TechSpot

Win32/Toolbar.Widgi virus computer crashing/BSODing

Solved
By AlexMcNeill
Sep 14, 2012
  1. I'm having some really frustrating problems at the hand of the infamous Win32/Toolbar.Widgi Virus, which I read up about and discovered it to be the cause of the countless crashes and BSOD's my computer is getting daily. Every so hours I'll get a notification from ESET saying 'Win32/Toolbar.Widgi potentially unwanted application', which I then tell to clean. Despite this, the browsers as well as the computer still proceed to crash, with the ESET warning again popping up soon after.

    I looked into my ESET quarantine history and it turns out over the last few months it hasn't just been that form of the virus, but one of many (it seems however Win32/Toolbar.Widgi is the main issue here though) So I wonder if you guys can help me out.

    I've done some research on the issue and have followed various threads which have reported similiar/identical problems, but I'm wary at how much of a use they'd be to me as the guidance given seems guided soley towards the users set up and scan results ect. So I'd thought I'd post a new thread about it if that's alright (sorry, I'm new!).

    Here are the logs as required:

    ESET (files under quarantine):

    'A Varient of Win32/Toolbar.Widgi Potentially Unwanted Application'

    "C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll"
    "C:\Windows\Installer\454c7e.msi"
    "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
    "C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll"

    "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
    "C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll"
    "C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.1\youtubedownloaderToolbarIE.dll"
    "C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll"
    "C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll"
    "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"


    'Win32/Toolbar.Conduit potentially unwanted application'

    "C:\Users\Alexander\Downloads\FreemakeVideoDownloaderSetup.exe.part"

    'Win32/InstallMate potentially unwanted application'

    "C:\Users\ALEXAN~1\AppData\Local\Temp\Vr2xTlud.exe.part"

    'A Varient of Win32/Adware.WintionalityChecker.AF application'


    "C:\Users\Alexander\Downloads\setup.exe.part"
    "http://verifyoptimizerclean.in/68efd410a6a48b3c/2/setup.exe"


    'A Varient of Win32/HackKMS.A potentially unwanted application'

    "C:\Windows\kmsem\KMService.exe"



    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.14.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Alexander :: ALEXANDER-PC [administrator]

    15/09/2012 03:00:07
    mbam-log-2012-09-15 (03-00-07).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 198560
    Time elapsed: 4 minute(s), 10 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    GMER

    (No log produced)

    DDS


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Alexander at 3:42:51 on 2012-09-15
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4095.1869 [GMT 1:00]
    .
    AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\ALEXAN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{3E94470C-407C-41BC-81CD-6C418D5E371E} : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect - No File
    TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\sw8bcap3.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Users\Alexander\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
    R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-7-26 794560]
    R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]
    R2 PaceLicenseDServices;PACE License Services;C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2011-7-9 2932224]
    R2 Sentinel64;Sentinel64;C:\Windows\system32\Drivers\Sentinel64.sys --> C:\Windows\system32\Drivers\Sentinel64.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 KMService;KMService;C:\Windows\System32\srvany.exe [2012-3-15 8192]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-12 250056]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 114144]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-09-15 01:59:29--------d-----w-C:\Users\Alexander\AppData\Roaming\Malwarebytes
    2012-09-15 01:58:56--------d-----w-C:\ProgramData\Malwarebytes
    2012-09-15 01:58:5425928----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-09-15 01:58:54--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-15 00:59:16--------d-----w-C:\_OTL
    2012-09-14 20:00:32--------d-----w-C:\Program Files (x86)\ESET
    2012-09-14 19:27:52--------d-sh--w-C:\$RECYCLE.BIN
    2012-09-14 19:18:3998816----a-w-C:\Windows\sed.exe
    2012-09-14 19:18:39518144----a-w-C:\Windows\SWREG.exe
    2012-09-14 19:18:39256000----a-w-C:\Windows\PEV.exe
    2012-09-14 19:18:39208896----a-w-C:\Windows\MBR.exe
    2012-09-14 18:49:2427256----a-w-C:\Windows\System32\drivers\FixTDSS.sys
    2012-09-14 18:49:24--------d-----w-C:\Users\Alexander\AppData\Roaming\FixTDSS
    2012-09-14 10:28:559310152----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{34F0332C-F86F-41EA-9DCB-0871CC349104}\mpengine.dll
    2012-09-12 22:47:42--------d-----w-C:\Users\Alexander\AppData\Local\Macromedia
    2012-09-12 22:47:02426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-11 19:36:23950128----a-w-C:\Windows\System32\drivers\ndis.sys
    2012-09-11 19:36:2241472----a-w-C:\Windows\System32\drivers\RNDISMP.sys
    2012-09-11 19:36:21574464----a-w-C:\Windows\System32\d3d10level9.dll
    2012-09-11 19:36:21490496----a-w-C:\Windows\SysWow64\d3d10level9.dll
    2012-09-11 19:36:191913200----a-w-C:\Windows\System32\drivers\tcpip.sys
    2012-09-11 19:36:18376688----a-w-C:\Windows\System32\drivers\netio.sys
    2012-09-11 19:36:17288624----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-09-10 12:31:26--------d-----w-C:\Users\Alexander\AppData\Local\Adob?
    2012-08-30 14:47:0873696----a-w-C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
    .
    ==================== Find3M ====================
    .
    2012-09-12 22:54:2370344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-18 18:15:063148800----a-w-C:\Windows\System32\win32k.sys
    2012-07-04 22:13:2759392----a-w-C:\Windows\System32\browcli.dll
    2012-07-04 22:13:27136704----a-w-C:\Windows\System32\browser.dll
    2012-07-04 21:14:3441984----a-w-C:\Windows\SysWow64\browcli.dll
    2012-06-29 03:56:342312704----a-w-C:\Windows\System32\jscript9.dll
    2012-06-29 03:49:111392128----a-w-C:\Windows\System32\wininet.dll
    2012-06-29 03:48:071494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-06-29 03:43:49173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-06-29 03:39:482382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-06-29 00:16:581800704----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-06-29 00:09:011129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-06-29 00:08:591427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:452382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-06-28 20:53:05175616----a-w-C:\Windows\System32\msclmd.dll
    2012-06-28 20:53:05152576----a-w-C:\Windows\SysWow64\msclmd.dll
    2012-03-15 17:55:098192--sha-w-C:\Windows\SysWOW64\srvany.exe
    .
    ============= FINISH: 3:43:39.54 ===============

    Hope I did that right! Look forward to seeing how you guys can help me with this-cheers :)
     
  2. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    I still need Attach.txt part of DDS.

    Next...

    Download BlueScreenView
    No installation required.
    Double click on BlueScreenView.exe file to run the program.
    When scanning is done, go Edit>Select All.
    Go File>Save Selected Items, and save the report as BSOD.txt.
    Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
     
  3. AlexMcNeill

    AlexMcNeill TS Rookie Topic Starter Posts: 18

    Thanks for replying! The Attatch.txt DDS file:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 14/03/2012 23:31:02
    System Uptime: 15/09/2012 13:23:32 (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0M017G
    Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2336/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 479.373 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP84: 10/09/2012 20:02:39 - Windows Update
    RP85: 11/09/2012 21:39:15 - Windows Update
    RP86: 12/09/2012 14:09:10 - Windows Update
    RP87: 14/09/2012 20:18:44 - ComboFix created restore point
    .
    ==== Installed Programs ======================
    .
    AC3Filter 1.63b
    Adobe Acrobat X Pro - English, Français, Deutsch
    Adobe AIR
    Adobe Community Help
    Adobe Content Viewer
    Adobe Creative Suite 5.5 Master Collection
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Story
    Adobe Widget Browser
    Apple Application Support
    Apple Software Update
    µTorrent
    Avid EDL Manager
    Avid FilmScribe
    Avid License Control
    Avid Log Exchange
    Avid MediaLog
    DAEMON Tools Lite
    DivX Setup
    DJ_AIO_06_F2400_SW_Min
    Dropbox
    ESET Online Scanner v3
    Google Chrome
    License Support
    Magic DVD Ripper V5.4.2
    Malwarebytes Anti-Malware version 1.65.0.1400
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Mozilla Firefox 15.0.1 (x86 en-GB)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    PDF Settings CS5
    PxMergeModule
    QuickTime
    Scan
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Sentinel Protection Installer 7.4.0
    Smart Defrag 2
    Toolbox
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    VC80CRTRedist - 8.0.50727.6195
    Visual C++ 64-bit Redistributables
    Visual C++ Redistributables
    VLC media player 2.0.0
    Xvid Video Codec
    YTD Toolbar v6.2
    .
    ==== Event Viewer Messages From Past Week ========
    .
    15/09/2012 13:24:08, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aspi32
    15/09/2012 02:09:31, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
    15/09/2012 02:09:01, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
    15/09/2012 02:09:01, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/09/2012 02:06:29, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
    15/09/2012 02:06:29, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/09/2012 02:05:59, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.
    15/09/2012 02:05:59, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/09/2012 02:05:29, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
    15/09/2012 02:05:29, Error: Service Control Manager [7000] - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/09/2012 02:04:59, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
    15/09/2012 02:04:59, Error: Service Control Manager [7000] - The IP Helper service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/09/2012 02:03:59, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ProfSvc service.
    15/09/2012 02:03:59, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/09/2012 02:03:29, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
    15/09/2012 02:03:29, Error: Service Control Manager [7000] - The Remote Access Connection Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/09/2012 02:02:59, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the seclogon service.
    15/09/2012 02:02:59, Error: Service Control Manager [7000] - The Secondary Logon service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/09/2012 02:02:29, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    15/09/2012 02:02:29, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    15/09/2012 02:01:59, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
    15/09/2012 02:01:59, Error: Service Control Manager [7000] - The System Event Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/09/2012 02:00:29, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    15/09/2012 02:00:29, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
    15/09/2012 02:00:29, Error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/09/2012 01:59:59, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
    15/09/2012 01:59:59, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    15/09/2012 01:59:29, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Themes service.
    15/09/2012 01:59:29, Error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/09/2012 01:56:32, Error: Service Control Manager [7023] - The WLAN AutoConfig service terminated with the following error: Invalid access to memory location.
    15/09/2012 01:56:31, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    15/09/2012 01:56:31, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    15/09/2012 01:56:31, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    15/09/2012 01:56:31, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    15/09/2012 01:56:31, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    15/09/2012 01:56:31, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    15/09/2012 01:56:31, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    15/09/2012 01:56:31, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    15/09/2012 01:56:31, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    15/09/2012 01:56:31, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    15/09/2012 01:56:31, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    15/09/2012 01:56:31, Error: Service Control Manager [7031] - The Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    15/09/2012 01:56:31, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    15/09/2012 01:56:31, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    15/09/2012 01:55:41, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80002fa3d0c, 0xfffff88009427080, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091512-18236-01.
    14/09/2012 23:03:52, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000018 (0x0000000000000000, 0x00000000002168b0, 0x0000000000000002, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091412-18766-01.
    14/09/2012 22:05:13, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8005f81b30, 0xfffffa8005f81e10, 0xfffff80002fd9510). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091412-17440-01.
    14/09/2012 20:27:24, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
    14/09/2012 20:26:27, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    14/09/2012 19:52:59, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 3 time(s).
    14/09/2012 19:52:59, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 5 time(s).
    14/09/2012 19:52:59, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 4 time(s).
    14/09/2012 19:52:59, Error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 5 time(s).
    14/09/2012 19:52:59, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Workstation service, but this action failed with the following error: An instance of the service is already running.
    14/09/2012 19:51:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    14/09/2012 19:50:44, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 2 time(s).
    14/09/2012 19:50:44, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 4 time(s).
    14/09/2012 19:50:44, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 3 time(s).
    14/09/2012 19:50:44, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 3 time(s).
    14/09/2012 19:50:44, Error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 4 time(s).
    14/09/2012 19:50:40, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Location Awareness service, but this action failed with the following error: An instance of the service is already running.
    14/09/2012 19:50:40, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    14/09/2012 19:50:40, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    14/09/2012 19:50:40, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    14/09/2012 19:50:39, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 3 time(s).
    14/09/2012 19:50:39, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 2 time(s).
    14/09/2012 19:50:39, Error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 3 time(s).
    14/09/2012 19:50:39, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    14/09/2012 19:50:39, Error: Service Control Manager [7031] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    14/09/2012 19:50:39, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    14/09/2012 19:50:39, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    14/09/2012 19:50:39, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    14/09/2012 19:50:39, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    14/09/2012 19:50:38, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the COM+ Event System service, but this action failed with the following error: An instance of the service is already running.
    14/09/2012 19:50:33, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 1 time(s).
    14/09/2012 19:50:33, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    14/09/2012 19:50:33, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    14/09/2012 19:50:33, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
     
  4. AlexMcNeill

    AlexMcNeill TS Rookie Topic Starter Posts: 18

    (Continued)

    14/09/2012 19:50:33, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    14/09/2012 19:50:33, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    14/09/2012 19:32:29, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    14/09/2012 19:12:21, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff88007c8bcc8, 0xfffff88007c8b520, 0xfffff80002f9c9fe). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091412-21013-01.
    14/09/2012 11:40:49, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80002fd72c1, 0xfffff88007c11a70, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091412-17222-01.
    13/09/2012 22:54:18, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff88002b537d8, 0xfffff88002b53030, 0xfffff880014cdc73). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091312-19328-01.
    13/09/2012 15:02:04, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff88004f90d90, 0xfffff88006350668, 0xfffff8800634fec0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091312-23119-01.
    13/09/2012 13:53:25, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
    13/09/2012 13:53:19, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
    13/09/2012 00:01:54, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: A system shutdown has already been scheduled.
    13/09/2012 00:01:54, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: A system shutdown has already been scheduled.
    13/09/2012 00:01:54, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    13/09/2012 00:01:54, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    13/09/2012 00:01:54, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    12/09/2012 23:31:04, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000109 (0xa3a039d8992e6579, 0xb3b7465eebac8dfb, 0xfffff88000d1d014, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091212-20077-01.
    12/09/2012 19:34:50, Error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    11/09/2012 23:52:32, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff88c02cdff90, 0x0000000000000008, 0xfffff88c02cdff90, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091112-17253-01.
    11/09/2012 23:22:59, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2741355).
    11/09/2012 23:22:59, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2735855).
    11/09/2012 21:40:15, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/09/2012 20:31:09, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
    11/09/2012 20:31:09, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
    11/09/2012 20:29:09, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/09/2012 20:29:09, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/09/2012 20:28:19, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    11/09/2012 03:55:33, Error: Service Control Manager [7034] - The Application Updater service terminated unexpectedly. It has done this 1 time(s).
    11/09/2012 03:55:02, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/09/2012 03:15:29, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0x00000000040c4e60, 0x0000000000000000, 0x0000000068b09d1b, 0x0000000000000008). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091112-17690-01.
    10/09/2012 20:30:25, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
    10/09/2012 20:28:25, Error: Service Control Manager [7023] - The Network Location Awareness service terminated with the following error: Invalid access to memory location.
    10/09/2012 20:03:16, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.135.692.0).
    10/09/2012 19:59:45, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x0000000000000020, 0xfffff900c089c9b0, 0xfffff900c089ca20, 0x0000000025070021). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091012-18876-01.
    10/09/2012 17:06:15, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff960002ed6a6, 0xfffff8800684b070, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091012-16411-01.
    10/09/2012 17:04:02, Error: Service Control Manager [7034] - The Disk Defragmenter service terminated unexpectedly. It has done this 1 time(s).
    10/09/2012 17:02:58, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Store Interface Service service, but this action failed with the following error: An instance of the service is already running.
    10/09/2012 17:00:58, Error: Service Control Manager [7034] - The Function Discovery Provider Host service terminated unexpectedly. It has done this 1 time(s).
    10/09/2012 17:00:58, Error: Service Control Manager [7023] - The Server service terminated with the following error: There are no more endpoints available from the endpoint mapper.
    10/09/2012 17:00:58, Error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
    10/09/2012 15:50:17, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x0000000000000003, 0xfffff900c08df360, 0xfffff900c08df360, 0xfffff900c08df3a0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091012-17409-01.
    10/09/2012 15:47:17, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the SSDP Discovery service, but this action failed with the following error: An instance of the service is already running.
    10/09/2012 15:47:17, Error: Service Control Manager [7031] - The Windows Font Cache Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/09/2012 15:47:17, Error: Service Control Manager [7031] - The UPnP Device Host service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    10/09/2012 15:47:17, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    10/09/2012 15:47:17, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    10/09/2012 15:45:17, Error: Service Control Manager [7031] - The Windows Font Cache Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/09/2012 15:45:17, Error: Service Control Manager [7031] - The UPnP Device Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    10/09/2012 15:45:17, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    10/09/2012 15:45:17, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/09/2012 14:42:46, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    10/09/2012 14:42:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/09/2012 14:42:45, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/09/2012 14:42:44, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    10/09/2012 14:42:44, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    10/09/2012 14:42:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/09/2012 14:42:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/09/2012 14:42:31, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Aspi32 CSC DfsC discache ehdrv EpfwLWF NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
    10/09/2012 14:42:31, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/09/2012 14:42:31, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/09/2012 14:42:31, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    10/09/2012 14:42:31, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/09/2012 14:42:31, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/09/2012 14:42:31, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    10/09/2012 14:42:31, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/09/2012 14:42:31, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/09/2012 14:42:31, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/09/2012 14:42:31, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/09/2012 14:42:09, Error: sptd [4] - Driver detected an internal error in its data structures for .
    10/09/2012 13:54:43, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 22 time(s).
    10/09/2012 13:41:41, Error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 5 time(s).
    10/09/2012 13:41:41, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 6 time(s).
    10/09/2012 13:41:41, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The operation completed successfully.
    10/09/2012 13:39:03, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
    10/09/2012 13:38:33, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.
    10/09/2012 13:38:33, Error: Service Control Manager [7000] - The Extensible Authentication Protocol service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/09/2012 13:32:33, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error: An instance of the service is already running.
    10/09/2012 13:32:30, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DHCP Client service, but this action failed with the following error: An instance of the service is already running.
    10/09/2012 13:32:13, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 21 time(s).
    10/09/2012 13:32:13, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 20 time(s).
    10/09/2012 13:32:13, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 5 time(s).
    10/09/2012 13:32:13, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 3 time(s).
    10/09/2012 13:31:52, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 16 time(s).
    10/09/2012 13:31:52, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 16 time(s).
    10/09/2012 13:31:52, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 11 time(s).
    10/09/2012 13:31:51, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 15 time(s).
    10/09/2012 13:31:51, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 15 time(s).
    10/09/2012 13:31:51, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 10 time(s).
    10/09/2012 13:31:49, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 14 time(s).
    10/09/2012 13:31:49, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 13 time(s).
    10/09/2012 13:31:49, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 12 time(s).
    10/09/2012 13:31:49, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 14 time(s).
    10/09/2012 13:31:49, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 13 time(s).
    10/09/2012 13:31:49, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 12 time(s).
    10/09/2012 13:31:49, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 9 time(s).
    10/09/2012 13:31:48, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 11 time(s).
    10/09/2012 13:31:48, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 11 time(s).
    10/09/2012 13:31:46, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 9 time(s).
    10/09/2012 13:31:46, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 10 time(s).
    10/09/2012 13:31:46, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 9 time(s).
    10/09/2012 13:31:46, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 10 time(s).
    10/09/2012 13:31:46, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 8 time(s).
    10/09/2012 13:31:46, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 7 time(s).
    10/09/2012 13:31:38, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 19 time(s).
    10/09/2012 13:31:38, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 18 time(s).
    10/09/2012 13:31:38, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 17 time(s).
    10/09/2012 13:31:35, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 8 time(s).
    10/09/2012 13:31:35, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 7 time(s).
    10/09/2012 13:31:35, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 8 time(s).
    10/09/2012 13:31:35, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 7 time(s).
    10/09/2012 13:31:35, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 16 time(s).
    10/09/2012 13:31:35, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 15 time(s).
    10/09/2012 13:31:35, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 14 time(s).
    10/09/2012 13:31:35, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 13 time(s).
    10/09/2012 13:31:35, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 12 time(s).
    10/09/2012 13:31:35, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 11 time(s).
    10/09/2012 13:31:35, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 6 time(s).
    10/09/2012 13:31:35, Error: Service Control Manager [7031] - The Windows Time service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/09/2012 13:31:34, Error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 4 time(s).
    10/09/2012 13:31:34, Error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 3 time(s).
    10/09/2012 13:31:34, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 9 time(s).
    10/09/2012 13:31:34, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 10 time(s).
    10/09/2012 13:31:34, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 4 time(s).
    10/09/2012 13:31:34, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/09/2012 13:31:34, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/09/2012 13:31:34, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The operation completed successfully.
    10/09/2012 13:31:33, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 8 time(s).
    10/09/2012 13:31:33, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 2 time(s).
    10/09/2012 13:31:33, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/09/2012 13:31:31, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 6 time(s).
    10/09/2012 13:31:31, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 6 time(s).
    10/09/2012 13:31:31, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 7 time(s).
    10/09/2012 13:31:31, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Network List Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/09/2012 13:31:31, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The pipe has been ended.
    10/09/2012 13:31:29, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 5 time(s).
    10/09/2012 13:31:29, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 5 time(s).
    10/09/2012 13:31:24, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 6 time(s).
    10/09/2012 13:31:15, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 5 time(s).
    10/09/2012 13:31:15, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 3 time(s).
    10/09/2012 13:31:10, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 4 time(s).
    10/09/2012 13:30:34, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 4 time(s).
    10/09/2012 13:30:34, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    10/09/2012 13:30:33, Error: Service Control Manager [7031] - The Windows Time service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/09/2012 13:30:31, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 3 time(s).
    10/09/2012 13:30:31, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    10/09/2012 13:30:30, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/09/2012 13:30:30, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/09/2012 13:30:30, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    10/09/2012 13:30:30, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/09/2012 13:30:30, Error: Service Control Manager [7031] - The HomeGroup Provider service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/09/2012 13:30:30, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    09/09/2012 15:17:52, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80002db1617, 0xfffff88009bba330, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090912-17425-01.
    08/09/2012 12:46:09, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024809
    .
    ==== End Of File ===========================
     
  5. AlexMcNeill

    AlexMcNeill TS Rookie Topic Starter Posts: 18

    BlueScreen View Log:

    ==================================================
    Dump File : 091512-18236-01.dmp
    Crash Time : 15/09/2012 01:55:41
    Bug Check String : SYSTEM_SERVICE_EXCEPTION
    Bug Check Code : 0x0000003b
    Parameter 1 : 00000000`c0000005
    Parameter 2 : fffff800`02fa3d0c
    Parameter 3 : fffff880`09427080
    Parameter 4 : 00000000`00000000
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+7f1c0
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
    Processor : x64
    Crash Address : ntoskrnl.exe+7f1c0
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\091512-18236-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,776
    ==================================================

    ==================================================
    Dump File : 091412-18766-01.dmp
    Crash Time : 14/09/2012 23:03:52
    Bug Check String : REFERENCE_BY_POINTER
    Bug Check Code : 0x00000018
    Parameter 1 : 00000000`00000000
    Parameter 2 : 00000000`002168b0
    Parameter 3 : 00000000`00000002
    Parameter 4 : ffffffff`ffffffff
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+7f1c0
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
    Processor : x64
    Crash Address : ntoskrnl.exe+7f1c0
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\091412-18766-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,776
    ==================================================

    ==================================================
    Dump File : 091412-17440-01.dmp
    Crash Time : 14/09/2012 22:05:13
    Bug Check String : CRITICAL_OBJECT_TERMINATION
    Bug Check Code : 0x000000f4
    Parameter 1 : 00000000`00000003
    Parameter 2 : fffffa80`05f81b30
    Parameter 3 : fffffa80`05f81e10
    Parameter 4 : fffff800`02fd9510
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+7f1c0
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
    Processor : x64
    Crash Address : ntoskrnl.exe+7f1c0
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\091412-17440-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,720
    ==================================================

    ==================================================
    Dump File : 091412-21013-01.dmp
    Crash Time : 14/09/2012 19:12:21
    Bug Check String : NTFS_FILE_SYSTEM
    Bug Check Code : 0x00000024
    Parameter 1 : 00000000`001904fb
    Parameter 2 : fffff880`07c8bcc8
    Parameter 3 : fffff880`07c8b520
    Parameter 4 : fffff800`02f9c9fe
    Caused By Driver : Ntfs.sys
    Caused By Address : Ntfs.sys+5a88
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Crash Address : ntoskrnl.exe+7f1c0
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\091412-21013-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,776
    ==================================================

    ==================================================
    Dump File : 091412-17222-01.dmp
    Crash Time : 14/09/2012 11:40:49
    Bug Check String : SYSTEM_SERVICE_EXCEPTION
    Bug Check Code : 0x0000003b
    Parameter 1 : 00000000`c0000005
    Parameter 2 : fffff800`02fd72c1
    Parameter 3 : fffff880`07c11a70
    Parameter 4 : 00000000`00000000
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+7f1c0
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
    Processor : x64
    Crash Address : ntoskrnl.exe+7f1c0
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\091412-17222-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,776
    ==================================================

    ==================================================
    Dump File : 091312-19328-01.dmp
    Crash Time : 13/09/2012 22:54:18
    Bug Check String : NTFS_FILE_SYSTEM
    Bug Check Code : 0x00000024
    Parameter 1 : 00000000`001904fb
    Parameter 2 : fffff880`02b537d8
    Parameter 3 : fffff880`02b53030
    Parameter 4 : fffff880`014cdc73
    Caused By Driver : Ntfs.sys
    Caused By Address : Ntfs.sys+b1c73
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Crash Address : ntoskrnl.exe+7f1c0
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\091312-19328-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,720
    ==================================================

    ==================================================
    Dump File : 091312-18205-01.dmp
    Crash Time : 13/09/2012 22:53:18
    Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
    Bug Check Code : 0x00000050
    Parameter 1 : fffff680`38fffff8
    Parameter 2 : 00000000`00000000
    Parameter 3 : fffff800`02c6ad36
    Parameter 4 : 00000000`00000002
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+7f1c0
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
    Processor : x64
    Crash Address : ntoskrnl.exe+7f1c0
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\091312-18205-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,776
    ==================================================

    ==================================================
    Dump File : 091312-23119-01.dmp
    Crash Time : 13/09/2012 15:02:04
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : ffffffff`c0000005
    Parameter 2 : fffff880`04f90d90
    Parameter 3 : fffff880`06350668
    Parameter 4 : fffff880`0634fec0
    Caused By Driver : dxgmms1.sys
    Caused By Address : dxgmms1.sys+1ded3
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Crash Address : dxgmms1.sys+20d90
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\091312-23119-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,776
    ==================================================

    ==================================================
    Dump File : 091212-20077-01.dmp
    Crash Time : 12/09/2012 23:31:04
    Bug Check String :
    Bug Check Code : 0x00000109
    Parameter 1 : a3a039d8`992e6579
    Parameter 2 : b3b7465e`ebac8dfb
    Parameter 3 : fffff880`00d1d014
    Parameter 4 : 00000000`00000001
    Caused By Driver : CLFS.SYS
    Caused By Address : CLFS.SYS+20014
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Crash Address : ntoskrnl.exe+7f1c0
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\091212-20077-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,776
    ==================================================

    ==================================================
    Dump File : 091112-17253-01.dmp
    Crash Time : 11/09/2012 23:52:32
    Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
    Bug Check Code : 0x00000050
    Parameter 1 : fffff88c`02cdff90
    Parameter 2 : 00000000`00000008
    Parameter 3 : fffff88c`02cdff90
    Parameter 4 : 00000000`00000005
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+7f1c0
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
    Processor : x64
    Crash Address : ntoskrnl.exe+7f1c0
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\091112-17253-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,776
    ==================================================

    ==================================================
    Dump File : 091112-17690-01.dmp
    Crash Time : 11/09/2012 03:15:29
    Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
    Bug Check Code : 0x00000050
    Parameter 1 : 00000000`040c4e60
    Parameter 2 : 00000000`00000000
    Parameter 3 : 00000000`68b09d1b
    Parameter 4 : 00000000`00000008
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+7f1c0
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
    Processor : x64
    Crash Address : ntoskrnl.exe+7f1c0
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\091112-17690-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,776
    ==================================================

    ==================================================
    Dump File : 091012-18876-01.dmp
    Crash Time : 10/09/2012 19:59:45
    Bug Check String : BAD_POOL_HEADER
    Bug Check Code : 0x00000019
    Parameter 1 : 00000000`00000020
    Parameter 2 : fffff900`c089c9b0
    Parameter 3 : fffff900`c089ca20
    Parameter 4 : 00000000`25070021
    Caused By Driver : win32k.sys
    Caused By Address : win32k.sys+cbe3a
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Crash Address : ntoskrnl.exe+7f1c0
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\091012-18876-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,776
    ==================================================

    ==================================================
    Dump File : 090712-17409-01.dmp
    Crash Time : 07/09/2012 01:43:13
    Bug Check String : SYSTEM_SERVICE_EXCEPTION
    Bug Check Code : 0x0000003b
    Parameter 1 : 00000000`c0000005
    Parameter 2 : fffff880`00c43039
    Parameter 3 : fffff880`03edd860
    Parameter 4 : 00000000`00000000
    Caused By Driver : fltmgr.sys
    Caused By Address : fltmgr.sys+5039
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Crash Address : ntoskrnl.exe+7f1c0
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\090712-17409-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,776
    ==================================================

    ==================================================
    Dump File : 090612-20997-01.dmp
    Crash Time : 06/09/2012 04:11:26
    Bug Check String : SYSTEM_SERVICE_EXCEPTION
    Bug Check Code : 0x0000003b
    Parameter 1 : 00000000`c0000005
    Parameter 2 : fffff800`02fcae5a
    Parameter 3 : fffff880`08f93bb0
    Parameter 4 : 00000000`00000000
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+7f1c0
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
    Processor : x64
    Crash Address : ntoskrnl.exe+7f1c0
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\090612-20997-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,776
    ==================================================

    ==================================================
    Dump File : 090512-16660-01.dmp
    Crash Time : 05/09/2012 17:34:31
    Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
    Bug Check Code : 0x00000050
    Parameter 1 : fffff808`032274d8
    Parameter 2 : 00000000`00000008
    Parameter 3 : fffff808`032274d8
    Parameter 4 : 00000000`00000005
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+7f1c0
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
    Processor : x64
    Crash Address : ntoskrnl.exe+7f1c0
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\090512-16660-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,776
    ==================================================

    ==================================================
    Dump File : 090412-17362-01.dmp
    Crash Time : 04/09/2012 21:08:06
    Bug Check String : SYSTEM_SERVICE_EXCEPTION
    Bug Check Code : 0x0000003b
    Parameter 1 : 00000000`c0000005
    Parameter 2 : fffff800`02fb1f39
    Parameter 3 : fffff880`09010a10
    Parameter 4 : 00000000`00000000
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+7f1c0
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
    Processor : x64
    Crash Address : ntoskrnl.exe+7f1c0
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\090412-17362-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,776
    ==================================================

    ==================================================
    Dump File : 090412-21247-01.dmp
    Crash Time : 04/09/2012 00:05:09
    Bug Check String : SYSTEM_SERVICE_EXCEPTION
    Bug Check Code : 0x0000003b
    Parameter 1 : 00000000`c0000005
    Parameter 2 : fffff960`000c9549
    Parameter 3 : fffff880`0924a6b0
    Parameter 4 : 00000000`00000000
    Caused By Driver : win32k.sys
    Caused By Address : win32k.sys+5cc7d
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Crash Address : ntoskrnl.exe+7f1c0
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\090412-21247-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,776
    ==================================================

    ==================================================
    Dump File : 090212-19843-01.dmp
    Crash Time : 02/09/2012 20:42:11
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : ffffffff`c0000005
    Parameter 2 : fffff880`01be5fa4
    Parameter 3 : fffff880`06320908
    Parameter 4 : fffff880`06320160
    Caused By Driver : luafv.sys
    Caused By Address : luafv.sys+17147
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Crash Address : luafv.sys+16fa4
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\090212-19843-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,776
    ==================================================

    ==================================================
    Dump File : 090212-16130-01.dmp
    Crash Time : 02/09/2012 02:47:06
    Bug Check String : SYSTEM_SERVICE_EXCEPTION
    Bug Check Code : 0x0000003b
    Parameter 1 : 00000000`c0000005
    Parameter 2 : fffff960`00130d97
    Parameter 3 : fffff880`09897020
    Parameter 4 : 00000000`00000000
    Caused By Driver : win32k.sys
    Caused By Address : win32k.sys+d0d97
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Crash Address : ntoskrnl.exe+7f1c0
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\090212-16130-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,776
    ==================================================

    ==================================================
    Dump File : 090112-16317-01.dmp
    Crash Time : 01/09/2012 01:40:42
    Bug Check String : BAD_POOL_HEADER
    Bug Check Code : 0x00000019
    Parameter 1 : 00000000`00000003
    Parameter 2 : fffff880`0634a390
    Parameter 3 : fffff880`0634a3d8
    Parameter 4 : fffff880`0634a390
    Caused By Driver : win32k.sys
    Caused By Address : win32k.sys+775ca
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Crash Address : ntoskrnl.exe+7f1c0
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\090112-16317-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,776
    ==================================================

    ==================================================
    Dump File : 090112-17082-01.dmp
    Crash Time : 01/09/2012 01:16:08
    Bug Check String :
    Bug Check Code : 0x00000109
    Parameter 1 : a3a039d8`987ce8c2
    Parameter 2 : b3b7465e`eafb21e0
    Parameter 3 : fffff800`00bd1020
    Parameter 4 : 00000000`00000001
    Caused By Driver : kdcom.dll
    Caused By Address : kdcom.dll+1020
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Crash Address : ntoskrnl.exe+7f1c0
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\090112-17082-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,776
    ==================================================

    ==================================================
    Dump File : 082012-17082-01.dmp
    Crash Time : 20/08/2012 20:54:32
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : ffffffff`c0000005
    Parameter 2 : fffff800`02ce4eeb
    Parameter 3 : fffff880`0351d898
    Parameter 4 : fffff880`0351d0f0
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+d3eeb
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
    Processor : x64
    Crash Address : ntoskrnl.exe+d3eeb
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\082012-17082-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,776
    ==================================================

    ==================================================
    Dump File : 072612-15865-01.dmp
    Crash Time : 26/07/2012 20:54:35
    Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
    Bug Check Code : 0x00000050
    Parameter 1 : 00000000`00272a70
    Parameter 2 : 00000000`00000000
    Parameter 3 : 00000000`76e80cbd
    Parameter 4 : 00000000`00000008
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+7f1c0
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
    Processor : x64
    Crash Address : ntoskrnl.exe+7f1c0
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\072612-15865-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,776
    ==================================================

    ==================================================
    Dump File : 071612-17144-01.dmp
    Crash Time : 16/07/2012 15:03:05
    Bug Check String : SYSTEM_SERVICE_EXCEPTION
    Bug Check Code : 0x0000003b
    Parameter 1 : 00000000`c0000005
    Parameter 2 : fffff800`02f6e28f
    Parameter 3 : fffff880`07110070
    Parameter 4 : 00000000`00000000
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+7f1c0
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
    Processor : x64
    Crash Address : ntoskrnl.exe+7f1c0
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\071612-17144-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,776
    ==================================================

    ==================================================
    Dump File : 071612-20264-01.dmp
    Crash Time : 16/07/2012 01:17:16
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : ffffffff`c0000005
    Parameter 2 : fffff880`012421d1
    Parameter 3 : fffff880`033fc628
    Parameter 4 : fffff880`033fbe80
    Caused By Driver : fltmgr.sys
    Caused By Address : fltmgr.sys+23178
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Crash Address : fltmgr.sys+51d1
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\071612-20264-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,776
    ==================================================

    ==================================================
    Dump File : 071612-18096-01.dmp
    Crash Time : 16/07/2012 01:01:01
    Bug Check String : NTFS_FILE_SYSTEM
    Bug Check Code : 0x00000024
    Parameter 1 : 00000000`001904fb
    Parameter 2 : fffff880`093b5ea8
    Parameter 3 : fffff880`093b5700
    Parameter 4 : fffff800`02df9617
    Caused By Driver : Ntfs.sys
    Caused By Address : Ntfs.sys+5a88
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Crash Address : ntoskrnl.exe+7f1c0
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\071612-18096-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,776
    ==================================================

    ==================================================
    Dump File : 071512-17378-01.dmp
    Crash Time : 15/07/2012 13:49:34
    Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x0000001e
    Parameter 1 : ffffffff`c0000005
    Parameter 2 : fffff800`02cf6a84
    Parameter 3 : 00000000`00000001
    Parameter 4 : 00000000`fffffa50
    Caused By Driver : Ntfs.sys
    Caused By Address : Ntfs.sys+a8bd8
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Crash Address : ntoskrnl.exe+7f1c0
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\071512-17378-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,776
    ==================================================

    ==================================================
    Dump File : 070812-23556-01.dmp
    Crash Time : 08/07/2012 01:27:38
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : ffffffff`c0000005
    Parameter 2 : fffff800`02df8a9b
    Parameter 3 : fffff880`033fc738
    Parameter 4 : fffff880`033fbf90
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+1aba9b
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
    Processor : x64
    Crash Address : ntoskrnl.exe+1aba9b
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\070812-23556-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274,776
    ==================================================

    ==================================================
    Dump File : 062812-16411-01.dmp
    Crash Time : 28/06/2012 21:33:39
    Bug Check String : SYSTEM_SERVICE_EXCEPTION
    Bug Check Code : 0x0000003b
    Parameter 1 : 00000000`c0000005
    Parameter 2 : fffff800`02f9f65c
    Parameter 3 : fffff880`08f3a090
    Parameter 4 : 00000000`00000000
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+70040
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
    Processor : x64
    Crash Address : ntoskrnl.exe+70040
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\062812-16411-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7600
    Dump File Size : 274,720
    ==================================================
     
  6. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ===================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ====================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  7. AlexMcNeill

    AlexMcNeill TS Rookie Topic Starter Posts: 18

    TDSS Killer:

    15:34:17.0185 3428 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
    15:34:17.0465 3428 ============================================================
    15:34:17.0465 3428 Current date / time: 2012/09/16 15:34:17.0465
    15:34:17.0465 3428 SystemInfo:
    15:34:17.0465 3428
    15:34:17.0465 3428 OS Version: 6.1.7601 ServicePack: 1.0
    15:34:17.0465 3428 Product type: Workstation
    15:34:17.0465 3428 ComputerName: ALEXANDER-PC
    15:34:17.0465 3428 UserName: Alexander
    15:34:17.0465 3428 Windows directory: C:\Windows
    15:34:17.0465 3428 System windows directory: C:\Windows
    15:34:17.0465 3428 Running under WOW64
    15:34:17.0465 3428 Processor architecture: Intel x64
    15:34:17.0465 3428 Number of processors: 4
    15:34:17.0465 3428 Page size: 0x1000
    15:34:17.0465 3428 Boot type: Normal boot
    15:34:17.0465 3428 ============================================================
    15:34:18.0775 3428 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    15:34:18.0795 3428 ============================================================
    15:34:18.0795 3428 \Device\Harddisk0\DR0:
    15:34:18.0795 3428 MBR partitions:
    15:34:18.0795 3428 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    15:34:18.0795 3428 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
    15:34:18.0795 3428 ============================================================
    15:34:18.0835 3428 C: <-> \Device\Harddisk0\DR0\Partition2
    15:34:18.0835 3428 ============================================================
    15:34:18.0835 3428 Initialize success
    15:34:18.0835 3428 ============================================================
    15:34:23.0005 3280 ============================================================
    15:34:23.0005 3280 Scan started
    15:34:23.0005 3280 Mode: Manual;
    15:34:23.0005 3280 ============================================================
    15:34:23.0375 3280 ================ Scan system memory ========================
    15:34:23.0375 3280 System memory - ok
    15:34:23.0375 3280 ================ Scan services =============================
    15:34:23.0545 3280 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    15:34:23.0545 3280 1394ohci - ok
    15:34:23.0585 3280 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    15:34:23.0595 3280 ACPI - ok
    15:34:23.0605 3280 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    15:34:23.0645 3280 AcpiPmi - ok
    15:34:23.0785 3280 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    15:34:23.0785 3280 AdobeARMservice - ok
    15:34:23.0885 3280 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    15:34:23.0885 3280 AdobeFlashPlayerUpdateSvc - ok
    15:34:23.0925 3280 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    15:34:23.0965 3280 adp94xx - ok
    15:34:23.0985 3280 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    15:34:24.0025 3280 adpahci - ok
    15:34:24.0045 3280 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    15:34:24.0045 3280 adpu320 - ok
    15:34:24.0075 3280 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    15:34:24.0075 3280 AeLookupSvc - ok
    15:34:24.0105 3280 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    15:34:24.0115 3280 AFD - ok
    15:34:24.0155 3280 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    15:34:24.0175 3280 agp440 - ok
    15:34:24.0195 3280 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    15:34:24.0195 3280 ALG - ok
    15:34:24.0235 3280 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    15:34:24.0255 3280 aliide - ok
    15:34:24.0265 3280 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    15:34:24.0285 3280 amdide - ok
    15:34:24.0315 3280 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    15:34:24.0335 3280 AmdK8 - ok
    15:34:24.0335 3280 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    15:34:24.0355 3280 AmdPPM - ok
    15:34:24.0375 3280 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    15:34:24.0405 3280 amdsata - ok
    15:34:24.0425 3280 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    15:34:24.0445 3280 amdsbs - ok
    15:34:24.0455 3280 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    15:34:24.0475 3280 amdxata - ok
    15:34:24.0505 3280 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
    15:34:24.0535 3280 androidusb - ok
    15:34:24.0575 3280 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    15:34:24.0615 3280 AppID - ok
    15:34:24.0635 3280 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    15:34:24.0635 3280 AppIDSvc - ok
    15:34:24.0675 3280 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    15:34:24.0675 3280 Appinfo - ok
    15:34:24.0735 3280 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    15:34:24.0735 3280 Apple Mobile Device - ok
    15:34:24.0815 3280 [ 0805ECF10476A091999E4D59D0DB71A2 ] Application Updater C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    15:34:24.0825 3280 Application Updater - ok
    15:34:24.0855 3280 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    15:34:24.0855 3280 AppMgmt - ok
    15:34:24.0865 3280 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    15:34:24.0885 3280 arc - ok
    15:34:24.0905 3280 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    15:34:24.0905 3280 arcsas - ok
    15:34:24.0925 3280 Aspi32 - ok
    15:34:25.0015 3280 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    15:34:25.0035 3280 aspnet_state - ok
    15:34:25.0055 3280 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    15:34:25.0075 3280 AsyncMac - ok
    15:34:25.0115 3280 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    15:34:25.0115 3280 atapi - ok
    15:34:25.0435 3280 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\Windows\system32\drivers\atikmdag.sys
    15:34:25.0545 3280 atikmdag - ok
    15:34:25.0595 3280 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    15:34:25.0595 3280 AudioEndpointBuilder - ok
    15:34:25.0605 3280 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    15:34:25.0615 3280 AudioSrv - ok
    15:34:25.0645 3280 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    15:34:25.0655 3280 AxInstSV - ok
    15:34:25.0665 3280 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    15:34:25.0675 3280 b06bdrv - ok
    15:34:25.0695 3280 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    15:34:25.0715 3280 b57nd60a - ok
    15:34:25.0725 3280 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    15:34:25.0725 3280 BDESVC - ok
    15:34:25.0745 3280 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    15:34:25.0745 3280 Beep - ok
    15:34:25.0795 3280 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    15:34:25.0805 3280 BFE - ok
    15:34:25.0825 3280 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
    15:34:25.0835 3280 BITS - ok
    15:34:25.0855 3280 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    15:34:25.0875 3280 blbdrive - ok
    15:34:25.0945 3280 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    15:34:25.0955 3280 Bonjour Service - ok
    15:34:25.0995 3280 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    15:34:26.0025 3280 bowser - ok
    15:34:26.0035 3280 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    15:34:26.0035 3280 BrFiltLo - ok
    15:34:26.0045 3280 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    15:34:26.0045 3280 BrFiltUp - ok
    15:34:26.0055 3280 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    15:34:26.0075 3280 BridgeMP - ok
    15:34:26.0125 3280 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    15:34:26.0135 3280 Browser - ok
    15:34:26.0145 3280 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    15:34:26.0165 3280 Brserid - ok
    15:34:26.0175 3280 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    15:34:26.0185 3280 BrSerWdm - ok
    15:34:26.0195 3280 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    15:34:26.0215 3280 BrUsbMdm - ok
    15:34:26.0215 3280 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    15:34:26.0215 3280 BrUsbSer - ok
    15:34:26.0225 3280 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    15:34:26.0235 3280 BTHMODEM - ok
    15:34:26.0245 3280 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    15:34:26.0245 3280 bthserv - ok
    15:34:26.0265 3280 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    15:34:26.0265 3280 cdfs - ok
    15:34:26.0305 3280 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
    15:34:26.0325 3280 cdrom - ok
    15:34:26.0365 3280 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    15:34:26.0375 3280 CertPropSvc - ok
    15:34:26.0375 3280 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    15:34:26.0385 3280 circlass - ok
    15:34:26.0395 3280 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    15:34:26.0405 3280 CLFS - ok
    15:34:26.0445 3280 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    15:34:26.0445 3280 clr_optimization_v2.0.50727_32 - ok
    15:34:26.0485 3280 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    15:34:26.0485 3280 clr_optimization_v2.0.50727_64 - ok
    15:34:26.0525 3280 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    15:34:26.0565 3280 clr_optimization_v4.0.30319_32 - ok
    15:34:26.0585 3280 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    15:34:26.0585 3280 clr_optimization_v4.0.30319_64 - ok
    15:34:26.0595 3280 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    15:34:26.0605 3280 CmBatt - ok
    15:34:26.0655 3280 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    15:34:26.0685 3280 cmdide - ok
    15:34:26.0715 3280 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    15:34:26.0735 3280 CNG - ok
    15:34:26.0755 3280 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    15:34:26.0775 3280 Compbatt - ok
    15:34:26.0805 3280 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    15:34:26.0805 3280 CompositeBus - ok
    15:34:26.0815 3280 COMSysApp - ok
    15:34:26.0835 3280 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    15:34:26.0835 3280 crcdisk - ok
    15:34:26.0885 3280 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    15:34:26.0885 3280 CryptSvc - ok
    15:34:26.0925 3280 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
    15:34:26.0935 3280 CSC - ok
    15:34:26.0965 3280 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
    15:34:26.0965 3280 CscService - ok
    15:34:26.0985 3280 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    15:34:26.0995 3280 DcomLaunch - ok
    15:34:27.0015 3280 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    15:34:27.0025 3280 defragsvc - ok
    15:34:27.0055 3280 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    15:34:27.0055 3280 DfsC - ok
    15:34:27.0065 3280 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    15:34:27.0075 3280 Dhcp - ok
    15:34:27.0085 3280 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    15:34:27.0085 3280 discache - ok
    15:34:27.0125 3280 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    15:34:27.0145 3280 Disk - ok
    15:34:27.0165 3280 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    15:34:27.0175 3280 Dnscache - ok
    15:34:27.0215 3280 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    15:34:27.0225 3280 dot3svc - ok
    15:34:27.0295 3280 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
    15:34:27.0315 3280 Dot4 - ok
    15:34:27.0375 3280 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
    15:34:27.0395 3280 Dot4Print - ok
    15:34:27.0435 3280 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
    15:34:27.0465 3280 dot4usb - ok
    15:34:27.0505 3280 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    15:34:27.0505 3280 DPS - ok
    15:34:27.0545 3280 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    15:34:27.0565 3280 drmkaud - ok
    15:34:27.0595 3280 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    15:34:27.0605 3280 DXGKrnl - ok
    15:34:27.0645 3280 [ 13533557D01B88C83110D5CF749F14D7 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
    15:34:27.0645 3280 eamonm - ok
    15:34:27.0665 3280 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    15:34:27.0675 3280 EapHost - ok
    15:34:27.0765 3280 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    15:34:27.0855 3280 ebdrv - ok
    15:34:27.0875 3280 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    15:34:27.0885 3280 EFS - ok
    15:34:27.0925 3280 [ E097728129E7B79BF1089D7AEF42332B ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
    15:34:27.0945 3280 ehdrv - ok
    15:34:27.0985 3280 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    15:34:27.0985 3280 ehRecvr - ok
    15:34:28.0005 3280 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    15:34:28.0005 3280 ehSched - ok
    15:34:28.0095 3280 [ C7BB95CF9631AA401E4ADED1648F6AF7 ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    15:34:28.0095 3280 ekrn - ok
    15:34:28.0135 3280 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    15:34:28.0145 3280 elxstor - ok
    15:34:28.0195 3280 [ 198C6FBC30BBD9632EA051203DCCF204 ] epfw C:\Windows\system32\DRIVERS\epfw.sys
    15:34:28.0205 3280 epfw - ok
    15:34:28.0215 3280 [ 56DE463F517710A8AA44EEF82C35B3C9 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
    15:34:28.0245 3280 EpfwLWF - ok
    15:34:28.0265 3280 [ 710B0442BB2F99278D7B8E02A8849C11 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
    15:34:28.0275 3280 epfwwfp - ok
    15:34:28.0325 3280 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    15:34:28.0335 3280 ErrDev - ok
    15:34:28.0375 3280 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    15:34:28.0375 3280 EventSystem - ok
    15:34:28.0385 3280 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    15:34:28.0415 3280 exfat - ok
    15:34:28.0435 3280 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    15:34:28.0465 3280 fastfat - ok
    15:34:28.0505 3280 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    15:34:28.0515 3280 Fax - ok
    15:34:28.0525 3280 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    15:34:28.0555 3280 fdc - ok
    15:34:28.0565 3280 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    15:34:28.0565 3280 fdPHost - ok
    15:34:28.0575 3280 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    15:34:28.0585 3280 FDResPub - ok
    15:34:28.0585 3280 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    15:34:28.0605 3280 FileInfo - ok
    15:34:28.0615 3280 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    15:34:28.0635 3280 Filetrace - ok
    15:34:28.0635 3280 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    15:34:28.0665 3280 flpydisk - ok
    15:34:28.0685 3280 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    15:34:28.0715 3280 FltMgr - ok
    15:34:28.0775 3280 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    15:34:28.0785 3280 FontCache - ok
    15:34:28.0835 3280 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    15:34:28.0835 3280 FontCache3.0.0.0 - ok
    15:34:28.0845 3280 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    15:34:28.0865 3280 FsDepends - ok
    15:34:28.0895 3280 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    15:34:28.0915 3280 Fs_Rec - ok
    15:34:28.0965 3280 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    15:34:28.0965 3280 fvevol - ok
    15:34:28.0975 3280 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    15:34:29.0025 3280 gagp30kx - ok
    15:34:29.0065 3280 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    15:34:29.0095 3280 GEARAspiWDM - ok
    15:34:29.0145 3280 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    15:34:29.0155 3280 gpsvc - ok
    15:34:29.0175 3280 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    15:34:29.0175 3280 hcw85cir - ok
    15:34:29.0295 3280 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    15:34:29.0305 3280 HdAudAddService - ok
    15:34:29.0325 3280 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    15:34:29.0325 3280 HDAudBus - ok
    15:34:29.0335 3280 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    15:34:29.0375 3280 HidBatt - ok
    15:34:29.0395 3280 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    15:34:29.0415 3280 HidBth - ok
    15:34:29.0415 3280 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    15:34:29.0455 3280 HidIr - ok
    15:34:29.0475 3280 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
    15:34:29.0475 3280 hidserv - ok
    15:34:29.0495 3280 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
    15:34:29.0515 3280 HidUsb - ok
    15:34:29.0545 3280 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    15:34:29.0555 3280 hkmsvc - ok
    15:34:29.0565 3280 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    15:34:29.0565 3280 HomeGroupListener - ok
    15:34:29.0575 3280 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    15:34:29.0585 3280 HomeGroupProvider - ok
    15:34:29.0595 3280 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    15:34:29.0605 3280 HpSAMD - ok
    15:34:29.0655 3280 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    15:34:29.0665 3280 HTTP - ok
    15:34:29.0675 3280 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    15:34:29.0675 3280 hwpolicy - ok
    15:34:29.0685 3280 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    15:34:29.0705 3280 i8042prt - ok
    15:34:29.0715 3280 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    15:34:29.0745 3280 iaStorV - ok
    15:34:29.0795 3280 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    15:34:29.0805 3280 idsvc - ok
    15:34:29.0815 3280 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    15:34:29.0825 3280 iirsp - ok
    15:34:29.0845 3280 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    15:34:29.0855 3280 IKEEXT - ok
    15:34:29.0895 3280 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    15:34:29.0915 3280 intelide - ok
    15:34:29.0935 3280 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    15:34:29.0935 3280 intelppm - ok
    15:34:29.0955 3280 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    15:34:29.0955 3280 IPBusEnum - ok
    15:34:29.0975 3280 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    15:34:29.0975 3280 IpFilterDriver - ok
    15:34:30.0015 3280 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    15:34:30.0025 3280 iphlpsvc - ok
    15:34:30.0035 3280 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    15:34:30.0045 3280 IPMIDRV - ok
    15:34:30.0045 3280 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    15:34:30.0075 3280 IPNAT - ok
    15:34:30.0145 3280 [ 755E4BA6DCE627A2683BB7640553C8D6 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    15:34:30.0155 3280 iPod Service - ok
    15:34:30.0225 3280 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    15:34:30.0225 3280 IRENUM - ok
    15:34:30.0245 3280 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    15:34:30.0255 3280 isapnp - ok
    15:34:30.0295 3280 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    15:34:30.0315 3280 iScsiPrt - ok
    15:34:30.0335 3280 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    15:34:30.0335 3280 kbdclass - ok
    15:34:30.0345 3280 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    15:34:30.0345 3280 kbdhid - ok
    15:34:30.0355 3280 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    15:34:30.0365 3280 KeyIso - ok
    15:34:30.0365 3280 KMService - ok
    15:34:30.0395 3280 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    15:34:30.0435 3280 KSecDD - ok
    15:34:30.0475 3280 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    15:34:30.0485 3280 KSecPkg - ok
    15:34:30.0495 3280 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    15:34:30.0505 3280 ksthunk - ok
    15:34:30.0535 3280 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    15:34:30.0545 3280 KtmRm - ok
    15:34:30.0565 3280 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
    15:34:30.0565 3280 LanmanServer - ok
    15:34:30.0605 3280 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    15:34:30.0615 3280 LanmanWorkstation - ok
    15:34:30.0635 3280 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    15:34:30.0645 3280 lltdio - ok
    15:34:30.0675 3280 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    15:34:30.0685 3280 lltdsvc - ok
    15:34:30.0685 3280 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    15:34:30.0695 3280 lmhosts - ok
    15:34:30.0715 3280 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    15:34:30.0735 3280 LSI_FC - ok
    15:34:30.0745 3280 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    15:34:30.0755 3280 LSI_SAS - ok
    15:34:30.0765 3280 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    15:34:30.0795 3280 LSI_SAS2 - ok
    15:34:30.0795 3280 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    15:34:30.0815 3280 LSI_SCSI - ok
    15:34:30.0825 3280 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    15:34:30.0835 3280 luafv - ok
    15:34:30.0875 3280 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    15:34:30.0875 3280 Mcx2Svc - ok
    15:34:30.0885 3280 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    15:34:30.0915 3280 megasas - ok
    15:34:30.0925 3280 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    15:34:30.0945 3280 MegaSR - ok
    15:34:31.0065 3280 Microsoft SharePoint Workspace Audit Service - ok
    15:34:31.0085 3280 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    15:34:31.0085 3280 MMCSS - ok
    15:34:31.0095 3280 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    15:34:31.0095 3280 Modem - ok
    15:34:31.0115 3280 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    15:34:31.0115 3280 monitor - ok
    15:34:31.0155 3280 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
    15:34:31.0155 3280 mouclass - ok
    15:34:31.0165 3280 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    15:34:31.0175 3280 mouhid - ok
    15:34:31.0205 3280 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    15:34:31.0205 3280 mountmgr - ok
    15:34:31.0265 3280 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    15:34:31.0285 3280 MozillaMaintenance - ok
    15:34:31.0315 3280 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    15:34:31.0325 3280 mpio - ok
    15:34:31.0335 3280 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    15:34:31.0355 3280 mpsdrv - ok
    15:34:31.0405 3280 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    15:34:31.0425 3280 MpsSvc - ok
    15:34:31.0455 3280 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    15:34:31.0465 3280 MRxDAV - ok
    15:34:31.0485 3280 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    15:34:31.0485 3280 mrxsmb - ok
    15:34:31.0515 3280 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    15:34:31.0555 3280 mrxsmb10 - ok
    15:34:31.0565 3280 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    15:34:31.0585 3280 mrxsmb20 - ok
    15:34:31.0635 3280 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    15:34:31.0655 3280 msahci - ok
    15:34:31.0675 3280 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    15:34:31.0695 3280 msdsm - ok
    15:34:31.0715 3280 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    15:34:31.0725 3280 MSDTC - ok
    15:34:31.0735 3280 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    15:34:31.0745 3280 Msfs - ok
    15:34:31.0745 3280 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    15:34:31.0755 3280 mshidkmdf - ok
    15:34:31.0765 3280 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    15:34:31.0785 3280 msisadrv - ok
    15:34:31.0815 3280 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    15:34:31.0815 3280 MSiSCSI - ok
    15:34:31.0825 3280 msiserver - ok
    15:34:31.0845 3280 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    15:34:31.0855 3280 MSKSSRV - ok
    15:34:31.0855 3280 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    15:34:31.0855 3280 MSPCLOCK - ok
    15:34:31.0865 3280 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    15:34:31.0885 3280 MSPQM - ok
    15:34:31.0925 3280 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    15:34:31.0925 3280 MsRPC - ok
    15:34:31.0945 3280 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    15:34:31.0945 3280 mssmbios - ok
    15:34:31.0955 3280 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    15:34:31.0955 3280 MSTEE - ok
    15:34:31.0975 3280 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    15:34:31.0975 3280 MTConfig - ok
    15:34:31.0995 3280 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    15:34:32.0015 3280 Mup - ok
    15:34:32.0065 3280 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    15:34:32.0065 3280 napagent - ok
    15:34:32.0085 3280 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    15:34:32.0125 3280 NativeWifiP - ok
    15:34:32.0165 3280 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    15:34:32.0175 3280 NDIS - ok
    15:34:32.0195 3280 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    15:34:32.0215 3280 NdisCap - ok
    15:34:32.0235 3280 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    15:34:32.0245 3280 NdisTapi - ok
    15:34:32.0275 3280 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    15:34:32.0275 3280 Ndisuio - ok
    15:34:32.0325 3280 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    15:34:32.0355 3280 NdisWan - ok
    15:34:32.0396 3280 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    15:34:32.0436 3280 NDProxy - ok
    15:34:32.0496 3280 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    15:34:32.0496 3280 Net Driver HPZ12 - ok
    15:34:32.0506 3280 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    15:34:32.0836 3280 NetBIOS - ok
    15:34:32.0876 3280 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    15:34:32.0876 3280 NetBT - ok
    15:34:32.0886 3280 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    15:34:32.0896 3280 Netlogon - ok
    15:34:32.0926 3280 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    15:34:32.0936 3280 Netman - ok
    15:34:32.0986 3280 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    15:34:32.0986 3280 NetMsmqActivator - ok
    15:34:32.0996 3280 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    15:34:32.0996 3280 NetPipeActivator - ok
    15:34:33.0016 3280 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    15:34:33.0016 3280 netprofm - ok
    15:34:33.0026 3280 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    15:34:33.0026 3280 NetTcpActivator - ok
    15:34:33.0036 3280 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    15:34:33.0036 3280 NetTcpPortSharing - ok
    15:34:33.0036 3280 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    15:34:33.0066 3280 nfrd960 - ok
    15:34:33.0096 3280 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    15:34:33.0106 3280 NlaSvc - ok
    15:34:33.0116 3280 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    15:34:33.0136 3280 Npfs - ok
    15:34:33.0136 3280 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    15:34:33.0146 3280 nsi - ok
    15:34:33.0156 3280 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    15:34:33.0156 3280 nsiproxy - ok
    15:34:33.0216 3280 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    15:34:33.0276 3280 Ntfs - ok
    15:34:33.0296 3280 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    15:34:33.0316 3280 Null - ok
    15:34:33.0326 3280 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    15:34:33.0346 3280 nvraid - ok
    15:34:33.0386 3280 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    15:34:33.0436 3280 nvstor - ok
    15:34:33.0436 3280 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    15:34:33.0456 3280 nv_agp - ok
    15:34:33.0496 3280 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    15:34:33.0516 3280 ohci1394 - ok
    15:34:33.0576 3280 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    15:34:33.0576 3280 ose64 - ok
    15:34:33.0716 3280 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    15:34:33.0746 3280 osppsvc - ok
    15:34:33.0756 3280 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    15:34:33.0766 3280 p2pimsvc - ok
    15:34:33.0786 3280 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    15:34:33.0796 3280 p2psvc - ok
    15:34:33.0876 3280 [ F7BAC457D6AE2F7E18FA69C8180A7843 ] PaceLicenseDServices C:\Program Files (x86)\Common
     
  8. AlexMcNeill

    AlexMcNeill TS Rookie Topic Starter Posts: 18

    (Continued)

    Files\PACE\Services\LicenseServices\LDSvc.exe
    15:34:33.0896 3280 PaceLicenseDServices - ok
    15:34:33.0956 3280 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    15:34:34.0016 3280 Parport - ok
    15:34:34.0066 3280 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    15:34:34.0086 3280 partmgr - ok
    15:34:34.0106 3280 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    15:34:34.0116 3280 PcaSvc - ok
    15:34:34.0116 3280 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    15:34:34.0156 3280 pci - ok
    15:34:34.0166 3280 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    15:34:34.0176 3280 pciide - ok
    15:34:34.0186 3280 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    15:34:34.0206 3280 pcmcia - ok
    15:34:34.0216 3280 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    15:34:34.0236 3280 pcw - ok
    15:34:34.0246 3280 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    15:34:34.0276 3280 PEAUTH - ok
    15:34:34.0306 3280 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    15:34:34.0336 3280 PeerDistSvc - ok
    15:34:34.0386 3280 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    15:34:34.0386 3280 PerfHost - ok
    15:34:34.0446 3280 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    15:34:34.0466 3280 pla - ok
    15:34:34.0506 3280 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    15:34:34.0506 3280 PlugPlay - ok
    15:34:34.0536 3280 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    15:34:34.0536 3280 Pml Driver HPZ12 - ok
    15:34:34.0546 3280 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    15:34:34.0546 3280 PNRPAutoReg - ok
    15:34:34.0566 3280 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    15:34:34.0566 3280 PNRPsvc - ok
    15:34:34.0586 3280 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    15:34:34.0596 3280 PolicyAgent - ok
    15:34:34.0606 3280 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    15:34:34.0606 3280 Power - ok
    15:34:34.0616 3280 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    15:34:34.0666 3280 PptpMiniport - ok
    15:34:34.0686 3280 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    15:34:34.0706 3280 Processor - ok
    15:34:34.0746 3280 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    15:34:34.0746 3280 ProfSvc - ok
    15:34:34.0766 3280 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    15:34:34.0766 3280 ProtectedStorage - ok
    15:34:34.0816 3280 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    15:34:34.0816 3280 Psched - ok
    15:34:34.0866 3280 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    15:34:34.0876 3280 PxHlpa64 - ok
    15:34:34.0936 3280 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    15:34:34.0986 3280 ql2300 - ok
    15:34:34.0996 3280 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    15:34:35.0006 3280 ql40xx - ok
    15:34:35.0026 3280 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    15:34:35.0026 3280 QWAVE - ok
    15:34:35.0036 3280 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    15:34:35.0056 3280 QWAVEdrv - ok
    15:34:35.0066 3280 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    15:34:35.0086 3280 RasAcd - ok
    15:34:35.0116 3280 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    15:34:35.0116 3280 RasAgileVpn - ok
    15:34:35.0126 3280 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    15:34:35.0126 3280 RasAuto - ok
    15:34:35.0146 3280 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    15:34:35.0176 3280 Rasl2tp - ok
    15:34:35.0196 3280 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    15:34:35.0196 3280 RasMan - ok
    15:34:35.0216 3280 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    15:34:35.0226 3280 RasPppoe - ok
    15:34:35.0246 3280 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    15:34:35.0266 3280 RasSstp - ok
    15:34:35.0286 3280 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    15:34:35.0286 3280 rdbss - ok
    15:34:35.0296 3280 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    15:34:35.0336 3280 rdpbus - ok
    15:34:35.0336 3280 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    15:34:35.0336 3280 RDPCDD - ok
    15:34:35.0376 3280 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    15:34:35.0416 3280 RDPDR - ok
    15:34:35.0426 3280 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    15:34:35.0426 3280 RDPENCDD - ok
    15:34:35.0446 3280 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    15:34:35.0446 3280 RDPREFMP - ok
    15:34:35.0486 3280 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    15:34:35.0516 3280 RdpVideoMiniport - ok
    15:34:35.0586 3280 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    15:34:35.0626 3280 RDPWD - ok
    15:34:35.0666 3280 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    15:34:35.0676 3280 rdyboost - ok
    15:34:35.0696 3280 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    15:34:35.0706 3280 RemoteAccess - ok
    15:34:35.0726 3280 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    15:34:35.0736 3280 RemoteRegistry - ok
    15:34:35.0756 3280 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    15:34:35.0756 3280 RpcEptMapper - ok
    15:34:35.0756 3280 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    15:34:35.0766 3280 RpcLocator - ok
    15:34:35.0806 3280 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    15:34:35.0806 3280 RpcSs - ok
    15:34:35.0826 3280 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    15:34:35.0846 3280 rspndr - ok
    15:34:35.0866 3280 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    15:34:35.0896 3280 RTL8167 - ok
    15:34:35.0936 3280 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    15:34:35.0946 3280 s3cap - ok
    15:34:35.0966 3280 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    15:34:35.0966 3280 SamSs - ok
    15:34:35.0976 3280 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    15:34:35.0996 3280 sbp2port - ok
    15:34:36.0016 3280 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    15:34:36.0016 3280 SCardSvr - ok
    15:34:36.0056 3280 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    15:34:36.0086 3280 scfilter - ok
    15:34:36.0126 3280 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    15:34:36.0156 3280 Schedule - ok
    15:34:36.0186 3280 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    15:34:36.0186 3280 SCPolicySvc - ok
    15:34:36.0206 3280 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    15:34:36.0216 3280 SDRSVC - ok
    15:34:36.0236 3280 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    15:34:36.0256 3280 secdrv - ok
    15:34:36.0296 3280 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    15:34:36.0306 3280 seclogon - ok
    15:34:36.0336 3280 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
    15:34:36.0336 3280 SENS - ok
    15:34:36.0346 3280 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    15:34:36.0356 3280 SensrSvc - ok
    15:34:36.0396 3280 [ 84AC127242DD3CCDE02F9A4673214B1F ] Sentinel64 C:\Windows\System32\Drivers\Sentinel64.sys
    15:34:36.0416 3280 Sentinel64 - ok
    15:34:36.0436 3280 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    15:34:36.0446 3280 Serenum - ok
    15:34:36.0466 3280 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    15:34:36.0526 3280 Serial - ok
    15:34:36.0536 3280 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    15:34:36.0556 3280 sermouse - ok
    15:34:36.0596 3280 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    15:34:36.0606 3280 SessionEnv - ok
    15:34:36.0646 3280 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    15:34:36.0666 3280 sffdisk - ok
    15:34:36.0676 3280 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    15:34:36.0696 3280 sffp_mmc - ok
    15:34:36.0706 3280 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    15:34:36.0716 3280 sffp_sd - ok
    15:34:36.0726 3280 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    15:34:36.0746 3280 sfloppy - ok
    15:34:36.0766 3280 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    15:34:36.0776 3280 SharedAccess - ok
    15:34:36.0796 3280 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    15:34:36.0806 3280 ShellHWDetection - ok
    15:34:36.0816 3280 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    15:34:36.0856 3280 SiSRaid2 - ok
    15:34:36.0876 3280 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    15:34:36.0886 3280 SiSRaid4 - ok
    15:34:36.0936 3280 [ DD0443BC6CC78A19FD399817F8C51401 ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
    15:34:36.0956 3280 SmartDefragDriver - ok
    15:34:36.0976 3280 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    15:34:36.0976 3280 Smb - ok
    15:34:36.0996 3280 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    15:34:37.0006 3280 SNMPTRAP - ok
    15:34:37.0016 3280 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    15:34:37.0026 3280 spldr - ok
    15:34:37.0066 3280 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    15:34:37.0076 3280 Spooler - ok
    15:34:37.0156 3280 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    15:34:37.0176 3280 sppsvc - ok
    15:34:37.0206 3280 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    15:34:37.0206 3280 sppuinotify - ok
    15:34:37.0246 3280 [ DFC4E2081324E505CA479E473A78D893 ] sptd C:\Windows\System32\Drivers\sptd.sys
    15:34:37.0316 3280 sptd - ok
    15:34:37.0406 3280 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    15:34:37.0476 3280 srv - ok
    15:34:37.0486 3280 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    15:34:37.0506 3280 srv2 - ok
    15:34:37.0536 3280 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    15:34:37.0536 3280 srvnet - ok
    15:34:37.0576 3280 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
    15:34:37.0596 3280 ssadbus - ok
    15:34:37.0616 3280 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
    15:34:37.0616 3280 ssadmdfl - ok
    15:34:37.0636 3280 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
    15:34:37.0656 3280 ssadmdm - ok
    15:34:37.0686 3280 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    15:34:37.0696 3280 SSDPSRV - ok
    15:34:37.0706 3280 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    15:34:37.0716 3280 SstpSvc - ok
    15:34:37.0726 3280 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    15:34:37.0726 3280 stexstor - ok
    15:34:37.0786 3280 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    15:34:37.0806 3280 stisvc - ok
    15:34:37.0836 3280 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    15:34:37.0836 3280 storflt - ok
    15:34:37.0886 3280 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    15:34:37.0906 3280 storvsc - ok
    15:34:37.0946 3280 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    15:34:37.0966 3280 swenum - ok
    15:34:38.0116 3280 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    15:34:38.0116 3280 SwitchBoard - ok
    15:34:38.0146 3280 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    15:34:38.0146 3280 swprv - ok
    15:34:38.0156 3280 Synth3dVsc - ok
    15:34:38.0216 3280 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    15:34:38.0246 3280 SysMain - ok
    15:34:38.0256 3280 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    15:34:38.0266 3280 TabletInputService - ok
    15:34:38.0276 3280 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    15:34:38.0286 3280 TapiSrv - ok
    15:34:38.0296 3280 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    15:34:38.0296 3280 TBS - ok
    15:34:38.0366 3280 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    15:34:38.0406 3280 Tcpip - ok
    15:34:38.0466 3280 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    15:34:38.0486 3280 TCPIP6 - ok
    15:34:38.0516 3280 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    15:34:38.0516 3280 tcpipreg - ok
    15:34:38.0546 3280 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    15:34:38.0556 3280 TDPIPE - ok
    15:34:38.0616 3280 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    15:34:38.0636 3280 TDTCP - ok
    15:34:38.0676 3280 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    15:34:38.0696 3280 tdx - ok
    15:34:38.0706 3280 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    15:34:38.0726 3280 TermDD - ok
    15:34:38.0776 3280 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    15:34:38.0776 3280 TermService - ok
    15:34:38.0796 3280 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    15:34:38.0796 3280 Themes - ok
    15:34:38.0816 3280 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    15:34:38.0816 3280 THREADORDER - ok
    15:34:38.0856 3280 [ 8DD33A57339ADAE34CDB12994ACBC50F ] Tpkd C:\Windows\system32\drivers\Tpkd.sys
    15:34:38.0876 3280 Tpkd - ok
    15:34:38.0896 3280 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    15:34:38.0906 3280 TrkWks - ok
    15:34:38.0926 3280 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    15:34:38.0926 3280 TrustedInstaller - ok
    15:34:38.0956 3280 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    15:34:38.0956 3280 tssecsrv - ok
    15:34:38.0976 3280 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    15:34:39.0006 3280 TsUsbFlt - ok
    15:34:39.0016 3280 tsusbhub - ok
    15:34:39.0066 3280 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    15:34:39.0076 3280 tunnel - ok
    15:34:39.0096 3280 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    15:34:39.0106 3280 uagp35 - ok
    15:34:39.0126 3280 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    15:34:39.0126 3280 udfs - ok
    15:34:39.0136 3280 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    15:34:39.0146 3280 UI0Detect - ok
    15:34:39.0166 3280 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    15:34:39.0176 3280 uliagpkx - ok
    15:34:39.0196 3280 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    15:34:39.0226 3280 umbus - ok
    15:34:39.0246 3280 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    15:34:39.0266 3280 UmPass - ok
    15:34:39.0306 3280 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
    15:34:39.0316 3280 UmRdpService - ok
    15:34:39.0336 3280 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    15:34:39.0356 3280 upnphost - ok
    15:34:39.0407 3280 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    15:34:39.0427 3280 USBAAPL64 - ok
    15:34:39.0457 3280 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    15:34:39.0477 3280 usbccgp - ok
    15:34:39.0517 3280 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    15:34:39.0537 3280 usbcir - ok
    15:34:39.0547 3280 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    15:34:39.0567 3280 usbehci - ok
    15:34:39.0577 3280 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    15:34:39.0607 3280 usbhub - ok
    15:34:39.0617 3280 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    15:34:39.0637 3280 usbohci - ok
    15:34:39.0657 3280 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    15:34:39.0677 3280 usbprint - ok
    15:34:39.0717 3280 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    15:34:39.0737 3280 usbscan - ok
    15:34:39.0747 3280 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
    15:34:39.0777 3280 USBSTOR - ok
    15:34:39.0797 3280 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    15:34:39.0797 3280 usbuhci - ok
    15:34:39.0807 3280 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    15:34:39.0817 3280 UxSms - ok
    15:34:39.0827 3280 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    15:34:39.0827 3280 VaultSvc - ok
    15:34:39.0837 3280 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    15:34:39.0867 3280 vdrvroot - ok
    15:34:39.0907 3280 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    15:34:39.0917 3280 vds - ok
    15:34:39.0937 3280 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    15:34:39.0937 3280 vga - ok
    15:34:39.0947 3280 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    15:34:39.0967 3280 VgaSave - ok
    15:34:39.0967 3280 VGPU - ok
    15:34:39.0997 3280 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    15:34:40.0017 3280 vhdmp - ok
    15:34:40.0057 3280 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    15:34:40.0077 3280 viaide - ok
    15:34:40.0117 3280 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
    15:34:40.0177 3280 vmbus - ok
    15:34:40.0207 3280 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    15:34:40.0227 3280 VMBusHID - ok
    15:34:40.0257 3280 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    15:34:40.0297 3280 volmgr - ok
    15:34:40.0337 3280 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    15:34:40.0337 3280 volmgrx - ok
    15:34:40.0347 3280 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    15:34:40.0377 3280 volsnap - ok
    15:34:40.0397 3280 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    15:34:40.0417 3280 vsmraid - ok
    15:34:40.0517 3280 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    15:34:40.0547 3280 VSS - ok
    15:34:40.0557 3280 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    15:34:40.0567 3280 vwifibus - ok
    15:34:40.0607 3280 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    15:34:40.0607 3280 W32Time - ok
    15:34:40.0627 3280 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    15:34:40.0637 3280 WacomPen - ok
    15:34:40.0647 3280 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    15:34:40.0667 3280 WANARP - ok
    15:34:40.0667 3280 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    15:34:40.0667 3280 Wanarpv6 - ok
    15:34:40.0727 3280 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    15:34:40.0767 3280 WatAdminSvc - ok
    15:34:40.0827 3280 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    15:34:40.0847 3280 wbengine - ok
    15:34:40.0867 3280 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    15:34:40.0867 3280 WbioSrvc - ok
    15:34:40.0917 3280 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    15:34:40.0927 3280 wcncsvc - ok
    15:34:40.0937 3280 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    15:34:40.0937 3280 WcsPlugInService - ok
    15:34:40.0957 3280 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    15:34:40.0957 3280 Wd - ok
    15:34:40.0977 3280 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    15:34:40.0987 3280 Wdf01000 - ok
    15:34:40.0997 3280 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    15:34:40.0997 3280 WdiServiceHost - ok
    15:34:41.0007 3280 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    15:34:41.0007 3280 WdiSystemHost - ok
    15:34:41.0047 3280 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    15:34:41.0047 3280 WebClient - ok
    15:34:41.0057 3280 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    15:34:41.0067 3280 Wecsvc - ok
    15:34:41.0077 3280 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    15:34:41.0077 3280 wercplsupport - ok
    15:34:41.0107 3280 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    15:34:41.0117 3280 WerSvc - ok
    15:34:41.0117 3280 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    15:34:41.0137 3280 WfpLwf - ok
    15:34:41.0157 3280 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    15:34:41.0177 3280 WIMMount - ok
    15:34:41.0197 3280 WinDefend - ok
    15:34:41.0207 3280 WinHttpAutoProxySvc - ok
    15:34:41.0297 3280 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    15:34:41.0317 3280 Winmgmt - ok
    15:34:41.0387 3280 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    15:34:41.0417 3280 WinRM - ok
    15:34:41.0487 3280 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    15:34:41.0507 3280 WinUsb - ok
    15:34:41.0527 3280 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    15:34:41.0547 3280 Wlansvc - ok
    15:34:41.0567 3280 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    15:34:41.0587 3280 WmiAcpi - ok
    15:34:41.0617 3280 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    15:34:41.0617 3280 wmiApSrv - ok
    15:34:41.0627 3280 WMPNetworkSvc - ok
    15:34:41.0637 3280 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    15:34:41.0637 3280 WPCSvc - ok
    15:34:41.0677 3280 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    15:34:41.0687 3280 WPDBusEnum - ok
    15:34:41.0697 3280 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    15:34:41.0697 3280 ws2ifsl - ok
    15:34:41.0707 3280 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
    15:34:41.0707 3280 wscsvc - ok
    15:34:41.0707 3280 WSearch - ok
    15:34:41.0787 3280 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    15:34:41.0857 3280 wuauserv - ok
    15:34:41.0867 3280 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    15:34:41.0887 3280 WudfPf - ok
    15:34:41.0927 3280 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    15:34:41.0947 3280 WUDFRd - ok
    15:34:41.0997 3280 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    15:34:41.0997 3280 wudfsvc - ok
    15:34:42.0017 3280 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    15:34:42.0017 3280 WwanSvc - ok
    15:34:42.0037 3280 ================ Scan global ===============================
    15:34:42.0057 3280 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    15:34:42.0077 3280 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    15:34:42.0087 3280 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    15:34:42.0107 3280 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    15:34:42.0137 3280 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    15:34:42.0137 3280 [Global] - ok
    15:34:42.0137 3280 ================ Scan MBR ==================================
    15:34:42.0147 3280 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    15:34:42.0488 3280 \Device\Harddisk0\DR0 - ok
    15:34:42.0488 3280 ================ Scan VBR ==================================
    15:34:42.0488 3280 [ 312ACF461551BC8DEE5FAF5CD4C51E3F ] \Device\Harddisk0\DR0\Partition1
    15:34:42.0498 3280 \Device\Harddisk0\DR0\Partition1 - ok
    15:34:42.0498 3280 [ 739782F13E18E9E3FD0D3742D0D93057 ] \Device\Harddisk0\DR0\Partition2
    15:34:42.0498 3280 \Device\Harddisk0\DR0\Partition2 - ok
    15:34:42.0498 3280 ============================================================
    15:34:42.0498 3280 Scan finished
    15:34:42.0498 3280 ============================================================
    15:34:42.0508 1408 Detected object count: 0
    15:34:42.0508 1408 Actual detected object count: 0
     
  9. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Go on...
     
  10. AlexMcNeill

    AlexMcNeill TS Rookie Topic Starter Posts: 18

    RougeKiller:

    RogueKiller V8.0.3 [09/13/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Alexander [Admin rights]
    Mode : Scan -- Date : 09/16/2012 16:23:51

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 8 ¤¤¤
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST31000528AS ATA Device +++++
    --- User ---
    [MBR] 13b6cd51183612737022793d0c57efbc
    [BSP] 43e2be632fa467e7e97cb39987fa84d2 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt

    (sorry, running the other scan at the moment, will post in a bit)
     
  11. AlexMcNeill

    AlexMcNeill TS Rookie Topic Starter Posts: 18

    aswMBR:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-16 17:55:24
    -----------------------------
    17:55:24.940 OS Version: Windows x64 6.1.7601 Service Pack 1
    17:55:24.940 Number of processors: 4 586 0x170A
    17:55:24.940 ComputerName: ALEXANDER-PC UserName: Alexander
    17:55:26.407 Initialize success
    18:01:46.205 AVAST engine defs: 12091400
    18:03:00.127 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    18:03:00.130 Disk 0 Vendor: ST31000528AS CC44 Size: 953869MB BusType: 3
    18:03:00.164 Disk 0 MBR read successfully
    18:03:00.167 Disk 0 MBR scan
    18:03:00.172 Disk 0 Windows 7 default MBR code
    18:03:00.184 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    18:03:00.201 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
    18:03:00.289 Disk 0 scanning C:\Windows\system32\drivers
    18:03:25.200 Service scanning
    18:03:47.370 Modules scanning
    18:03:47.377 Disk 0 trace - called modules:
    18:03:47.412 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80039b02c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    18:03:47.416 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a75060]
    18:03:47.421 3 CLASSPNP.SYS[fffff88001ab243f] -> nt!IofCallDriver -> [0xfffffa80047cb580]
    18:03:47.426 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047d3060]
    18:03:47.431 \Driver\atapi[0xfffffa80047b6870] -> IRP_MJ_CREATE -> 0xfffffa80039b02c0
    18:04:00.762 AVAST engine scan C:\Windows
    18:04:58.578 AVAST engine scan C:\Windows\system32
    18:10:38.345 AVAST engine scan C:\Windows\system32\drivers
    18:11:09.067 AVAST engine scan C:\Users\Alexander
    19:02:21.863 AVAST engine scan C:\ProgramData
    19:04:03.306 Scan finished successfully
    19:06:56.012 Disk 0 MBR has been saved successfully to "C:\Users\Alexander\Desktop\MBR.dat"
    19:06:56.018 The log file has been saved successfully to "C:\Users\Alexander\Desktop\aswMBR.txt"
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    =============================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  13. AlexMcNeill

    AlexMcNeill TS Rookie Topic Starter Posts: 18

    Ran the combofix scan but upon restarting my computer refused to connect to tthe internet-as suggested, I rebooted but I still couldn't connect. I've disconnected the internet, then reconnected and turned computer back on several times, and still no change. I would do a system restore but I wanted to get your verdict before I make any decisions on the matter. I've had to use a different computer to get the Log to you:

    ComboFix 12-09-15.02 - Alexander 16/09/2012 19:22:54.2.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4095.2596 [GMT 1:00]
    Running from: c:\users\Alexander\Desktop\ComboFix.exe
    AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-16 to 2012-09-16 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-16 18:28 . 2012-09-16 18:28 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-09-15 23:12 . 2012-09-15 23:13 -------- d-----w- c:\users\Alexander\AppData\Local\Facebook
    2012-09-15 13:54 . 2012-09-15 13:54 -------- d-----w- C:\found.001
    2012-09-15 12:42 . 2012-09-15 12:42 -------- d-----w- c:\program files (x86)\NirSoft
    2012-09-15 01:59 . 2012-09-15 01:59 -------- d-----w- c:\users\Alexander\AppData\Roaming\Malwarebytes
    2012-09-15 01:58 . 2012-09-15 01:58 -------- d-----w- c:\programdata\Malwarebytes
    2012-09-15 01:58 . 2012-09-15 01:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-09-15 01:58 . 2012-09-07 16:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-15 00:59 . 2012-09-15 00:59 -------- d-----w- C:\_OTL
    2012-09-14 20:00 . 2012-09-14 20:00 -------- d-----w- c:\program files (x86)\ESET
    2012-09-14 18:49 . 2012-09-14 18:49 27256 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
    2012-09-14 18:49 . 2012-09-14 18:49 -------- d-----w- c:\users\Alexander\AppData\Roaming\FixTDSS
    2012-09-14 10:28 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{34F0332C-F86F-41EA-9DCB-0871CC349104}\mpengine.dll
    2012-09-12 22:47 . 2012-09-12 22:47 -------- d-----w- c:\users\Alexander\AppData\Local\Macromedia
    2012-09-12 22:47 . 2012-09-12 22:54 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-11 19:36 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-09-11 19:36 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
    2012-09-11 19:36 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-09-11 19:36 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2012-09-11 19:36 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-09-11 19:36 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-09-11 19:36 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-09-10 12:31 . 2012-09-10 12:31 -------- d-----w- c:\users\Alexander\AppData\Local\Adob?
    2012-08-30 14:47 . 2012-09-06 23:47 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-12 22:54 . 2012-03-15 18:33 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-15 19:54 . 2012-06-28 20:55 62134624 ----a-w- c:\windows\system32\MRT.exe
    2012-07-18 18:15 . 2012-08-15 13:05 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-04 22:16 . 2012-08-15 13:05 73216 ----a-w- c:\windows\system32\netapi32.dll
    2012-07-04 22:13 . 2012-08-15 13:05 59392 ----a-w- c:\windows\system32\browcli.dll
    2012-07-04 22:13 . 2012-08-15 13:05 136704 ----a-w- c:\windows\system32\browser.dll
    2012-07-04 21:14 . 2012-08-15 13:05 41984 ----a-w- c:\windows\SysWow64\browcli.dll
    2012-06-29 04:55 . 2012-08-15 19:56 17809920 ----a-w- c:\windows\system32\mshtml.dll
    2012-06-29 04:09 . 2012-08-15 19:56 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-06-29 03:56 . 2012-08-15 19:56 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-29 03:49 . 2012-08-15 19:56 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-06-29 03:49 . 2012-08-15 19:56 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-06-29 03:48 . 2012-08-15 19:56 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-29 03:47 . 2012-08-15 19:56 237056 ----a-w- c:\windows\system32\url.dll
    2012-06-29 03:45 . 2012-08-15 19:56 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-06-29 03:44 . 2012-08-15 19:56 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-06-29 03:43 . 2012-08-15 19:56 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-29 03:42 . 2012-08-15 19:56 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-06-29 03:40 . 2012-08-15 19:56 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-06-29 03:39 . 2012-08-15 19:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-29 03:35 . 2012-08-15 19:56 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-06-29 00:16 . 2012-08-15 19:56 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-06-29 00:09 . 2012-08-15 19:56 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-06-29 00:08 . 2012-08-15 19:56 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04 . 2012-08-15 19:56 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00 . 2012-08-15 19:56 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-06-28 20:53 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2012-06-28 20:53 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2012-03-15 17:55 8192 --sha-w- c:\windows\SysWOW64\srvany.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-09-14_19.27.38 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2012-09-14 18:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-09-15 20:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-09-14 18:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2012-09-14 20:02 . 2012-09-15 20:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-09-14 18:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-09-15 20:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-03-14 23:41 . 2012-09-16 18:31 31668 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-09-16 18:31 25928 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 04:46 . 2012-09-16 18:18 89968 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2012-03-14 23:36 . 2012-09-16 18:31 6802 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3046589895-3326246652-1605513513-1001_UserData.bin
    - 2012-09-14 19:27 . 2012-09-14 19:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-09-16 18:29 . 2012-09-16 18:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-09-16 18:29 . 2012-09-16 18:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-09-14 19:27 . 2012-09-14 19:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 02:36 . 2012-09-14 18:58 667262 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-09-16 00:24 667262 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-09-16 00:24 125938 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-09-14 18:58 125938 c:\windows\system32\perfc009.dat
    + 2009-07-14 05:01 . 2012-09-16 18:28 474252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-09-14 19:26 474252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2012-03-15 04:09 . 2012-09-14 19:26 3141146 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3046589895-3326246652-1605513513-1001-12288.dat
    + 2012-03-15 04:09 . 2012-09-16 18:28 3141146 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3046589895-3326246652-1605513513-1001-12288.dat
    + 2010-01-01 00:00 . 2010-01-01 00:00 4460544 c:\windows\Installer\2b2af.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
    "Facebook Update"="c:\users\Alexander\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-15 138096]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
    .
    c:\users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-12 250056]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-15 1255736]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-07-26 794560]
    S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
    S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2011-07-09 2932224]
    S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2007-04-27 142120]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-12 22:54]
    .
    2012-09-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001Core.job
    - c:\users\Alexander\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-15 23:12]
    .
    2012-09-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001UA.job
    - c:\users\Alexander\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-15 23:12]
    .
    2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001Core.job
    - c:\users\Alexander\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-15 03:35]
    .
    2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001UA.job
    - c:\users\Alexander\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-15 03:35]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\sw8bcap3.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:16,b5,db,99,ab,2e,74,53,03,ef,9d,71,ec,e8,43,98,5f,e3,f9,34,ef,
    20,a7,b5,3f,70,90,59,b1,bc,d8,97,a8,2a,95,a0,f6,af,74,8a,5f,8e,81,21,ac,44,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:16,b5,db,99,ab,2e,74,53,03,ef,9d,71,ec,e8,43,98,5f,e3,f9,34,ef,
    20,a7,b5,3f,70,90,59,b1,bc,d8,97,a8,2a,95,a0,f6,af,74,8a,5f,8e,81,21,ac,44,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-09-16 19:35:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-16 18:35
    ComboFix2.txt 2012-09-14 19:34
    .
    Pre-Run: 513,748,156,416 bytes free
    Post-Run: 513,940,967,424 bytes free
    .
    - - End Of File - - 7A3FA108D32729684E7E725F4D677808
     
  14. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Yes. Use system restore to before Combofix.
     
  15. AlexMcNeill

    AlexMcNeill TS Rookie Topic Starter Posts: 18

    Carried out system restore-it failed. Ended up with this error message that I thought I'd show you:

    [​IMG]
     
  16. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  17. AlexMcNeill

    AlexMcNeill TS Rookie Topic Starter Posts: 18

    Cheers. Here's the log:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2012 01
    Ran by SYSTEM at 17-09-2012 16:18:38
    Running from J:\
    Windows 7 Ultimate (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)
    HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-11] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36800 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [823224 2012-07-27] (Adobe Systems Inc.)
    HKU\Alexander\...\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
    HKU\Alexander\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3481408 2012-02-13] (DT Soft Ltd)
    HKU\Alexander\...\Run: [Facebook Update] "C:\Users\Alexander\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-09-15] (Facebook Inc.)
    Startup: C:\Users\Alexander\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)

    ==================== Services (Whitelisted) ===================

    2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [974944 2011-09-22] (ESET)
    2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2012-03-15] ()
    2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" [2932224 2011-07-08] (PACE Anti-Piracy, Inc.)

    ==================== Drivers (Whitelisted) =====================

    2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
    2 epfw; C:\Windows\System32\Drivers\epfw.sys [187632 2011-08-04] (ESET)
    1 EpfwLWF; C:\Windows\System32\Drivers\EpfwLWF.sys [38288 2011-08-04] (ESET)
    0 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [62496 2011-08-04] (ESET)
    2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [142120 2007-04-26] (SafeNet, Inc.)
    0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
    0 sptd; C:\Windows\System32\Drivers\sptd.sys [564792 2012-03-15] (Duplex Secure Ltd.)
    1 Aspi32; [x]
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-09-16 13:22 - 2012-09-16 13:22 - 00274776 ____A C:\Windows\Minidump\091612-16270-01.dmp
    2012-09-16 10:35 - 2012-09-16 10:35 - 00024324 ____A C:\ComboFix.txt
    2012-09-16 10:20 - 2012-09-16 10:21 - 04754503 ____R (Swearware) C:\Users\Alexander\Desktop\ComboFix.exe
    2012-09-16 10:09 - 2012-09-16 10:09 - 00274776 ____A C:\Windows\Minidump\091612-18002-01.dmp
    2012-09-16 10:06 - 2012-09-16 10:06 - 00002092 ____A C:\Users\Alexander\Desktop\aswMBR.txt
    2012-09-16 10:06 - 2012-09-16 10:06 - 00000512 ____A C:\Users\Alexander\Desktop\MBR.dat
    2012-09-16 08:02 - 2012-09-16 08:02 - 00274776 ____A C:\Windows\Minidump\091612-21746-01.dmp
    2012-09-16 07:25 - 2012-09-16 07:26 - 04731392 ____A (AVAST Software) C:\Users\Alexander\Desktop\aswMBR.exe
    2012-09-16 07:23 - 2012-09-16 07:23 - 00001687 ____A C:\Users\Alexander\Desktop\RKreport[1].txt
    2012-09-16 07:23 - 2012-09-16 07:23 - 00000000 ____D C:\Users\Alexander\Desktop\RK_Quarantine
    2012-09-16 07:22 - 2012-09-16 07:23 - 01378816 ____A C:\Users\Alexander\Desktop\RogueKiller.exe
    2012-09-16 07:21 - 2012-09-16 07:21 - 00278904 ____A C:\Windows\Minidump\091612-16723-01.dmp
    2012-09-16 06:33 - 2012-09-16 06:33 - 02193184 ____A C:\Users\Alexander\Desktop\tdsskiller.zip
    2012-09-16 06:33 - 2012-08-24 04:28 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Alexander\Desktop\TDSSKiller.exe
    2012-09-16 06:33 - 2010-12-31 16:14 - 00002254 ___RA C:\Users\Alexander\Desktop\eula.txt
    2012-09-15 16:30 - 2012-09-15 16:30 - 00274776 ____A C:\Windows\Minidump\091612-19593-01.dmp
    2012-09-15 15:12 - 2012-09-16 09:17 - 00000944 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001UA.job
    2012-09-15 15:12 - 2012-09-15 15:17 - 00000922 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001Core.job
    2012-09-15 15:12 - 2012-09-15 15:13 - 00000000 ____D C:\Users\Alexander\AppData\Local\Facebook
    2012-09-15 15:09 - 2012-09-15 15:09 - 00501248 ____A (Facebook Inc.) C:\Users\Alexander\Desktop\FacebookVideoCallSetup_v1.2.205.0.exe
    2012-09-15 12:46 - 2012-09-15 12:46 - 00274776 ____A C:\Windows\Minidump\091512-19671-01.dmp
    2012-09-15 12:35 - 2012-09-15 12:35 - 00274776 ____A C:\Windows\Minidump\091512-261847-01.dmp
    2012-09-15 10:28 - 2012-09-15 10:28 - 00383004 ____A C:\Users\Alexander\Downloads\sound test 2.pkf
    2012-09-15 10:08 - 2012-09-15 10:09 - 06132016 ____A C:\Users\Alexander\Downloads\sound test 2.wav
    2012-09-15 05:57 - 2012-09-15 05:57 - 00274776 ____A C:\Windows\Minidump\091512-20982-01.dmp
    2012-09-15 05:56 - 2012-09-15 05:56 - 00010096 ____N C:\bootsqm.dat
    2012-09-15 05:54 - 2012-09-15 05:54 - 00000000 ____D C:\found.001
    2012-09-15 05:44 - 2012-09-15 05:44 - 00001220 ____A C:\Windows\System32\Drivers\etc\hosts.txt
    2012-09-15 04:43 - 2012-09-15 04:43 - 00055442 ____A C:\Users\Alexander\Desktop\BSOD.txt
    2012-09-15 04:42 - 2012-09-15 04:42 - 00130247 ____A C:\Users\Alexander\Desktop\bluescreenview_setup.exe
    2012-09-15 04:42 - 2012-09-15 04:42 - 00000000 ____D C:\Program Files (x86)\NirSoft
    2012-09-15 04:36 - 2012-09-15 04:36 - 00006138 ____A C:\Users\Alexander\Desktop\Attach.zip
    2012-09-15 04:35 - 2012-09-15 04:35 - 00052134 ____A C:\Users\Alexander\Desktop\Attach.txt
    2012-09-15 04:34 - 2012-09-15 04:34 - 00607260 ____R (Swearware) C:\Users\Alexander\Desktop\dds.com
    2012-09-14 18:42 - 2012-09-14 18:42 - 00302592 ____A C:\Users\Alexander\Downloads\5bjw68se.exe
    2012-09-14 18:39 - 2012-09-14 18:39 - 00302592 ____A C:\Users\Alexander\Downloads\6k5k6p6k.exe
    2012-09-14 18:36 - 2012-09-14 18:36 - 00000000 ____A C:\Users\Alexander\Desktop\gmer.log
    2012-09-14 18:33 - 2012-09-14 18:33 - 00302592 ____A C:\Users\Alexander\Downloads\6ofrkfzy.exe
    2012-09-14 17:59 - 2012-09-14 17:59 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Malwarebytes
    2012-09-14 17:58 - 2012-09-14 17:58 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-14 17:58 - 2012-09-14 17:58 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-09-14 17:58 - 2012-09-14 17:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-14 17:58 - 2012-09-07 08:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-14 17:57 - 2012-09-14 17:57 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Alexander\Downloads\mbam-setup-1.65.0.1400.exe
    2012-09-14 16:59 - 2012-09-14 16:59 - 00000000 ____D C:\_OTL
    2012-09-14 16:55 - 2012-09-14 16:55 - 00274776 ____A C:\Windows\Minidump\091512-18236-01.dmp
    2012-09-14 14:03 - 2012-09-14 14:03 - 00274776 ____A C:\Windows\Minidump\091412-18766-01.dmp
    2012-09-14 13:05 - 2012-09-14 13:05 - 00274720 ____A C:\Windows\Minidump\091412-17440-01.dmp
    2012-09-14 12:00 - 2012-09-14 12:00 - 02322184 ____A (ESET) C:\Users\Alexander\Documents\esetsmartinstaller_enu.exe
    2012-09-14 12:00 - 2012-09-14 12:00 - 00000000 ____D C:\Program Files (x86)\ESET
    2012-09-14 11:18 - 2012-09-16 13:09 - 00000000 ____D C:\Windows\erdnt
    2012-09-14 11:18 - 2012-09-16 10:35 - 00000000 ____D C:\Qoobox
    2012-09-14 11:18 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-09-14 11:18 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-09-14 11:18 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-09-14 11:18 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-09-14 11:18 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-09-14 11:18 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2012-09-14 11:18 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2012-09-14 11:18 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2012-09-14 10:56 - 2012-09-14 10:56 - 04752472 ____A (Swearware) C:\Users\Alexander\Downloads\ComboFix.exe
    2012-09-14 10:49 - 2012-09-14 10:49 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixTDSS.sys
    2012-09-14 10:49 - 2012-09-14 10:49 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\FixTDSS
    2012-09-14 10:41 - 2012-09-14 10:41 - 02193184 ____A C:\Users\Alexander\Downloads\tdsskiller.zip
    2012-09-14 10:27 - 2012-09-14 10:27 - 00044607 ____A C:\Users\Alexander\Downloads\bootkit_remover.zip
    2012-09-14 10:17 - 2012-09-14 10:17 - 04731392 ____A (AVAST Software) C:\Users\Alexander\Downloads\aswMBR(1).exe
    2012-09-14 10:12 - 2012-09-14 10:12 - 00274776 ____A C:\Windows\Minidump\091412-21013-01.dmp
    2012-09-14 02:40 - 2012-09-14 02:40 - 00274776 ____A C:\Windows\Minidump\091412-17222-01.dmp
    2012-09-13 13:54 - 2012-09-13 13:54 - 00274720 ____A C:\Windows\Minidump\091312-19328-01.dmp
    2012-09-13 13:53 - 2012-09-13 13:53 - 00274776 ____A C:\Windows\Minidump\091312-18205-01.dmp
    2012-09-13 06:16 - 2012-09-13 06:16 - 04731392 ____A (AVAST Software) C:\Users\Alexander\Downloads\aswMBR.exe
    2012-09-13 06:02 - 2012-09-13 06:02 - 00274776 ____A C:\Windows\Minidump\091312-23119-01.dmp
    2012-09-12 14:47 - 2012-09-16 09:54 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-12 14:47 - 2012-09-12 14:54 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-09-12 14:47 - 2012-09-12 14:47 - 00000000 ____D C:\Users\Alexander\AppData\Local\Macromedia
    2012-09-12 14:31 - 2012-09-12 14:31 - 00274776 ____A C:\Windows\Minidump\091212-20077-01.dmp
    2012-09-11 14:52 - 2012-09-11 14:52 - 00274776 ____A C:\Windows\Minidump\091112-17253-01.dmp
    2012-09-11 11:36 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-09-11 11:36 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-09-11 11:36 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-09-11 11:36 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-09-11 11:36 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-09-11 11:36 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2012-09-11 11:36 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
    2012-09-10 18:15 - 2012-09-10 18:15 - 00274776 ____A C:\Windows\Minidump\091112-17690-01.dmp
    2012-09-10 10:59 - 2012-09-10 10:59 - 00274776 ____A C:\Windows\Minidump\091012-18876-01.dmp
    2012-09-10 10:33 - 2012-09-10 10:33 - 00089507 ____A C:\Users\Alexander\Downloads\dir.dcr
    2012-09-10 07:10 - 2012-09-10 07:12 - 00000000 ____D C:\Users\Alexander\Desktop\window
    2012-09-10 04:31 - 2012-09-10 04:31 - 00000000 ____D C:\Users\Alexander\AppData\Local\Adob?
    2012-09-06 16:43 - 2012-09-06 16:43 - 00274776 ____A C:\Windows\Minidump\090712-17409-01.dmp
    2012-09-05 19:11 - 2012-09-05 19:11 - 00274776 ____A C:\Windows\Minidump\090612-20997-01.dmp
    2012-09-05 08:34 - 2012-09-05 08:34 - 00274776 ____A C:\Windows\Minidump\090512-16660-01.dmp
    2012-09-04 12:08 - 2012-09-04 12:08 - 00274776 ____A C:\Windows\Minidump\090412-17362-01.dmp
    2012-09-03 15:05 - 2012-09-03 15:05 - 00274776 ____A C:\Windows\Minidump\090412-21247-01.dmp
    2012-09-02 11:42 - 2012-09-02 11:42 - 00274776 ____A C:\Windows\Minidump\090212-19843-01.dmp
    2012-09-01 17:47 - 2012-09-01 17:47 - 00274776 ____A C:\Windows\Minidump\090212-16130-01.dmp
    2012-08-31 16:40 - 2012-08-31 16:40 - 00274776 ____A C:\Windows\Minidump\090112-16317-01.dmp
    2012-08-31 16:16 - 2012-08-31 16:16 - 00274776 ____A C:\Windows\Minidump\090112-17082-01.dmp
    2012-08-30 11:30 - 2012-08-30 11:40 - 00000000 ____D C:\Users\Alexander\Downloads\Catfish[2010]DvDrip[Eng]-FXG
    2012-08-30 10:03 - 2012-08-30 16:42 - 00000000 ____D C:\Users\Alexander\Downloads\Jeepers Creepers (2001) [1080p]
    2012-08-30 08:25 - 2012-08-30 08:25 - 00002830 ____A C:\Users\Alexander\Downloads\Optimized-aq9l8k29sr0mq4vtjx86_reasonably_small.jpeg
    2012-08-20 16:00 - 2012-08-20 16:00 - 01012298 ____A C:\Users\Alexander\Downloads\Attachments_2012_08_21.zip
    2012-08-20 11:54 - 2012-08-20 11:54 - 00274776 ____A C:\Windows\Minidump\082012-17082-01.dmp
    2012-08-19 17:55 - 2012-08-19 17:55 - 00122888 ____A C:\Users\Alexander\Downloads\grenoway(1).zip


    ==================== 3 Months Modified Files ==================

    2012-09-17 07:13 - 2012-03-15 10:08 - 01495758 ____A C:\Windows\WindowsUpdate.log
    2012-09-17 05:12 - 2009-07-13 20:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-17 05:12 - 2009-07-13 20:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-17 05:05 - 2012-03-15 11:34 - 00026662 ____A C:\Windows\setupact.log
    2012-09-17 05:05 - 2009-07-13 21:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-09-17 05:05 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-16 15:45 - 2009-07-13 21:13 - 00782922 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-16 13:22 - 2012-09-16 13:22 - 00274776 ____A C:\Windows\Minidump\091612-16270-01.dmp
    2012-09-16 13:22 - 2012-06-28 12:33 - 334670299 ____A C:\Windows\MEMORY.DMP
    2012-09-16 10:35 - 2012-09-16 10:35 - 00024324 ____A C:\ComboFix.txt
    2012-09-16 10:30 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
    2012-09-16 10:29 - 2012-05-18 04:15 - 00008846 ____A C:\Windows\PFRO.log
    2012-09-16 10:21 - 2012-09-16 10:20 - 04754503 ____R (Swearware) C:\Users\Alexander\Desktop\ComboFix.exe
    2012-09-16 10:09 - 2012-09-16 10:09 - 00274776 ____A C:\Windows\Minidump\091612-18002-01.dmp
    2012-09-16 10:06 - 2012-09-16 10:06 - 00002092 ____A C:\Users\Alexander\Desktop\aswMBR.txt
    2012-09-16 10:06 - 2012-09-16 10:06 - 00000512 ____A C:\Users\Alexander\Desktop\MBR.dat
    2012-09-16 09:54 - 2012-09-12 14:47 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-16 09:50 - 2012-03-14 19:35 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001UA.job
    2012-09-16 09:17 - 2012-09-15 15:12 - 00000944 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001UA.job
    2012-09-16 08:02 - 2012-09-16 08:02 - 00274776 ____A C:\Windows\Minidump\091612-21746-01.dmp
    2012-09-16 07:26 - 2012-09-16 07:25 - 04731392 ____A (AVAST Software) C:\Users\Alexander\Desktop\aswMBR.exe
    2012-09-16 07:23 - 2012-09-16 07:23 - 00001687 ____A C:\Users\Alexander\Desktop\RKreport[1].txt
    2012-09-16 07:23 - 2012-09-16 07:22 - 01378816 ____A C:\Users\Alexander\Desktop\RogueKiller.exe
    2012-09-16 07:21 - 2012-09-16 07:21 - 00278904 ____A C:\Windows\Minidump\091612-16723-01.dmp
    2012-09-16 06:33 - 2012-09-16 06:33 - 02193184 ____A C:\Users\Alexander\Desktop\tdsskiller.zip
    2012-09-15 16:54 - 2012-03-15 09:11 - 00000021 ____A C:\Windows\SurCode.INI
    2012-09-15 16:30 - 2012-09-15 16:30 - 00274776 ____A C:\Windows\Minidump\091612-19593-01.dmp
    2012-09-15 15:17 - 2012-09-15 15:12 - 00000922 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001Core.job
    2012-09-15 15:09 - 2012-09-15 15:09 - 00501248 ____A (Facebook Inc.) C:\Users\Alexander\Desktop\FacebookVideoCallSetup_v1.2.205.0.exe
    2012-09-15 14:50 - 2012-03-14 19:35 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001Core.job
    2012-09-15 12:46 - 2012-09-15 12:46 - 00274776 ____A C:\Windows\Minidump\091512-19671-01.dmp
    2012-09-15 12:35 - 2012-09-15 12:35 - 00274776 ____A C:\Windows\Minidump\091512-261847-01.dmp
    2012-09-15 10:28 - 2012-09-15 10:28 - 00383004 ____A C:\Users\Alexander\Downloads\sound test 2.pkf
    2012-09-15 10:09 - 2012-09-15 10:08 - 06132016 ____A C:\Users\Alexander\Downloads\sound test 2.wav
    2012-09-15 05:57 - 2012-09-15 05:57 - 00274776 ____A C:\Windows\Minidump\091512-20982-01.dmp
    2012-09-15 05:56 - 2012-09-15 05:56 - 00010096 ____N C:\bootsqm.dat
    2012-09-15 05:44 - 2012-09-15 05:44 - 00001220 ____A C:\Windows\System32\Drivers\etc\hosts.txt
    2012-09-15 04:43 - 2012-09-15 04:43 - 00055442 ____A C:\Users\Alexander\Desktop\BSOD.txt
    2012-09-15 04:42 - 2012-09-15 04:42 - 00130247 ____A C:\Users\Alexander\Desktop\bluescreenview_setup.exe
    2012-09-15 04:36 - 2012-09-15 04:36 - 00006138 ____A C:\Users\Alexander\Desktop\Attach.zip
    2012-09-15 04:35 - 2012-09-15 04:35 - 00052134 ____A C:\Users\Alexander\Desktop\Attach.txt
    2012-09-15 04:34 - 2012-09-15 04:34 - 00607260 ____R (Swearware) C:\Users\Alexander\Desktop\dds.com
    2012-09-14 18:42 - 2012-09-14 18:42 - 00302592 ____A C:\Users\Alexander\Downloads\5bjw68se.exe
    2012-09-14 18:39 - 2012-09-14 18:39 - 00302592 ____A C:\Users\Alexander\Downloads\6k5k6p6k.exe
    2012-09-14 18:36 - 2012-09-14 18:36 - 00000000 ____A C:\Users\Alexander\Desktop\gmer.log
    2012-09-14 18:33 - 2012-09-14 18:33 - 00302592 ____A C:\Users\Alexander\Downloads\6ofrkfzy.exe
    2012-09-14 17:58 - 2012-09-14 17:58 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-14 17:57 - 2012-09-14 17:57 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Alexander\Downloads\mbam-setup-1.65.0.1400.exe
    2012-09-14 16:55 - 2012-09-14 16:55 - 00274776 ____A C:\Windows\Minidump\091512-18236-01.dmp
    2012-09-14 14:03 - 2012-09-14 14:03 - 00274776 ____A C:\Windows\Minidump\091412-18766-01.dmp
    2012-09-14 13:05 - 2012-09-14 13:05 - 00274720 ____A C:\Windows\Minidump\091412-17440-01.dmp
    2012-09-14 12:00 - 2012-09-14 12:00 - 02322184 ____A (ESET) C:\Users\Alexander\Documents\esetsmartinstaller_enu.exe
    2012-09-14 10:56 - 2012-09-14 10:56 - 04752472 ____A (Swearware) C:\Users\Alexander\Downloads\ComboFix.exe
    2012-09-14 10:49 - 2012-09-14 10:49 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixTDSS.sys
    2012-09-14 10:41 - 2012-09-14 10:41 - 02193184 ____A C:\Users\Alexander\Downloads\tdsskiller.zip
    2012-09-14 10:27 - 2012-09-14 10:27 - 00044607 ____A C:\Users\Alexander\Downloads\bootkit_remover.zip
    2012-09-14 10:17 - 2012-09-14 10:17 - 04731392 ____A (AVAST Software) C:\Users\Alexander\Downloads\aswMBR(1).exe
    2012-09-14 10:12 - 2012-09-14 10:12 - 00274776 ____A C:\Windows\Minidump\091412-21013-01.dmp
    2012-09-14 02:40 - 2012-09-14 02:40 - 00274776 ____A C:\Windows\Minidump\091412-17222-01.dmp
    2012-09-13 13:54 - 2012-09-13 13:54 - 00274720 ____A C:\Windows\Minidump\091312-19328-01.dmp
    2012-09-13 13:53 - 2012-09-13 13:53 - 00274776 ____A C:\Windows\Minidump\091312-18205-01.dmp
    2012-09-13 06:16 - 2012-09-13 06:16 - 04731392 ____A (AVAST Software) C:\Users\Alexander\Downloads\aswMBR.exe
    2012-09-13 06:02 - 2012-09-13 06:02 - 00274776 ____A C:\Windows\Minidump\091312-23119-01.dmp
    2012-09-12 14:54 - 2012-09-12 14:47 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-09-12 14:54 - 2012-03-15 10:33 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-09-12 14:31 - 2012-09-12 14:31 - 00274776 ____A C:\Windows\Minidump\091212-20077-01.dmp
    2012-09-11 14:52 - 2012-09-11 14:52 - 00274776 ____A C:\Windows\Minidump\091112-17253-01.dmp
    2012-09-10 18:15 - 2012-09-10 18:15 - 00274776 ____A C:\Windows\Minidump\091112-17690-01.dmp
    2012-09-10 11:04 - 2012-07-16 06:06 - 00002026 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
    2012-09-10 10:59 - 2012-09-10 10:59 - 00274776 ____A C:\Windows\Minidump\091012-18876-01.dmp
    2012-09-10 10:33 - 2012-09-10 10:33 - 00089507 ____A C:\Users\Alexander\Downloads\dir.dcr
    2012-09-07 08:04 - 2012-09-14 17:58 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-06 16:43 - 2012-09-06 16:43 - 00274776 ____A C:\Windows\Minidump\090712-17409-01.dmp
    2012-09-05 19:11 - 2012-09-05 19:11 - 00274776 ____A C:\Windows\Minidump\090612-20997-01.dmp
    2012-09-05 08:34 - 2012-09-05 08:34 - 00274776 ____A C:\Windows\Minidump\090512-16660-01.dmp
    2012-09-04 12:08 - 2012-09-04 12:08 - 00274776 ____A C:\Windows\Minidump\090412-17362-01.dmp
    2012-09-03 15:05 - 2012-09-03 15:05 - 00274776 ____A C:\Windows\Minidump\090412-21247-01.dmp
    2012-09-02 11:42 - 2012-09-02 11:42 - 00274776 ____A C:\Windows\Minidump\090212-19843-01.dmp
    2012-09-01 17:47 - 2012-09-01 17:47 - 00274776 ____A C:\Windows\Minidump\090212-16130-01.dmp
    2012-08-31 16:40 - 2012-08-31 16:40 - 00274776 ____A C:\Windows\Minidump\090112-16317-01.dmp
    2012-08-31 16:16 - 2012-08-31 16:16 - 00274776 ____A C:\Windows\Minidump\090112-17082-01.dmp
    2012-08-30 08:28 - 2012-06-13 09:29 - 00000132 ____A C:\Users\Alexander\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2012-08-30 08:25 - 2012-08-30 08:25 - 00002830 ____A C:\Users\Alexander\Downloads\Optimized-aq9l8k29sr0mq4vtjx86_reasonably_small.jpeg
    2012-08-24 04:28 - 2012-09-16 06:33 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Alexander\Desktop\TDSSKiller.exe
    2012-08-22 10:12 - 2012-09-11 11:36 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-08-22 10:12 - 2012-09-11 11:36 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-08-22 10:12 - 2012-09-11 11:36 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-08-22 10:12 - 2012-09-11 11:36 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-08-20 16:00 - 2012-08-20 16:00 - 01012298 ____A C:\Users\Alexander\Downloads\Attachments_2012_08_21.zip
    2012-08-20 11:54 - 2012-08-20 11:54 - 00274776 ____A C:\Windows\Minidump\082012-17082-01.dmp
    2012-08-20 06:10 - 2012-03-15 10:23 - 00110168 ____A C:\Users\Alexander\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-08-20 04:48 - 2012-03-16 11:31 - 04972392 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-19 17:55 - 2012-08-19 17:55 - 00122888 ____A C:\Users\Alexander\Downloads\grenoway(1).zip
    2012-08-15 11:54 - 2012-06-28 12:55 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-08-09 07:45 - 2012-08-09 07:45 - 00000000 ____A C:\Users\Alexander\Downloads\FreemakeVideoDownloaderSetup.exe
    2012-08-06 16:58 - 2012-08-06 15:54 - 191169761 ____A C:\Users\Alexander\Downloads\DKSymphony.zip
    2012-08-02 09:58 - 2012-09-11 11:36 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-08-02 08:57 - 2012-09-11 11:36 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2012-07-26 18:33 - 2012-07-26 18:28 - 01510073 ____A C:\Users\Alexander\Downloads\Sunny ~ Boogie Pimps (with Lyrics)-[www_flvto_com].mp3.part
    2012-07-26 11:54 - 2012-07-26 11:54 - 00274776 ____A C:\Windows\Minidump\072612-15865-01.dmp
    2012-07-18 10:15 - 2012-08-15 05:05 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-17 14:41 - 2012-07-17 14:41 - 00018044 ____A C:\Users\Alexander\Downloads\Donnie_Darko_(2001)dd.torrent
    2012-07-16 13:47 - 2012-07-16 13:47 - 00933256 ____A (DivX, LLC) C:\Users\Alexander\Downloads\DivXInstaller (1).exe
    2012-07-16 06:03 - 2012-07-16 06:02 - 00274776 ____A C:\Windows\Minidump\071612-17144-01.dmp
    2012-07-15 16:17 - 2012-07-15 16:17 - 00274776 ____A C:\Windows\Minidump\071612-20264-01.dmp
    2012-07-15 16:01 - 2012-07-15 16:00 - 00274776 ____A C:\Windows\Minidump\071612-18096-01.dmp
    2012-07-15 04:49 - 2012-07-15 04:49 - 00274776 ____A C:\Windows\Minidump\071512-17378-01.dmp
    2012-07-07 16:27 - 2012-07-07 16:27 - 00274776 ____A C:\Windows\Minidump\070812-23556-01.dmp
    2012-07-05 13:56 - 2012-07-05 13:56 - 00293376 ____H C:\Users\Alexander\Downloads\~WRL0001.tmp
    2012-07-04 14:16 - 2012-08-15 05:05 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-07-04 14:13 - 2012-08-15 05:05 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-07-04 14:13 - 2012-08-15 05:05 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-07-04 13:16 - 2012-08-15 05:05 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-07-04 13:14 - 2012-08-15 05:05 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-07-04 12:26 - 2012-09-11 11:36 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
    2012-06-28 20:55 - 2012-08-15 11:56 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-28 20:09 - 2012-08-15 11:56 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-28 19:56 - 2012-08-15 11:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-28 19:49 - 2012-08-15 11:56 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-28 19:49 - 2012-08-15 11:56 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-28 19:48 - 2012-08-15 11:56 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-28 19:47 - 2012-08-15 11:56 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-28 19:45 - 2012-08-15 11:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-28 19:44 - 2012-08-15 11:56 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-28 19:43 - 2012-08-15 11:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-28 19:42 - 2012-08-15 11:56 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-28 19:40 - 2012-08-15 11:56 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-28 19:39 - 2012-08-15 11:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-28 19:35 - 2012-08-15 11:56 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-28 16:52 - 2012-08-15 11:56 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-28 16:27 - 2012-08-15 11:56 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-28 16:16 - 2012-08-15 11:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-28 16:09 - 2012-08-15 11:56 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-28 16:09 - 2012-08-15 11:56 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-28 16:08 - 2012-08-15 11:56 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-28 16:07 - 2012-08-15 11:56 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-28 16:06 - 2012-08-15 11:56 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-28 16:04 - 2012-08-15 11:56 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-28 16:04 - 2012-08-15 11:56 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-28 16:01 - 2012-08-15 11:56 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-28 16:01 - 2012-08-15 11:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-28 16:00 - 2012-08-15 11:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-28 15:57 - 2012-08-15 11:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-28 12:53 - 2009-07-13 18:36 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
    2012-06-28 12:53 - 2009-07-13 18:36 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
    2012-06-28 12:33 - 2012-06-28 12:33 - 00274720 ____A C:\Windows\Minidump\062812-16411-01.dmp
    2012-06-22 14:02 - 2012-06-22 14:02 - 00001621 ____A C:\Users\Alexander\Desktop\DivX Movies.lnk
    2012-06-22 14:01 - 2012-06-22 14:01 - 00001116 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
    2012-06-22 13:43 - 2012-06-22 13:43 - 00933256 ____A (DivX, LLC) C:\Users\Alexander\Downloads\DivXInstaller(1).exe
    2012-06-20 10:57 - 2012-06-20 10:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-09-11 12:39:29
    Restore point made on: 2012-09-12 05:09:26
    Restore point made on: 2012-09-14 11:18:56
    Restore point made on: 2012-09-16 10:19:01
    Restore point made on: 2012-09-16 13:07:31

    ==================== Memory info ===========================

    Percentage of memory in use: 15%
    Total physical RAM: 4095.18 MB
    Available physical RAM: 3471.97 MB
    Total Pagefile: 4093.33 MB
    Available Pagefile: 3464.36 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:931.41 GB) (Free:479.17 GB) NTFS
    7 Drive j: (ONE-EIGHTY) (Fixed) (Total:465.65 GB) (Free:370.42 GB) FAT32
    8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    9 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 Online 465 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 931 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 931 GB Healthy

    =========================================================

    Partitions of Disk 5:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 465 GB 1024 B

    ==================================================================================

    Disk: 5
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 7 J ONE-EIGHTY FAT32 Partition 465 GB Healthy

    =========================================================

    Last Boot: 2012-09-08 06:28

    ==================== End Of Log =============================
     
  18. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Restart normally and see if you get your connection back.
     

    Attached Files:

  19. AlexMcNeill

    AlexMcNeill TS Rookie Topic Starter Posts: 18

    Got the internet back! Hooray! Thanks so much. Here's the log:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2012 01
    Ran by SYSTEM at 2012-09-17 17:14:04 Run:1
    Running from J:\

    ==============================================

    BCD restored successfuly.
    DEFAULT restored successfuly.
    SAM restored successfuly.
    SECURITY restored successfuly.
    SOFTWARE restored successfuly.
    SYSTEM restored successfuly.

    ==== End of Fixlog ====
     
  20. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Very good :)

    How is computer doing?

    ===============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  21. AlexMcNeill

    AlexMcNeill TS Rookie Topic Starter Posts: 18

    Computer is fine at the moment-no crashes or alerts as of yet but I haven't used it as intensely in the last 24 hours due to the internet problem, so we'll see what happens between today and tomorrow. When the scan finished it only brought up the OTL.txt log and not the Extras.txt-I also checked where OTL was saved and did a search for it but it's nowhere to be seen.

    OTL Log:

    OTL logfile created on: 17/09/2012 17:44:09 - Run 2
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Alexander\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    4.00 Gb Total Physical Memory | 2.80 Gb Available Physical Memory | 69.89% Memory free
    8.00 Gb Paging File | 6.65 Gb Available in Paging File | 83.12% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 478.60 Gb Free Space | 51.38% Space Free | Partition Type: NTFS
    Drive J: | 465.65 Gb Total Space | 370.42 Gb Free Space | 79.55% Space Free | Partition Type: FAT32

    Computer Name: ALEXANDER-PC | User Name: Alexander | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/17 17:42:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
    PRC - [2012/07/27 21:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    PRC - [2012/07/27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/07/26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/01/04 15:26:46 | 001,606,488 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
    PRC - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011/07/09 03:36:12 | 002,932,224 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
    PRC - [2011/03/30 10:12:18 | 000,310,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    PRC - [2011/01/12 08:08:56 | 001,523,360 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/08/19 17:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
    MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    MOD - [2011/01/12 08:08:52 | 000,060,416 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\zlib1.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012/09/12 23:54:24 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/09/07 00:47:45 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
    SRV - [2012/03/15 18:55:09 | 000,008,192 | -HS- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
    SRV - [2011/07/09 03:36:12 | 002,932,224 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/15 18:11:30 | 000,564,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/08/09 15:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
    DRV:64bit: - [2011/08/04 10:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
    DRV:64bit: - [2011/08/04 10:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
    DRV:64bit: - [2011/08/04 10:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
    DRV:64bit: - [2011/08/04 10:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
    DRV:64bit: - [2011/06/28 18:04:40 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
    DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
    DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
    DRV:64bit: - [2011/05/13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
    DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/26 19:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
    DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2007/04/27 08:40:00 | 000,142,120 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
    IE - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 37 35 FA 10 83 CD 01 [binary data]
    IE - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001\..\SearchScopes,DefaultScope = {FF79FF43-855D-454F-B169-D4D7F7B5E36B}
    IE - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001\..\SearchScopes\{FA71B902-2C1A-4B91-AAB7-CB70D87E8CB8}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001\..\SearchScopes\{FF79FF43-855D-454F-B169-D4D7F7B5E36B}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    IE - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Alexander\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alexander\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alexander\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/03/15 19:01:42 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/09/10 20:04:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/03/15 18:09:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/22 23:02:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 00:47:45 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/10 20:04:21 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/03/15 19:01:42 | 000,000,000 | ---D | M]

    [2012/03/15 04:47:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Extensions
    [2012/09/16 00:14:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\sw8bcap3.default\extensions
    [2012/09/16 00:14:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\sw8bcap3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2012/03/15 04:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/03/15 18:09:44 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\PROGRAM FILES (X86)\ADOBE\ADOBE CONTRIBUTE CS5.1\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9}
    [2012/06/22 23:02:13 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
    [2012/07/30 15:39:22 | 000,000,000 | ---D | M] (YTD Toolbar) -- C:\PROGRAM FILES (X86)\YTD TOOLBAR\FF
    [2012/06/11 21:17:01 | 000,013,345 | ---- | M] () (No name found) -- C:\USERS\ALEXANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SW8BCAP3.DEFAULT\EXTENSIONS\{4DC70064-89E2-4A55-8FC6-E8CDEAE3618C}.XPI
    [2012/09/07 00:47:45 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/06/19 00:13:21 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/08/30 15:47:06 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/06/19 00:13:21 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/06/19 00:13:21 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/08/30 15:47:06 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
    [2012/06/19 00:13:21 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Alexander\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Alexander\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Alexander\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Alexander\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/09/16 19:29:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O3 - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001..\Run: [Facebook Update] C:\Users\Alexander\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
    O4 - Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E94470C-407C-41BC-81CD-6C418D5E371E}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/18 01:18:32 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/09/17 17:42:22 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
    [2012/09/16 19:35:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/09/16 19:30:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/09/16 19:20:33 | 004,754,503 | R--- | C] (Swearware) -- C:\Users\Alexander\Desktop\ComboFix.exe
    [2012/09/16 16:25:56 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Alexander\Desktop\aswMBR.exe
    [2012/09/16 16:23:31 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Desktop\RK_Quarantine
    [2012/09/16 15:33:41 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alexander\Desktop\TDSSKiller.exe
    [2012/09/16 00:12:50 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Facebook
    [2012/09/16 00:09:00 | 000,501,248 | ---- | C] (Facebook Inc.) -- C:\Users\Alexander\Desktop\FacebookVideoCallSetup_v1.2.205.0.exe
    [2012/09/15 14:54:51 | 000,000,000 | ---D | C] -- C:\found.001
    [2012/09/15 13:42:28 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
    [2012/09/15 13:42:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
    [2012/09/15 13:34:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Alexander\Desktop\dds.com
    [2012/09/15 02:59:29 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Malwarebytes
    [2012/09/15 02:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/09/15 02:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/09/15 02:58:54 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/09/15 02:58:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/09/15 01:59:16 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/09/14 21:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2012/09/14 21:00:23 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Alexander\Documents\esetsmartinstaller_enu.exe
    [2012/09/14 20:18:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/09/14 20:18:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/09/14 20:18:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/09/14 20:18:33 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/14 20:18:20 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/09/14 19:49:24 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixTDSS.sys
    [2012/09/14 19:49:24 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\FixTDSS
    [2012/09/12 23:47:42 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Macromedia
    [2012/09/10 16:10:00 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Desktop\window

    ========== Files - Modified Within 30 Days ==========

    [2012/09/17 17:42:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
    [2012/09/17 17:22:47 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/17 17:22:47 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/17 17:15:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/17 17:15:11 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/17 00:45:38 | 000,782,922 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/09/17 00:45:38 | 000,667,262 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/09/17 00:45:38 | 000,125,938 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/09/16 22:22:48 | 334,670,299 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/09/16 19:29:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/09/16 19:21:00 | 004,754,503 | R--- | M] (Swearware) -- C:\Users\Alexander\Desktop\ComboFix.exe
    [2012/09/16 19:06:56 | 000,000,512 | ---- | M] () -- C:\Users\Alexander\Desktop\MBR.dat
    [2012/09/16 18:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/09/16 18:50:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001UA.job
    [2012/09/16 18:17:01 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001UA.job
    [2012/09/16 16:26:20 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Alexander\Desktop\aswMBR.exe
    [2012/09/16 16:23:00 | 001,378,816 | ---- | M] () -- C:\Users\Alexander\Desktop\RogueKiller.exe
    [2012/09/16 15:33:23 | 002,193,184 | ---- | M] () -- C:\Users\Alexander\Desktop\tdsskiller.zip
    [2012/09/16 01:54:30 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
    [2012/09/16 00:37:18 | 000,035,526 | ---- | M] () -- C:\Users\Alexander\Documents\550709_10150140471684964_2086251364_n.jpg
    [2012/09/16 00:35:24 | 000,028,905 | ---- | M] () -- C:\Users\Alexander\Documents\564300_10150140471619964_967030815_n.jpg
    [2012/09/16 00:17:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001Core.job
    [2012/09/16 00:09:03 | 000,501,248 | ---- | M] (Facebook Inc.) -- C:\Users\Alexander\Desktop\FacebookVideoCallSetup_v1.2.205.0.exe
    [2012/09/15 23:50:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001Core.job
    [2012/09/15 14:56:23 | 000,010,096 | ---- | M] () -- C:\bootsqm.dat
    [2012/09/15 13:42:05 | 000,130,247 | ---- | M] () -- C:\Users\Alexander\Desktop\bluescreenview_setup.exe
    [2012/09/15 13:36:09 | 000,006,138 | ---- | M] () -- C:\Users\Alexander\Desktop\Attach.zip
    [2012/09/15 13:34:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Alexander\Desktop\dds.com
    [2012/09/15 04:13:29 | 000,049,909 | ---- | M] () -- C:\Users\Alexander\Documents\534294_409928879067856_1538314160_n.jpg
    [2012/09/15 02:58:57 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/14 21:00:24 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Alexander\Documents\esetsmartinstaller_enu.exe
    [2012/09/14 19:49:24 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixTDSS.sys
    [2012/09/10 20:04:22 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
    [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/08/30 17:28:55 | 000,000,132 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2012/08/26 00:48:18 | 000,035,163 | ---- | M] () -- C:\Users\Alexander\Desktop\ppp.jpg
    [2012/08/26 00:32:39 | 000,011,718 | ---- | M] () -- C:\Users\Alexander\Desktop\brighty.jpg
    [2012/08/24 13:28:40 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alexander\Desktop\TDSSKiller.exe
    [2012/08/20 13:48:56 | 004,972,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2012/09/16 19:06:56 | 000,000,512 | ---- | C] () -- C:\Users\Alexander\Desktop\MBR.dat
    [2012/09/16 16:22:57 | 001,378,816 | ---- | C] () -- C:\Users\Alexander\Desktop\RogueKiller.exe
    [2012/09/16 15:33:10 | 002,193,184 | ---- | C] () -- C:\Users\Alexander\Desktop\tdsskiller.zip
    [2012/09/16 00:37:17 | 000,035,526 | ---- | C] () -- C:\Users\Alexander\Documents\550709_10150140471684964_2086251364_n.jpg
    [2012/09/16 00:35:23 | 000,028,905 | ---- | C] () -- C:\Users\Alexander\Documents\564300_10150140471619964_967030815_n.jpg
    [2012/09/16 00:12:53 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001UA.job
    [2012/09/16 00:12:52 | 000,000,922 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001Core.job
    [2012/09/15 14:56:23 | 000,010,096 | ---- | C] () -- C:\bootsqm.dat
    [2012/09/15 13:42:04 | 000,130,247 | ---- | C] () -- C:\Users\Alexander\Desktop\bluescreenview_setup.exe
    [2012/09/15 13:36:09 | 000,006,138 | ---- | C] () -- C:\Users\Alexander\Desktop\Attach.zip
    [2012/09/15 04:13:28 | 000,049,909 | ---- | C] () -- C:\Users\Alexander\Documents\534294_409928879067856_1538314160_n.jpg
    [2012/09/15 02:58:57 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/14 20:18:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/09/14 20:18:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/09/14 20:18:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/09/14 20:18:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/09/14 20:18:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/09/12 23:47:03 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/26 00:48:30 | 000,035,163 | ---- | C] () -- C:\Users\Alexander\Desktop\ppp.jpg
    [2012/08/26 00:32:51 | 000,011,718 | ---- | C] () -- C:\Users\Alexander\Desktop\brighty.jpg
    [2012/06/13 18:29:38 | 000,000,132 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2012/03/18 16:11:25 | 000,137,732 | ---- | C] () -- C:\Windows\hpoins44.dat
    [2012/03/18 16:11:25 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat
    [2012/03/15 18:55:31 | 000,008,192 | -HS- | C] () -- C:\Windows\SysWow64\srvany.exe
    [2012/03/15 18:11:59 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
    [2012/03/15 17:34:07 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2012/03/15 17:34:07 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2012/03/15 04:41:42 | 000,764,302 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/03/15 00:27:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

    ========== LOP Check ==========

    [2012/03/15 18:44:18 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Avid
    [2012/03/15 19:08:28 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\DAEMON Tools Lite
    [2012/09/17 17:16:02 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Dropbox
    [2012/03/15 19:04:42 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\ESET
    [2012/09/14 19:49:24 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\FixTDSS
    [2012/03/15 04:48:11 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\IObit
    [2012/03/15 18:43:28 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\PACE Anti-Piracy
    [2012/04/23 04:42:20 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
    [2012/03/18 23:38:09 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2012/08/31 02:33:55 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\uTorrent
    [2012/09/16 00:17:00 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001Core.job
    [2012/09/16 18:17:01 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001UA.job
    [2012/09/17 16:20:44 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2012/09/10 13:31:26 | 000,000,000 | ---D | M](C:\Users\Alexander\AppData\Local\Adob?) -- C:\Users\Alexander\AppData\Local\Adob�
    [2012/09/10 13:31:26 | 000,000,000 | ---D | M](C:\Users\Alexander\AppData\Local\Adob?) -- C:\Users\Alexander\AppData\Local\Adob�
    [2012/09/10 13:31:26 | 000,000,000 | ---D | C](C:\Users\Alexander\AppData\Local\Adob?) -- C:\Users\Alexander\AppData\Local\Adob�

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 986 bytes -> C:\Users\Alexander\AppData\Local\vmimpwJI9oEK07:HPoQngA1QAsHdWEBqOB8tEF
    @Alternate Data Stream - 971 bytes -> C:\ProgramData\Microsoft:Mu2ePpHVqymc1sc5PmQ
    @Alternate Data Stream - 1155 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:YKaXIyp8b0VGOSq2fYPm
    @Alternate Data Stream - 1145 bytes -> C:\ProgramData\Microsoft:STK4Ux4NYmKMKG69Ydx8jLaQl
    @Alternate Data Stream - 1122 bytes -> C:\ProgramData\Microsoft:KfNtKI0z1OtxLef6Slx4Q
    @Alternate Data Stream - 1102 bytes -> C:\ProgramData\Microsoft:hlk4OfCMsvzegbNrJfY4HRN
    @Alternate Data Stream - 1092 bytes -> C:\ProgramData\Microsoft:HDYi4fa5LnsvA6uv45r
    @Alternate Data Stream - 1079 bytes -> C:\ProgramData\Microsoft:kEm0boXkOjUe3gSk8PDYLrei
    @Alternate Data Stream - 1062 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:zHvOmu1Um4iHz9BLE
    @Alternate Data Stream - 1042 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:v7IMK1UQ0kivNVURgKmHvsVimo

    < End of report >
     
  22. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Extras.txt?
     
  23. AlexMcNeill

    AlexMcNeill TS Rookie Topic Starter Posts: 18

    As said-the extras.txt file didn't come up, only the OTL.txt file. I looked into where OTL was saved and couldn't see it there either. Also did a search for it-no show.

    Also to update you on computer status-the display randomly changed to the basic grey Windows theme for a minute and then computer subsequently froze, had to shut it off.
     
  24. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      PRC - [2012/07/26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
      SRV - [2012/07/26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
      O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
      [2012/09/18 01:18:32 | 000,000,000 | ---D | C] -- C:\FRST
      @Alternate Data Stream - 986 bytes -> C:\Users\Alexander\AppData\Local\vmimpwJI9oEK07:HPoQngA1QAsHdWEBqOB8tEF
      @Alternate Data Stream - 971 bytes -> C:\ProgramData\Microsoft:Mu2ePpHVqymc1sc5PmQ
      @Alternate Data Stream - 1155 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:YKaXIyp8b0VGOSq2fYPm
      @Alternate Data Stream - 1145 bytes -> C:\ProgramData\Microsoft:STK4Ux4NYmKMKG69Ydx8jLaQl
      @Alternate Data Stream - 1122 bytes -> C:\ProgramData\Microsoft:KfNtKI0z1OtxLef6Slx4Q
      @Alternate Data Stream - 1102 bytes -> C:\ProgramData\Microsoft:hlk4OfCMsvzegbNrJfY4HRN
      @Alternate Data Stream - 1092 bytes -> C:\ProgramData\Microsoft:HDYi4fa5LnsvA6uv45r
      @Alternate Data Stream - 1079 bytes -> C:\ProgramData\Microsoft:kEm0boXkOjUe3gSk8PDYLrei
      @Alternate Data Stream - 1062 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:zHvOmu1Um4iHz9BLE
      @Alternate Data Stream - 1042 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:v7IMK1UQ0kivNVURgKmHvsVimo
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ==================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please, run F-Secure Online Scanner

    • Disable your Antivirus program.
    • Checkmark I have read and accepted the license terms.
    • Click on Run Check button.
    • Quick scan (recommended) option will come pre-checked. Don't change it.
    • Click on Start button.
    • When scan is done, in Step 3: Clean the files, leave all settings as they're.
    • Click Next button.
    • Click Full report... button.
    • Copy report's content and paste it into your next reply.
     
  25. AlexMcNeill

    AlexMcNeill TS Rookie Topic Starter Posts: 18

    OTL Log:

    All processes killed
    ========== OTL ==========
    Process ApplicationUpdater.exe killed successfully!
    Service Application Updater stopped successfully!
    Service Application Updater deleted successfully!
    C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
    C:\FRST\Quarantine folder moved successfully.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    ADS C:\Users\Alexander\AppData\Local\vmimpwJI9oEK07:HPoQngA1QAsHdWEBqOB8tEF deleted successfully.
    ADS C:\ProgramData\Microsoft:Mu2ePpHVqymc1sc5PmQ deleted successfully.
    ADS C:\Program Files (x86)\Common Files\microsoft shared:YKaXIyp8b0VGOSq2fYPm deleted successfully.
    ADS C:\ProgramData\Microsoft:STK4Ux4NYmKMKG69Ydx8jLaQl deleted successfully.
    ADS C:\ProgramData\Microsoft:KfNtKI0z1OtxLef6Slx4Q deleted successfully.
    ADS C:\ProgramData\Microsoft:hlk4OfCMsvzegbNrJfY4HRN deleted successfully.
    ADS C:\ProgramData\Microsoft:HDYi4fa5LnsvA6uv45r deleted successfully.
    ADS C:\ProgramData\Microsoft:kEm0boXkOjUe3gSk8PDYLrei deleted successfully.
    ADS C:\Program Files (x86)\Common Files\microsoft shared:zHvOmu1Um4iHz9BLE deleted successfully.
    ADS C:\Program Files (x86)\Common Files\microsoft shared:v7IMK1UQ0kivNVURgKmHvsVimo deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Alexander
    ->Temp folder emptied: 22898796 bytes
    ->Temporary Internet Files folder emptied: 240873 bytes
    ->FireFox cache emptied: 47112664 bytes
    ->Google Chrome cache emptied: 856432 bytes
    ->Flash cache emptied: 2339 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2513556 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 111958 bytes

    Total Files Cleaned = 70.00 mb


    [EMPTYJAVA]

    User: Alexander

    User: All Users

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Alexander
    ->Flash cache emptied: 0 bytes


    (Currently performing other scans-will post after)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.