA Corporation
    2013-05-26 15:35:48--------d-----w-C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2013-05-26 15:28:39--------d-----w-C:\Program Files (x86)\2K Games
    2013-05-26 12:44:33--------d-----w-C:\Users\Finn\AppData\Local\2K Games
    2013-05-26 12:29:45--------d-----w-C:\Program Files (x86)\Rockstar Games
    2013-05-26 12:29:24696320----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
    2013-05-26 12:29:2457344----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
    2013-05-26 12:29:245632----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
    2013-05-26 12:29:2432768----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
    2013-05-26 12:29:24237568----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
    2013-05-26 12:29:24155648----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
    2013-05-26 12:29:23282756----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
    2013-05-26 12:29:23163972----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
    2013-05-26 11:50:00--------d-----w-C:\Users\Finn\AppData\Local\Microsoft Games
    2013-05-24 03:49:14--------d-----w-C:\NBRT
    2013-05-23 19:19:53--------d-----w-C:\Windows\System32\drivers\N360x64\0500020.001
    2013-05-23 19:19:53--------d-----w-C:\Windows\System32\drivers\N360x64
    2013-05-23 19:19:51--------d-----w-C:\ProgramData\Norton
    2013-05-23 19:19:51--------d-----w-C:\Program Files (x86)\Norton 360
    2013-05-23 19:18:08--------d-----w-C:\ProgramData\NortonInstaller
    2013-05-23 19:18:08--------d-----w-C:\Program Files (x86)\NortonInstaller
    2013-05-23 19:10:53--------d-----w-C:\Users\Finn\AppData\Local\Skyrim
    2013-05-23 19:08:5981768----a-w-C:\Windows\SysWow64\xinput1_3.dll
    2013-05-23 19:01:18--------d-----w-C:\Program Files (x86)\The Elder Scrolls V Skyrim
    2013-05-23 18:59:33--------d-----w-C:\Users\Finn\AppData\Local\ElevatedDiagnostics
    2013-05-23 17:48:48--------d-----w-C:\Program Files (x86)\Steam
    2013-05-23 17:48:17--------d-----w-C:\Users\Finn\048298C9A4D3490B9FF9AB023A9238F3.TMP
    2013-05-23 17:48:16--------d-sh--w-C:\Windows\Installer
    2013-05-23 07:48:13--------d-----w-C:\Windows\Panther
    2013-05-23 07:47:58--------d-sh--w-C:\Boot
    2013-05-23 00:48:37651264----a-r-C:\Windows\SysWow64\libeay32.dll
    2013-05-23 00:48:37450560----a-r-C:\Windows\SysWow64\AegisE5.dll
    2013-05-23 00:48:37327680----a-r-C:\Windows\SysWow64\AegisE2.dll
    2013-05-23 00:48:37147456----a-r-C:\Windows\SysWow64\ssleay32.dll
    2013-05-23 00:48:37114688----a-w-C:\Windows\SysWow64\athcfg10.dll
    2013-05-23 00:17:53--------d-----w-C:\Users\Finn\AppData\Local\Innovative Solutions
    2013-05-23 00:16:38--------d-----w-C:\Program Files (x86)\Elaborate Bytes
    2013-05-22 23:12:46--------dc----w-C:\Users\Finn\AppData\Local\MigWiz
    2013-05-22 23:02:27--------d-sh--w-C:\Recovery
    2013-05-20 19:12:26--------d-----w-C:\Games
    2013-05-19 10:54:2797176----a-w-C:\Windows\SysWow64\ElbyCDIO.dll
    2013-05-19 02:00:52--------d-----w-C:\d6196d965d6b437a870f139d18359e
    2013-05-16 15:00:06--------d-----w-C:\Uninstall
    2013-05-16 15:00:06--------d-----w-C:\src
    2013-05-14 19:39:02--------d-----w-C:\SWSetup
    2013-05-13 18:27:46--------d-----w-C:\NVIDIA
    2013-05-12 20:46:45--------d-----w-C:\08fc8c25c373be2b65
    .
    ==================== Find3M ====================
    .
    2013-05-23 19:20:24174640----a-w-C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2013-04-25 01:37:57129944----a-w-C:\Windows\SysWow64\ElbyVCD.dll
    2013-03-11 00:49:1236352----a-w-C:\Windows\System32\drivers\VClone.sys
    2013-03-04 12:24:2740344----a-w-C:\Windows\System32\drivers\ElbyCDIO.sys
    .

    ============= FINISH: 1:44:44.01 ===============
     
  5. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    And the DDS Attach log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 22/05/2013 23:55:56
    System Uptime: 31/05/2013 01:26:07 (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | Berkeley
    Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | CPU 1 | 2331/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 298 GiB total, 253.197 GiB free.
    D: is FIXED (NTFS) - 373 GiB total, 370.458 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is CDROM ()
    H: is Removable
    I: is Removable
    J: is Removable
    K: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP33: 30/05/2013 20:59:24 - Windows Backup
    RP34: 30/05/2013 20:59:39 - Windows Update
    RP35: 30/05/2013 21:01:34 - Windows Backup
    RP36: 31/05/2013 01:01:16 - Windows Update
    .
    ==== Installed Programs ======================
    .
    Grand Theft Auto Vice City
    Mafia II
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Norton 360
    NVIDIA PhysX
    PC Cleaners
    Spybot - Search & Destroy
    TL-WN851ND Driver
    VirtualCloneDrive
    WinRAR 5.00 beta 4 (64-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    31/05/2013 01:42:32, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR8.
    31/05/2013 01:34:31, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start.
    31/05/2013 01:34:31, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007042c Error description: The dependency service or group failed to start.
    31/05/2013 01:34:31, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007042c Error description: The dependency service or group failed to start.
    31/05/2013 01:34:31, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
    31/05/2013 01:34:30, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.
    31/05/2013 01:34:30, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
    31/05/2013 01:34:30, Error: Service Control Manager [7001] - The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error: The dependency service or group failed to start.
    31/05/2013 01:33:55, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007000d Error description: The data is invalid.
    31/05/2013 01:33:55, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007000d Error description: The data is invalid.
    31/05/2013 01:33:55, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007000d Error description: The data is invalid.
    31/05/2013 01:31:34, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
    31/05/2013 01:30:00, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    31/05/2013 01:30:00, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    31/05/2013 01:29:58, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR7.
    31/05/2013 01:28:23, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Windows\System32\config\COMPONENTS' was corrupted and it has been recovered. Some data might have been lost.
    31/05/2013 01:26:39, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 SymIRON
    31/05/2013 01:26:35, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff88006b51418, 0xfffff88006b50c70, 0xfffff80002a5936d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053113-21902-01.
    31/05/2013 01:26:32, Error: Service Control Manager [7023] - The Diagnostic Policy Service service terminated with the following error: Access is denied.
    31/05/2013 01:26:32, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
    31/05/2013 01:24:23, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
    31/05/2013 01:24:23, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    31/05/2013 01:24:23, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    31/05/2013 01:24:23, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    31/05/2013 01:24:23, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    31/05/2013 01:24:23, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    31/05/2013 01:24:23, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    31/05/2013 01:24:23, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    31/05/2013 01:24:23, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    31/05/2013 01:24:23, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    31/05/2013 01:24:23, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    31/05/2013 01:24:23, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    31/05/2013 01:24:23, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    31/05/2013 01:23:17, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff96000169f72, 0xfffff880049f7060, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053113-24632-01.
    31/05/2013 01:18:19, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: Finn-PC\Finn Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007042c Error description: The dependency service or group failed to start.
    31/05/2013 01:18:18, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: Finn-PC\Finn Error Code: 0x8007042c Error description: The dependency service or group failed to start.
    31/05/2013 01:18:18, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: Finn-PC\Finn Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
    31/05/2013 01:18:08, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Finn-PC\Finn Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007000d Error description: The data is invalid.
    31/05/2013 01:18:08, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Finn-PC\Finn Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007000d Error description: The data is invalid.
    31/05/2013 01:14:45, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    31/05/2013 01:14:45, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    31/05/2013 00:59:53, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
    30/05/2013 23:35:23, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff80002bba36b, 0xfffff88002b796f8, 0xfffff88002b78f50). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053013-18517-01.
    30/05/2013 23:29:07, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000034 (0x0000000000050830, 0xfffff88002fb0768, 0xfffff88002faffc0, 0xfffff80002e3e06b). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053013-21980-01.
    30/05/2013 23:23:35, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume1.
    30/05/2013 23:23:33, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
    30/05/2013 23:17:47, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff880076e2848, 0xfffff880076e20a0, 0xfffff88001504dbb). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053013-22167-01.
    30/05/2013 23:10:02, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffda80059e55b8, 0x0000000000000001, 0xfffff80002a6d85e, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053013-19359-01.
    30/05/2013 23:04:10, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffd8a003156b68, 0x0000000000000000, 0xfffff80002bfa0bf, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053013-19172-01.
    30/05/2013 23:01:26, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 3 time(s).
    30/05/2013 23:01:26, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 3 time(s).
    30/05/2013 23:01:26, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    30/05/2013 23:01:26, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147023174
    30/05/2013 23:01:20, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Cryptographic Services service, but this action failed with the following error: An instance of the service is already running.
    30/05/2013 23:01:15, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 2 time(s).
    30/05/2013 23:01:15, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    30/05/2013 23:00:20, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    30/05/2013 23:00:20, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    30/05/2013 23:00:20, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    30/05/2013 23:00:20, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    30/05/2013 22:59:03, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffda8005178728, 0x0000000000000000, 0xfffff80002ba50bf, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053013-43914-01.
    30/05/2013 22:49:03, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    30/05/2013 22:46:59, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    30/05/2013 22:38:09, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xffffda8005581460, 0x0000000000000002, 0x0000000000000001, 0xfffff80002a920d6). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053013-21559-01.
    30/05/2013 21:12:36, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024d00f: Windows Update Setup Handler.
    30/05/2013 21:12:23, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffffff00000000, 0x0000000000000001, 0xfffff80002e3681b, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053013-32526-01.
    30/05/2013 21:01:31, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    30/05/2013 20:58:38, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
    30/05/2013 20:55:02, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    30/05/2013 20:55:02, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    30/05/2013 20:55:02, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    30/05/2013 20:55:02, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    30/05/2013 20:54:02, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    30/05/2013 20:54:02, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    30/05/2013 20:54:02, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    30/05/2013 20:54:02, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    30/05/2013 20:54:02, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    30/05/2013 20:54:02, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    30/05/2013 20:54:02, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    30/05/2013 20:54:02, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    30/05/2013 20:54:02, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    30/05/2013 20:54:02, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    30/05/2013 20:14:44, Error: Service Control Manager [7003] - The UPnP Device Host service depends the following service: SSDPSRV. This service might not be installed.
    30/05/2013 20:13:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1075" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    30/05/2013 20:00:33, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff88006d29758, 0xfffff88006d28fb0, 0xfffff80002aa49ba). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053013-57408-01.
    30/05/2013 19:22:22, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041201, 0xfffff68000001c88, 0x81d000012f92d867, 0xfffffa8007d1cee0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053013-20685-01.
    30/05/2013 18:48:25, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    30/05/2013 18:48:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    30/05/2013 18:48:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    30/05/2013 18:48:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    30/05/2013 18:48:17, Error: Microsoft-Windows-Eventlog [106] - Corruption was detected in the log for the Microsoft-Windows-Known Folders API Service channel and some data was erased.
    30/05/2013 18:48:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    30/05/2013 18:48:09, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache eeCtrl ElbyCDIO IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6
    30/05/2013 15:48:37, Error: Service Control Manager [7023] - The DHCP Client service terminated with the following error: Access is denied.
    30/05/2013 15:48:37, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The operation completed successfully.
    30/05/2013 15:48:37, Error: Microsoft-Windows-Dhcp-Client [50038] - An error occurred in initializing DHCPv4. Error Code is 0x5
    30/05/2013 15:48:37, Error: Microsoft-Windows-Dhcp-Client [1004] - Error occurred in stopping the Dhcpv4 Client service. Error code is 0x5. ShutDown Flag value is 0
    30/05/2013 15:45:06, Error: Service Control Manager [7024] - The Network Location Awareness service terminated with service-specific error %%-1073741288.
    30/05/2013 15:45:06, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The operation completed successfully.
    30/05/2013 15:44:51, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The service has not been started.
    30/05/2013 15:44:42, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    29/05/2013 22:51:41, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.
    29/05/2013 21:11:11, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 9 time(s).
    29/05/2013 21:11:03, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Error Reporting Service service, but this action failed with the following error: An instance of the service is already running.
    29/05/2013 21:10:55, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 8 time(s).
    29/05/2013 21:10:39, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 7 time(s).
    29/05/2013 21:10:23, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 6 time(s).
    29/05/2013 21:10:07, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 5 time(s).
    29/05/2013 21:09:51, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 4 time(s).
    29/05/2013 21:09:35, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 3 time(s).
    29/05/2013 21:09:19, Error: Service Control Manager [7031] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    29/05/2013 21:09:03, Error: Service Control Manager [7031] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    29/05/2013 21:06:45, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl
    29/05/2013 21:06:42, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffd8a002fdea60, 0x0000000000000000, 0xfffff80002fa7d9c, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052913-17394-01.
    29/05/2013 20:59:10, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffd8a002e88a40, 0x0000000000000000, 0xfffff80002f525ba, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052913-18813-01.
    29/05/2013 20:52:58, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x0000000000000003, 0xfffff8a011e17820, 0xfffff8a011e17820, 0x0000000010000230). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052913-20436-01.
    29/05/2013 19:43:16, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cmdGuard discache eeCtrl ElbyCDIO SASDIFSV SASKUTIL spldr Wanarpv6
    29/05/2013 19:43:14, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffd900c29c6010, 0x0000000000000000, 0xfffff80002dedf8c, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052913-19890-01.
    29/05/2013 19:16:29, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    29/05/2013 19:11:29, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
    29/05/2013 19:11:29, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    29/05/2013 19:11:29, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    29/05/2013 19:11:29, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    29/05/2013 19:11:29, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    29/05/2013 19:11:29, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    29/05/2013 19:11:29, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    29/05/2013 19:11:29, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    29/05/2013 19:11:29, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    29/05/2013 19:11:29, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    29/05/2013 19:06:11, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    29/05/2013 19:00:47, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    29/05/2013 18:54:31, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff88008dd6578, 0xfffff88008dd5dd0, 0xfffff8800129b933). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052913-17440-01.
    29/05/2013 18:26:55, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffffa8106097269, 0x0000000000000000, 0xfffff80002c82922, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052913-16988-01.
    29/05/2013 18:05:32, Error: Service Control Manager [7024] - The Norton 360 service terminated with service-specific error %%-1.
    29/05/2013 17:54:34, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffd8a002e27ba0, 0x0000000000000000, 0xfffff88001262ae2, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052913-17565-01.
    29/05/2013 17:48:30, Error: Service Control Manager [7038] - The wscsvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    29/05/2013 17:48:30, Error: Service Control Manager [7038] - The WinDefend service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    29/05/2013 17:48:30, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not start due to a logon failure.
    29/05/2013 17:48:30, Error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The service did not start due to a logon failure.
    29/05/2013 17:48:03, Error: LsaSrv [5000] - The security package Microsoft Unified Security Protocol Provider generated an exception. The exception information is the data.
    29/05/2013 14:58:43, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffd900c23f3300, 0x0000000000000000, 0xfffff80002db6f8c, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052913-32557-01.
    29/05/2013 14:23:22, Error: Service Control Manager [7030] - The Panda Software Controller service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    29/05/2013 13:47:08, Error: Service Control Manager [7034] - The Norton 360 service terminated unexpectedly. It has done this 4 time(s).
    29/05/2013 13:40:08, Error: Service Control Manager [7034] - The Norton 360 service terminated unexpectedly. It has done this 3 time(s).
    29/05/2013 13:37:44, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Norton 360 service, but this action failed with the following error: An instance of the service is already running.
    29/05/2013 13:35:44, Error: Service Control Manager [7031] - The Norton 360 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    29/05/2013 13:34:59, Error: Service Control Manager [7031] - The Norton 360 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    29/05/2013 12:42:59, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffda80051786a8, 0x0000000000000000, 0xfffff80002bbc0bf, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052913-18938-01.
    29/05/2013 12:03:49, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff880087e8758, 0xfffff880087e7fb0, 0xfffff80002ad69ba). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052913-21528-01.
    29/05/2013 11:29:24, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: Access is denied.
    29/05/2013 11:29:24, Error: Microsoft-Windows-Time-Service [46] - The time service encountered an error and was forced to shut down. The error was: 0x80070005: Access is denied.
    28/05/2013 23:46:58, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000008884, 0xfffffa8003da33a0, 0xfffffa8003da03d0, 0x0000000000000502). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052813-16738-01.
    28/05/2013 23:23:16, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: A system shutdown has already been scheduled.
    28/05/2013 23:23:16, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled.
    28/05/2013 23:23:16, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    28/05/2013 23:23:16, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    28/05/2013 23:23:16, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    28/05/2013 22:01:23, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff88004197d90, 0xfffff88005abe6a8, 0xfffff88005abdf00). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052813-15537-01.
    28/05/2013 21:44:05, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80002ab5d84, 0xfffff88007da4960, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052813-16255-01.
    28/05/2013 20:31:51, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffd8a007eee7f0, 0x0000000000000000, 0xfffff80002c05f8c, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052813-18844-01.
    28/05/2013 20:01:49, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\DEFAULT' was corrupted and it has been recovered. Some data might have been lost.
    28/05/2013 15:31:10, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR7.
    28/05/2013 14:52:30, Error: Service Control Manager [7023] - The System Event Notification Service service terminated with the following error: Overlapped I/O operation is in progress.
    28/05/2013 14:48:03, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x0000000000000022, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052813-327765-01.
    28/05/2013 14:00:33, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR6.
    28/05/2013 14:00:30, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
    28/05/2013 13:43:44, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{c5549319-c331-11e2-a6f4-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{DB425F82-1722-4938-9BEC-D63C09D7B1DE}' was corrupted and it has been recovered. Some data might have been lost.
    28/05/2013 13:43:00, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{c5549319-c331-11e2-a6f4-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{84268FB6-2872-44F8-8ABC-66FFCA5C71EE}' was corrupted and it has been recovered. Some data might have been lost.
    28/05/2013 13:42:21, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{c5549319-c331-11e2-a6f4-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{6E52AD4A-C13D-4146-B221-0A3F9B681AEA}' was corrupted and it has been recovered. Some data might have been lost.
    28/05/2013 13:41:29, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{c5549319-c331-11e2-a6f4-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{C1C72267-E27F-47E3-99F4-151C431E56B3}' was corrupted and it has been recovered. Some data might have been lost.
    28/05/2013 13:40:17, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{c5549319-c331-11e2-a6f4-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{9A050859-D653-4C48-B3D6-D5644D802520}' was corrupted and it has been recovered. Some data might have been lost.
    28/05/2013 13:39:30, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{c5549319-c331-11e2-a6f4-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D90E7332-D081-4066-8845-E48E9C149C89}' was corrupted and it has been recovered. Some data might have been lost.
    28/05/2013 13:39:21, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{c5549319-c331-11e2-a6f4-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{33CE4826-D25A-4521-B0C6-5A30994F5D27}' was corrupted and it has been recovered. Some data might have been lost.
    28/05/2013 13:38:33, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{c5549319-c331-11e2-a6f4-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{A48FC115-DB45-4637-9884-817557DA8E1C}' was corrupted and it has been recovered. Some data might have been lost.
    .

    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 47,082   +259

    [​IMG] You're running two AV programs, MSE and Norton.
    You must uninstall one of them.
    If Norton use this tool: http://www.majorgeeks.com/files/details/norton_removal_tool.html

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  7. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    RK Reports:
    RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User : Finn [Admin rights]
    Mode : Scan -- Date : 05/31/2013 02:47:03
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD3200AAJS-65RYA0 ATA Device +++++
    --- User ---
    [MBR] 505c8e6daae433b29e0d25c7b28eb9c6
    [BSP] 8e5db028d4964658b6060ac891226926 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 15 | Size: 305242 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: Hitachi HDT725040VLA380 ATA Device +++++
    --- User ---
    [MBR] 2c043df87f43e5ae63cb9097c9d4de92
    [BSP] 85ddd80b716ade4e5b6d4d08cf29ed94 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 381552 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive2: SanDisk Cruzer Edge USB Device +++++
    --- User ---
    [MBR] e79c919aca87a83678b308fedbf91267
    [BSP] 1b38f8ae3e328652e35f8d6920e043a3 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x6e) [VISIBLE] Offset (sectors): 1948285285 | Size: 831044 Mo
    3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 28049408 | Size: 0 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[1]_S_05312013_02d0247.txt >>
    RKreport[1]_S_05312013_02d0247.txt

    RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User : Finn [Admin rights]
    Mode : Remove -- Date : 05/31/2013 02:49:23
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD3200AAJS-65RYA0 ATA Device +++++
    --- User ---
    [MBR] 505c8e6daae433b29e0d25c7b28eb9c6
    [BSP] 8e5db028d4964658b6060ac891226926 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 15 | Size: 305242 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: Hitachi HDT725040VLA380 ATA Device +++++
    --- User ---
    [MBR] 2c043df87f43e5ae63cb9097c9d4de92
    [BSP] 85ddd80b716ade4e5b6d4d08cf29ed94 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 381552 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive2: SanDisk Cruzer Edge USB Device +++++
    --- User ---
    [MBR] e79c919aca87a83678b308fedbf91267
    [BSP] 1b38f8ae3e328652e35f8d6920e043a3 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x6e) [VISIBLE] Offset (sectors): 1948285285 | Size: 831044 Mo
    3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 28049408 | Size: 0 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[2]_D_05312013_02d0249.txt >>
    RKreport[1]_S_05312013_02d0247.txt ; RKreport[2]_D_05312013_02d0249.txt
     
  8. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    MBAR Log:
    Malwarebytes Anti-Rootkit BETA 1.06.0.1003
    www.malwarebytes.org
    Database version: v2013.05.31.03
    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    Finn :: FINN-PC [administrator]
    31/05/2013 13:34:14
    mbar-log-2013-05-31 (13-34-14).txt
    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
    Scan options disabled: Deep Anti-Rootkit Scan | PUP
    Objects scanned: 240786
    Time elapsed: 10 minute(s), 46 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    Physical Sectors Detected: 0
    (No malicious items detected)
    (end)

    System Log:
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.06.0.1003
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7600 Windows 7 x64
    Account is Administrative
    Internet Explorer version: 8.0.7600.16385
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.327000 GHz
    Memory total: 6441721856, free: 5028560896
    Downloaded database version: v2013.05.31.03
    Downloaded database version: v2013.05.22.01
    Initializing...
    ------------ Kernel report ------------
    05/31/2013 13:34:09
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\DRIVERS\ACPI.sys
    \SystemRoot\system32\DRIVERS\WMILIB.SYS
    \SystemRoot\system32\DRIVERS\msisadrv.sys
    \SystemRoot\system32\DRIVERS\pci.sys
    \SystemRoot\system32\DRIVERS\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\DRIVERS\pciide.sys
    \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\atapi.sys
    \SystemRoot\system32\DRIVERS\ataport.SYS
    \SystemRoot\system32\DRIVERS\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\DRIVERS\MpFilter.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\vmstorfl.sys
    \SystemRoot\system32\DRIVERS\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\Drivers\ElbyCDIO.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\e1e6032e.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\athrx.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\1394ohci.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\VClone.sys
    \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\HdAudio.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\WinUsb.sys
    \SystemRoot\system32\DRIVERS\WUDFRd.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\gdi32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\usp10.dll
    \Windows\System32\nsi.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\msctf.dll
    \Windows\System32\psapi.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\shell32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\user32.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\lpk.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\ole32.dll
    \Windows\System32\wininet.dll
    \Windows\System32\imm32.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\devobj.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk6\DR7
    Upper Device Object: 0xfffffa8005aba060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000007b\
    Lower Device Object: 0xfffffa80056156b0
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk5\DR5
    Upper Device Object: 0xfffffa800721e060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000070\
    Lower Device Object: 0xfffffa8007229060
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk4\DR4
    Upper Device Object: 0xfffffa800721d060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000006f\
    Lower Device Object: 0xfffffa8007228060
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk3\DR3
    Upper Device Object: 0xfffffa800721c060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000006e\
    Lower Device Object: 0xfffffa8007227b70
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xfffffa800721b060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000006d\
    Lower Device Object: 0xfffffa800720a060
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa8006195790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
    Lower Device Object: 0xfffffa8005ca5060
    Lower Device Driver Name: \Driver\atapi\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8006194330
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-2\
    Lower Device Object: 0xfffffa8005ca9060
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8006194330, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8006195040, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8006194330, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8005174e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8005ca9060, DeviceName: \Device\Ide\IdeDeviceP0T1L0-2\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 1
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 15 Numsec = 625136823
    Partition file system is NTFS
    Partition is bootable
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 320072933376 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-14-625122448-625142448)...
    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa8006195790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8006196040, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8006195790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8005ca3520, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8005ca5060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: B3AE006C
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 781418496
    Partition file system is NTFS
    Partition is not bootable
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 400088457216 bytes
    Sector size: 512 bytes
    Done!
    Physical Sector Size: 0
    Drive: 2, DevicePointer: 0xfffffa800721b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800721a430, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800721b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800720a060, DeviceName: \Device\0000006d\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 3, DevicePointer: 0xfffffa800721c060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800721bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800721c060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8007227b70, DeviceName: \Device\0000006e\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 4, DevicePointer: 0xfffffa800721d060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800721cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800721d060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8007228060, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 5, DevicePointer: 0xfffffa800721e060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800721db90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800721e060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8007229060, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 512
    Drive: 6, DevicePointer: 0xfffffa8005aba060, DeviceName: \Device\Harddisk6\DR7\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800554e7b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8005aba060, DeviceName: \Device\Harddisk6\DR7\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80056156b0, DeviceName: \Device\0000007b\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk6\DR7\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 6
    Scanning MBR on drive 6...
    Inspecting partition table:
    Partition information:
    This drive is a Single Partition removable Drive.
    Partition file system is FAT32
    Partition is not bootable
    Disk Size: 4022337024 bytes
    Sector size: 512 bytes
    Done!
    Scan finished
    =======================================

    Removal queue found; removal started
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_15_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_1_0_2048_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_6_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_6_r.mbam...
    Removal finished
     
  9. Broni

    Broni Malware Annihilator Posts: 47,082   +259

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  10. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    I tried to run ComboFix three times, each time combofix crashed with a BSOD. Now on the 4th try I have gotten an error saying "!! ALERT !! It is NOT SAFE to continue! The contents of the ComboFix package has been compromised. Please download a fresh copy from: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
    Note: You may be infected with a file patching virus 'Virut'

    How should I proceed?

    Please answer A.S.A.P
     
  11. Broni

    Broni Malware Annihilator Posts: 47,082   +259

    Virut (if it checks out) is not a good news.

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
     
     
  12. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    ESETScan Report:

    C:\da.bat BAT/Agent.NGP trojan
    C:\Radi-radi.wsf JS/Agent.NCF trojan
     
  13. Broni

    Broni Malware Annihilator Posts: 47,082   +259

    Delete your Combofix file, download fresh one and try to run it again.
     
  14. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    I run ComboFix and it gets to Stage 50 and tells me that I have some infected files and then reboots my computer but once my computer has started up again, nothing happens. Is ComboFix done?
     
  15. Broni

    Broni Malware Annihilator Posts: 47,082   +259

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.[/*]
    • Press Scan button.[/*]
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.[/*]
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.[/*]
     
  16. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2013 01
    Ran by Finn (administrator) on 31-05-2013 19:42:33
    Running from C:\Users\Finn\Desktop
    Windows 7 Ultimate (X64) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://uk.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=GB&ver=5
    BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    PDF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    PDF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    PDF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000}
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    Chrome:
    =======
    CHR RestoreOnStartup: "hxxp://google.co.uk/"
    CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll No File
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
    CHR Extension: (Angry Birds) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0
    CHR Extension: (Google Docs) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
    CHR Extension: (Burning Guitar) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdiejcapkjkibllbcobbohjibfkoogmj\1_0
    CHR Extension: (YouTube) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
    CHR Extension: (Facebook Disconnect) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0
    CHR Extension: (Send from Gmail (by Google)) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.13_0
    CHR Extension: (Gmail) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

    ==================== Services (Whitelisted) =================

    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
    S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
    R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

    ==================== Drivers (Whitelisted) ====================

    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
    S3 catchme; \??\C:\Users\Finn\AppData\Local\Temp\catchme.sys [x]
    R1 ElbyCDIO; System32\Drivers\ElbyCDIO.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-05-31 19:42 - 2013-05-31 19:42 - 00000000 ____D C:\FRST
    2013-05-31 19:42 - 2013-05-31 19:40 - 01915980 ____A (Farbar) C:\Users\Finn\Desktop\FRST64.exe
    2013-05-31 19:21 - 2013-05-31 19:29 - 00000000 ____D C:\ComboFix
    2013-05-31 19:15 - 2013-05-31 19:16 - 00000161 ____A C:\Users\Finn\Desktop\catchme.log
    2013-05-31 19:08 - 2013-05-31 19:05 - 05076038 ____R (Swearware) C:\Users\Finn\Desktop\ComboFix.exe
    2013-05-31 19:00 - 2013-05-31 19:00 - 00287096 ____A C:\Windows\Minidump\053113-23961-01.dmp
    2013-05-31 18:41 - 2013-05-31 18:41 - 00000070 ____A C:\Users\Finn\Desktop\ESETScan.txt
    2013-05-31 17:55 - 2013-05-31 17:55 - 00286840 ____A C:\Windows\Minidump\053113-29359-01.dmp
    2013-05-31 17:48 - 2013-05-31 17:48 - 00000000 ___HD C:\Windows\AxInstSV
    2013-05-31 17:48 - 2013-05-31 17:48 - 00000000 ____D C:\Program Files (x86)\ESET
    2013-05-31 17:27 - 2013-05-31 17:27 - 00285520 ____A C:\Windows\Minidump\053113-28735-01.dmp
    2013-05-31 17:14 - 2013-05-31 17:14 - 00286000 ____A C:\Windows\Minidump\053113-28594-01.dmp
    2013-05-31 17:11 - 2013-05-31 19:29 - 00000000 ____D C:\Windows\erdnt
    2013-05-31 17:11 - 2013-05-31 17:11 - 00000000 ____D C:\Qoobox
    2013-05-31 17:11 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe
    2013-05-31 17:11 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe
    2013-05-31 17:11 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2013-05-31 17:11 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2013-05-31 17:11 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2013-05-31 17:11 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe
    2013-05-31 17:11 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe
    2013-05-31 17:11 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe
    2013-05-31 16:46 - 2013-05-31 16:46 - 00000000 ____D C:\Windows\System32\Macromed
    2013-05-31 13:32 - 2013-05-31 13:46 - 00000000 ____D C:\Users\Finn\Desktop\mbar
    2013-05-31 12:49 - 2013-05-31 12:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2013-05-31 03:37 - 2013-05-31 03:37 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
    2013-05-31 03:36 - 2013-05-31 19:29 - 00000000 ____D C:\ProgramData\NVIDIA
    2013-05-31 03:36 - 2013-02-26 00:32 - 00061216 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
    2013-05-31 03:36 - 2013-02-26 00:32 - 00053024 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2013-05-31 03:36 - 2013-01-18 16:00 - 06390048 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
    2013-05-31 03:36 - 2013-01-18 16:00 - 03460896 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
    2013-05-31 03:36 - 2013-01-18 16:00 - 02558240 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
    2013-05-31 03:36 - 2013-01-18 16:00 - 00884512 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    2013-05-31 03:36 - 2013-01-18 16:00 - 00118560 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
    2013-05-31 03:36 - 2013-01-18 16:00 - 00063776 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
    2013-05-31 03:35 - 2013-05-31 03:37 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2013-05-31 03:35 - 2013-05-31 03:35 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2013-05-31 03:24 - 2013-05-31 03:24 - 00288008 ____A C:\Windows\Minidump\053113-21340-01.dmp
    2013-05-31 03:22 - 2013-05-31 03:22 - 00000000 ____D C:\Windows\CheckSur
    2013-05-31 03:17 - 2013-05-31 13:04 - 00004369 ____A C:\Windows\IE9_main.log
    2013-05-31 03:09 - 2012-03-01 07:54 - 00022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
    2013-05-31 03:09 - 2012-03-01 07:45 - 00220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2013-05-31 03:09 - 2012-03-01 07:40 - 00080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
    2013-05-31 03:09 - 2012-03-01 07:35 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
    2013-05-31 03:09 - 2012-03-01 06:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2013-05-31 03:09 - 2012-03-01 06:45 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
    2013-05-31 03:09 - 2012-03-01 06:40 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
    2013-05-31 03:01 - 2010-03-04 05:32 - 00243712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
    2013-05-31 02:49 - 2013-05-31 02:49 - 00002052 ____A C:\Users\Finn\Desktop\RKreport[2]_D_05312013_02d0249.txt
    2013-05-31 02:47 - 2013-05-31 02:47 - 00001999 ____A C:\Users\Finn\Desktop\RKreport[1]_S_05312013_02d0247.txt
    2013-05-31 02:45 - 2013-05-31 02:45 - 00791040 ____A C:\Users\Finn\Desktop\RogueKillerX64.exe
    2013-05-31 02:41 - 2013-05-31 02:48 - 00000000 ____D C:\Users\Finn\Desktop\RK_Quarantine
    2013-05-31 01:45 - 2013-05-31 01:45 - 00048194 ____A C:\Users\Finn\Desktop\attach.txt
    2013-05-31 01:45 - 2013-05-31 01:44 - 00013380 ____A C:\Users\Finn\Desktop\dds.txt
    2013-05-31 01:42 - 2013-05-31 01:41 - 00688992 ____R (Swearware) C:\Users\Finn\Desktop\dds.com
    2013-05-31 01:31 - 2013-05-31 01:31 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-05-31 01:30 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-05-31 01:26 - 2013-05-31 01:26 - 00284872 ____A C:\Windows\Minidump\053113-21902-01.dmp
    2013-05-31 01:23 - 2013-05-31 01:23 - 00285256 ____A C:\Windows\Minidump\053113-24632-01.dmp
    2013-05-31 01:17 - 2012-05-14 06:20 - 00956416 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
    2013-05-31 01:13 - 2012-09-25 23:39 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
    2013-05-31 01:13 - 2012-09-25 22:55 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
    2013-05-31 01:13 - 2012-06-16 06:25 - 00850944 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-05-31 01:13 - 2012-06-16 06:25 - 00609792 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-05-31 01:13 - 2012-06-16 05:37 - 00428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-05-31 01:13 - 2012-06-16 05:36 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-05-31 01:13 - 2012-04-07 13:18 - 03213824 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2013-05-31 01:13 - 2012-04-07 12:34 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2013-05-31 01:12 - 2013-03-02 06:49 - 01499648 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-05-31 01:12 - 2013-03-02 06:49 - 01198080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-05-31 01:12 - 2013-03-02 06:49 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-05-31 01:12 - 2013-03-02 06:44 - 01026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
    2013-05-31 01:12 - 2013-03-02 06:43 - 09377280 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-05-31 01:12 - 2013-03-02 06:43 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-05-31 01:12 - 2013-03-02 06:43 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-05-31 01:12 - 2013-03-02 06:43 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2013-05-31 01:12 - 2013-03-02 06:43 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-05-31 01:12 - 2013-03-02 06:43 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2013-05-31 01:12 - 2013-03-02 06:42 - 12405760 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-05-31 01:12 - 2013-03-02 06:42 - 02463744 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-05-31 01:12 - 2013-03-02 06:42 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2013-05-31 01:12 - 2013-03-02 06:42 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2013-05-31 01:12 - 2013-03-02 06:42 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-05-31 01:12 - 2013-03-02 06:06 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-05-31 01:12 - 2013-03-02 06:05 - 01230848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-05-31 01:12 - 2013-03-02 06:05 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-05-31 01:12 - 2013-03-02 06:02 - 06032384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-05-31 01:12 - 2013-03-02 06:02 - 00627200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-05-31 01:12 - 2013-03-02 06:02 - 00606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
    2013-05-31 01:12 - 2013-03-02 06:02 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-05-31 01:12 - 2013-03-02 06:02 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2013-05-31 01:12 - 2013-03-02 06:01 - 11019776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-05-31 01:12 - 2013-03-02 06:01 - 02077184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-05-31 01:12 - 2013-03-02 06:01 - 00381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2013-05-31 01:12 - 2013-03-02 06:01 - 00185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2013-05-31 01:12 - 2013-03-02 06:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-05-31 01:12 - 2013-03-02 06:01 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-05-31 01:12 - 2013-03-02 05:38 - 00482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2013-05-31 01:12 - 2013-03-02 05:03 - 00386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2013-05-31 01:12 - 2013-03-02 04:56 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-05-31 01:12 - 2013-03-02 04:56 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2013-05-31 01:12 - 2013-03-02 04:30 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2013-05-31 01:12 - 2013-03-02 04:29 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-05-31 01:12 - 2013-03-02 04:29 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2013-05-31 01:11 - 2013-01-24 06:41 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
    2013-05-31 01:11 - 2012-07-04 23:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2013-05-31 01:11 - 2012-07-04 23:01 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2013-05-31 01:11 - 2012-07-04 23:01 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2013-05-31 01:11 - 2012-07-04 22:26 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2013-05-31 01:11 - 2012-07-04 22:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2013-05-31 01:11 - 2012-05-05 09:30 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
    2013-05-31 01:11 - 2012-05-05 08:44 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2013-05-31 01:11 - 2011-02-18 07:33 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\prevhost.exe
    2013-05-31 01:11 - 2011-02-18 06:33 - 00031232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
    2013-05-31 01:03 - 2013-05-31 01:03 - 00002154 ____A C:\Windows\epplauncher.mif
    2013-05-31 01:02 - 2013-05-31 01:03 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2013-05-31 01:02 - 2013-05-31 01:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2013-05-31 01:02 - 2010-04-09 12:06 - 01898376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2013-05-31 01:02 - 2010-04-09 12:06 - 00374664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2013-05-31 00:59 - 2013-03-19 07:19 - 05497688 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-05-31 00:59 - 2013-03-19 06:54 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2013-05-31 00:59 - 2013-03-19 06:06 - 03958120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2013-05-31 00:59 - 2013-03-19 06:06 - 03902312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2013-05-31 00:59 - 2013-03-19 05:53 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2013-05-31 00:59 - 2013-03-19 04:19 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
    2013-05-30 23:35 - 2013-05-30 23:35 - 00284792 ____A C:\Windows\Minidump\053013-18517-01.dmp
    2013-05-30 23:29 - 2013-05-30 23:29 - 00285112 ____A C:\Windows\Minidump\053013-21980-01.dmp
    2013-05-30 23:17 - 2013-05-30 23:17 - 00284952 ____A C:\Windows\Minidump\053013-22167-01.dmp
    2013-05-30 23:09 - 2013-05-30 23:10 - 00285448 ____A C:\Windows\Minidump\053013-19359-01.dmp
    2013-05-30 23:04 - 2013-05-30 23:04 - 00284632 ____A C:\Windows\Minidump\053013-19172-01.dmp
    2013-05-30 22:59 - 2013-05-30 22:59 - 00285896 ____A C:\Windows\Minidump\053013-43914-01.dmp
    2013-05-30 22:51 - 2011-12-16 09:42 - 00634368 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
    2013-05-30 22:51 - 2011-12-16 08:59 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
    2013-05-30 22:51 - 2011-10-15 07:25 - 00723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
    2013-05-30 22:51 - 2011-10-15 06:48 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
    2013-05-30 22:51 - 2011-08-27 06:40 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
    2013-05-30 22:51 - 2011-08-27 06:40 - 00331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
    2013-05-30 22:51 - 2011-08-27 05:43 - 00571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2013-05-30 22:51 - 2011-08-27 05:43 - 00233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
    2013-05-30 22:51 - 2011-05-24 12:21 - 00404992 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
    2013-05-30 22:51 - 2011-05-24 11:34 - 00145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
    2013-05-30 22:51 - 2011-05-24 11:34 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
    2013-05-30 22:51 - 2011-05-24 11:34 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
    2013-05-30 22:51 - 2011-05-24 11:32 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
    2013-05-30 22:51 - 2011-02-23 06:15 - 00286720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
    2013-05-30 22:51 - 2011-02-23 06:15 - 00157696 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
    2013-05-30 22:51 - 2011-02-23 06:15 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
    2013-05-30 22:51 - 2011-02-23 06:15 - 00090624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
    2013-05-30 22:51 - 2011-02-12 07:14 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe
    2013-05-30 22:51 - 2011-02-05 13:41 - 00640896 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
    2013-05-30 22:51 - 2011-02-05 13:41 - 00556928 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
    2013-05-30 22:51 - 2011-02-05 13:41 - 00020352 ____A (Microsoft Corporation) C:\Windows\System32\kdusb.dll
    2013-05-30 22:51 - 2011-02-05 13:41 - 00019328 ____A (Microsoft Corporation) C:\Windows\System32\kd1394.dll
    2013-05-30 22:51 - 2011-02-05 13:41 - 00017792 ____A (Microsoft Corporation) C:\Windows\System32\kdcom.dll
    2013-05-30 22:51 - 2011-02-05 13:39 - 00603976 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
    2013-05-30 22:51 - 2011-02-05 13:39 - 00518160 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
    2013-05-30 22:51 - 2010-12-18 07:12 - 03138048 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
    2013-05-30 22:51 - 2010-12-18 07:08 - 01097216 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
    2013-05-30 22:51 - 2010-12-18 06:30 - 02690560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2013-05-30 22:51 - 2010-12-18 06:26 - 01034240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2013-05-30 22:51 - 2010-10-16 06:23 - 00112000 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
    2013-05-30 22:51 - 2010-08-31 05:32 - 00954752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc40.dll
    2013-05-30 22:51 - 2010-08-31 05:32 - 00954288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc40u.dll
    2013-05-30 22:51 - 2009-08-29 08:50 - 00046592 ____A (Microsoft Corporation) C:\Windows\System32\msasn1.dll
    2013-05-30 22:51 - 2009-08-29 07:57 - 00034816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msasn1.dll
    2013-05-30 22:50 - 2011-11-19 16:07 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
    2013-05-30 22:50 - 2011-11-19 15:06 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2013-05-30 22:50 - 2011-11-17 08:14 - 01739160 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
    2013-05-30 22:50 - 2011-11-17 06:41 - 01292592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2013-05-30 22:50 - 2010-10-16 06:17 - 00720896 ____A (Microsoft Corporation) C:\Windows\System32\odbc32.dll
    2013-05-30 22:50 - 2010-10-16 05:34 - 00573440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbc32.dll
    2013-05-30 22:50 - 2010-08-27 07:14 - 00236032 ____A (Microsoft Corporation) C:\Windows\System32\srvsvc.dll
    2013-05-30 22:50 - 2010-08-27 06:46 - 00009728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
    2013-05-30 22:50 - 2010-08-27 04:38 - 00463360 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
    2013-05-30 22:50 - 2010-08-27 04:37 - 00402944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
    2013-05-30 22:50 - 2010-08-27 04:37 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
    2013-05-30 22:38 - 2013-05-30 22:38 - 00284216 ____A C:\Windows\Minidump\053013-21559-01.dmp
    2013-05-30 21:12 - 2013-05-30 21:12 - 00287304 ____A C:\Windows\Minidump\053013-32526-01.dmp
    2013-05-30 21:00 - 2012-06-02 23:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2013-05-30 21:00 - 2012-06-02 23:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2013-05-30 21:00 - 2012-06-02 23:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2013-05-30 21:00 - 2012-06-02 23:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2013-05-30 20:40 - 2013-05-30 20:40 - 00001340 ____A C:\Users\Finn\Desktop\Norton Installation Files.lnk
    2013-05-30 20:40 - 2013-05-30 20:40 - 00001244 ____A C:\Users\Finn\Desktop\Norton Download Manager.lnk
    2013-05-30 20:00 - 2013-05-31 19:00 - 632796628 ____A C:\Windows\MEMORY.DMP
    2013-05-30 20:00 - 2013-05-30 20:00 - 00286376 ____A C:\Windows\Minidump\053013-57408-01.dmp
    2013-05-30 19:52 - 2013-05-30 19:52 - 04167680 ____A C:\Program Files (x86)\GUT279D.tmp
    2013-05-30 19:52 - 2013-05-30 19:52 - 00000000 ____D C:\Program Files (x86)\GUM278D.tmp
    2013-05-30 18:54 - 2013-05-30 19:17 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2013-05-30 18:54 - 2013-05-30 18:57 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
    2013-05-30 18:54 - 2013-05-30 18:54 - 00001262 ____A C:\Users\Finn\Desktop\Spybot - Search & Destroy.lnk
    2013-05-30 18:42 - 2013-05-30 18:42 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2013-05-30 16:11 - 2013-05-30 16:11 - 151247144 ____A (COMODO) C:\Users\Finn\Downloads\cispremium_installer.exe
    2013-05-30 16:08 - 2013-05-30 16:08 - 98142048 ____A (COMODO) C:\Users\Finn\Downloads\cfw_installer.exe
    2013-05-30 15:55 - 2012-06-02 23:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2013-05-30 15:55 - 2012-06-02 23:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2013-05-30 15:55 - 2012-06-02 23:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2013-05-30 15:55 - 2012-06-02 15:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2013-05-30 15:55 - 2012-06-02 15:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2013-05-30 15:54 - 2013-05-02 16:29 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2013-05-29 23:02 - 2011-08-17 19:39 - 01579520 ____A (Atheros Communications, Inc.) C:\Windows\System32\athrx.sys
    2013-05-29 23:02 - 2011-08-17 19:39 - 00007634 ____A C:\Windows\System32\athrextx.cat
    2013-05-29 22:54 - 2011-04-11 10:33 - 01579520 ____A (Atheros Communications, Inc.) C:\Windows\System32\Drivers\athrx.sys
    2013-05-29 20:40 - 2013-05-29 20:41 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Spotify
    2013-05-29 20:31 - 2013-05-29 20:31 - 00002962 ____A C:\Users\Finn\Desktop\Rkill.txt
    2013-05-29 19:24 - 2013-05-29 19:24 - 00000000 ____D C:\VritualRoot
    2013-05-29 19:05 - 2013-05-30 07:43 - 00000000 ____D C:\ProgramData\Comodo
    2013-05-29 19:05 - 2013-05-29 19:05 - 00000000 ____D C:\Program Files\COMODO
    2013-05-29 18:24 - 2013-05-29 18:24 - 00000000 ____D C:\Users\Finn\AppData\Roaming\SUPERAntiSpyware.com
    2013-05-29 18:23 - 2013-05-30 07:43 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2013-05-29 18:23 - 2013-05-29 18:23 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2013-05-29 18:14 - 2013-05-31 13:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2013-05-29 17:44 - 2013-05-29 17:46 - 00000000 ____D C:\Users\Finn\AppData\Local\NPE
    2013-05-29 16:20 - 2013-05-29 16:20 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Malwarebytes
    2013-05-29 16:19 - 2013-05-31 01:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-05-29 16:19 - 2013-05-29 16:19 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-05-29 16:09 - 2013-05-30 07:43 - 00000000 ____D C:\Users\Finn\Documents\Security
    2013-05-29 14:32 - 2013-05-30 19:29 - 00000000 ____D C:\Users\Finn\AppData\Roaming\uTorrent
    2013-05-29 13:57 - 2013-05-29 13:58 - 00000000 ____D C:\ProgramData\AVAST Software
    2013-05-29 13:57 - 2013-05-29 13:58 - 00000000 ____D C:\Program Files\AVAST Software
    2013-05-29 13:34 - 2013-05-29 13:34 - 00000000 ____D C:\Windows\SysWOW64\%LOCALAPPDATA%
    2013-05-29 13:24 - 2013-05-30 20:40 - 00000000 ____D C:\Users\Public\Downloads\Norton
    2013-05-29 13:09 - 2013-05-29 13:09 - 00000000 ____D C:\Users\Finn\Documents\GTA Vice City Mods
    2013-05-29 12:50 - 2013-05-30 19:52 - 00000000 ____D C:\Program Files (x86)\Google
    2013-05-29 12:50 - 2013-05-29 12:52 - 00000000 ____D C:\Users\Finn\AppData\Local\Google
    2013-05-29 12:49 - 2013-05-30 19:52 - 00000000 ____D C:\Users\Finn\AppData\Local\Deployment
    2013-05-29 12:49 - 2013-05-30 18:41 - 00000000 ____D C:\Users\Finn\AppData\Local\Apps\2.0
    2013-05-29 12:33 - 2013-05-29 12:33 - 00000000 ____D C:\Users\Finn\Documents\Symantec
    2013-05-29 11:26 - 2013-05-30 19:29 - 00000000 ____D C:\ProgramData\TP-LINK
    2013-05-28 23:23 - 2013-05-30 07:43 - 00000000 ____D C:\Windows\System32\%LOCALAPPDATA%
    2013-05-28 23:13 - 2013-05-29 23:14 - 00000000 ____D C:\Users\Finn\Documents\Mount&Blade Warband Savegames
    2013-05-28 21:06 - 2013-05-28 21:06 - 00003133 ____A C:\Users\Finn\Desktop\M&B Warband.lnk
    2013-05-28 20:57 - 2013-05-28 23:19 - 00000000 ____D C:\Users\Finn\Documents\Mount&Blade Warband
    2013-05-28 20:10 - 2013-05-28 20:10 - 00001298 ____A C:\Users\Finn\Desktop\GTA Vice City.lnk
    2013-05-28 14:49 - 2013-05-28 14:49 - 00000735 ____A C:\Users\Finn\Desktop\PC Cleaner Pro.lnk
    2013-05-28 14:49 - 2013-05-28 14:49 - 00000000 ____D C:\ProgramData\PC1Data
    2013-05-28 14:49 - 2013-05-28 14:49 - 00000000 ____D C:\ProgramData\PC Cleaners
    2013-05-28 14:49 - 2013-05-28 14:22 - 05371088 ____A (PC Cleaners) C:\ProgramData\pclunst.exe
    2013-05-28 14:47 - 2013-05-31 19:29 - 00007108 ____A C:\Windows\setupact.log
    2013-05-28 14:47 - 2013-05-28 14:47 - 00000000 ____A C:\Windows\setuperr.log
    2013-05-26 18:03 - 2013-05-29 00:07 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Mount&Blade Warband
    2013-05-26 16:39 - 2013-05-31 17:36 - 00000000 ____D C:\Users\Finn\AppData\Local\CrashDumps
    2013-05-26 16:36 - 2013-05-31 03:37 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2013-05-26 16:35 - 2013-05-26 16:35 - 00002105 ____A C:\Users\Public\Desktop\Mafia II.lnk
    2013-05-26 16:28 - 2013-05-26 16:28 - 00000000 ____D C:\Program Files (x86)\2K Games
    2013-05-26 15:21 - 2013-05-26 15:46 - 00000000 ____D C:\Users\Finn\Documents\GTA Vice City User Files
    2013-05-26 13:44 - 2013-05-26 13:44 - 00000000 ____D C:\Users\Finn\AppData\Local\2K Games
    2013-05-26 13:29 - 2013-05-26 13:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2013-05-26 13:29 - 2013-05-26 13:29 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
    2013-05-26 12:50 - 2013-05-31 17:47 - 00000000 ____D C:\Users\Finn\AppData\Local\Microsoft Games
    2013-05-24 04:49 - 2013-05-24 04:49 - 00000000 ____D C:\NBRT
    2013-05-23 20:20 - 2013-05-31 02:36 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
    2013-05-23 20:20 - 2013-05-23 20:20 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Tific
    2013-05-23 20:20 - 2013-05-23 20:20 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Macromedia
    2013-05-23 20:20 - 2013-05-23 20:20 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Adobe
    2013-05-23 20:20 - 2013-05-23 20:20 - 00000000 ____D C:\Users\Finn\AppData\Local\Symantec
    2013-05-23 20:20 - 2010-08-21 04:59 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
    2013-05-23 20:20 - 2010-08-21 04:59 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
    2013-05-23 20:20 - 2010-08-21 04:59 - 00034152 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2013-05-23 20:19 - 2013-05-31 14:12 - 00000000 ____D C:\ProgramData\Norton
    2013-05-23 20:19 - 2013-05-30 07:43 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
    2013-05-23 20:13 - 2011-11-10 15:06 - 01880400 ___RA (Bethesda Softworks) C:\Users\Finn\Desktop\Skyrim.exe
    2013-05-23 20:10 - 2013-05-23 20:10 - 00000000 ____D C:\Users\Finn\Documents\My Games
    2013-05-23 20:10 - 2013-05-23 20:10 - 00000000 ____D C:\Users\Finn\AppData\Local\Skyrim
    2013-05-23 20:09 - 2010-02-04 10:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
    2013-05-23 20:09 - 2010-02-04 10:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
    2013-05-23 20:09 - 2010-02-04 10:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
    2013-05-23 20:09 - 2010-02-04 10:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
    2013-05-23 20:09 - 2010-02-04 10:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
    2013-05-23 20:09 - 2010-02-04 10:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
    2013-05-23 20:09 - 2010-02-04 10:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
    2013-05-23 20:09 - 2010-02-04 10:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
    2013-05-23 20:09 - 2009-09-04 17:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
    2013-05-23 20:09 - 2009-09-04 17:44 - 00515416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
    2013-05-23 20:09 - 2009-09-04 17:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
    2013-05-23 20:09 - 2009-09-04 17:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
    2013-05-23 20:09 - 2009-09-04 17:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
    2013-05-23 20:09 - 2009-09-04 17:44 - 00069464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
    2013-05-23 20:09 - 2009-09-04 17:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
    2013-05-23 20:09 - 2009-09-04 17:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
    2013-05-23 20:09 - 2009-09-04 17:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
    2013-05-23 20:09 - 2009-09-04 17:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
    2013-05-23 20:09 - 2009-09-04 17:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
    2013-05-23 20:09 - 2009-09-04 17:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
    2013-05-23 20:09 - 2009-09-04 17:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
    2013-05-23 20:09 - 2009-09-04 17:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
    2013-05-23 20:09 - 2009-09-04 17:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
    2013-05-23 20:09 - 2009-09-04 17:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
    2013-05-23 20:09 - 2009-03-16 14:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
    2013-05-23 20:09 - 2009-03-16 14:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
    2013-05-23 20:09 - 2009-03-16 14:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
    2013-05-23 20:09 - 2009-03-16 14:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
    2013-05-23 20:09 - 2009-03-16 14:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
    2013-05-23 20:09 - 2009-03-16 14:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
    2013-05-23 20:09 - 2009-03-09 15:27 - 05425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
    2013-05-23 20:09 - 2009-03-09 15:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
    2013-05-23 20:09 - 2009-03-09 15:27 - 02430312 ____A (Microsoft Corporation)
     
  17. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    FRST.txt continued

    C:\Windows\System32\D3DCompiler_41.dll
    2013-05-23 20:09 - 2009-03-09 15:27 - 01846632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
    2013-05-23 20:09 - 2009-03-09 15:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
    2013-05-23 20:09 - 2009-03-09 15:27 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
    2013-05-23 20:09 - 2008-10-27 10:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
    2013-05-23 20:09 - 2008-10-27 10:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
    2013-05-23 20:09 - 2008-10-27 10:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
    2013-05-23 20:09 - 2008-10-27 10:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
    2013-05-23 20:09 - 2008-10-27 10:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
    2013-05-23 20:09 - 2008-10-27 10:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
    2013-05-23 20:09 - 2008-10-27 10:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
    2013-05-23 20:09 - 2008-10-27 10:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
    2013-05-23 20:09 - 2008-10-15 06:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
    2013-05-23 20:09 - 2008-10-15 06:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
    2013-05-23 20:09 - 2008-10-15 06:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
    2013-05-23 20:09 - 2008-10-15 06:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
    2013-05-23 20:09 - 2008-10-15 06:22 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
    2013-05-23 20:09 - 2008-10-15 06:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
    2013-05-23 20:09 - 2008-07-31 10:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
    2013-05-23 20:09 - 2008-07-31 10:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
    2013-05-23 20:09 - 2008-07-31 10:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
    2013-05-23 20:09 - 2008-07-31 10:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
    2013-05-23 20:09 - 2008-07-31 10:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
    2013-05-23 20:09 - 2008-07-31 10:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
    2013-05-23 20:09 - 2008-07-10 11:01 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
    2013-05-23 20:09 - 2008-07-10 11:00 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
    2013-05-23 20:09 - 2008-07-10 11:00 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
    2013-05-23 20:09 - 2008-07-10 11:00 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
    2013-05-23 20:09 - 2008-07-10 11:00 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
    2013-05-23 20:09 - 2008-07-10 11:00 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
    2013-05-23 20:09 - 2008-05-30 14:19 - 00511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
    2013-05-23 20:09 - 2008-05-30 14:19 - 00507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
    2013-05-23 20:09 - 2008-05-30 14:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
    2013-05-23 20:09 - 2008-05-30 14:18 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
    2013-05-23 20:09 - 2008-05-30 14:17 - 00068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
    2013-05-23 20:09 - 2008-05-30 14:17 - 00065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
    2013-05-23 20:09 - 2008-05-30 14:17 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
    2013-05-23 20:09 - 2008-05-30 14:16 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
    2013-05-23 20:09 - 2008-05-30 14:11 - 04991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
    2013-05-23 20:09 - 2008-05-30 14:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
    2013-05-23 20:09 - 2008-05-30 14:11 - 01941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
    2013-05-23 20:09 - 2008-05-30 14:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
    2013-05-23 20:09 - 2008-05-30 14:11 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
    2013-05-23 20:09 - 2008-05-30 14:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
    2013-05-23 20:09 - 2008-03-05 16:04 - 00489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
    2013-05-23 20:09 - 2008-03-05 16:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
    2013-05-23 20:09 - 2008-03-05 16:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
    2013-05-23 20:09 - 2008-03-05 16:03 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
    2013-05-23 20:09 - 2008-03-05 16:00 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
    2013-05-23 20:09 - 2008-03-05 16:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
    2013-05-23 20:09 - 2008-03-05 15:56 - 04910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
    2013-05-23 20:09 - 2008-03-05 15:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
    2013-05-23 20:09 - 2008-03-05 15:56 - 01860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
    2013-05-23 20:09 - 2008-03-05 15:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
    2013-05-23 20:09 - 2008-02-05 23:07 - 00529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
    2013-05-23 20:09 - 2008-02-05 23:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
    2013-05-23 20:09 - 2007-10-22 03:40 - 00411656 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
    2013-05-23 20:09 - 2007-10-22 03:39 - 00267272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
    2013-05-23 20:09 - 2007-10-22 03:37 - 00021000 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
    2013-05-23 20:09 - 2007-10-22 03:37 - 00017928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
    2013-05-23 20:09 - 2007-10-12 15:14 - 05081608 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
    2013-05-23 20:09 - 2007-10-12 15:14 - 03734536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
    2013-05-23 20:09 - 2007-10-12 15:14 - 02006552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
    2013-05-23 20:09 - 2007-10-12 15:14 - 01374232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
    2013-05-23 20:09 - 2007-10-02 09:56 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
    2013-05-23 20:09 - 2007-10-02 09:56 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
    2013-05-23 20:09 - 2007-07-20 00:57 - 00411496 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
    2013-05-23 20:09 - 2007-07-20 00:57 - 00267112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
    2013-05-23 20:09 - 2007-07-19 18:14 - 05073256 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
    2013-05-23 20:09 - 2007-07-19 18:14 - 03727720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
    2013-05-23 20:09 - 2007-07-19 18:14 - 01985904 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
    2013-05-23 20:09 - 2007-07-19 18:14 - 01358192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
    2013-05-23 20:09 - 2007-07-19 18:14 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
    2013-05-23 20:09 - 2007-07-19 18:14 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
    2013-05-23 20:09 - 2007-06-20 20:49 - 00409960 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
    2013-05-23 20:09 - 2007-06-20 20:46 - 00266088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
    2013-05-23 20:09 - 2007-05-16 16:45 - 04496232 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
    2013-05-23 20:09 - 2007-05-16 16:45 - 03497832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
    2013-05-23 20:09 - 2007-05-16 16:45 - 01401200 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
    2013-05-23 20:09 - 2007-05-16 16:45 - 01124720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
    2013-05-23 20:09 - 2007-05-16 16:45 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
    2013-05-23 20:09 - 2007-05-16 16:45 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
    2013-05-23 20:08 - 2013-05-26 13:33 - 00010843 ____A C:\Windows\DirectX.log
    2013-05-23 20:08 - 2007-04-04 18:55 - 00403304 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
    2013-05-23 20:08 - 2007-04-04 18:55 - 00261480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
    2013-05-23 20:08 - 2007-04-04 18:54 - 00107368 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
    2013-05-23 20:08 - 2007-04-04 18:53 - 00081768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
    2013-05-23 20:08 - 2007-03-15 16:57 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
    2013-05-23 20:08 - 2007-03-15 16:57 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
    2013-05-23 20:08 - 2007-03-12 16:42 - 04494184 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
    2013-05-23 20:08 - 2007-03-12 16:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
    2013-05-23 20:08 - 2007-03-12 16:42 - 01400176 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
    2013-05-23 20:08 - 2007-03-12 16:42 - 01123696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
    2013-05-23 20:08 - 2007-03-05 12:42 - 00017688 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
    2013-05-23 20:08 - 2007-03-05 12:42 - 00015128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
    2013-05-23 20:08 - 2007-01-24 15:27 - 00393576 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
    2013-05-23 20:08 - 2007-01-24 15:27 - 00255848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
    2013-05-23 20:08 - 2006-12-08 12:02 - 00251672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
    2013-05-23 20:08 - 2006-12-08 12:00 - 00390424 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
    2013-05-23 20:08 - 2006-11-29 13:06 - 04398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
    2013-05-23 20:08 - 2006-11-29 13:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
    2013-05-23 20:08 - 2006-11-29 13:06 - 00469264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
    2013-05-23 20:08 - 2006-11-29 13:06 - 00440080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
    2013-05-23 20:08 - 2006-09-28 16:05 - 03977496 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
    2013-05-23 20:08 - 2006-09-28 16:05 - 02414360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
    2013-05-23 20:08 - 2006-09-28 16:05 - 00237848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
    2013-05-23 20:08 - 2006-09-28 16:04 - 00364824 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
    2013-05-23 20:08 - 2006-07-28 09:31 - 00083736 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
    2013-05-23 20:08 - 2006-07-28 09:30 - 00363288 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
    2013-05-23 20:08 - 2006-07-28 09:30 - 00236824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
    2013-05-23 20:08 - 2006-07-28 09:30 - 00062744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
    2013-05-23 20:08 - 2006-05-31 07:24 - 00230168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
    2013-05-23 20:08 - 2006-05-31 07:22 - 00354072 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
    2013-05-23 20:08 - 2006-03-31 12:41 - 03927248 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
    2013-05-23 20:08 - 2006-03-31 12:40 - 02388176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
    2013-05-23 20:08 - 2006-03-31 12:40 - 00352464 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
    2013-05-23 20:08 - 2006-03-31 12:39 - 00229584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
    2013-05-23 20:08 - 2006-03-31 12:39 - 00083664 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
    2013-05-23 20:08 - 2006-03-31 12:39 - 00062672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
    2013-05-23 20:08 - 2006-02-03 08:43 - 03830992 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
    2013-05-23 20:08 - 2006-02-03 08:43 - 02332368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
    2013-05-23 20:08 - 2006-02-03 08:42 - 00355536 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
    2013-05-23 20:08 - 2006-02-03 08:42 - 00230096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
    2013-05-23 20:08 - 2006-02-03 08:41 - 00016592 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
    2013-05-23 20:08 - 2006-02-03 08:41 - 00014032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
    2013-05-23 20:08 - 2005-12-05 18:09 - 03815120 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
    2013-05-23 20:08 - 2005-12-05 18:09 - 02323664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
    2013-05-23 20:08 - 2005-07-22 19:59 - 03807440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
    2013-05-23 20:08 - 2005-07-22 19:59 - 02319568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
    2013-05-23 20:08 - 2005-05-26 15:34 - 03767504 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
    2013-05-23 20:08 - 2005-05-26 15:34 - 02297552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
    2013-05-23 20:08 - 2005-03-18 17:19 - 03823312 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
    2013-05-23 20:08 - 2005-03-18 17:19 - 02337488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
    2013-05-23 20:08 - 2005-02-05 19:45 - 03544272 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
    2013-05-23 20:08 - 2005-02-05 19:45 - 02222800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
    2013-05-23 20:01 - 2013-05-23 20:10 - 00000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim
    2013-05-23 19:58 - 2013-05-30 20:21 - 00246442 ____A C:\Windows\ntbtlog.txt.bak
    2013-05-23 18:48 - 2013-05-24 04:19 - 00000000 ____D C:\Users\Finn\048298C9A4D3490B9FF9AB023A9238F3.TMP
    2013-05-23 18:48 - 2013-05-24 04:19 - 00000000 ____D C:\Program Files (x86)\Steam
    2013-05-23 18:45 - 2013-05-23 18:45 - 00000000 ___AH C:\Users\Finn\Documents\Default.rdp
    2013-05-23 18:42 - 2013-05-31 19:29 - 00023852 ____A C:\Windows\PFRO.log
    2013-05-23 08:48 - 2013-05-22 23:55 - 00000000 ____D C:\Windows\Panther
    2013-05-23 08:47 - 2009-07-14 02:38 - 00383562 _RASH C:\bootmgr
    2013-05-23 08:08 - 2013-05-12 22:13 - 00000211 ____H C:\Boot.BAK
    2013-05-23 01:58 - 2013-05-23 01:56 - 21707032 ____A (Hewlett-Packard Company ) C:\Users\Finn\Documents\sp47895.exe
    2013-05-23 01:53 - 2013-05-30 07:43 - 00000000 ____D C:\Users\Finn\Documents\2Wire_Vista64USBdriver_In_Autorun_v3.0
    2013-05-23 01:48 - 2003-05-31 20:15 - 00114688 ____A (Atheros) C:\Windows\SysWOW64\athcfg10.dll
    2013-05-23 01:48 - 2003-05-31 20:10 - 00651264 ___RA C:\Windows\SysWOW64\libeay32.dll
    2013-05-23 01:48 - 2003-05-31 20:10 - 00450560 ___RA (Meetinghouse Data Communications) C:\Windows\SysWOW64\AegisE5.dll
    2013-05-23 01:48 - 2003-05-31 20:10 - 00327680 ___RA (Meetinghouse Data Communications) C:\Windows\SysWOW64\AegisE2.dll
    2013-05-23 01:48 - 2003-05-31 20:10 - 00147456 ___RA C:\Windows\SysWOW64\ssleay32.dll
    2013-05-23 01:17 - 2013-05-23 01:17 - 00001254 ____A C:\Users\Public\Desktop\Virtual CloneDrive.lnk
    2013-05-23 01:17 - 2013-05-23 01:17 - 00000000 ____D C:\Users\Finn\AppData\Local\Innovative Solutions
    2013-05-23 01:16 - 2013-05-23 01:16 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
    2013-05-23 01:16 - 2013-05-23 01:12 - 01588760 ____A C:\Users\Finn\Documents\SetupVirtualCloneDrive5460.exe
    2013-05-23 01:16 - 2013-05-23 01:10 - 07009736 ____A (Innovative Solutions ) C:\Users\Finn\Documents\drivermax_7_13_cnet.exe
    2013-05-23 01:03 - 2013-05-30 07:43 - 00000000 ____D C:\Users\Finn\Documents\802.11g PCI Turbo Wireless Adapter
    2013-05-23 01:03 - 2013-05-23 01:03 - 00000000 ____D C:\Users\Finn\AppData\Roaming\WinRAR
    2013-05-23 01:03 - 2013-05-23 01:03 - 00000000 ____D C:\Program Files\WinRAR
    2013-05-23 00:12 - 2013-05-31 03:29 - 00058016 ____A C:\Users\Finn\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-05-23 00:12 - 2013-05-28 14:52 - 00000000 ___DC C:\Users\Finn\AppData\Local\MigWiz
    2013-05-23 00:11 - 2013-05-31 19:00 - 00000000 ____D C:\Windows\Minidump
    2013-05-23 00:07 - 2013-05-23 00:07 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
    2013-05-23 00:04 - 2013-05-29 22:51 - 00000000 ____D C:\users\Finn
    2013-05-23 00:04 - 2013-05-23 00:04 - 00000020 ___SH C:\Users\Finn\ntuser.ini
    2013-05-23 00:04 - 2013-05-23 00:04 - 00000000 ____D C:\Users\Finn\AppData\Local\VirtualStore
    2013-05-23 00:03 - 2013-05-23 00:03 - 00171136 _RASH C:\w7ldr
    2013-05-23 00:02 - 2013-05-23 00:02 - 00000000 ____D C:\Recovery
    2013-05-22 23:52 - 2013-05-22 23:52 - 00001313 ____A C:\Windows\TSSysprep.log
    2013-05-22 23:51 - 2013-05-31 19:28 - 01884134 ____A C:\Windows\WindowsUpdate.log
    2013-05-22 22:55 - 2013-05-23 08:48 - 00008192 _RASH C:\BOOTSECT.BAK
    2013-05-20 20:12 - 2013-05-20 20:12 - 00000000 ____D C:\Games
    2013-05-19 11:54 - 2013-05-19 11:54 - 00097176 ____A (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll
    2013-05-19 03:00 - 2013-05-19 03:01 - 00000000 ____D C:\d6196d965d6b437a870f139d18359e
    2013-05-18 18:24 - 2013-05-18 18:24 - 00001020 ____A C:\GEARDIFx_uninstall.log
    2013-05-17 22:39 - 2013-05-17 22:39 - 00003982 ____A C:\GEARDIFx_install.log
    2013-05-16 16:00 - 2013-05-16 16:01 - 00000000 ____D C:\Uninstall
    2013-05-16 16:00 - 2013-05-16 16:00 - 00000000 ____D C:\src
    2013-05-15 16:36 - 2004-08-27 17:26 - 00002155 ____A C:\hotfix.txt
    2013-05-15 16:36 - 2004-08-27 17:03 - 65792018 ____A C:\KB835221_ALL_OS_ALL_LOC.zip
    2013-05-15 16:36 - 2004-03-17 11:27 - 00005243 ____A C:\KB835221_Readme.txt
    2013-05-14 20:39 - 2013-05-23 01:58 - 00000000 ____D C:\SWSetup
    2013-05-13 19:27 - 2013-05-13 19:27 - 00000000 ____D C:\NVIDIA
    2013-05-12 21:46 - 2013-05-22 20:39 - 00000000 ____D C:\08fc8c25c373be2b65
    2013-05-12 21:34 - 2008-04-14 00:01 - 00250048 _RASH C:\ntldr
    2013-05-12 21:34 - 2008-04-13 22:13 - 00047564 _RASH C:\NTDETECT.COM
    2013-05-12 21:24 - 2013-05-23 08:47 - 00000355 _RASH C:\Boot.ini.saved
    2013-05-12 20:35 - 2013-05-12 20:35 - 00000000 _RASH C:\MSDOS.SYS
    2013-05-12 20:35 - 2013-05-12 20:35 - 00000000 _RASH C:\IO.SYS
    2013-05-12 20:35 - 2013-05-12 20:35 - 00000000 ____A C:\CONFIG.SYS
    2013-05-12 20:35 - 2013-05-12 20:35 - 00000000 ____A C:\AUTOEXEC.BAT

    ==================== One Month Modified Files and Folders =======

    2013-05-31 19:42 - 2013-05-31 19:42 - 00000000 ____D C:\FRST
    2013-05-31 19:40 - 2013-05-31 19:42 - 01915980 ____A (Farbar) C:\Users\Finn\Desktop\FRST64.exe
    2013-05-31 19:34 - 2013-05-22 23:51 - 01884134 ____A C:\Windows\WindowsUpdate.log
    2013-05-31 19:34 - 2009-07-14 05:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-05-31 19:34 - 2009-07-14 05:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-05-31 19:33 - 2009-07-14 06:13 - 00722200 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-05-31 19:29 - 2013-05-31 19:21 - 00000000 ____D C:\ComboFix
    2013-05-31 19:29 - 2013-05-31 17:11 - 00000000 ____D C:\Windows\erdnt
    2013-05-31 19:29 - 2013-05-31 03:36 - 00000000 ____D C:\ProgramData\NVIDIA
    2013-05-31 19:29 - 2013-05-28 14:47 - 00007108 ____A C:\Windows\setupact.log
    2013-05-31 19:29 - 2013-05-23 18:42 - 00023852 ____A C:\Windows\PFRO.log
    2013-05-31 19:29 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-05-31 19:29 - 2009-07-14 03:34 - 00000215 ____A C:\Windows\system.ini
    2013-05-31 19:16 - 2013-05-31 19:15 - 00000161 ____A C:\Users\Finn\Desktop\catchme.log
    2013-05-31 19:05 - 2013-05-31 19:08 - 05076038 ____R (Swearware) C:\Users\Finn\Desktop\ComboFix.exe
    2013-05-31 19:00 - 2013-05-31 19:00 - 00287096 ____A C:\Windows\Minidump\053113-23961-01.dmp
    2013-05-31 19:00 - 2013-05-30 20:00 - 632796628 ____A C:\Windows\MEMORY.DMP
    2013-05-31 19:00 - 2013-05-23 00:11 - 00000000 ____D C:\Windows\Minidump
    2013-05-31 18:41 - 2013-05-31 18:41 - 00000070 ____A C:\Users\Finn\Desktop\ESETScan.txt
    2013-05-31 17:55 - 2013-05-31 17:55 - 00286840 ____A C:\Windows\Minidump\053113-29359-01.dmp
    2013-05-31 17:48 - 2013-05-31 17:48 - 00000000 ___HD C:\Windows\AxInstSV
    2013-05-31 17:48 - 2013-05-31 17:48 - 00000000 ____D C:\Program Files (x86)\ESET
    2013-05-31 17:47 - 2013-05-26 12:50 - 00000000 ____D C:\Users\Finn\AppData\Local\Microsoft Games
    2013-05-31 17:36 - 2013-05-26 16:39 - 00000000 ____D C:\Users\Finn\AppData\Local\CrashDumps
    2013-05-31 17:34 - 2009-07-14 06:08 - 00017726 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2013-05-31 17:27 - 2013-05-31 17:27 - 00285520 ____A C:\Windows\Minidump\053113-28735-01.dmp
    2013-05-31 17:14 - 2013-05-31 17:14 - 00286000 ____A C:\Windows\Minidump\053113-28594-01.dmp
    2013-05-31 17:11 - 2013-05-31 17:11 - 00000000 ____D C:\Qoobox
    2013-05-31 16:46 - 2013-05-31 16:46 - 00000000 ____D C:\Windows\System32\Macromed
    2013-05-31 14:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
    2013-05-31 14:12 - 2013-05-23 20:19 - 00000000 ____D C:\ProgramData\Norton
    2013-05-31 13:46 - 2013-05-31 13:32 - 00000000 ____D C:\Users\Finn\Desktop\mbar
    2013-05-31 13:46 - 2013-05-29 18:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2013-05-31 13:04 - 2013-05-31 03:17 - 00004369 ____A C:\Windows\IE9_main.log
    2013-05-31 12:49 - 2013-05-31 12:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2013-05-31 03:37 - 2013-05-31 03:37 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
    2013-05-31 03:37 - 2013-05-31 03:35 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2013-05-31 03:37 - 2013-05-26 16:36 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2013-05-31 03:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
    2013-05-31 03:35 - 2013-05-31 03:35 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2013-05-31 03:29 - 2013-05-23 00:12 - 00058016 ____A C:\Users\Finn\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-05-31 03:27 - 2009-07-14 05:45 - 00275712 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-05-31 03:24 - 2013-05-31 03:24 - 00288008 ____A C:\Windows\Minidump\053113-21340-01.dmp
    2013-05-31 03:22 - 2013-05-31 03:22 - 00000000 ____D C:\Windows\CheckSur
    2013-05-31 02:49 - 2013-05-31 02:49 - 00002052 ____A C:\Users\Finn\Desktop\RKreport[2]_D_05312013_02d0249.txt
    2013-05-31 02:48 - 2013-05-31 02:41 - 00000000 ____D C:\Users\Finn\Desktop\RK_Quarantine
    2013-05-31 02:47 - 2013-05-31 02:47 - 00001999 ____A C:\Users\Finn\Desktop\RKreport[1]_S_05312013_02d0247.txt
    2013-05-31 02:45 - 2013-05-31 02:45 - 00791040 ____A C:\Users\Finn\Desktop\RogueKillerX64.exe
    2013-05-31 02:36 - 2013-05-23 20:20 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
    2013-05-31 01:45 - 2013-05-31 01:45 - 00048194 ____A C:\Users\Finn\Desktop\attach.txt
    2013-05-31 01:44 - 2013-05-31 01:45 - 00013380 ____A C:\Users\Finn\Desktop\dds.txt
    2013-05-31 01:41 - 2013-05-31 01:42 - 00688992 ____R (Swearware) C:\Users\Finn\Desktop\dds.com
    2013-05-31 01:31 - 2013-05-31 01:31 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-05-31 01:31 - 2013-05-29 16:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-05-31 01:26 - 2013-05-31 01:26 - 00284872 ____A C:\Windows\Minidump\053113-21902-01.dmp
    2013-05-31 01:23 - 2013-05-31 01:23 - 00285256 ____A C:\Windows\Minidump\053113-24632-01.dmp
    2013-05-31 01:03 - 2013-05-31 01:03 - 00002154 ____A C:\Windows\epplauncher.mif
    2013-05-31 01:03 - 2013-05-31 01:02 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2013-05-31 01:02 - 2013-05-31 01:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2013-05-30 23:35 - 2013-05-30 23:35 - 00284792 ____A C:\Windows\Minidump\053013-18517-01.dmp
    2013-05-30 23:29 - 2013-05-30 23:29 - 00285112 ____A C:\Windows\Minidump\053013-21980-01.dmp
    2013-05-30 23:17 - 2013-05-30 23:17 - 00284952 ____A C:\Windows\Minidump\053013-22167-01.dmp
    2013-05-30 23:10 - 2013-05-30 23:09 - 00285448 ____A C:\Windows\Minidump\053013-19359-01.dmp
    2013-05-30 23:04 - 2013-05-30 23:04 - 00284632 ____A C:\Windows\Minidump\053013-19172-01.dmp
    2013-05-30 22:59 - 2013-05-30 22:59 - 00285896 ____A C:\Windows\Minidump\053013-43914-01.dmp
    2013-05-30 22:38 - 2013-05-30 22:38 - 00284216 ____A C:\Windows\Minidump\053013-21559-01.dmp
    2013-05-30 21:12 - 2013-05-30 21:12 - 00287304 ____A C:\Windows\Minidump\053013-32526-01.dmp
    2013-05-30 20:40 - 2013-05-30 20:40 - 00001340 ____A C:\Users\Finn\Desktop\Norton Installation Files.lnk
    2013-05-30 20:40 - 2013-05-30 20:40 - 00001244 ____A C:\Users\Finn\Desktop\Norton Download Manager.lnk
    2013-05-30 20:40 - 2013-05-29 13:24 - 00000000 ____D C:\Users\Public\Downloads\Norton
    2013-05-30 20:21 - 2013-05-23 19:58 - 00246442 ____A C:\Windows\ntbtlog.txt.bak
    2013-05-30 20:00 - 2013-05-30 20:00 - 00286376 ____A C:\Windows\Minidump\053013-57408-01.dmp
    2013-05-30 19:52 - 2013-05-30 19:52 - 04167680 ____A C:\Program Files (x86)\GUT279D.tmp
    2013-05-30 19:52 - 2013-05-30 19:52 - 00000000 ____D C:\Program Files (x86)\GUM278D.tmp
    2013-05-30 19:52 - 2013-05-29 12:50 - 00000000 ____D C:\Program Files (x86)\Google
    2013-05-30 19:52 - 2013-05-29 12:49 - 00000000 ____D C:\Users\Finn\AppData\Local\Deployment
    2013-05-30 19:29 - 2013-05-29 14:32 - 00000000 ____D C:\Users\Finn\AppData\Roaming\uTorrent
    2013-05-30 19:29 - 2013-05-29 11:26 - 00000000 ____D C:\ProgramData\TP-LINK
    2013-05-30 19:17 - 2013-05-30 18:54 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2013-05-30 18:57 - 2013-05-30 18:54 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
    2013-05-30 18:54 - 2013-05-30 18:54 - 00001262 ____A C:\Users\Finn\Desktop\Spybot - Search & Destroy.lnk
    2013-05-30 18:42 - 2013-05-30 18:42 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2013-05-30 18:41 - 2013-05-29 12:49 - 00000000 ____D C:\Users\Finn\AppData\Local\Apps\2.0
    2013-05-30 16:11 - 2013-05-30 16:11 - 151247144 ____A (COMODO) C:\Users\Finn\Downloads\cispremium_installer.exe
    2013-05-30 16:08 - 2013-05-30 16:08 - 98142048 ____A (COMODO) C:\Users\Finn\Downloads\cfw_installer.exe
    2013-05-30 07:43 - 2013-05-29 19:05 - 00000000 ____D C:\ProgramData\Comodo
    2013-05-30 07:43 - 2013-05-29 18:23 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2013-05-30 07:43 - 2013-05-29 16:09 - 00000000 ____D C:\Users\Finn\Documents\Security
    2013-05-30 07:43 - 2013-05-28 23:23 - 00000000 ____D C:\Windows\System32\%LOCALAPPDATA%
    2013-05-30 07:43 - 2013-05-23 20:19 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
    2013-05-30 07:43 - 2013-05-23 01:53 - 00000000 ____D C:\Users\Finn\Documents\2Wire_Vista64USBdriver_In_Autorun_v3.0
    2013-05-30 07:43 - 2013-05-23 01:03 - 00000000 ____D C:\Users\Finn\Documents\802.11g PCI Turbo Wireless Adapter
    2013-05-30 07:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2013-05-30 07:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
    2013-05-29 23:14 - 2013-05-28 23:13 - 00000000 ____D C:\Users\Finn\Documents\Mount&Blade Warband Savegames
    2013-05-29 22:51 - 2013-05-23 00:04 - 00000000 ____D C:\users\Finn
    2013-05-29 20:41 - 2013-05-29 20:40 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Spotify
    2013-05-29 20:31 - 2013-05-29 20:31 - 00002962 ____A C:\Users\Finn\Desktop\Rkill.txt
    2013-05-29 19:24 - 2013-05-29 19:24 - 00000000 ____D C:\VritualRoot
    2013-05-29 19:05 - 2013-05-29 19:05 - 00000000 ____D C:\Program Files\COMODO
    2013-05-29 18:24 - 2013-05-29 18:24 - 00000000 ____D C:\Users\Finn\AppData\Roaming\SUPERAntiSpyware.com
    2013-05-29 18:23 - 2013-05-29 18:23 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2013-05-29 17:46 - 2013-05-29 17:44 - 00000000 ____D C:\Users\Finn\AppData\Local\NPE
    2013-05-29 16:20 - 2013-05-29 16:20 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Malwarebytes
    2013-05-29 16:19 - 2013-05-29 16:19 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-05-29 13:58 - 2013-05-29 13:57 - 00000000 ____D C:\ProgramData\AVAST Software
    2013-05-29 13:58 - 2013-05-29 13:57 - 00000000 ____D C:\Program Files\AVAST Software
    2013-05-29 13:34 - 2013-05-29 13:34 - 00000000 ____D C:\Windows\SysWOW64\%LOCALAPPDATA%
    2013-05-29 13:09 - 2013-05-29 13:09 - 00000000 ____D C:\Users\Finn\Documents\GTA Vice City Mods
    2013-05-29 12:52 - 2013-05-29 12:50 - 00000000 ____D C:\Users\Finn\AppData\Local\Google
    2013-05-29 12:33 - 2013-05-29 12:33 - 00000000 ____D C:\Users\Finn\Documents\Symantec
    2013-05-29 00:07 - 2013-05-26 18:03 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Mount&Blade Warband
    2013-05-28 23:19 - 2013-05-28 20:57 - 00000000 ____D C:\Users\Finn\Documents\Mount&Blade Warband
    2013-05-28 21:06 - 2013-05-28 21:06 - 00003133 ____A C:\Users\Finn\Desktop\M&B Warband.lnk
    2013-05-28 20:10 - 2013-05-28 20:10 - 00001298 ____A C:\Users\Finn\Desktop\GTA Vice City.lnk
    2013-05-28 14:52 - 2013-05-23 00:12 - 00000000 ___DC C:\Users\Finn\AppData\Local\MigWiz
    2013-05-28 14:49 - 2013-05-28 14:49 - 00000735 ____A C:\Users\Finn\Desktop\PC Cleaner Pro.lnk
    2013-05-28 14:49 - 2013-05-28 14:49 - 00000000 ____D C:\ProgramData\PC1Data
    2013-05-28 14:49 - 2013-05-28 14:49 - 00000000 ____D C:\ProgramData\PC Cleaners
    2013-05-28 14:47 - 2013-05-28 14:47 - 00000000 ____A C:\Windows\setuperr.log
    2013-05-28 14:22 - 2013-05-28 14:49 - 05371088 ____A (PC Cleaners) C:\ProgramData\pclunst.exe
    2013-05-26 16:35 - 2013-05-26 16:35 - 00002105 ____A C:\Users\Public\Desktop\Mafia II.lnk
    2013-05-26 16:28 - 2013-05-26 16:28 - 00000000 ____D C:\Program Files (x86)\2K Games
    2013-05-26 15:46 - 2013-05-26 15:21 - 00000000 ____D C:\Users\Finn\Documents\GTA Vice City User Files
    2013-05-26 13:44 - 2013-05-26 13:44 - 00000000 ____D C:\Users\Finn\AppData\Local\2K Games
    2013-05-26 13:33 - 2013-05-23 20:08 - 00010843 ____A C:\Windows\DirectX.log
    2013-05-26 13:29 - 2013-05-26 13:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2013-05-26 13:29 - 2013-05-26 13:29 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
    2013-05-24 04:49 - 2013-05-24 04:49 - 00000000 ____D C:\NBRT
    2013-05-24 04:19 - 2013-05-23 18:48 - 00000000 ____D C:\Users\Finn\048298C9A4D3490B9FF9AB023A9238F3.TMP
    2013-05-24 04:19 - 2013-05-23 18:48 - 00000000 ____D C:\Program Files (x86)\Steam
    2013-05-23 20:20 - 2013-05-23 20:20 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Tific
    2013-05-23 20:20 - 2013-05-23 20:20 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Macromedia
    2013-05-23 20:20 - 2013-05-23 20:20 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Adobe
    2013-05-23 20:20 - 2013-05-23 20:20 - 00000000 ____D C:\Users\Finn\AppData\Local\Symantec
    2013-05-23 20:10 - 2013-05-23 20:10 - 00000000 ____D C:\Users\Finn\Documents\My Games
    2013-05-23 20:10 - 2013-05-23 20:10 - 00000000 ____D C:\Users\Finn\AppData\Local\Skyrim
    2013-05-23 20:10 - 2013-05-23 20:01 - 00000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim
    2013-05-23 18:45 - 2013-05-23 18:45 - 00000000 ___AH C:\Users\Finn\Documents\Default.rdp
    2013-05-23 08:48 - 2013-05-22 22:55 - 00008192 _RASH C:\BOOTSECT.BAK
    2013-05-23 08:47 - 2013-05-12 21:24 - 00000355 _RASH C:\Boot.ini.saved
    2013-05-23 08:47 - 2009-07-14 06:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
    2013-05-23 08:47 - 2009-07-14 06:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
    2013-05-23 08:47 - 2009-07-14 05:45 - 00000000 ____D C:\Windows\Setup
    2013-05-23 01:58 - 2013-05-14 20:39 - 00000000 ____D C:\SWSetup
    2013-05-23 01:56 - 2013-05-23 01:58 - 21707032 ____A (Hewlett-Packard Company ) C:\Users\Finn\Documents\sp47895.exe
    2013-05-23 01:17 - 2013-05-23 01:17 - 00001254 ____A C:\Users\Public\Desktop\Virtual CloneDrive.lnk
    2013-05-23 01:17 - 2013-05-23 01:17 - 00000000 ____D C:\Users\Finn\AppData\Local\Innovative Solutions
    2013-05-23 01:16 - 2013-05-23 01:16 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
    2013-05-23 01:16 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\System32\restore
    2013-05-23 01:12 - 2013-05-23 01:16 - 01588760 ____A C:\Users\Finn\Documents\SetupVirtualCloneDrive5460.exe
    2013-05-23 01:10 - 2013-05-23 01:16 - 07009736 ____A (Innovative Solutions ) C:\Users\Finn\Documents\drivermax_7_13_cnet.exe
    2013-05-23 01:03 - 2013-05-23 01:03 - 00000000 ____D C:\Users\Finn\AppData\Roaming\WinRAR
    2013-05-23 01:03 - 2013-05-23 01:03 - 00000000 ____D C:\Program Files\WinRAR
    2013-05-23 00:07 - 2013-05-23 00:07 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
    2013-05-23 00:04 - 2013-05-23 00:04 - 00000020 ___SH C:\Users\Finn\ntuser.ini
    2013-05-23 00:04 - 2013-05-23 00:04 - 00000000 ____D C:\Users\Finn\AppData\Local\VirtualStore
    2013-05-23 00:03 - 2013-05-23 00:03 - 00171136 _RASH C:\w7ldr
    2013-05-23 00:02 - 2013-05-23 00:02 - 00000000 ____D C:\Recovery
    2013-05-23 00:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\Recovery
    2013-05-22 23:55 - 2013-05-23 08:48 - 00000000 ____D C:\Windows\Panther
    2013-05-22 23:52 - 2013-05-22 23:52 - 00001313 ____A C:\Windows\TSSysprep.log
    2013-05-22 23:52 - 2009-07-14 05:46 - 00001774 ____A C:\Windows\DtcInstall.log
    2013-05-22 23:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\sysprep
    2013-05-22 23:49 - 2009-07-14 08:46 - 00000000 ____D C:\Windows\CSC
    2013-05-22 20:39 - 2013-05-12 21:46 - 00000000 ____D C:\08fc8c25c373be2b65
    2013-05-20 20:12 - 2013-05-20 20:12 - 00000000 ____D C:\Games
    2013-05-19 11:54 - 2013-05-19 11:54 - 00097176 ____A (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll
    2013-05-19 03:01 - 2013-05-19 03:00 - 00000000 ____D C:\d6196d965d6b437a870f139d18359e
    2013-05-18 18:24 - 2013-05-18 18:24 - 00001020 ____A C:\GEARDIFx_uninstall.log
    2013-05-17 22:39 - 2013-05-17 22:39 - 00003982 ____A C:\GEARDIFx_install.log
    2013-05-16 16:01 - 2013-05-16 16:00 - 00000000 ____D C:\Uninstall
    2013-05-16 16:00 - 2013-05-16 16:00 - 00000000 ____D C:\src
    2013-05-13 19:27 - 2013-05-13 19:27 - 00000000 ____D C:\NVIDIA
    2013-05-12 22:13 - 2013-05-23 08:08 - 00000211 ____H C:\Boot.BAK
    2013-05-12 20:35 - 2013-05-12 20:35 - 00000000 _RASH C:\MSDOS.SYS
    2013-05-12 20:35 - 2013-05-12 20:35 - 00000000 _RASH C:\IO.SYS
    2013-05-12 20:35 - 2013-05-12 20:35 - 00000000 ____A C:\CONFIG.SYS
    2013-05-12 20:35 - 2013-05-12 20:35 - 00000000 ____A C:\AUTOEXEC.BAT
    2013-05-02 16:29 - 2013-05-30 15:54 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

    Other Malware:
    ===========
    C:\ProgramData\pclunst.exe

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    Last Boot: 2013-05-27 22:33


    ==================== End Of Log ============================
     
  18. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    Addition.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05-2013 01
    Ran by Finn at 2013-05-31 19:43:08 Run:
    Running from C:\Users\Finn\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Installed Programs =======================

    ESET Online Scanner v3
    Grand Theft Auto Vice City (Version: 1.00.000)
    Mafia II
    Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
    Microsoft Security Client (Version: 4.2.0223.1)
    Microsoft Security Essentials (Version: 4.2.223.1)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
    NVIDIA 3D Vision Driver 311.06 (Version: 311.06)
    NVIDIA Control Panel 311.06 (Version: 311.06)
    NVIDIA Graphics Driver 311.06 (Version: 311.06)
    NVIDIA Install Application (Version: 2.1002.108.688)
    NVIDIA PhysX (Version: 9.10.0513)
    NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
    NVIDIA Update 1.11.3 (Version: 1.11.3)
    NVIDIA Update Components (Version: 1.11.3)
    PC Cleaners
    Spybot - Search & Destroy (Version: 1.6.2)
    TL-WN851ND Driver (Version: 1.00.0000)
    VirtualCloneDrive
    WinRAR 5.00 beta 4 (64-bit) (Version: 5.00.4)

    ==================== Restore Points =========================

    30-05-2013 19:59:24 Windows Backup
    30-05-2013 19:59:39 Windows Update
    30-05-2013 20:01:34 Windows Backup
    31-05-2013 00:01:16 Windows Update
    31-05-2013 02:00:21 Windows Update
    31-05-2013 02:33:20 Windows Update
    31-05-2013 11:55:22 Windows Update
    31-05-2013 15:48:10 31/05/13 Before Virus fix attempt 16:48
    31-05-2013 15:51:30 Windows Backup

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/31/2013 07:02:09 PM) (Source: Application Error) (User: )
    Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
    Faulting module name: sysmain.dll, version: 6.1.7600.16385, time stamp: 0x4a5be07e
    Exception code: 0xc0000005
    Fault offset: 0x000000000005890b
    Faulting process id: 0x218
    Faulting application start time: 0xsvchost.exe_SysMain0
    Faulting application path: svchost.exe_SysMain1
    Faulting module path: svchost.exe_SysMain2
    Report Id: svchost.exe_SysMain3

    Error: (05/31/2013 06:51:16 PM) (Source: Application Error) (User: )
    Description: Faulting application name: iexplore.exe, version: 8.0.7600.17267, time stamp: 0x5131789a
    Faulting module name: mshtml.dll, version: 8.0.7600.17267, time stamp: 0x513191fa
    Exception code: 0xc0000005
    Fault offset: 0x0000000000677f68
    Faulting process id: 0x59c
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3

    Error: (05/31/2013 06:17:38 PM) (Source: Application Error) (User: )
    Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
    Faulting module name: sysmain.dll, version: 6.1.7600.16385, time stamp: 0x4a5be07e
    Exception code: 0xc0000005
    Fault offset: 0x0000000000018778
    Faulting process id: 0x970
    Faulting application start time: 0xsvchost.exe_SysMain0
    Faulting application path: svchost.exe_SysMain1
    Faulting module path: svchost.exe_SysMain2
    Report Id: svchost.exe_SysMain3

    Error: (05/31/2013 06:06:02 PM) (Source: Application Error) (User: )
    Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
    Faulting module name: sysmain.dll, version: 6.1.7600.16385, time stamp: 0x4a5be07e
    Exception code: 0xc0000005
    Fault offset: 0x0000000000016d11
    Faulting process id: 0x238
    Faulting application start time: 0xsvchost.exe_SysMain0
    Faulting application path: svchost.exe_SysMain1
    Faulting module path: svchost.exe_SysMain2
    Report Id: svchost.exe_SysMain3

    Error: (05/31/2013 05:36:42 PM) (Source: Application Error) (User: )
    Description: Faulting application name: mb_warband.exe, version: 1.0.0.0, time stamp: 0x4fba4acc
    Faulting module name: nvwgf2um.dll, version: 9.18.13.1106, time stamp: 0x50f9458d
    Exception code: 0xc0000005
    Fault offset: 0x000f788c
    Faulting process id: 0x124
    Faulting application start time: 0xmb_warband.exe0
    Faulting application path: mb_warband.exe1
    Faulting module path: mb_warband.exe2
    Report Id: mb_warband.exe3

    Error: (05/31/2013 05:36:26 PM) (Source: Application Error) (User: )
    Description: Faulting application name: mb_warband.exe, version: 1.0.0.0, time stamp: 0x4fba4acc
    Faulting module name: nvwgf2um.dll, version: 9.18.13.1106, time stamp: 0x50f9458d
    Exception code: 0xc0000005
    Fault offset: 0x000f788c
    Faulting process id: 0x14c
    Faulting application start time: 0xmb_warband.exe0
    Faulting application path: mb_warband.exe1
    Faulting module path: mb_warband.exe2
    Report Id: mb_warband.exe3

    Error: (05/31/2013 05:34:48 PM) (Source: Application Error) (User: )
    Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
    Faulting module name: wuaueng.dll, version: 7.6.7600.256, time stamp: 0x4fca9088
    Exception code: 0xc0000005
    Fault offset: 0x00000000001c8c8c
    Faulting process id: 0xb78
    Faulting application start time: 0xsvchost.exe_wuauserv0
    Faulting application path: svchost.exe_wuauserv1
    Faulting module path: svchost.exe_wuauserv2
    Report Id: svchost.exe_wuauserv3

    Error: (05/31/2013 05:32:56 PM) (Source: Application Error) (User: )
    Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
    Faulting module name: wuaueng.dll, version: 7.6.7600.256, time stamp: 0x4fca9088
    Exception code: 0xc0000005
    Fault offset: 0x00000000001c8c8c
    Faulting process id: 0x2ec
    Faulting application start time: 0xsvchost.exe_wuauserv0
    Faulting application path: svchost.exe_wuauserv1
    Faulting module path: svchost.exe_wuauserv2
    Report Id: svchost.exe_wuauserv3

    Error: (05/31/2013 05:32:01 PM) (Source: ESENT) (User: )
    Description: wuaueng.dll (748) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -1018.

    Error: (05/31/2013 05:32:01 PM) (Source: ESENT) (User: )
    Description: wuaueng.dll (748) SUS20ClientDataStore: Unable to read page 4748 of database C:\Windows\SoftwareDistribution\DataStore\DataStore.edb. Error -1018.


    System errors:
    =============
    Error: (05/31/2013 07:41:40 PM) (Source: Disk) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR7.

    Error: (05/31/2013 07:41:38 PM) (Source: Disk) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR7.

    Error: (05/31/2013 07:33:47 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Search service hung on starting.

    Error: (05/31/2013 07:29:32 PM) (Source: Service Control Manager) (User: )
    Description: The Diagnostic Policy Service service terminated with the following error:
    %%5

    Error: (05/31/2013 07:28:34 PM) (Source: Service Control Manager) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (05/31/2013 07:25:24 PM) (Source: Service Control Manager) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (05/31/2013 07:21:36 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Search service hung on starting.

    Error: (05/31/2013 07:17:20 PM) (Source: Service Control Manager) (User: )
    Description: The Diagnostic Policy Service service terminated with the following error:
    %%5

    Error: (05/31/2013 07:16:19 PM) (Source: Service Control Manager) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (05/31/2013 07:16:06 PM) (Source: Application Popup) (User: )
    Description: \??\C:\Users\Finn\AppData\Local\Temp\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


    Microsoft Office Sessions:
    =========================
    Error: (05/31/2013 07:02:09 PM) (Source: Application Error)(User: )
    Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7600.163854a5be07ec0000005000000000005890b21801ce5e28c0fa5239C:\Windows\System32\svchost.exec:\windows\system32\sysmain.dll35f9d27b-ca1c-11e2-bbfc-001bfcc5334d

    Error: (05/31/2013 06:51:16 PM) (Source: Application Error)(User: )
    Description: iexplore.exe8.0.7600.172675131789amshtml.dll8.0.7600.17267513191fac00000050000000000677f6859c01ce5e262b0a06ceC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\System32\mshtml.dllb0b41cd7-ca1a-11e2-8081-001bfcc5334d

    Error: (05/31/2013 06:17:38 PM) (Source: Application Error)(User: )
    Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7600.163854a5be07ec0000005000000000001877897001ce5e212384391aC:\Windows\System32\svchost.exec:\windows\system32\sysmain.dllfda573b4-ca15-11e2-8081-001bfcc5334d

    Error: (05/31/2013 06:06:02 PM) (Source: Application Error)(User: )
    Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7600.163854a5be07ec00000050000000000016d1123801ce5e1f9ac5192aC:\Windows\System32\svchost.exec:\windows\system32\sysmain.dll5ed1c514-ca14-11e2-8081-001bfcc5334d

    Error: (05/31/2013 05:36:42 PM) (Source: Application Error)(User: )
    Description: mb_warband.exe1.0.0.04fba4accnvwgf2um.dll9.18.13.110650f9458dc0000005000f788c12401ce5e1d06476522C:\Users\Finn\Documents\Mount&Blade Warband\mb_warband.exeC:\Windows\system32\nvwgf2um.dll45af61f6-ca10-11e2-a13a-001bfcc5334d

    Error: (05/31/2013 05:36:26 PM) (Source: Application Error)(User: )
    Description: mb_warband.exe1.0.0.04fba4accnvwgf2um.dll9.18.13.110650f9458dc0000005000f788c14c01ce5e1cf7235affC:\Users\Finn\Documents\Mount&Blade Warband\mb_warband.exeC:\Windows\system32\nvwgf2um.dll3c14a07c-ca10-11e2-a13a-001bfcc5334d

    Error: (05/31/2013 05:34:48 PM) (Source: Application Error)(User: )
    Description: svchost.exe_wuauserv6.1.7600.163854a5bc3c1wuaueng.dll7.6.7600.2564fca9088c000000500000000001c8c8cb7801ce5e1ca321c349C:\Windows\system32\svchost.exec:\windows\system32\wuaueng.dll01daf3f8-ca10-11e2-a13a-001bfcc5334d

    Error: (05/31/2013 05:32:56 PM) (Source: Application Error)(User: )
    Description: svchost.exe_wuauserv6.1.7600.163854a5bc3c1wuaueng.dll7.6.7600.2564fca9088c000000500000000001c8c8c2ec01ce5e1bc802e78fC:\Windows\system32\svchost.exec:\windows\system32\wuaueng.dllbf5292ef-ca0f-11e2-a13a-001bfcc5334d

    Error: (05/31/2013 05:32:01 PM) (Source: ESENT)(User: )
    Description: wuaueng.dll748SUS20ClientDataStore: -1018

    Error: (05/31/2013 05:32:01 PM) (Source: ESENT)(User: )
    Description: wuaueng.dll748SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\DataStore.edb4748-1018


    CodeIntegrity Errors:
    ===================================
    Date: 2013-05-31 19:16:06.570
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Finn\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-05-31 19:16:06.554
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Finn\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-05-31 19:16:06.523
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Finn\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-05-31 19:16:06.492
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Finn\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-05-31 19:15:55.931
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Finn\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-05-31 19:15:55.899
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Finn\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Percentage of memory in use: 18%
    Total physical RAM: 6143.3 MB
    Available physical RAM: 5020.43 MB
    Total Pagefile: 12284.75 MB
    Available Pagefile: 11115.18 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:298.09 GB) (Free:247.53 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]
    Drive d: () (Fixed) (Total:372.61 GB) (Free:333.64 GB) NTFS (Disk=1 Partition=1)
    Drive k: () (Removable) (Total:3.74 GB) (Free:1.02 GB) FAT32 (Disk=2 Partition=1)

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 00000001)
    Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 373 GB) (Disk ID: B3AE006C)
    Partition 1: (Active) - (Size=373 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (Size: 4 GB) (Disk ID: 500A0DFF)
    Partition 1: (Not Active) - (Size=812 GB) - (Type=6E)
    Partition 2: (Not Active) - (Size=0) - (Type=74)
    Partition 4: (Not Active) - (Size=221 KB) - (Type=00)

    ==================== End Of Log ============================
     
  19. Broni

    Broni Malware Annihilator Posts: 47,082   +259

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  20. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-05-2013 01
    Ran by Natalie at 2013-05-31 20:08:15 Run:1
    Running from C:\Users\Natalie\Desktop
    Boot Mode: Normal
    ==============================================

    C:\Users\Finn\Desktop\PC Cleaner Pro.lnk => File/Directory not found.
    C:\ProgramData\PC Cleaners => File/Directory not found.
    C:\ProgramData\pclunst.exe => File/Directory not found.

    ==== End of Fixlog ====
     
  21. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    Sorry please ignore the above. This was from the laptop I am using to go online.
     
  22. Broni

    Broni Malware Annihilator Posts: 47,082   +259

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  23. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    This is the correct fixlog.txt

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-05-2013 01
    Ran by Finn at 2013-05-31 20:13:53 Run:1
    Running from C:\Users\Finn\Desktop
    Boot Mode: Normal
    ==============================================
    C:\Users\Finn\Desktop\PC Cleaner Pro.lnk => Moved successfully.
    C:\ProgramData\PC Cleaners => Moved successfully.
    C:\ProgramData\pclunst.exe => Moved successfully.
    ==== End of Fixlog ====
     
  24. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    Should I still carry out the steps you last posted?
     
  25. Broni

    Broni Malware Annihilator Posts: 47,082   +259

    Yes please.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.