Solved Win32/Toolbar.Widgi virus computer crashing/BSODing

AlexMcNeill · Sep 14, 2012

I'm having some really frustrating problems at the hand of the infamous Win32/Toolbar.Widgi Virus, which I read up about and discovered it to be the cause of the countless crashes and BSOD's my computer is getting daily. Every so hours I'll get a notification from ESET saying 'Win32/Toolbar.Widgi potentially unwanted application', which I then tell to clean. Despite this, the browsers as well as the computer still proceed to crash, with the ESET warning again popping up soon after.

I looked into my ESET quarantine history and it turns out over the last few months it hasn't just been that form of the virus, but one of many (it seems however Win32/Toolbar.Widgi is the main issue here though) So I wonder if you guys can help me out.

I've done some research on the issue and have followed various threads which have reported similiar/identical problems, but I'm wary at how much of a use they'd be to me as the guidance given seems guided soley towards the users set up and scan results ect. So I'd thought I'd post a new thread about it if that's alright (sorry, I'm new!).

Here are the logs as required:

ESET (files under quarantine):

'A Varient of Win32/Toolbar.Widgi Potentially Unwanted Application'

"C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll"
"C:\Windows\Installer\454c7e.msi"
"C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
"C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll"

"C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
"C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll"
"C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.1\youtubedownloaderToolbarIE.dll"
"C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll"
"C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll"
"C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

'Win32/Toolbar.Conduit potentially unwanted application'

"C:\Users\Alexander\Downloads\FreemakeVideoDownloaderSetup.exe.part"

'Win32/InstallMate potentially unwanted application'

"C:\Users\ALEXAN~1\AppData\Local\Temp\Vr2xTlud.exe.part"

'A Varient of Win32/Adware.WintionalityChecker.AF application'

"C:\Users\Alexander\Downloads\setup.exe.part"
"http://verifyoptimizerclean.in/68efd410a6a48b3c/2/setup.exe"

'A Varient of Win32/HackKMS.A potentially unwanted application'

"C:\Windows\kmsem\KMService.exe"

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.14.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alexander :: ALEXANDER-PC [administrator]

15/09/2012 03:00:07
mbam-log-2012-09-15 (03-00-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198560
Time elapsed: 4 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

GMER

(No log produced)

DDS

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Alexander at 3:42:51 on 2012-09-15
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4095.1869 [GMT 1:00]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\ALEXAN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3E94470C-407C-41BC-81CD-6C418D5E371E} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\sw8bcap3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Users\Alexander\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-7-26 794560]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]
R2 PaceLicenseDServices;PACE License Services;C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2011-7-9 2932224]
R2 Sentinel64;Sentinel64;C:\Windows\system32\Drivers\Sentinel64.sys --> C:\Windows\system32\Drivers\Sentinel64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2012-3-15 8192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-12 250056]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 114144]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-15 01:59:29--------d-----w-C:\Users\Alexander\AppData\Roaming\Malwarebytes
2012-09-15 01:58:56--------d-----w-C:\ProgramData\Malwarebytes
2012-09-15 01:58:5425928----a-w-C:\Windows\System32\drivers\mbam.sys
2012-09-15 01:58:54--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-15 00:59:16--------d-----w-C:\_OTL
2012-09-14 20:00:32--------d-----w-C:\Program Files (x86)\ESET
2012-09-14 19:27:52--------d-sh--w-C:\$RECYCLE.BIN
2012-09-14 19:18:3998816----a-w-C:\Windows\sed.exe
2012-09-14 19:18:39518144----a-w-C:\Windows\SWREG.exe
2012-09-14 19:18:39256000----a-w-C:\Windows\PEV.exe
2012-09-14 19:18:39208896----a-w-C:\Windows\MBR.exe
2012-09-14 18:49:2427256----a-w-C:\Windows\System32\drivers\FixTDSS.sys
2012-09-14 18:49:24--------d-----w-C:\Users\Alexander\AppData\Roaming\FixTDSS
2012-09-14 10:28:559310152----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{34F0332C-F86F-41EA-9DCB-0871CC349104}\mpengine.dll
2012-09-12 22:47:42--------d-----w-C:\Users\Alexander\AppData\Local\Macromedia
2012-09-12 22:47:02426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-11 19:36:23950128----a-w-C:\Windows\System32\drivers\ndis.sys
2012-09-11 19:36:2241472----a-w-C:\Windows\System32\drivers\RNDISMP.sys
2012-09-11 19:36:21574464----a-w-C:\Windows\System32\d3d10level9.dll
2012-09-11 19:36:21490496----a-w-C:\Windows\SysWow64\d3d10level9.dll
2012-09-11 19:36:191913200----a-w-C:\Windows\System32\drivers\tcpip.sys
2012-09-11 19:36:18376688----a-w-C:\Windows\System32\drivers\netio.sys
2012-09-11 19:36:17288624----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-10 12:31:26--------d-----w-C:\Users\Alexander\AppData\Local\Adob?
2012-08-30 14:47:0873696----a-w-C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
.
==================== Find3M ====================
.
2012-09-12 22:54:2370344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 18:15:063148800----a-w-C:\Windows\System32\win32k.sys
2012-07-04 22:13:2759392----a-w-C:\Windows\System32\browcli.dll
2012-07-04 22:13:27136704----a-w-C:\Windows\System32\browser.dll
2012-07-04 21:14:3441984----a-w-C:\Windows\SysWow64\browcli.dll
2012-06-29 03:56:342312704----a-w-C:\Windows\System32\jscript9.dll
2012-06-29 03:49:111392128----a-w-C:\Windows\System32\wininet.dll
2012-06-29 03:48:071494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:482382848----a-w-C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:581800704----a-w-C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:011129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:591427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:452382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-06-28 20:53:05175616----a-w-C:\Windows\System32\msclmd.dll
2012-06-28 20:53:05152576----a-w-C:\Windows\SysWow64\msclmd.dll
2012-03-15 17:55:098192--sha-w-C:\Windows\SysWOW64\srvany.exe
.
============= FINISH: 3:43:39.54 ===============

Hope I did that right! Look forward to seeing how you guys can help me with this-cheers

Broni · Sep 15, 2012

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

I still need Attach.txt part of DDS.

Next...

Download BlueScreenView
No installation required.
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

AlexMcNeill · Sep 15, 2012

Thanks for replying! The Attatch.txt DDS file:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 14/03/2012 23:31:02
System Uptime: 15/09/2012 13:23:32 (0 hours ago)
.
Motherboard: Dell Inc. | | 0M017G
Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2336/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 479.373 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP84: 10/09/2012 20:02:39 - Windows Update
RP85: 11/09/2012 21:39:15 - Windows Update
RP86: 12/09/2012 14:09:10 - Windows Update
RP87: 14/09/2012 20:18:44 - ComboFix created restore point
.
==== Installed Programs ======================
.
AC3Filter 1.63b
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5.5 Master Collection
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Story
Adobe Widget Browser
Apple Application Support
Apple Software Update
µTorrent
Avid EDL Manager
Avid FilmScribe
Avid License Control
Avid Log Exchange
Avid MediaLog
DAEMON Tools Lite
DivX Setup
DJ_AIO_06_F2400_SW_Min
Dropbox
ESET Online Scanner v3
Google Chrome
License Support
Magic DVD Ripper V5.4.2
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 15.0.1 (x86 en-GB)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PDF Settings CS5
PxMergeModule
QuickTime
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Sentinel Protection Installer 7.4.0
Smart Defrag 2
Toolbox
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC80CRTRedist - 8.0.50727.6195
Visual C++ 64-bit Redistributables
Visual C++ Redistributables
VLC media player 2.0.0
Xvid Video Codec
YTD Toolbar v6.2
.
==== Event Viewer Messages From Past Week ========
.
15/09/2012 13:24:08, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aspi32
15/09/2012 02:09:31, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
15/09/2012 02:09:01, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
15/09/2012 02:09:01, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/09/2012 02:06:29, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
15/09/2012 02:06:29, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/09/2012 02:05:59, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.
15/09/2012 02:05:59, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/09/2012 02:05:29, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
15/09/2012 02:05:29, Error: Service Control Manager [7000] - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/09/2012 02:04:59, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
15/09/2012 02:04:59, Error: Service Control Manager [7000] - The IP Helper service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/09/2012 02:03:59, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ProfSvc service.
15/09/2012 02:03:59, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/09/2012 02:03:29, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
15/09/2012 02:03:29, Error: Service Control Manager [7000] - The Remote Access Connection Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/09/2012 02:02:59, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the seclogon service.
15/09/2012 02:02:59, Error: Service Control Manager [7000] - The Secondary Logon service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/09/2012 02:02:29, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
15/09/2012 02:02:29, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
15/09/2012 02:01:59, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
15/09/2012 02:01:59, Error: Service Control Manager [7000] - The System Event Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/09/2012 02:00:29, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
15/09/2012 02:00:29, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
15/09/2012 02:00:29, Error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/09/2012 01:59:59, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
15/09/2012 01:59:59, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
15/09/2012 01:59:29, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Themes service.
15/09/2012 01:59:29, Error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/09/2012 01:56:32, Error: Service Control Manager [7023] - The WLAN AutoConfig service terminated with the following error: Invalid access to memory location.
15/09/2012 01:56:31, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
15/09/2012 01:56:31, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
15/09/2012 01:56:31, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
15/09/2012 01:56:31, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
15/09/2012 01:56:31, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
15/09/2012 01:56:31, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
15/09/2012 01:56:31, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
15/09/2012 01:56:31, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
15/09/2012 01:56:31, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
15/09/2012 01:56:31, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
15/09/2012 01:56:31, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
15/09/2012 01:56:31, Error: Service Control Manager [7031] - The Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
15/09/2012 01:56:31, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
15/09/2012 01:56:31, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
15/09/2012 01:55:41, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80002fa3d0c, 0xfffff88009427080, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091512-18236-01.
14/09/2012 23:03:52, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000018 (0x0000000000000000, 0x00000000002168b0, 0x0000000000000002, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091412-18766-01.
14/09/2012 22:05:13, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8005f81b30, 0xfffffa8005f81e10, 0xfffff80002fd9510). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091412-17440-01.
14/09/2012 20:27:24, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
14/09/2012 20:26:27, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
14/09/2012 19:52:59, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 3 time(s).
14/09/2012 19:52:59, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 5 time(s).
14/09/2012 19:52:59, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 4 time(s).
14/09/2012 19:52:59, Error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 5 time(s).
14/09/2012 19:52:59, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Workstation service, but this action failed with the following error: An instance of the service is already running.
14/09/2012 19:51:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
14/09/2012 19:50:44, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 2 time(s).
14/09/2012 19:50:44, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 4 time(s).
14/09/2012 19:50:44, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 3 time(s).
14/09/2012 19:50:44, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 3 time(s).
14/09/2012 19:50:44, Error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 4 time(s).
14/09/2012 19:50:40, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Location Awareness service, but this action failed with the following error: An instance of the service is already running.
14/09/2012 19:50:40, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
14/09/2012 19:50:40, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
14/09/2012 19:50:40, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
14/09/2012 19:50:39, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 3 time(s).
14/09/2012 19:50:39, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 2 time(s).
14/09/2012 19:50:39, Error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 3 time(s).
14/09/2012 19:50:39, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
14/09/2012 19:50:39, Error: Service Control Manager [7031] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
14/09/2012 19:50:39, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
14/09/2012 19:50:39, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
14/09/2012 19:50:39, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
14/09/2012 19:50:39, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
14/09/2012 19:50:38, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the COM+ Event System service, but this action failed with the following error: An instance of the service is already running.
14/09/2012 19:50:33, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 1 time(s).
14/09/2012 19:50:33, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
14/09/2012 19:50:33, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
14/09/2012 19:50:33, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

AlexMcNeill · Sep 15, 2012

(Continued)

14/09/2012 19:50:33, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
14/09/2012 19:50:33, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
14/09/2012 19:32:29, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
14/09/2012 19:12:21, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff88007c8bcc8, 0xfffff88007c8b520, 0xfffff80002f9c9fe). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091412-21013-01.
14/09/2012 11:40:49, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80002fd72c1, 0xfffff88007c11a70, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091412-17222-01.
13/09/2012 22:54:18, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff88002b537d8, 0xfffff88002b53030, 0xfffff880014cdc73). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091312-19328-01.
13/09/2012 15:02:04, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff88004f90d90, 0xfffff88006350668, 0xfffff8800634fec0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091312-23119-01.
13/09/2012 13:53:25, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
13/09/2012 13:53:19, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
13/09/2012 00:01:54, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: A system shutdown has already been scheduled.
13/09/2012 00:01:54, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: A system shutdown has already been scheduled.
13/09/2012 00:01:54, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
13/09/2012 00:01:54, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
13/09/2012 00:01:54, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
12/09/2012 23:31:04, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000109 (0xa3a039d8992e6579, 0xb3b7465eebac8dfb, 0xfffff88000d1d014, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091212-20077-01.
12/09/2012 19:34:50, Error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/09/2012 23:52:32, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff88c02cdff90, 0x0000000000000008, 0xfffff88c02cdff90, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091112-17253-01.
11/09/2012 23:22:59, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2741355).
11/09/2012 23:22:59, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2735855).
11/09/2012 21:40:15, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/09/2012 20:31:09, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
11/09/2012 20:31:09, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
11/09/2012 20:29:09, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/09/2012 20:29:09, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/09/2012 20:28:19, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
11/09/2012 03:55:33, Error: Service Control Manager [7034] - The Application Updater service terminated unexpectedly. It has done this 1 time(s).
11/09/2012 03:55:02, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/09/2012 03:15:29, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0x00000000040c4e60, 0x0000000000000000, 0x0000000068b09d1b, 0x0000000000000008). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091112-17690-01.
10/09/2012 20:30:25, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
10/09/2012 20:28:25, Error: Service Control Manager [7023] - The Network Location Awareness service terminated with the following error: Invalid access to memory location.
10/09/2012 20:03:16, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.135.692.0).
10/09/2012 19:59:45, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x0000000000000020, 0xfffff900c089c9b0, 0xfffff900c089ca20, 0x0000000025070021). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091012-18876-01.
10/09/2012 17:06:15, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff960002ed6a6, 0xfffff8800684b070, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091012-16411-01.
10/09/2012 17:04:02, Error: Service Control Manager [7034] - The Disk Defragmenter service terminated unexpectedly. It has done this 1 time(s).
10/09/2012 17:02:58, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Store Interface Service service, but this action failed with the following error: An instance of the service is already running.
10/09/2012 17:00:58, Error: Service Control Manager [7034] - The Function Discovery Provider Host service terminated unexpectedly. It has done this 1 time(s).
10/09/2012 17:00:58, Error: Service Control Manager [7023] - The Server service terminated with the following error: There are no more endpoints available from the endpoint mapper.
10/09/2012 17:00:58, Error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
10/09/2012 15:50:17, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x0000000000000003, 0xfffff900c08df360, 0xfffff900c08df360, 0xfffff900c08df3a0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091012-17409-01.
10/09/2012 15:47:17, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the SSDP Discovery service, but this action failed with the following error: An instance of the service is already running.
10/09/2012 15:47:17, Error: Service Control Manager [7031] - The Windows Font Cache Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/09/2012 15:47:17, Error: Service Control Manager [7031] - The UPnP Device Host service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
10/09/2012 15:47:17, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
10/09/2012 15:47:17, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
10/09/2012 15:45:17, Error: Service Control Manager [7031] - The Windows Font Cache Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/09/2012 15:45:17, Error: Service Control Manager [7031] - The UPnP Device Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
10/09/2012 15:45:17, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
10/09/2012 15:45:17, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/09/2012 14:42:46, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/09/2012 14:42:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/09/2012 14:42:45, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/09/2012 14:42:44, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/09/2012 14:42:44, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/09/2012 14:42:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/09/2012 14:42:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/09/2012 14:42:31, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Aspi32 CSC DfsC discache ehdrv EpfwLWF NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
10/09/2012 14:42:31, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/09/2012 14:42:31, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/09/2012 14:42:31, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/09/2012 14:42:31, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/09/2012 14:42:31, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/09/2012 14:42:31, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/09/2012 14:42:31, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/09/2012 14:42:31, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/09/2012 14:42:31, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/09/2012 14:42:31, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/09/2012 14:42:09, Error: sptd [4] - Driver detected an internal error in its data structures for .
10/09/2012 13:54:43, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 22 time(s).
10/09/2012 13:41:41, Error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 5 time(s).
10/09/2012 13:41:41, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 6 time(s).
10/09/2012 13:41:41, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The operation completed successfully.
10/09/2012 13:39:03, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
10/09/2012 13:38:33, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.
10/09/2012 13:38:33, Error: Service Control Manager [7000] - The Extensible Authentication Protocol service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/09/2012 13:32:33, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error: An instance of the service is already running.
10/09/2012 13:32:30, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DHCP Client service, but this action failed with the following error: An instance of the service is already running.
10/09/2012 13:32:13, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 21 time(s).
10/09/2012 13:32:13, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 20 time(s).
10/09/2012 13:32:13, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 5 time(s).
10/09/2012 13:32:13, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 3 time(s).
10/09/2012 13:31:52, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 16 time(s).
10/09/2012 13:31:52, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 16 time(s).
10/09/2012 13:31:52, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 11 time(s).
10/09/2012 13:31:51, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 15 time(s).
10/09/2012 13:31:51, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 15 time(s).
10/09/2012 13:31:51, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 10 time(s).
10/09/2012 13:31:49, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 14 time(s).
10/09/2012 13:31:49, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 13 time(s).
10/09/2012 13:31:49, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 12 time(s).
10/09/2012 13:31:49, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 14 time(s).
10/09/2012 13:31:49, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 13 time(s).
10/09/2012 13:31:49, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 12 time(s).
10/09/2012 13:31:49, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 9 time(s).
10/09/2012 13:31:48, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 11 time(s).
10/09/2012 13:31:48, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 11 time(s).
10/09/2012 13:31:46, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 9 time(s).
10/09/2012 13:31:46, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 10 time(s).
10/09/2012 13:31:46, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 9 time(s).
10/09/2012 13:31:46, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 10 time(s).
10/09/2012 13:31:46, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 8 time(s).
10/09/2012 13:31:46, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 7 time(s).
10/09/2012 13:31:38, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 19 time(s).
10/09/2012 13:31:38, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 18 time(s).
10/09/2012 13:31:38, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 17 time(s).
10/09/2012 13:31:35, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 8 time(s).
10/09/2012 13:31:35, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 7 time(s).
10/09/2012 13:31:35, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 8 time(s).
10/09/2012 13:31:35, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 7 time(s).
10/09/2012 13:31:35, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 16 time(s).
10/09/2012 13:31:35, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 15 time(s).
10/09/2012 13:31:35, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 14 time(s).
10/09/2012 13:31:35, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 13 time(s).
10/09/2012 13:31:35, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 12 time(s).
10/09/2012 13:31:35, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 11 time(s).
10/09/2012 13:31:35, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 6 time(s).
10/09/2012 13:31:35, Error: Service Control Manager [7031] - The Windows Time service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/09/2012 13:31:34, Error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 4 time(s).
10/09/2012 13:31:34, Error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 3 time(s).
10/09/2012 13:31:34, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 9 time(s).
10/09/2012 13:31:34, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 10 time(s).
10/09/2012 13:31:34, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 4 time(s).
10/09/2012 13:31:34, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/09/2012 13:31:34, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/09/2012 13:31:34, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The operation completed successfully.
10/09/2012 13:31:33, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 8 time(s).
10/09/2012 13:31:33, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 2 time(s).
10/09/2012 13:31:33, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/09/2012 13:31:31, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 6 time(s).
10/09/2012 13:31:31, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 6 time(s).
10/09/2012 13:31:31, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 7 time(s).
10/09/2012 13:31:31, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Network List Service service which failed to start because of the following error: The dependency service or group failed to start.
10/09/2012 13:31:31, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The pipe has been ended.
10/09/2012 13:31:29, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 5 time(s).
10/09/2012 13:31:29, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 5 time(s).
10/09/2012 13:31:24, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 6 time(s).
10/09/2012 13:31:15, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 5 time(s).
10/09/2012 13:31:15, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 3 time(s).
10/09/2012 13:31:10, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 4 time(s).
10/09/2012 13:30:34, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 4 time(s).
10/09/2012 13:30:34, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
10/09/2012 13:30:33, Error: Service Control Manager [7031] - The Windows Time service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/09/2012 13:30:31, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 3 time(s).
10/09/2012 13:30:31, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
10/09/2012 13:30:30, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/09/2012 13:30:30, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/09/2012 13:30:30, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
10/09/2012 13:30:30, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/09/2012 13:30:30, Error: Service Control Manager [7031] - The HomeGroup Provider service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/09/2012 13:30:30, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09/09/2012 15:17:52, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80002db1617, 0xfffff88009bba330, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090912-17425-01.
08/09/2012 12:46:09, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024809
.
==== End Of File ===========================

AlexMcNeill · Sep 15, 2012

BlueScreen View Log:

==================================================
Dump File : 091512-18236-01.dmp
Crash Time : 15/09/2012 01:55:41
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff800`02fa3d0c
Parameter 3 : fffff880`09427080
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\091512-18236-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,776
==================================================

==================================================
Dump File : 091412-18766-01.dmp
Crash Time : 14/09/2012 23:03:52
Bug Check String : REFERENCE_BY_POINTER
Bug Check Code : 0x00000018
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`002168b0
Parameter 3 : 00000000`00000002
Parameter 4 : ffffffff`ffffffff
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\091412-18766-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,776
==================================================

==================================================
Dump File : 091412-17440-01.dmp
Crash Time : 14/09/2012 22:05:13
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`05f81b30
Parameter 3 : fffffa80`05f81e10
Parameter 4 : fffff800`02fd9510
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\091412-17440-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,720
==================================================

==================================================
Dump File : 091412-21013-01.dmp
Crash Time : 14/09/2012 19:12:21
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 00000000`001904fb
Parameter 2 : fffff880`07c8bcc8
Parameter 3 : fffff880`07c8b520
Parameter 4 : fffff800`02f9c9fe
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+5a88
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\091412-21013-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,776
==================================================

==================================================
Dump File : 091412-17222-01.dmp
Crash Time : 14/09/2012 11:40:49
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff800`02fd72c1
Parameter 3 : fffff880`07c11a70
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\091412-17222-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,776
==================================================

==================================================
Dump File : 091312-19328-01.dmp
Crash Time : 13/09/2012 22:54:18
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 00000000`001904fb
Parameter 2 : fffff880`02b537d8
Parameter 3 : fffff880`02b53030
Parameter 4 : fffff880`014cdc73
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+b1c73
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\091312-19328-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,720
==================================================

==================================================
Dump File : 091312-18205-01.dmp
Crash Time : 13/09/2012 22:53:18
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff680`38fffff8
Parameter 2 : 00000000`00000000
Parameter 3 : fffff800`02c6ad36
Parameter 4 : 00000000`00000002
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\091312-18205-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,776
==================================================

==================================================
Dump File : 091312-23119-01.dmp
Crash Time : 13/09/2012 15:02:04
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : ffffffff`c0000005
Parameter 2 : fffff880`04f90d90
Parameter 3 : fffff880`06350668
Parameter 4 : fffff880`0634fec0
Caused By Driver : dxgmms1.sys
Caused By Address : dxgmms1.sys+1ded3
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : dxgmms1.sys+20d90
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\091312-23119-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,776
==================================================

==================================================
Dump File : 091212-20077-01.dmp
Crash Time : 12/09/2012 23:31:04
Bug Check String :
Bug Check Code : 0x00000109
Parameter 1 : a3a039d8`992e6579
Parameter 2 : b3b7465e`ebac8dfb
Parameter 3 : fffff880`00d1d014
Parameter 4 : 00000000`00000001
Caused By Driver : CLFS.SYS
Caused By Address : CLFS.SYS+20014
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\091212-20077-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,776
==================================================

==================================================
Dump File : 091112-17253-01.dmp
Crash Time : 11/09/2012 23:52:32
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff88c`02cdff90
Parameter 2 : 00000000`00000008
Parameter 3 : fffff88c`02cdff90
Parameter 4 : 00000000`00000005
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\091112-17253-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,776
==================================================

==================================================
Dump File : 091112-17690-01.dmp
Crash Time : 11/09/2012 03:15:29
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 00000000`040c4e60
Parameter 2 : 00000000`00000000
Parameter 3 : 00000000`68b09d1b
Parameter 4 : 00000000`00000008
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\091112-17690-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,776
==================================================

==================================================
Dump File : 091012-18876-01.dmp
Crash Time : 10/09/2012 19:59:45
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 00000000`00000020
Parameter 2 : fffff900`c089c9b0
Parameter 3 : fffff900`c089ca20
Parameter 4 : 00000000`25070021
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+cbe3a
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\091012-18876-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,776
==================================================

==================================================
Dump File : 090712-17409-01.dmp
Crash Time : 07/09/2012 01:43:13
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff880`00c43039
Parameter 3 : fffff880`03edd860
Parameter 4 : 00000000`00000000
Caused By Driver : fltmgr.sys
Caused By Address : fltmgr.sys+5039
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\090712-17409-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,776
==================================================

==================================================
Dump File : 090612-20997-01.dmp
Crash Time : 06/09/2012 04:11:26
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff800`02fcae5a
Parameter 3 : fffff880`08f93bb0
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\090612-20997-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,776
==================================================

==================================================
Dump File : 090512-16660-01.dmp
Crash Time : 05/09/2012 17:34:31
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff808`032274d8
Parameter 2 : 00000000`00000008
Parameter 3 : fffff808`032274d8
Parameter 4 : 00000000`00000005
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\090512-16660-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,776
==================================================

==================================================
Dump File : 090412-17362-01.dmp
Crash Time : 04/09/2012 21:08:06
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff800`02fb1f39
Parameter 3 : fffff880`09010a10
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\090412-17362-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,776
==================================================

==================================================
Dump File : 090412-21247-01.dmp
Crash Time : 04/09/2012 00:05:09
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff960`000c9549
Parameter 3 : fffff880`0924a6b0
Parameter 4 : 00000000`00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+5cc7d
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\090412-21247-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,776
==================================================

==================================================
Dump File : 090212-19843-01.dmp
Crash Time : 02/09/2012 20:42:11
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : ffffffff`c0000005
Parameter 2 : fffff880`01be5fa4
Parameter 3 : fffff880`06320908
Parameter 4 : fffff880`06320160
Caused By Driver : luafv.sys
Caused By Address : luafv.sys+17147
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : luafv.sys+16fa4
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\090212-19843-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,776
==================================================

==================================================
Dump File : 090212-16130-01.dmp
Crash Time : 02/09/2012 02:47:06
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff960`00130d97
Parameter 3 : fffff880`09897020
Parameter 4 : 00000000`00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+d0d97
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\090212-16130-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,776
==================================================

==================================================
Dump File : 090112-16317-01.dmp
Crash Time : 01/09/2012 01:40:42
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 00000000`00000003
Parameter 2 : fffff880`0634a390
Parameter 3 : fffff880`0634a3d8
Parameter 4 : fffff880`0634a390
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+775ca
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\090112-16317-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,776
==================================================

==================================================
Dump File : 090112-17082-01.dmp
Crash Time : 01/09/2012 01:16:08
Bug Check String :
Bug Check Code : 0x00000109
Parameter 1 : a3a039d8`987ce8c2
Parameter 2 : b3b7465e`eafb21e0
Parameter 3 : fffff800`00bd1020
Parameter 4 : 00000000`00000001
Caused By Driver : kdcom.dll
Caused By Address : kdcom.dll+1020
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\090112-17082-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,776
==================================================

==================================================
Dump File : 082012-17082-01.dmp
Crash Time : 20/08/2012 20:54:32
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : ffffffff`c0000005
Parameter 2 : fffff800`02ce4eeb
Parameter 3 : fffff880`0351d898
Parameter 4 : fffff880`0351d0f0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+d3eeb
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor : x64
Crash Address : ntoskrnl.exe+d3eeb
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\082012-17082-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,776
==================================================

==================================================
Dump File : 072612-15865-01.dmp
Crash Time : 26/07/2012 20:54:35
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 00000000`00272a70
Parameter 2 : 00000000`00000000
Parameter 3 : 00000000`76e80cbd
Parameter 4 : 00000000`00000008
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\072612-15865-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,776
==================================================

==================================================
Dump File : 071612-17144-01.dmp
Crash Time : 16/07/2012 15:03:05
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff800`02f6e28f
Parameter 3 : fffff880`07110070
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\071612-17144-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,776
==================================================

==================================================
Dump File : 071612-20264-01.dmp
Crash Time : 16/07/2012 01:17:16
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : ffffffff`c0000005
Parameter 2 : fffff880`012421d1
Parameter 3 : fffff880`033fc628
Parameter 4 : fffff880`033fbe80
Caused By Driver : fltmgr.sys
Caused By Address : fltmgr.sys+23178
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : fltmgr.sys+51d1
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\071612-20264-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,776
==================================================

==================================================
Dump File : 071612-18096-01.dmp
Crash Time : 16/07/2012 01:01:01
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 00000000`001904fb
Parameter 2 : fffff880`093b5ea8
Parameter 3 : fffff880`093b5700
Parameter 4 : fffff800`02df9617
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+5a88
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\071612-18096-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,776
==================================================

==================================================
Dump File : 071512-17378-01.dmp
Crash Time : 15/07/2012 13:49:34
Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x0000001e
Parameter 1 : ffffffff`c0000005
Parameter 2 : fffff800`02cf6a84
Parameter 3 : 00000000`00000001
Parameter 4 : 00000000`fffffa50
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+a8bd8
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\071512-17378-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,776
==================================================

==================================================
Dump File : 070812-23556-01.dmp
Crash Time : 08/07/2012 01:27:38
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : ffffffff`c0000005
Parameter 2 : fffff800`02df8a9b
Parameter 3 : fffff880`033fc738
Parameter 4 : fffff880`033fbf90
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+1aba9b
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor : x64
Crash Address : ntoskrnl.exe+1aba9b
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\070812-23556-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,776
==================================================

==================================================
Dump File : 062812-16411-01.dmp
Crash Time : 28/06/2012 21:33:39
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff800`02f9f65c
Parameter 3 : fffff880`08f3a090
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70040
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\062812-16411-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 274,720
==================================================

Broni · Sep 15, 2012

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.
Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

===================================

Download RogueKiller on the desktop
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

====================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

AlexMcNeill · Sep 16, 2012

TDSS Killer:

15:34:17.0185 3428 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
15:34:17.0465 3428 ============================================================
15:34:17.0465 3428 Current date / time: 2012/09/16 15:34:17.0465
15:34:17.0465 3428 SystemInfo:
15:34:17.0465 3428
15:34:17.0465 3428 OS Version: 6.1.7601 ServicePack: 1.0
15:34:17.0465 3428 Product type: Workstation
15:34:17.0465 3428 ComputerName: ALEXANDER-PC
15:34:17.0465 3428 UserName: Alexander
15:34:17.0465 3428 Windows directory: C:\Windows
15:34:17.0465 3428 System windows directory: C:\Windows
15:34:17.0465 3428 Running under WOW64
15:34:17.0465 3428 Processor architecture: Intel x64
15:34:17.0465 3428 Number of processors: 4
15:34:17.0465 3428 Page size: 0x1000
15:34:17.0465 3428 Boot type: Normal boot
15:34:17.0465 3428 ============================================================
15:34:18.0775 3428 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:34:18.0795 3428 ============================================================
15:34:18.0795 3428 \Device\Harddisk0\DR0:
15:34:18.0795 3428 MBR partitions:
15:34:18.0795 3428 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:34:18.0795 3428 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
15:34:18.0795 3428 ============================================================
15:34:18.0835 3428 C: <-> \Device\Harddisk0\DR0\Partition2
15:34:18.0835 3428 ============================================================
15:34:18.0835 3428 Initialize success
15:34:18.0835 3428 ============================================================
15:34:23.0005 3280 ============================================================
15:34:23.0005 3280 Scan started
15:34:23.0005 3280 Mode: Manual;
15:34:23.0005 3280 ============================================================
15:34:23.0375 3280 ================ Scan system memory ========================
15:34:23.0375 3280 System memory - ok
15:34:23.0375 3280 ================ Scan services =============================
15:34:23.0545 3280 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:34:23.0545 3280 1394ohci - ok
15:34:23.0585 3280 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:34:23.0595 3280 ACPI - ok
15:34:23.0605 3280 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:34:23.0645 3280 AcpiPmi - ok
15:34:23.0785 3280 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:34:23.0785 3280 AdobeARMservice - ok
15:34:23.0885 3280 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:34:23.0885 3280 AdobeFlashPlayerUpdateSvc - ok
15:34:23.0925 3280 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:34:23.0965 3280 adp94xx - ok
15:34:23.0985 3280 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:34:24.0025 3280 adpahci - ok
15:34:24.0045 3280 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:34:24.0045 3280 adpu320 - ok
15:34:24.0075 3280 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:34:24.0075 3280 AeLookupSvc - ok
15:34:24.0105 3280 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:34:24.0115 3280 AFD - ok
15:34:24.0155 3280 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:34:24.0175 3280 agp440 - ok
15:34:24.0195 3280 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:34:24.0195 3280 ALG - ok
15:34:24.0235 3280 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:34:24.0255 3280 aliide - ok
15:34:24.0265 3280 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:34:24.0285 3280 amdide - ok
15:34:24.0315 3280 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:34:24.0335 3280 AmdK8 - ok
15:34:24.0335 3280 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:34:24.0355 3280 AmdPPM - ok
15:34:24.0375 3280 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:34:24.0405 3280 amdsata - ok
15:34:24.0425 3280 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:34:24.0445 3280 amdsbs - ok
15:34:24.0455 3280 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:34:24.0475 3280 amdxata - ok
15:34:24.0505 3280 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
15:34:24.0535 3280 androidusb - ok
15:34:24.0575 3280 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:34:24.0615 3280 AppID - ok
15:34:24.0635 3280 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:34:24.0635 3280 AppIDSvc - ok
15:34:24.0675 3280 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:34:24.0675 3280 Appinfo - ok
15:34:24.0735 3280 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:34:24.0735 3280 Apple Mobile Device - ok
15:34:24.0815 3280 [ 0805ECF10476A091999E4D59D0DB71A2 ] Application Updater C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
15:34:24.0825 3280 Application Updater - ok
15:34:24.0855 3280 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
15:34:24.0855 3280 AppMgmt - ok
15:34:24.0865 3280 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:34:24.0885 3280 arc - ok
15:34:24.0905 3280 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:34:24.0905 3280 arcsas - ok
15:34:24.0925 3280 Aspi32 - ok
15:34:25.0015 3280 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:34:25.0035 3280 aspnet_state - ok
15:34:25.0055 3280 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:34:25.0075 3280 AsyncMac - ok
15:34:25.0115 3280 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:34:25.0115 3280 atapi - ok
15:34:25.0435 3280 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\Windows\system32\drivers\atikmdag.sys
15:34:25.0545 3280 atikmdag - ok
15:34:25.0595 3280 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:34:25.0595 3280 AudioEndpointBuilder - ok
15:34:25.0605 3280 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:34:25.0615 3280 AudioSrv - ok
15:34:25.0645 3280 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:34:25.0655 3280 AxInstSV - ok
15:34:25.0665 3280 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:34:25.0675 3280 b06bdrv - ok
15:34:25.0695 3280 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:34:25.0715 3280 b57nd60a - ok
15:34:25.0725 3280 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:34:25.0725 3280 BDESVC - ok
15:34:25.0745 3280 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:34:25.0745 3280 Beep - ok
15:34:25.0795 3280 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:34:25.0805 3280 BFE - ok
15:34:25.0825 3280 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
15:34:25.0835 3280 BITS - ok
15:34:25.0855 3280 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:34:25.0875 3280 blbdrive - ok
15:34:25.0945 3280 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:34:25.0955 3280 Bonjour Service - ok
15:34:25.0995 3280 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:34:26.0025 3280 bowser - ok
15:34:26.0035 3280 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:34:26.0035 3280 BrFiltLo - ok
15:34:26.0045 3280 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:34:26.0045 3280 BrFiltUp - ok
15:34:26.0055 3280 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:34:26.0075 3280 BridgeMP - ok
15:34:26.0125 3280 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:34:26.0135 3280 Browser - ok
15:34:26.0145 3280 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:34:26.0165 3280 Brserid - ok
15:34:26.0175 3280 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:34:26.0185 3280 BrSerWdm - ok
15:34:26.0195 3280 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:34:26.0215 3280 BrUsbMdm - ok
15:34:26.0215 3280 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:34:26.0215 3280 BrUsbSer - ok
15:34:26.0225 3280 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:34:26.0235 3280 BTHMODEM - ok
15:34:26.0245 3280 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:34:26.0245 3280 bthserv - ok
15:34:26.0265 3280 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:34:26.0265 3280 cdfs - ok
15:34:26.0305 3280 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
15:34:26.0325 3280 cdrom - ok
15:34:26.0365 3280 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:34:26.0375 3280 CertPropSvc - ok
15:34:26.0375 3280 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:34:26.0385 3280 circlass - ok
15:34:26.0395 3280 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:34:26.0405 3280 CLFS - ok
15:34:26.0445 3280 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:34:26.0445 3280 clr_optimization_v2.0.50727_32 - ok
15:34:26.0485 3280 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:34:26.0485 3280 clr_optimization_v2.0.50727_64 - ok
15:34:26.0525 3280 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:34:26.0565 3280 clr_optimization_v4.0.30319_32 - ok
15:34:26.0585 3280 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:34:26.0585 3280 clr_optimization_v4.0.30319_64 - ok
15:34:26.0595 3280 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:34:26.0605 3280 CmBatt - ok
15:34:26.0655 3280 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:34:26.0685 3280 cmdide - ok
15:34:26.0715 3280 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:34:26.0735 3280 CNG - ok
15:34:26.0755 3280 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:34:26.0775 3280 Compbatt - ok
15:34:26.0805 3280 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:34:26.0805 3280 CompositeBus - ok
15:34:26.0815 3280 COMSysApp - ok
15:34:26.0835 3280 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:34:26.0835 3280 crcdisk - ok
15:34:26.0885 3280 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:34:26.0885 3280 CryptSvc - ok
15:34:26.0925 3280 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
15:34:26.0935 3280 CSC - ok
15:34:26.0965 3280 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
15:34:26.0965 3280 CscService - ok
15:34:26.0985 3280 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:34:26.0995 3280 DcomLaunch - ok
15:34:27.0015 3280 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:34:27.0025 3280 defragsvc - ok
15:34:27.0055 3280 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:34:27.0055 3280 DfsC - ok
15:34:27.0065 3280 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:34:27.0075 3280 Dhcp - ok
15:34:27.0085 3280 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:34:27.0085 3280 discache - ok
15:34:27.0125 3280 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:34:27.0145 3280 Disk - ok
15:34:27.0165 3280 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:34:27.0175 3280 Dnscache - ok
15:34:27.0215 3280 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:34:27.0225 3280 dot3svc - ok
15:34:27.0295 3280 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
15:34:27.0315 3280 Dot4 - ok
15:34:27.0375 3280 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
15:34:27.0395 3280 Dot4Print - ok
15:34:27.0435 3280 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
15:34:27.0465 3280 dot4usb - ok
15:34:27.0505 3280 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:34:27.0505 3280 DPS - ok
15:34:27.0545 3280 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:34:27.0565 3280 drmkaud - ok
15:34:27.0595 3280 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:34:27.0605 3280 DXGKrnl - ok
15:34:27.0645 3280 [ 13533557D01B88C83110D5CF749F14D7 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
15:34:27.0645 3280 eamonm - ok
15:34:27.0665 3280 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:34:27.0675 3280 EapHost - ok
15:34:27.0765 3280 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:34:27.0855 3280 ebdrv - ok
15:34:27.0875 3280 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:34:27.0885 3280 EFS - ok
15:34:27.0925 3280 [ E097728129E7B79BF1089D7AEF42332B ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
15:34:27.0945 3280 ehdrv - ok
15:34:27.0985 3280 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:34:27.0985 3280 ehRecvr - ok
15:34:28.0005 3280 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:34:28.0005 3280 ehSched - ok
15:34:28.0095 3280 [ C7BB95CF9631AA401E4ADED1648F6AF7 ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
15:34:28.0095 3280 ekrn - ok
15:34:28.0135 3280 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:34:28.0145 3280 elxstor - ok
15:34:28.0195 3280 [ 198C6FBC30BBD9632EA051203DCCF204 ] epfw C:\Windows\system32\DRIVERS\epfw.sys
15:34:28.0205 3280 epfw - ok
15:34:28.0215 3280 [ 56DE463F517710A8AA44EEF82C35B3C9 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
15:34:28.0245 3280 EpfwLWF - ok
15:34:28.0265 3280 [ 710B0442BB2F99278D7B8E02A8849C11 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
15:34:28.0275 3280 epfwwfp - ok
15:34:28.0325 3280 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:34:28.0335 3280 ErrDev - ok
15:34:28.0375 3280 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:34:28.0375 3280 EventSystem - ok
15:34:28.0385 3280 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:34:28.0415 3280 exfat - ok
15:34:28.0435 3280 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:34:28.0465 3280 fastfat - ok
15:34:28.0505 3280 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:34:28.0515 3280 Fax - ok
15:34:28.0525 3280 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:34:28.0555 3280 fdc - ok
15:34:28.0565 3280 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:34:28.0565 3280 fdPHost - ok
15:34:28.0575 3280 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:34:28.0585 3280 FDResPub - ok
15:34:28.0585 3280 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:34:28.0605 3280 FileInfo - ok
15:34:28.0615 3280 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:34:28.0635 3280 Filetrace - ok
15:34:28.0635 3280 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:34:28.0665 3280 flpydisk - ok
15:34:28.0685 3280 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:34:28.0715 3280 FltMgr - ok
15:34:28.0775 3280 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:34:28.0785 3280 FontCache - ok
15:34:28.0835 3280 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:34:28.0835 3280 FontCache3.0.0.0 - ok
15:34:28.0845 3280 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:34:28.0865 3280 FsDepends - ok
15:34:28.0895 3280 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:34:28.0915 3280 Fs_Rec - ok
15:34:28.0965 3280 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:34:28.0965 3280 fvevol - ok
15:34:28.0975 3280 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:34:29.0025 3280 gagp30kx - ok
15:34:29.0065 3280 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:34:29.0095 3280 GEARAspiWDM - ok
15:34:29.0145 3280 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:34:29.0155 3280 gpsvc - ok
15:34:29.0175 3280 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:34:29.0175 3280 hcw85cir - ok
15:34:29.0295 3280 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:34:29.0305 3280 HdAudAddService - ok
15:34:29.0325 3280 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:34:29.0325 3280 HDAudBus - ok
15:34:29.0335 3280 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:34:29.0375 3280 HidBatt - ok
15:34:29.0395 3280 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:34:29.0415 3280 HidBth - ok
15:34:29.0415 3280 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:34:29.0455 3280 HidIr - ok
15:34:29.0475 3280 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
15:34:29.0475 3280 hidserv - ok
15:34:29.0495 3280 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
15:34:29.0515 3280 HidUsb - ok
15:34:29.0545 3280 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:34:29.0555 3280 hkmsvc - ok
15:34:29.0565 3280 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:34:29.0565 3280 HomeGroupListener - ok
15:34:29.0575 3280 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:34:29.0585 3280 HomeGroupProvider - ok
15:34:29.0595 3280 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:34:29.0605 3280 HpSAMD - ok
15:34:29.0655 3280 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:34:29.0665 3280 HTTP - ok
15:34:29.0675 3280 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:34:29.0675 3280 hwpolicy - ok
15:34:29.0685 3280 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:34:29.0705 3280 i8042prt - ok
15:34:29.0715 3280 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:34:29.0745 3280 iaStorV - ok
15:34:29.0795 3280 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:34:29.0805 3280 idsvc - ok
15:34:29.0815 3280 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:34:29.0825 3280 iirsp - ok
15:34:29.0845 3280 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:34:29.0855 3280 IKEEXT - ok
15:34:29.0895 3280 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:34:29.0915 3280 intelide - ok
15:34:29.0935 3280 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:34:29.0935 3280 intelppm - ok
15:34:29.0955 3280 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:34:29.0955 3280 IPBusEnum - ok
15:34:29.0975 3280 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:34:29.0975 3280 IpFilterDriver - ok
15:34:30.0015 3280 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:34:30.0025 3280 iphlpsvc - ok
15:34:30.0035 3280 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:34:30.0045 3280 IPMIDRV - ok
15:34:30.0045 3280 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:34:30.0075 3280 IPNAT - ok
15:34:30.0145 3280 [ 755E4BA6DCE627A2683BB7640553C8D6 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:34:30.0155 3280 iPod Service - ok
15:34:30.0225 3280 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:34:30.0225 3280 IRENUM - ok
15:34:30.0245 3280 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:34:30.0255 3280 isapnp - ok
15:34:30.0295 3280 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:34:30.0315 3280 iScsiPrt - ok
15:34:30.0335 3280 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
15:34:30.0335 3280 kbdclass - ok
15:34:30.0345 3280 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:34:30.0345 3280 kbdhid - ok
15:34:30.0355 3280 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:34:30.0365 3280 KeyIso - ok
15:34:30.0365 3280 KMService - ok
15:34:30.0395 3280 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:34:30.0435 3280 KSecDD - ok
15:34:30.0475 3280 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:34:30.0485 3280 KSecPkg - ok
15:34:30.0495 3280 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:34:30.0505 3280 ksthunk - ok
15:34:30.0535 3280 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:34:30.0545 3280 KtmRm - ok
15:34:30.0565 3280 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:34:30.0565 3280 LanmanServer - ok
15:34:30.0605 3280 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:34:30.0615 3280 LanmanWorkstation - ok
15:34:30.0635 3280 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:34:30.0645 3280 lltdio - ok
15:34:30.0675 3280 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:34:30.0685 3280 lltdsvc - ok
15:34:30.0685 3280 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:34:30.0695 3280 lmhosts - ok
15:34:30.0715 3280 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:34:30.0735 3280 LSI_FC - ok
15:34:30.0745 3280 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:34:30.0755 3280 LSI_SAS - ok
15:34:30.0765 3280 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:34:30.0795 3280 LSI_SAS2 - ok
15:34:30.0795 3280 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:34:30.0815 3280 LSI_SCSI - ok
15:34:30.0825 3280 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:34:30.0835 3280 luafv - ok
15:34:30.0875 3280 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:34:30.0875 3280 Mcx2Svc - ok
15:34:30.0885 3280 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:34:30.0915 3280 megasas - ok
15:34:30.0925 3280 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:34:30.0945 3280 MegaSR - ok
15:34:31.0065 3280 Microsoft SharePoint Workspace Audit Service - ok
15:34:31.0085 3280 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:34:31.0085 3280 MMCSS - ok
15:34:31.0095 3280 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:34:31.0095 3280 Modem - ok
15:34:31.0115 3280 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:34:31.0115 3280 monitor - ok
15:34:31.0155 3280 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
15:34:31.0155 3280 mouclass - ok
15:34:31.0165 3280 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:34:31.0175 3280 mouhid - ok
15:34:31.0205 3280 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:34:31.0205 3280 mountmgr - ok
15:34:31.0265 3280 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:34:31.0285 3280 MozillaMaintenance - ok
15:34:31.0315 3280 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:34:31.0325 3280 mpio - ok
15:34:31.0335 3280 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:34:31.0355 3280 mpsdrv - ok
15:34:31.0405 3280 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:34:31.0425 3280 MpsSvc - ok
15:34:31.0455 3280 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:34:31.0465 3280 MRxDAV - ok
15:34:31.0485 3280 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:34:31.0485 3280 mrxsmb - ok
15:34:31.0515 3280 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:34:31.0555 3280 mrxsmb10 - ok
15:34:31.0565 3280 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:34:31.0585 3280 mrxsmb20 - ok
15:34:31.0635 3280 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:34:31.0655 3280 msahci - ok
15:34:31.0675 3280 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:34:31.0695 3280 msdsm - ok
15:34:31.0715 3280 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:34:31.0725 3280 MSDTC - ok
15:34:31.0735 3280 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:34:31.0745 3280 Msfs - ok
15:34:31.0745 3280 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:34:31.0755 3280 mshidkmdf - ok
15:34:31.0765 3280 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:34:31.0785 3280 msisadrv - ok
15:34:31.0815 3280 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:34:31.0815 3280 MSiSCSI - ok
15:34:31.0825 3280 msiserver - ok
15:34:31.0845 3280 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:34:31.0855 3280 MSKSSRV - ok
15:34:31.0855 3280 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:34:31.0855 3280 MSPCLOCK - ok
15:34:31.0865 3280 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:34:31.0885 3280 MSPQM - ok
15:34:31.0925 3280 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:34:31.0925 3280 MsRPC - ok
15:34:31.0945 3280 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:34:31.0945 3280 mssmbios - ok
15:34:31.0955 3280 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:34:31.0955 3280 MSTEE - ok
15:34:31.0975 3280 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:34:31.0975 3280 MTConfig - ok
15:34:31.0995 3280 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:34:32.0015 3280 Mup - ok
15:34:32.0065 3280 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:34:32.0065 3280 napagent - ok
15:34:32.0085 3280 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:34:32.0125 3280 NativeWifiP - ok
15:34:32.0165 3280 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:34:32.0175 3280 NDIS - ok
15:34:32.0195 3280 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:34:32.0215 3280 NdisCap - ok
15:34:32.0235 3280 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:34:32.0245 3280 NdisTapi - ok
15:34:32.0275 3280 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:34:32.0275 3280 Ndisuio - ok
15:34:32.0325 3280 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:34:32.0355 3280 NdisWan - ok
15:34:32.0396 3280 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:34:32.0436 3280 NDProxy - ok
15:34:32.0496 3280 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
15:34:32.0496 3280 Net Driver HPZ12 - ok
15:34:32.0506 3280 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:34:32.0836 3280 NetBIOS - ok
15:34:32.0876 3280 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:34:32.0876 3280 NetBT - ok
15:34:32.0886 3280 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:34:32.0896 3280 Netlogon - ok
15:34:32.0926 3280 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:34:32.0936 3280 Netman - ok
15:34:32.0986 3280 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:34:32.0986 3280 NetMsmqActivator - ok
15:34:32.0996 3280 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:34:32.0996 3280 NetPipeActivator - ok
15:34:33.0016 3280 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:34:33.0016 3280 netprofm - ok
15:34:33.0026 3280 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:34:33.0026 3280 NetTcpActivator - ok
15:34:33.0036 3280 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:34:33.0036 3280 NetTcpPortSharing - ok
15:34:33.0036 3280 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:34:33.0066 3280 nfrd960 - ok
15:34:33.0096 3280 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:34:33.0106 3280 NlaSvc - ok
15:34:33.0116 3280 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:34:33.0136 3280 Npfs - ok
15:34:33.0136 3280 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:34:33.0146 3280 nsi - ok
15:34:33.0156 3280 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:34:33.0156 3280 nsiproxy - ok
15:34:33.0216 3280 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:34:33.0276 3280 Ntfs - ok
15:34:33.0296 3280 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:34:33.0316 3280 Null - ok
15:34:33.0326 3280 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:34:33.0346 3280 nvraid - ok
15:34:33.0386 3280 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:34:33.0436 3280 nvstor - ok
15:34:33.0436 3280 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:34:33.0456 3280 nv_agp - ok
15:34:33.0496 3280 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:34:33.0516 3280 ohci1394 - ok
15:34:33.0576 3280 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:34:33.0576 3280 ose64 - ok
15:34:33.0716 3280 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:34:33.0746 3280 osppsvc - ok
15:34:33.0756 3280 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:34:33.0766 3280 p2pimsvc - ok
15:34:33.0786 3280 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:34:33.0796 3280 p2psvc - ok
15:34:33.0876 3280 [ F7BAC457D6AE2F7E18FA69C8180A7843 ] PaceLicenseDServices C:\Program Files (x86)\Common

AlexMcNeill · Sep 16, 2012

(Continued)

Files\PACE\Services\LicenseServices\LDSvc.exe
15:34:33.0896 3280 PaceLicenseDServices - ok
15:34:33.0956 3280 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:34:34.0016 3280 Parport - ok
15:34:34.0066 3280 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:34:34.0086 3280 partmgr - ok
15:34:34.0106 3280 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:34:34.0116 3280 PcaSvc - ok
15:34:34.0116 3280 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:34:34.0156 3280 pci - ok
15:34:34.0166 3280 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:34:34.0176 3280 pciide - ok
15:34:34.0186 3280 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:34:34.0206 3280 pcmcia - ok
15:34:34.0216 3280 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:34:34.0236 3280 pcw - ok
15:34:34.0246 3280 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:34:34.0276 3280 PEAUTH - ok
15:34:34.0306 3280 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:34:34.0336 3280 PeerDistSvc - ok
15:34:34.0386 3280 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:34:34.0386 3280 PerfHost - ok
15:34:34.0446 3280 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:34:34.0466 3280 pla - ok
15:34:34.0506 3280 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:34:34.0506 3280 PlugPlay - ok
15:34:34.0536 3280 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
15:34:34.0536 3280 Pml Driver HPZ12 - ok
15:34:34.0546 3280 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:34:34.0546 3280 PNRPAutoReg - ok
15:34:34.0566 3280 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:34:34.0566 3280 PNRPsvc - ok
15:34:34.0586 3280 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:34:34.0596 3280 PolicyAgent - ok
15:34:34.0606 3280 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:34:34.0606 3280 Power - ok
15:34:34.0616 3280 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:34:34.0666 3280 PptpMiniport - ok
15:34:34.0686 3280 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:34:34.0706 3280 Processor - ok
15:34:34.0746 3280 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:34:34.0746 3280 ProfSvc - ok
15:34:34.0766 3280 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:34:34.0766 3280 ProtectedStorage - ok
15:34:34.0816 3280 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:34:34.0816 3280 Psched - ok
15:34:34.0866 3280 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
15:34:34.0876 3280 PxHlpa64 - ok
15:34:34.0936 3280 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:34:34.0986 3280 ql2300 - ok
15:34:34.0996 3280 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:34:35.0006 3280 ql40xx - ok
15:34:35.0026 3280 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:34:35.0026 3280 QWAVE - ok
15:34:35.0036 3280 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:34:35.0056 3280 QWAVEdrv - ok
15:34:35.0066 3280 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:34:35.0086 3280 RasAcd - ok
15:34:35.0116 3280 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:34:35.0116 3280 RasAgileVpn - ok
15:34:35.0126 3280 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:34:35.0126 3280 RasAuto - ok
15:34:35.0146 3280 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:34:35.0176 3280 Rasl2tp - ok
15:34:35.0196 3280 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:34:35.0196 3280 RasMan - ok
15:34:35.0216 3280 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:34:35.0226 3280 RasPppoe - ok
15:34:35.0246 3280 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:34:35.0266 3280 RasSstp - ok
15:34:35.0286 3280 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:34:35.0286 3280 rdbss - ok
15:34:35.0296 3280 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:34:35.0336 3280 rdpbus - ok
15:34:35.0336 3280 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:34:35.0336 3280 RDPCDD - ok
15:34:35.0376 3280 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:34:35.0416 3280 RDPDR - ok
15:34:35.0426 3280 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:34:35.0426 3280 RDPENCDD - ok
15:34:35.0446 3280 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:34:35.0446 3280 RDPREFMP - ok
15:34:35.0486 3280 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:34:35.0516 3280 RdpVideoMiniport - ok
15:34:35.0586 3280 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:34:35.0626 3280 RDPWD - ok
15:34:35.0666 3280 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:34:35.0676 3280 rdyboost - ok
15:34:35.0696 3280 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:34:35.0706 3280 RemoteAccess - ok
15:34:35.0726 3280 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:34:35.0736 3280 RemoteRegistry - ok
15:34:35.0756 3280 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:34:35.0756 3280 RpcEptMapper - ok
15:34:35.0756 3280 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:34:35.0766 3280 RpcLocator - ok
15:34:35.0806 3280 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:34:35.0806 3280 RpcSs - ok
15:34:35.0826 3280 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:34:35.0846 3280 rspndr - ok
15:34:35.0866 3280 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:34:35.0896 3280 RTL8167 - ok
15:34:35.0936 3280 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:34:35.0946 3280 s3cap - ok
15:34:35.0966 3280 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:34:35.0966 3280 SamSs - ok
15:34:35.0976 3280 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:34:35.0996 3280 sbp2port - ok
15:34:36.0016 3280 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:34:36.0016 3280 SCardSvr - ok
15:34:36.0056 3280 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:34:36.0086 3280 scfilter - ok
15:34:36.0126 3280 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:34:36.0156 3280 Schedule - ok
15:34:36.0186 3280 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:34:36.0186 3280 SCPolicySvc - ok
15:34:36.0206 3280 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:34:36.0216 3280 SDRSVC - ok
15:34:36.0236 3280 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:34:36.0256 3280 secdrv - ok
15:34:36.0296 3280 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:34:36.0306 3280 seclogon - ok
15:34:36.0336 3280 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
15:34:36.0336 3280 SENS - ok
15:34:36.0346 3280 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:34:36.0356 3280 SensrSvc - ok
15:34:36.0396 3280 [ 84AC127242DD3CCDE02F9A4673214B1F ] Sentinel64 C:\Windows\System32\Drivers\Sentinel64.sys
15:34:36.0416 3280 Sentinel64 - ok
15:34:36.0436 3280 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:34:36.0446 3280 Serenum - ok
15:34:36.0466 3280 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:34:36.0526 3280 Serial - ok
15:34:36.0536 3280 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:34:36.0556 3280 sermouse - ok
15:34:36.0596 3280 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:34:36.0606 3280 SessionEnv - ok
15:34:36.0646 3280 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:34:36.0666 3280 sffdisk - ok
15:34:36.0676 3280 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:34:36.0696 3280 sffp_mmc - ok
15:34:36.0706 3280 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:34:36.0716 3280 sffp_sd - ok
15:34:36.0726 3280 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:34:36.0746 3280 sfloppy - ok
15:34:36.0766 3280 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:34:36.0776 3280 SharedAccess - ok
15:34:36.0796 3280 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:34:36.0806 3280 ShellHWDetection - ok
15:34:36.0816 3280 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:34:36.0856 3280 SiSRaid2 - ok
15:34:36.0876 3280 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:34:36.0886 3280 SiSRaid4 - ok
15:34:36.0936 3280 [ DD0443BC6CC78A19FD399817F8C51401 ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
15:34:36.0956 3280 SmartDefragDriver - ok
15:34:36.0976 3280 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:34:36.0976 3280 Smb - ok
15:34:36.0996 3280 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:34:37.0006 3280 SNMPTRAP - ok
15:34:37.0016 3280 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:34:37.0026 3280 spldr - ok
15:34:37.0066 3280 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:34:37.0076 3280 Spooler - ok
15:34:37.0156 3280 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:34:37.0176 3280 sppsvc - ok
15:34:37.0206 3280 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:34:37.0206 3280 sppuinotify - ok
15:34:37.0246 3280 [ DFC4E2081324E505CA479E473A78D893 ] sptd C:\Windows\System32\Drivers\sptd.sys
15:34:37.0316 3280 sptd - ok
15:34:37.0406 3280 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:34:37.0476 3280 srv - ok
15:34:37.0486 3280 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:34:37.0506 3280 srv2 - ok
15:34:37.0536 3280 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:34:37.0536 3280 srvnet - ok
15:34:37.0576 3280 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
15:34:37.0596 3280 ssadbus - ok
15:34:37.0616 3280 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
15:34:37.0616 3280 ssadmdfl - ok
15:34:37.0636 3280 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
15:34:37.0656 3280 ssadmdm - ok
15:34:37.0686 3280 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:34:37.0696 3280 SSDPSRV - ok
15:34:37.0706 3280 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:34:37.0716 3280 SstpSvc - ok
15:34:37.0726 3280 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:34:37.0726 3280 stexstor - ok
15:34:37.0786 3280 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:34:37.0806 3280 stisvc - ok
15:34:37.0836 3280 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
15:34:37.0836 3280 storflt - ok
15:34:37.0886 3280 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:34:37.0906 3280 storvsc - ok
15:34:37.0946 3280 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:34:37.0966 3280 swenum - ok
15:34:38.0116 3280 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:34:38.0116 3280 SwitchBoard - ok
15:34:38.0146 3280 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:34:38.0146 3280 swprv - ok
15:34:38.0156 3280 Synth3dVsc - ok
15:34:38.0216 3280 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:34:38.0246 3280 SysMain - ok
15:34:38.0256 3280 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:34:38.0266 3280 TabletInputService - ok
15:34:38.0276 3280 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:34:38.0286 3280 TapiSrv - ok
15:34:38.0296 3280 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:34:38.0296 3280 TBS - ok
15:34:38.0366 3280 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:34:38.0406 3280 Tcpip - ok
15:34:38.0466 3280 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:34:38.0486 3280 TCPIP6 - ok
15:34:38.0516 3280 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:34:38.0516 3280 tcpipreg - ok
15:34:38.0546 3280 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:34:38.0556 3280 TDPIPE - ok
15:34:38.0616 3280 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:34:38.0636 3280 TDTCP - ok
15:34:38.0676 3280 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:34:38.0696 3280 tdx - ok
15:34:38.0706 3280 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:34:38.0726 3280 TermDD - ok
15:34:38.0776 3280 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:34:38.0776 3280 TermService - ok
15:34:38.0796 3280 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:34:38.0796 3280 Themes - ok
15:34:38.0816 3280 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:34:38.0816 3280 THREADORDER - ok
15:34:38.0856 3280 [ 8DD33A57339ADAE34CDB12994ACBC50F ] Tpkd C:\Windows\system32\drivers\Tpkd.sys
15:34:38.0876 3280 Tpkd - ok
15:34:38.0896 3280 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:34:38.0906 3280 TrkWks - ok
15:34:38.0926 3280 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:34:38.0926 3280 TrustedInstaller - ok
15:34:38.0956 3280 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:34:38.0956 3280 tssecsrv - ok
15:34:38.0976 3280 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:34:39.0006 3280 TsUsbFlt - ok
15:34:39.0016 3280 tsusbhub - ok
15:34:39.0066 3280 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:34:39.0076 3280 tunnel - ok
15:34:39.0096 3280 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:34:39.0106 3280 uagp35 - ok
15:34:39.0126 3280 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:34:39.0126 3280 udfs - ok
15:34:39.0136 3280 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:34:39.0146 3280 UI0Detect - ok
15:34:39.0166 3280 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:34:39.0176 3280 uliagpkx - ok
15:34:39.0196 3280 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
15:34:39.0226 3280 umbus - ok
15:34:39.0246 3280 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:34:39.0266 3280 UmPass - ok
15:34:39.0306 3280 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
15:34:39.0316 3280 UmRdpService - ok
15:34:39.0336 3280 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:34:39.0356 3280 upnphost - ok
15:34:39.0407 3280 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:34:39.0427 3280 USBAAPL64 - ok
15:34:39.0457 3280 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:34:39.0477 3280 usbccgp - ok
15:34:39.0517 3280 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:34:39.0537 3280 usbcir - ok
15:34:39.0547 3280 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:34:39.0567 3280 usbehci - ok
15:34:39.0577 3280 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:34:39.0607 3280 usbhub - ok
15:34:39.0617 3280 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:34:39.0637 3280 usbohci - ok
15:34:39.0657 3280 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:34:39.0677 3280 usbprint - ok
15:34:39.0717 3280 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:34:39.0737 3280 usbscan - ok
15:34:39.0747 3280 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
15:34:39.0777 3280 USBSTOR - ok
15:34:39.0797 3280 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:34:39.0797 3280 usbuhci - ok
15:34:39.0807 3280 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:34:39.0817 3280 UxSms - ok
15:34:39.0827 3280 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:34:39.0827 3280 VaultSvc - ok
15:34:39.0837 3280 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:34:39.0867 3280 vdrvroot - ok
15:34:39.0907 3280 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:34:39.0917 3280 vds - ok
15:34:39.0937 3280 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:34:39.0937 3280 vga - ok
15:34:39.0947 3280 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:34:39.0967 3280 VgaSave - ok
15:34:39.0967 3280 VGPU - ok
15:34:39.0997 3280 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:34:40.0017 3280 vhdmp - ok
15:34:40.0057 3280 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:34:40.0077 3280 viaide - ok
15:34:40.0117 3280 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:34:40.0177 3280 vmbus - ok
15:34:40.0207 3280 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:34:40.0227 3280 VMBusHID - ok
15:34:40.0257 3280 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:34:40.0297 3280 volmgr - ok
15:34:40.0337 3280 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:34:40.0337 3280 volmgrx - ok
15:34:40.0347 3280 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:34:40.0377 3280 volsnap - ok
15:34:40.0397 3280 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:34:40.0417 3280 vsmraid - ok
15:34:40.0517 3280 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:34:40.0547 3280 VSS - ok
15:34:40.0557 3280 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:34:40.0567 3280 vwifibus - ok
15:34:40.0607 3280 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:34:40.0607 3280 W32Time - ok
15:34:40.0627 3280 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:34:40.0637 3280 WacomPen - ok
15:34:40.0647 3280 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:34:40.0667 3280 WANARP - ok
15:34:40.0667 3280 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:34:40.0667 3280 Wanarpv6 - ok
15:34:40.0727 3280 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:34:40.0767 3280 WatAdminSvc - ok
15:34:40.0827 3280 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:34:40.0847 3280 wbengine - ok
15:34:40.0867 3280 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:34:40.0867 3280 WbioSrvc - ok
15:34:40.0917 3280 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:34:40.0927 3280 wcncsvc - ok
15:34:40.0937 3280 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:34:40.0937 3280 WcsPlugInService - ok
15:34:40.0957 3280 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:34:40.0957 3280 Wd - ok
15:34:40.0977 3280 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:34:40.0987 3280 Wdf01000 - ok
15:34:40.0997 3280 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:34:40.0997 3280 WdiServiceHost - ok
15:34:41.0007 3280 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:34:41.0007 3280 WdiSystemHost - ok
15:34:41.0047 3280 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:34:41.0047 3280 WebClient - ok
15:34:41.0057 3280 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:34:41.0067 3280 Wecsvc - ok
15:34:41.0077 3280 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:34:41.0077 3280 wercplsupport - ok
15:34:41.0107 3280 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:34:41.0117 3280 WerSvc - ok
15:34:41.0117 3280 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:34:41.0137 3280 WfpLwf - ok
15:34:41.0157 3280 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:34:41.0177 3280 WIMMount - ok
15:34:41.0197 3280 WinDefend - ok
15:34:41.0207 3280 WinHttpAutoProxySvc - ok
15:34:41.0297 3280 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:34:41.0317 3280 Winmgmt - ok
15:34:41.0387 3280 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:34:41.0417 3280 WinRM - ok
15:34:41.0487 3280 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:34:41.0507 3280 WinUsb - ok
15:34:41.0527 3280 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:34:41.0547 3280 Wlansvc - ok
15:34:41.0567 3280 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:34:41.0587 3280 WmiAcpi - ok
15:34:41.0617 3280 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:34:41.0617 3280 wmiApSrv - ok
15:34:41.0627 3280 WMPNetworkSvc - ok
15:34:41.0637 3280 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:34:41.0637 3280 WPCSvc - ok
15:34:41.0677 3280 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:34:41.0687 3280 WPDBusEnum - ok
15:34:41.0697 3280 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:34:41.0697 3280 ws2ifsl - ok
15:34:41.0707 3280 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
15:34:41.0707 3280 wscsvc - ok
15:34:41.0707 3280 WSearch - ok
15:34:41.0787 3280 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:34:41.0857 3280 wuauserv - ok
15:34:41.0867 3280 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:34:41.0887 3280 WudfPf - ok
15:34:41.0927 3280 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:34:41.0947 3280 WUDFRd - ok
15:34:41.0997 3280 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:34:41.0997 3280 wudfsvc - ok
15:34:42.0017 3280 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:34:42.0017 3280 WwanSvc - ok
15:34:42.0037 3280 ================ Scan global ===============================
15:34:42.0057 3280 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:34:42.0077 3280 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:34:42.0087 3280 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:34:42.0107 3280 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:34:42.0137 3280 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:34:42.0137 3280 [Global] - ok
15:34:42.0137 3280 ================ Scan MBR ==================================
15:34:42.0147 3280 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:34:42.0488 3280 \Device\Harddisk0\DR0 - ok
15:34:42.0488 3280 ================ Scan VBR ==================================
15:34:42.0488 3280 [ 312ACF461551BC8DEE5FAF5CD4C51E3F ] \Device\Harddisk0\DR0\Partition1
15:34:42.0498 3280 \Device\Harddisk0\DR0\Partition1 - ok
15:34:42.0498 3280 [ 739782F13E18E9E3FD0D3742D0D93057 ] \Device\Harddisk0\DR0\Partition2
15:34:42.0498 3280 \Device\Harddisk0\DR0\Partition2 - ok
15:34:42.0498 3280 ============================================================
15:34:42.0498 3280 Scan finished
15:34:42.0498 3280 ============================================================
15:34:42.0508 1408 Detected object count: 0
15:34:42.0508 1408 Actual detected object count: 0

Broni · Sep 16, 2012

Go on...

AlexMcNeill · Sep 16, 2012

RougeKiller:

RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Alexander [Admin rights]
Mode : Scan -- Date : 09/16/2012 16:23:51

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000528AS ATA Device +++++
--- User ---
[MBR] 13b6cd51183612737022793d0c57efbc
[BSP] 43e2be632fa467e7e97cb39987fa84d2 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

(sorry, running the other scan at the moment, will post in a bit)

AlexMcNeill · Sep 16, 2012

aswMBR:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-16 17:55:24
-----------------------------
17:55:24.940 OS Version: Windows x64 6.1.7601 Service Pack 1
17:55:24.940 Number of processors: 4 586 0x170A
17:55:24.940 ComputerName: ALEXANDER-PC UserName: Alexander
17:55:26.407 Initialize success
18:01:46.205 AVAST engine defs: 12091400
18:03:00.127 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:03:00.130 Disk 0 Vendor: ST31000528AS CC44 Size: 953869MB BusType: 3
18:03:00.164 Disk 0 MBR read successfully
18:03:00.167 Disk 0 MBR scan
18:03:00.172 Disk 0 Windows 7 default MBR code
18:03:00.184 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:03:00.201 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
18:03:00.289 Disk 0 scanning C:\Windows\system32\drivers
18:03:25.200 Service scanning
18:03:47.370 Modules scanning
18:03:47.377 Disk 0 trace - called modules:
18:03:47.412 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80039b02c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:03:47.416 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a75060]
18:03:47.421 3 CLASSPNP.SYS[fffff88001ab243f] -> nt!IofCallDriver -> [0xfffffa80047cb580]
18:03:47.426 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047d3060]
18:03:47.431 \Driver\atapi[0xfffffa80047b6870] -> IRP_MJ_CREATE -> 0xfffffa80039b02c0
18:04:00.762 AVAST engine scan C:\Windows
18:04:58.578 AVAST engine scan C:\Windows\system32
18:10:38.345 AVAST engine scan C:\Windows\system32\drivers
18:11:09.067 AVAST engine scan C:\Users\Alexander
19:02:21.863 AVAST engine scan C:\ProgramData
19:04:03.306 Scan finished successfully
19:06:56.012 Disk 0 MBR has been saved successfully to "C:\Users\Alexander\Desktop\MBR.dat"
19:06:56.018 The log file has been saved successfully to "C:\Users\Alexander\Desktop\aswMBR.txt"

Broni · Sep 16, 2012

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

=============================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

AlexMcNeill · Sep 16, 2012

Ran the combofix scan but upon restarting my computer refused to connect to tthe internet-as suggested, I rebooted but I still couldn't connect. I've disconnected the internet, then reconnected and turned computer back on several times, and still no change. I would do a system restore but I wanted to get your verdict before I make any decisions on the matter. I've had to use a different computer to get the Log to you:

ComboFix 12-09-15.02 - Alexander 16/09/2012 19:22:54.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4095.2596 [GMT 1:00]
Running from: c:\users\Alexander\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-16 to 2012-09-16 )))))))))))))))))))))))))))))))
.
.
2012-09-16 18:28 . 2012-09-16 18:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-15 23:12 . 2012-09-15 23:13 -------- d-----w- c:\users\Alexander\AppData\Local\Facebook
2012-09-15 13:54 . 2012-09-15 13:54 -------- d-----w- C:\found.001
2012-09-15 12:42 . 2012-09-15 12:42 -------- d-----w- c:\program files (x86)\NirSoft
2012-09-15 01:59 . 2012-09-15 01:59 -------- d-----w- c:\users\Alexander\AppData\Roaming\Malwarebytes
2012-09-15 01:58 . 2012-09-15 01:58 -------- d-----w- c:\programdata\Malwarebytes
2012-09-15 01:58 . 2012-09-15 01:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-15 01:58 . 2012-09-07 16:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-15 00:59 . 2012-09-15 00:59 -------- d-----w- C:\_OTL
2012-09-14 20:00 . 2012-09-14 20:00 -------- d-----w- c:\program files (x86)\ESET
2012-09-14 18:49 . 2012-09-14 18:49 27256 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-09-14 18:49 . 2012-09-14 18:49 -------- d-----w- c:\users\Alexander\AppData\Roaming\FixTDSS
2012-09-14 10:28 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{34F0332C-F86F-41EA-9DCB-0871CC349104}\mpengine.dll
2012-09-12 22:47 . 2012-09-12 22:47 -------- d-----w- c:\users\Alexander\AppData\Local\Macromedia
2012-09-12 22:47 . 2012-09-12 22:54 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-11 19:36 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-11 19:36 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-11 19:36 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 19:36 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-11 19:36 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-11 19:36 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-11 19:36 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-10 12:31 . 2012-09-10 12:31 -------- d-----w- c:\users\Alexander\AppData\Local\Adob?
2012-08-30 14:47 . 2012-09-06 23:47 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 22:54 . 2012-03-15 18:33 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 19:54 . 2012-06-28 20:55 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-18 18:15 . 2012-08-15 13:05 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-15 13:05 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 13:05 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 13:05 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 13:05 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-29 04:55 . 2012-08-15 19:56 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-15 19:56 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-15 19:56 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-15 19:56 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-15 19:56 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-15 19:56 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-15 19:56 237056 ----a-w- c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-15 19:56 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-15 19:56 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-15 19:56 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-15 19:56 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-15 19:56 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-15 19:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-15 19:56 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-15 19:56 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-15 19:56 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-15 19:56 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 19:56 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 19:56 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-28 20:53 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-06-28 20:53 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-03-15 17:55 8192 --sha-w- c:\windows\SysWOW64\srvany.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-14_19.27.38 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-09-14 18:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-09-15 20:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-09-14 18:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-09-14 20:02 . 2012-09-15 20:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-14 18:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-15 20:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-14 23:41 . 2012-09-16 18:31 31668 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-16 18:31 25928 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:46 . 2012-09-16 18:18 89968 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-03-14 23:36 . 2012-09-16 18:31 6802 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3046589895-3326246652-1605513513-1001_UserData.bin
- 2012-09-14 19:27 . 2012-09-14 19:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-16 18:29 . 2012-09-16 18:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-16 18:29 . 2012-09-16 18:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-14 19:27 . 2012-09-14 19:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-09-14 18:58 667262 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-16 00:24 667262 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-16 00:24 125938 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-09-14 18:58 125938 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-09-16 18:28 474252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-09-14 19:26 474252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-03-15 04:09 . 2012-09-14 19:26 3141146 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3046589895-3326246652-1605513513-1001-12288.dat
+ 2012-03-15 04:09 . 2012-09-16 18:28 3141146 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3046589895-3326246652-1605513513-1001-12288.dat
+ 2010-01-01 00:00 . 2010-01-01 00:00 4460544 c:\windows\Installer\2b2af.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"Facebook Update"="c:\users\Alexander\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-15 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
.
c:\users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-12 250056]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-15 1255736]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-07-26 794560]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2011-07-09 2932224]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2007-04-27 142120]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-12 22:54]
.
2012-09-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001Core.job
- c:\users\Alexander\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-15 23:12]
.
2012-09-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001UA.job
- c:\users\Alexander\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-15 23:12]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001Core.job
- c:\users\Alexander\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-15 03:35]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001UA.job
- c:\users\Alexander\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-15 03:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\sw8bcap3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:16,b5,db,99,ab,2e,74,53,03,ef,9d,71,ec,e8,43,98,5f,e3,f9,34,ef,
20,a7,b5,3f,70,90,59,b1,bc,d8,97,a8,2a,95,a0,f6,af,74,8a,5f,8e,81,21,ac,44,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:16,b5,db,99,ab,2e,74,53,03,ef,9d,71,ec,e8,43,98,5f,e3,f9,34,ef,
20,a7,b5,3f,70,90,59,b1,bc,d8,97,a8,2a,95,a0,f6,af,74,8a,5f,8e,81,21,ac,44,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-16 19:35:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-16 18:35
ComboFix2.txt 2012-09-14 19:34
.
Pre-Run: 513,748,156,416 bytes free
Post-Run: 513,940,967,424 bytes free
.
- - End Of File - - 7A3FA108D32729684E7E725F4D677808

Broni · Sep 16, 2012

Yes. Use system restore to before Combofix.

AlexMcNeill · Sep 16, 2012

Carried out system restore-it failed. Ended up with this error message that I thought I'd show you:

Broni · Sep 16, 2012

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

AlexMcNeill · Sep 17, 2012

Cheers. Here's the log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2012 01
Ran by SYSTEM at 17-09-2012 16:18:38
Running from J:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36800 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [823224 2012-07-27] (Adobe Systems Inc.)
HKU\Alexander\...\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\Alexander\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3481408 2012-02-13] (DT Soft Ltd)
HKU\Alexander\...\Run: [Facebook Update] "C:\Users\Alexander\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-09-15] (Facebook Inc.)
Startup: C:\Users\Alexander\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ===================

2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [974944 2011-09-22] (ESET)
2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2012-03-15] ()
2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" [2932224 2011-07-08] (PACE Anti-Piracy, Inc.)

==================== Drivers (Whitelisted) =====================

2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
2 epfw; C:\Windows\System32\Drivers\epfw.sys [187632 2011-08-04] (ESET)
1 EpfwLWF; C:\Windows\System32\Drivers\EpfwLWF.sys [38288 2011-08-04] (ESET)
0 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [62496 2011-08-04] (ESET)
2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [142120 2007-04-26] (SafeNet, Inc.)
0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
0 sptd; C:\Windows\System32\Drivers\sptd.sys [564792 2012-03-15] (Duplex Secure Ltd.)
1 Aspi32; [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-09-16 13:22 - 2012-09-16 13:22 - 00274776 ____A C:\Windows\Minidump\091612-16270-01.dmp
2012-09-16 10:35 - 2012-09-16 10:35 - 00024324 ____A C:\ComboFix.txt
2012-09-16 10:20 - 2012-09-16 10:21 - 04754503 ____R (Swearware) C:\Users\Alexander\Desktop\ComboFix.exe
2012-09-16 10:09 - 2012-09-16 10:09 - 00274776 ____A C:\Windows\Minidump\091612-18002-01.dmp
2012-09-16 10:06 - 2012-09-16 10:06 - 00002092 ____A C:\Users\Alexander\Desktop\aswMBR.txt
2012-09-16 10:06 - 2012-09-16 10:06 - 00000512 ____A C:\Users\Alexander\Desktop\MBR.dat
2012-09-16 08:02 - 2012-09-16 08:02 - 00274776 ____A C:\Windows\Minidump\091612-21746-01.dmp
2012-09-16 07:25 - 2012-09-16 07:26 - 04731392 ____A (AVAST Software) C:\Users\Alexander\Desktop\aswMBR.exe
2012-09-16 07:23 - 2012-09-16 07:23 - 00001687 ____A C:\Users\Alexander\Desktop\RKreport[1].txt
2012-09-16 07:23 - 2012-09-16 07:23 - 00000000 ____D C:\Users\Alexander\Desktop\RK_Quarantine
2012-09-16 07:22 - 2012-09-16 07:23 - 01378816 ____A C:\Users\Alexander\Desktop\RogueKiller.exe
2012-09-16 07:21 - 2012-09-16 07:21 - 00278904 ____A C:\Windows\Minidump\091612-16723-01.dmp
2012-09-16 06:33 - 2012-09-16 06:33 - 02193184 ____A C:\Users\Alexander\Desktop\tdsskiller.zip
2012-09-16 06:33 - 2012-08-24 04:28 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Alexander\Desktop\TDSSKiller.exe
2012-09-16 06:33 - 2010-12-31 16:14 - 00002254 ___RA C:\Users\Alexander\Desktop\eula.txt
2012-09-15 16:30 - 2012-09-15 16:30 - 00274776 ____A C:\Windows\Minidump\091612-19593-01.dmp
2012-09-15 15:12 - 2012-09-16 09:17 - 00000944 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001UA.job
2012-09-15 15:12 - 2012-09-15 15:17 - 00000922 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001Core.job
2012-09-15 15:12 - 2012-09-15 15:13 - 00000000 ____D C:\Users\Alexander\AppData\Local\Facebook
2012-09-15 15:09 - 2012-09-15 15:09 - 00501248 ____A (Facebook Inc.) C:\Users\Alexander\Desktop\FacebookVideoCallSetup_v1.2.205.0.exe
2012-09-15 12:46 - 2012-09-15 12:46 - 00274776 ____A C:\Windows\Minidump\091512-19671-01.dmp
2012-09-15 12:35 - 2012-09-15 12:35 - 00274776 ____A C:\Windows\Minidump\091512-261847-01.dmp
2012-09-15 10:28 - 2012-09-15 10:28 - 00383004 ____A C:\Users\Alexander\Downloads\sound test 2.pkf
2012-09-15 10:08 - 2012-09-15 10:09 - 06132016 ____A C:\Users\Alexander\Downloads\sound test 2.wav
2012-09-15 05:57 - 2012-09-15 05:57 - 00274776 ____A C:\Windows\Minidump\091512-20982-01.dmp
2012-09-15 05:56 - 2012-09-15 05:56 - 00010096 ____N C:\bootsqm.dat
2012-09-15 05:54 - 2012-09-15 05:54 - 00000000 ____D C:\found.001
2012-09-15 05:44 - 2012-09-15 05:44 - 00001220 ____A C:\Windows\System32\Drivers\etc\hosts.txt
2012-09-15 04:43 - 2012-09-15 04:43 - 00055442 ____A C:\Users\Alexander\Desktop\BSOD.txt
2012-09-15 04:42 - 2012-09-15 04:42 - 00130247 ____A C:\Users\Alexander\Desktop\bluescreenview_setup.exe
2012-09-15 04:42 - 2012-09-15 04:42 - 00000000 ____D C:\Program Files (x86)\NirSoft
2012-09-15 04:36 - 2012-09-15 04:36 - 00006138 ____A C:\Users\Alexander\Desktop\Attach.zip
2012-09-15 04:35 - 2012-09-15 04:35 - 00052134 ____A C:\Users\Alexander\Desktop\Attach.txt
2012-09-15 04:34 - 2012-09-15 04:34 - 00607260 ____R (Swearware) C:\Users\Alexander\Desktop\dds.com
2012-09-14 18:42 - 2012-09-14 18:42 - 00302592 ____A C:\Users\Alexander\Downloads\5bjw68se.exe
2012-09-14 18:39 - 2012-09-14 18:39 - 00302592 ____A C:\Users\Alexander\Downloads\6k5k6p6k.exe
2012-09-14 18:36 - 2012-09-14 18:36 - 00000000 ____A C:\Users\Alexander\Desktop\gmer.log
2012-09-14 18:33 - 2012-09-14 18:33 - 00302592 ____A C:\Users\Alexander\Downloads\6ofrkfzy.exe
2012-09-14 17:59 - 2012-09-14 17:59 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Malwarebytes
2012-09-14 17:58 - 2012-09-14 17:58 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-14 17:58 - 2012-09-14 17:58 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-14 17:58 - 2012-09-14 17:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-14 17:58 - 2012-09-07 08:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-14 17:57 - 2012-09-14 17:57 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Alexander\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-14 16:59 - 2012-09-14 16:59 - 00000000 ____D C:\_OTL
2012-09-14 16:55 - 2012-09-14 16:55 - 00274776 ____A C:\Windows\Minidump\091512-18236-01.dmp
2012-09-14 14:03 - 2012-09-14 14:03 - 00274776 ____A C:\Windows\Minidump\091412-18766-01.dmp
2012-09-14 13:05 - 2012-09-14 13:05 - 00274720 ____A C:\Windows\Minidump\091412-17440-01.dmp
2012-09-14 12:00 - 2012-09-14 12:00 - 02322184 ____A (ESET) C:\Users\Alexander\Documents\esetsmartinstaller_enu.exe
2012-09-14 12:00 - 2012-09-14 12:00 - 00000000 ____D C:\Program Files (x86)\ESET
2012-09-14 11:18 - 2012-09-16 13:09 - 00000000 ____D C:\Windows\erdnt
2012-09-14 11:18 - 2012-09-16 10:35 - 00000000 ____D C:\Qoobox
2012-09-14 11:18 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-14 11:18 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-14 11:18 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-14 11:18 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-14 11:18 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-14 11:18 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-14 11:18 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-14 11:18 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-14 10:56 - 2012-09-14 10:56 - 04752472 ____A (Swearware) C:\Users\Alexander\Downloads\ComboFix.exe
2012-09-14 10:49 - 2012-09-14 10:49 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixTDSS.sys
2012-09-14 10:49 - 2012-09-14 10:49 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\FixTDSS
2012-09-14 10:41 - 2012-09-14 10:41 - 02193184 ____A C:\Users\Alexander\Downloads\tdsskiller.zip
2012-09-14 10:27 - 2012-09-14 10:27 - 00044607 ____A C:\Users\Alexander\Downloads\bootkit_remover.zip
2012-09-14 10:17 - 2012-09-14 10:17 - 04731392 ____A (AVAST Software) C:\Users\Alexander\Downloads\aswMBR(1).exe
2012-09-14 10:12 - 2012-09-14 10:12 - 00274776 ____A C:\Windows\Minidump\091412-21013-01.dmp
2012-09-14 02:40 - 2012-09-14 02:40 - 00274776 ____A C:\Windows\Minidump\091412-17222-01.dmp
2012-09-13 13:54 - 2012-09-13 13:54 - 00274720 ____A C:\Windows\Minidump\091312-19328-01.dmp
2012-09-13 13:53 - 2012-09-13 13:53 - 00274776 ____A C:\Windows\Minidump\091312-18205-01.dmp
2012-09-13 06:16 - 2012-09-13 06:16 - 04731392 ____A (AVAST Software) C:\Users\Alexander\Downloads\aswMBR.exe
2012-09-13 06:02 - 2012-09-13 06:02 - 00274776 ____A C:\Windows\Minidump\091312-23119-01.dmp
2012-09-12 14:47 - 2012-09-16 09:54 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-12 14:47 - 2012-09-12 14:54 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-12 14:47 - 2012-09-12 14:47 - 00000000 ____D C:\Users\Alexander\AppData\Local\Macromedia
2012-09-12 14:31 - 2012-09-12 14:31 - 00274776 ____A C:\Windows\Minidump\091212-20077-01.dmp
2012-09-11 14:52 - 2012-09-11 14:52 - 00274776 ____A C:\Windows\Minidump\091112-17253-01.dmp
2012-09-11 11:36 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-11 11:36 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-09-11 11:36 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-11 11:36 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-09-11 11:36 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-11 11:36 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-09-11 11:36 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-09-10 18:15 - 2012-09-10 18:15 - 00274776 ____A C:\Windows\Minidump\091112-17690-01.dmp
2012-09-10 10:59 - 2012-09-10 10:59 - 00274776 ____A C:\Windows\Minidump\091012-18876-01.dmp
2012-09-10 10:33 - 2012-09-10 10:33 - 00089507 ____A C:\Users\Alexander\Downloads\dir.dcr
2012-09-10 07:10 - 2012-09-10 07:12 - 00000000 ____D C:\Users\Alexander\Desktop\window
2012-09-10 04:31 - 2012-09-10 04:31 - 00000000 ____D C:\Users\Alexander\AppData\Local\Adob?
2012-09-06 16:43 - 2012-09-06 16:43 - 00274776 ____A C:\Windows\Minidump\090712-17409-01.dmp
2012-09-05 19:11 - 2012-09-05 19:11 - 00274776 ____A C:\Windows\Minidump\090612-20997-01.dmp
2012-09-05 08:34 - 2012-09-05 08:34 - 00274776 ____A C:\Windows\Minidump\090512-16660-01.dmp
2012-09-04 12:08 - 2012-09-04 12:08 - 00274776 ____A C:\Windows\Minidump\090412-17362-01.dmp
2012-09-03 15:05 - 2012-09-03 15:05 - 00274776 ____A C:\Windows\Minidump\090412-21247-01.dmp
2012-09-02 11:42 - 2012-09-02 11:42 - 00274776 ____A C:\Windows\Minidump\090212-19843-01.dmp
2012-09-01 17:47 - 2012-09-01 17:47 - 00274776 ____A C:\Windows\Minidump\090212-16130-01.dmp
2012-08-31 16:40 - 2012-08-31 16:40 - 00274776 ____A C:\Windows\Minidump\090112-16317-01.dmp
2012-08-31 16:16 - 2012-08-31 16:16 - 00274776 ____A C:\Windows\Minidump\090112-17082-01.dmp
2012-08-30 11:30 - 2012-08-30 11:40 - 00000000 ____D C:\Users\Alexander\Downloads\Catfish[2010]DvDrip[Eng]-FXG
2012-08-30 10:03 - 2012-08-30 16:42 - 00000000 ____D C:\Users\Alexander\Downloads\Jeepers Creepers (2001) [1080p]
2012-08-30 08:25 - 2012-08-30 08:25 - 00002830 ____A C:\Users\Alexander\Downloads\Optimized-aq9l8k29sr0mq4vtjx86_reasonably_small.jpeg
2012-08-20 16:00 - 2012-08-20 16:00 - 01012298 ____A C:\Users\Alexander\Downloads\Attachments_2012_08_21.zip
2012-08-20 11:54 - 2012-08-20 11:54 - 00274776 ____A C:\Windows\Minidump\082012-17082-01.dmp
2012-08-19 17:55 - 2012-08-19 17:55 - 00122888 ____A C:\Users\Alexander\Downloads\grenoway(1).zip

==================== 3 Months Modified Files ==================

2012-09-17 07:13 - 2012-03-15 10:08 - 01495758 ____A C:\Windows\WindowsUpdate.log
2012-09-17 05:12 - 2009-07-13 20:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-17 05:12 - 2009-07-13 20:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-17 05:05 - 2012-03-15 11:34 - 00026662 ____A C:\Windows\setupact.log
2012-09-17 05:05 - 2009-07-13 21:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-17 05:05 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-16 15:45 - 2009-07-13 21:13 - 00782922 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-16 13:22 - 2012-09-16 13:22 - 00274776 ____A C:\Windows\Minidump\091612-16270-01.dmp
2012-09-16 13:22 - 2012-06-28 12:33 - 334670299 ____A C:\Windows\MEMORY.DMP
2012-09-16 10:35 - 2012-09-16 10:35 - 00024324 ____A C:\ComboFix.txt
2012-09-16 10:30 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-09-16 10:29 - 2012-05-18 04:15 - 00008846 ____A C:\Windows\PFRO.log
2012-09-16 10:21 - 2012-09-16 10:20 - 04754503 ____R (Swearware) C:\Users\Alexander\Desktop\ComboFix.exe
2012-09-16 10:09 - 2012-09-16 10:09 - 00274776 ____A C:\Windows\Minidump\091612-18002-01.dmp
2012-09-16 10:06 - 2012-09-16 10:06 - 00002092 ____A C:\Users\Alexander\Desktop\aswMBR.txt
2012-09-16 10:06 - 2012-09-16 10:06 - 00000512 ____A C:\Users\Alexander\Desktop\MBR.dat
2012-09-16 09:54 - 2012-09-12 14:47 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-16 09:50 - 2012-03-14 19:35 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001UA.job
2012-09-16 09:17 - 2012-09-15 15:12 - 00000944 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001UA.job
2012-09-16 08:02 - 2012-09-16 08:02 - 00274776 ____A C:\Windows\Minidump\091612-21746-01.dmp
2012-09-16 07:26 - 2012-09-16 07:25 - 04731392 ____A (AVAST Software) C:\Users\Alexander\Desktop\aswMBR.exe
2012-09-16 07:23 - 2012-09-16 07:23 - 00001687 ____A C:\Users\Alexander\Desktop\RKreport[1].txt
2012-09-16 07:23 - 2012-09-16 07:22 - 01378816 ____A C:\Users\Alexander\Desktop\RogueKiller.exe
2012-09-16 07:21 - 2012-09-16 07:21 - 00278904 ____A C:\Windows\Minidump\091612-16723-01.dmp
2012-09-16 06:33 - 2012-09-16 06:33 - 02193184 ____A C:\Users\Alexander\Desktop\tdsskiller.zip
2012-09-15 16:54 - 2012-03-15 09:11 - 00000021 ____A C:\Windows\SurCode.INI
2012-09-15 16:30 - 2012-09-15 16:30 - 00274776 ____A C:\Windows\Minidump\091612-19593-01.dmp
2012-09-15 15:17 - 2012-09-15 15:12 - 00000922 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001Core.job
2012-09-15 15:09 - 2012-09-15 15:09 - 00501248 ____A (Facebook Inc.) C:\Users\Alexander\Desktop\FacebookVideoCallSetup_v1.2.205.0.exe
2012-09-15 14:50 - 2012-03-14 19:35 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001Core.job
2012-09-15 12:46 - 2012-09-15 12:46 - 00274776 ____A C:\Windows\Minidump\091512-19671-01.dmp
2012-09-15 12:35 - 2012-09-15 12:35 - 00274776 ____A C:\Windows\Minidump\091512-261847-01.dmp
2012-09-15 10:28 - 2012-09-15 10:28 - 00383004 ____A C:\Users\Alexander\Downloads\sound test 2.pkf
2012-09-15 10:09 - 2012-09-15 10:08 - 06132016 ____A C:\Users\Alexander\Downloads\sound test 2.wav
2012-09-15 05:57 - 2012-09-15 05:57 - 00274776 ____A C:\Windows\Minidump\091512-20982-01.dmp
2012-09-15 05:56 - 2012-09-15 05:56 - 00010096 ____N C:\bootsqm.dat
2012-09-15 05:44 - 2012-09-15 05:44 - 00001220 ____A C:\Windows\System32\Drivers\etc\hosts.txt
2012-09-15 04:43 - 2012-09-15 04:43 - 00055442 ____A C:\Users\Alexander\Desktop\BSOD.txt
2012-09-15 04:42 - 2012-09-15 04:42 - 00130247 ____A C:\Users\Alexander\Desktop\bluescreenview_setup.exe
2012-09-15 04:36 - 2012-09-15 04:36 - 00006138 ____A C:\Users\Alexander\Desktop\Attach.zip
2012-09-15 04:35 - 2012-09-15 04:35 - 00052134 ____A C:\Users\Alexander\Desktop\Attach.txt
2012-09-15 04:34 - 2012-09-15 04:34 - 00607260 ____R (Swearware) C:\Users\Alexander\Desktop\dds.com
2012-09-14 18:42 - 2012-09-14 18:42 - 00302592 ____A C:\Users\Alexander\Downloads\5bjw68se.exe
2012-09-14 18:39 - 2012-09-14 18:39 - 00302592 ____A C:\Users\Alexander\Downloads\6k5k6p6k.exe
2012-09-14 18:36 - 2012-09-14 18:36 - 00000000 ____A C:\Users\Alexander\Desktop\gmer.log
2012-09-14 18:33 - 2012-09-14 18:33 - 00302592 ____A C:\Users\Alexander\Downloads\6ofrkfzy.exe
2012-09-14 17:58 - 2012-09-14 17:58 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-14 17:57 - 2012-09-14 17:57 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Alexander\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-14 16:55 - 2012-09-14 16:55 - 00274776 ____A C:\Windows\Minidump\091512-18236-01.dmp
2012-09-14 14:03 - 2012-09-14 14:03 - 00274776 ____A C:\Windows\Minidump\091412-18766-01.dmp
2012-09-14 13:05 - 2012-09-14 13:05 - 00274720 ____A C:\Windows\Minidump\091412-17440-01.dmp
2012-09-14 12:00 - 2012-09-14 12:00 - 02322184 ____A (ESET) C:\Users\Alexander\Documents\esetsmartinstaller_enu.exe
2012-09-14 10:56 - 2012-09-14 10:56 - 04752472 ____A (Swearware) C:\Users\Alexander\Downloads\ComboFix.exe
2012-09-14 10:49 - 2012-09-14 10:49 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixTDSS.sys
2012-09-14 10:41 - 2012-09-14 10:41 - 02193184 ____A C:\Users\Alexander\Downloads\tdsskiller.zip
2012-09-14 10:27 - 2012-09-14 10:27 - 00044607 ____A C:\Users\Alexander\Downloads\bootkit_remover.zip
2012-09-14 10:17 - 2012-09-14 10:17 - 04731392 ____A (AVAST Software) C:\Users\Alexander\Downloads\aswMBR(1).exe
2012-09-14 10:12 - 2012-09-14 10:12 - 00274776 ____A C:\Windows\Minidump\091412-21013-01.dmp
2012-09-14 02:40 - 2012-09-14 02:40 - 00274776 ____A C:\Windows\Minidump\091412-17222-01.dmp
2012-09-13 13:54 - 2012-09-13 13:54 - 00274720 ____A C:\Windows\Minidump\091312-19328-01.dmp
2012-09-13 13:53 - 2012-09-13 13:53 - 00274776 ____A C:\Windows\Minidump\091312-18205-01.dmp
2012-09-13 06:16 - 2012-09-13 06:16 - 04731392 ____A (AVAST Software) C:\Users\Alexander\Downloads\aswMBR.exe
2012-09-13 06:02 - 2012-09-13 06:02 - 00274776 ____A C:\Windows\Minidump\091312-23119-01.dmp
2012-09-12 14:54 - 2012-09-12 14:47 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-12 14:54 - 2012-03-15 10:33 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-12 14:31 - 2012-09-12 14:31 - 00274776 ____A C:\Windows\Minidump\091212-20077-01.dmp
2012-09-11 14:52 - 2012-09-11 14:52 - 00274776 ____A C:\Windows\Minidump\091112-17253-01.dmp
2012-09-10 18:15 - 2012-09-10 18:15 - 00274776 ____A C:\Windows\Minidump\091112-17690-01.dmp
2012-09-10 11:04 - 2012-07-16 06:06 - 00002026 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2012-09-10 10:59 - 2012-09-10 10:59 - 00274776 ____A C:\Windows\Minidump\091012-18876-01.dmp
2012-09-10 10:33 - 2012-09-10 10:33 - 00089507 ____A C:\Users\Alexander\Downloads\dir.dcr
2012-09-07 08:04 - 2012-09-14 17:58 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-06 16:43 - 2012-09-06 16:43 - 00274776 ____A C:\Windows\Minidump\090712-17409-01.dmp
2012-09-05 19:11 - 2012-09-05 19:11 - 00274776 ____A C:\Windows\Minidump\090612-20997-01.dmp
2012-09-05 08:34 - 2012-09-05 08:34 - 00274776 ____A C:\Windows\Minidump\090512-16660-01.dmp
2012-09-04 12:08 - 2012-09-04 12:08 - 00274776 ____A C:\Windows\Minidump\090412-17362-01.dmp
2012-09-03 15:05 - 2012-09-03 15:05 - 00274776 ____A C:\Windows\Minidump\090412-21247-01.dmp
2012-09-02 11:42 - 2012-09-02 11:42 - 00274776 ____A C:\Windows\Minidump\090212-19843-01.dmp
2012-09-01 17:47 - 2012-09-01 17:47 - 00274776 ____A C:\Windows\Minidump\090212-16130-01.dmp
2012-08-31 16:40 - 2012-08-31 16:40 - 00274776 ____A C:\Windows\Minidump\090112-16317-01.dmp
2012-08-31 16:16 - 2012-08-31 16:16 - 00274776 ____A C:\Windows\Minidump\090112-17082-01.dmp
2012-08-30 08:28 - 2012-06-13 09:29 - 00000132 ____A C:\Users\Alexander\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-08-30 08:25 - 2012-08-30 08:25 - 00002830 ____A C:\Users\Alexander\Downloads\Optimized-aq9l8k29sr0mq4vtjx86_reasonably_small.jpeg
2012-08-24 04:28 - 2012-09-16 06:33 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Alexander\Desktop\TDSSKiller.exe
2012-08-22 10:12 - 2012-09-11 11:36 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-11 11:36 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-11 11:36 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-11 11:36 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-20 16:00 - 2012-08-20 16:00 - 01012298 ____A C:\Users\Alexander\Downloads\Attachments_2012_08_21.zip
2012-08-20 11:54 - 2012-08-20 11:54 - 00274776 ____A C:\Windows\Minidump\082012-17082-01.dmp
2012-08-20 06:10 - 2012-03-15 10:23 - 00110168 ____A C:\Users\Alexander\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-20 04:48 - 2012-03-16 11:31 - 04972392 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-19 17:55 - 2012-08-19 17:55 - 00122888 ____A C:\Users\Alexander\Downloads\grenoway(1).zip
2012-08-15 11:54 - 2012-06-28 12:55 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-09 07:45 - 2012-08-09 07:45 - 00000000 ____A C:\Users\Alexander\Downloads\FreemakeVideoDownloaderSetup.exe
2012-08-06 16:58 - 2012-08-06 15:54 - 191169761 ____A C:\Users\Alexander\Downloads\DKSymphony.zip
2012-08-02 09:58 - 2012-09-11 11:36 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 08:57 - 2012-09-11 11:36 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-26 18:33 - 2012-07-26 18:28 - 01510073 ____A C:\Users\Alexander\Downloads\Sunny ~ Boogie Pimps (with Lyrics)-[www_flvto_com].mp3.part
2012-07-26 11:54 - 2012-07-26 11:54 - 00274776 ____A C:\Windows\Minidump\072612-15865-01.dmp
2012-07-18 10:15 - 2012-08-15 05:05 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-17 14:41 - 2012-07-17 14:41 - 00018044 ____A C:\Users\Alexander\Downloads\Donnie_Darko_(2001)dd.torrent
2012-07-16 13:47 - 2012-07-16 13:47 - 00933256 ____A (DivX, LLC) C:\Users\Alexander\Downloads\DivXInstaller (1).exe
2012-07-16 06:03 - 2012-07-16 06:02 - 00274776 ____A C:\Windows\Minidump\071612-17144-01.dmp
2012-07-15 16:17 - 2012-07-15 16:17 - 00274776 ____A C:\Windows\Minidump\071612-20264-01.dmp
2012-07-15 16:01 - 2012-07-15 16:00 - 00274776 ____A C:\Windows\Minidump\071612-18096-01.dmp
2012-07-15 04:49 - 2012-07-15 04:49 - 00274776 ____A C:\Windows\Minidump\071512-17378-01.dmp
2012-07-07 16:27 - 2012-07-07 16:27 - 00274776 ____A C:\Windows\Minidump\070812-23556-01.dmp
2012-07-05 13:56 - 2012-07-05 13:56 - 00293376 ____H C:\Users\Alexander\Downloads\~WRL0001.tmp
2012-07-04 14:16 - 2012-08-15 05:05 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-15 05:05 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-15 05:05 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-15 05:05 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-15 05:05 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-04 12:26 - 2012-09-11 11:36 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-06-28 20:55 - 2012-08-15 11:56 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-15 11:56 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-15 11:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-15 11:56 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-08-15 11:56 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-08-15 11:56 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-15 11:56 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-15 11:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-15 11:56 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-15 11:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-15 11:56 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-15 11:56 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-15 11:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-15 11:56 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-15 11:56 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-08-15 11:56 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-15 11:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-15 11:56 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-08-15 11:56 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-08-15 11:56 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-15 11:56 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-15 11:56 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-15 11:56 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-08-15 11:56 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-08-15 11:56 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-15 11:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-15 11:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-15 11:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-28 12:53 - 2009-07-13 18:36 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2012-06-28 12:53 - 2009-07-13 18:36 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2012-06-28 12:33 - 2012-06-28 12:33 - 00274720 ____A C:\Windows\Minidump\062812-16411-01.dmp
2012-06-22 14:02 - 2012-06-22 14:02 - 00001621 ____A C:\Users\Alexander\Desktop\DivX Movies.lnk
2012-06-22 14:01 - 2012-06-22 14:01 - 00001116 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
2012-06-22 13:43 - 2012-06-22 13:43 - 00933256 ____A (DivX, LLC) C:\Users\Alexander\Downloads\DivXInstaller(1).exe
2012-06-20 10:57 - 2012-06-20 10:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-11 12:39:29
Restore point made on: 2012-09-12 05:09:26
Restore point made on: 2012-09-14 11:18:56
Restore point made on: 2012-09-16 10:19:01
Restore point made on: 2012-09-16 13:07:31

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4095.18 MB
Available physical RAM: 3471.97 MB
Total Pagefile: 4093.33 MB
Available Pagefile: 3464.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:479.17 GB) NTFS
7 Drive j: (ONE-EIGHTY) (Fixed) (Total:465.65 GB) (Free:370.42 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 465 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 931 GB Healthy

=========================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 B

==================================================================================

Disk: 5
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J ONE-EIGHTY FAT32 Partition 465 GB Healthy

=========================================================

Last Boot: 2012-09-08 06:28

==================== End Of Log =============================

Broni · Sep 17, 2012

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Restart normally and see if you get your connection back.

AlexMcNeill · Sep 17, 2012

Got the internet back! Hooray! Thanks so much. Here's the log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2012 01
Ran by SYSTEM at 2012-09-17 17:14:04 Run:1
Running from J:\

==============================================

BCD restored successfuly.
DEFAULT restored successfuly.
SAM restored successfuly.
SECURITY restored successfuly.
SOFTWARE restored successfuly.
SYSTEM restored successfuly.

==== End of Fixlog ====

Broni · Sep 17, 2012

Very good

How is computer doing?

===============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

AlexMcNeill · Sep 17, 2012

Computer is fine at the moment-no crashes or alerts as of yet but I haven't used it as intensely in the last 24 hours due to the internet problem, so we'll see what happens between today and tomorrow. When the scan finished it only brought up the OTL.txt log and not the Extras.txt-I also checked where OTL was saved and did a search for it but it's nowhere to be seen.

OTL Log:

OTL logfile created on: 17/09/2012 17:44:09 - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Alexander\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.80 Gb Available Physical Memory | 69.89% Memory free
8.00 Gb Paging File | 6.65 Gb Available in Paging File | 83.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 478.60 Gb Free Space | 51.38% Space Free | Partition Type: NTFS
Drive J: | 465.65 Gb Total Space | 370.42 Gb Free Space | 79.55% Space Free | Partition Type: FAT32

Computer Name: ALEXANDER-PC | User Name: Alexander | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/17 17:42:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
PRC - [2012/07/27 21:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/07/27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/01/04 15:26:46 | 001,606,488 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/09 03:36:12 | 002,932,224 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
PRC - [2011/03/30 10:12:18 | 000,310,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/01/12 08:08:56 | 001,523,360 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/19 17:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/01/12 08:08:52 | 000,060,416 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\zlib1.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/12 23:54:24 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/07 00:47:45 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/03/15 18:55:09 | 000,008,192 | -HS- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2011/07/09 03:36:12 | 002,932,224 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/15 18:11:30 | 000,564,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/09 15:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 10:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2011/08/04 10:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 10:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2011/08/04 10:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2011/06/28 18:04:40 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/26 19:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/04/27 08:40:00 | 000,142,120 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 37 35 FA 10 83 CD 01 [binary data]
IE - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001\..\SearchScopes,DefaultScope = {FF79FF43-855D-454F-B169-D4D7F7B5E36B}
IE - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001\..\SearchScopes\{FA71B902-2C1A-4B91-AAB7-CB70D87E8CB8}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001\..\SearchScopes\{FF79FF43-855D-454F-B169-D4D7F7B5E36B}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Alexander\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alexander\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alexander\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/03/15 19:01:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/09/10 20:04:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/03/15 18:09:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/22 23:02:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 00:47:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/10 20:04:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/03/15 19:01:42 | 000,000,000 | ---D | M]

[2012/03/15 04:47:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Extensions
[2012/09/16 00:14:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\sw8bcap3.default\extensions
[2012/09/16 00:14:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\sw8bcap3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/03/15 04:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/15 18:09:44 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\PROGRAM FILES (X86)\ADOBE\ADOBE CONTRIBUTE CS5.1\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9}
[2012/06/22 23:02:13 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video&gt

-- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/07/30 15:39:22 | 000,000,000 | ---D | M] (YTD Toolbar) -- C:\PROGRAM FILES (X86)\YTD TOOLBAR\FF
[2012/06/11 21:17:01 | 000,013,345 | ---- | M] () (No name found) -- C:\USERS\ALEXANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SW8BCAP3.DEFAULT\EXTENSIONS\{4DC70064-89E2-4A55-8FC6-E8CDEAE3618C}.XPI
[2012/09/07 00:47:45 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/19 00:13:21 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/08/30 15:47:06 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/19 00:13:21 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/19 00:13:21 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/08/30 15:47:06 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/06/19 00:13:21 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Alexander\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Alexander\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Alexander\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Alexander\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/16 19:29:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001..\Run: [Facebook Update] C:\Users\Alexander\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3046589895-3326246652-1605513513-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E94470C-407C-41BC-81CD-6C418D5E371E}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/18 01:18:32 | 000,000,000 | ---D | C] -- C:\FRST
[2012/09/17 17:42:22 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
[2012/09/16 19:35:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/16 19:30:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/16 19:20:33 | 004,754,503 | R--- | C] (Swearware) -- C:\Users\Alexander\Desktop\ComboFix.exe
[2012/09/16 16:25:56 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Alexander\Desktop\aswMBR.exe
[2012/09/16 16:23:31 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Desktop\RK_Quarantine
[2012/09/16 15:33:41 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alexander\Desktop\TDSSKiller.exe
[2012/09/16 00:12:50 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Facebook
[2012/09/16 00:09:00 | 000,501,248 | ---- | C] (Facebook Inc.) -- C:\Users\Alexander\Desktop\FacebookVideoCallSetup_v1.2.205.0.exe
[2012/09/15 14:54:51 | 000,000,000 | ---D | C] -- C:\found.001
[2012/09/15 13:42:28 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2012/09/15 13:42:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2012/09/15 13:34:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Alexander\Desktop\dds.com
[2012/09/15 02:59:29 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Malwarebytes
[2012/09/15 02:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/15 02:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/15 02:58:54 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/15 02:58:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/15 01:59:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/14 21:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/09/14 21:00:23 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Alexander\Documents\esetsmartinstaller_enu.exe
[2012/09/14 20:18:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/14 20:18:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/14 20:18:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/14 20:18:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/14 20:18:20 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/14 19:49:24 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixTDSS.sys
[2012/09/14 19:49:24 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\FixTDSS
[2012/09/12 23:47:42 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Macromedia
[2012/09/10 16:10:00 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Desktop\window

========== Files - Modified Within 30 Days ==========

[2012/09/17 17:42:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
[2012/09/17 17:22:47 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/17 17:22:47 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/17 17:15:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/17 17:15:11 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/17 00:45:38 | 000,782,922 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/17 00:45:38 | 000,667,262 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/17 00:45:38 | 000,125,938 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/16 22:22:48 | 334,670,299 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/09/16 19:29:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/16 19:21:00 | 004,754,503 | R--- | M] (Swearware) -- C:\Users\Alexander\Desktop\ComboFix.exe
[2012/09/16 19:06:56 | 000,000,512 | ---- | M] () -- C:\Users\Alexander\Desktop\MBR.dat
[2012/09/16 18:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/16 18:50:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001UA.job
[2012/09/16 18:17:01 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001UA.job
[2012/09/16 16:26:20 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Alexander\Desktop\aswMBR.exe
[2012/09/16 16:23:00 | 001,378,816 | ---- | M] () -- C:\Users\Alexander\Desktop\RogueKiller.exe
[2012/09/16 15:33:23 | 002,193,184 | ---- | M] () -- C:\Users\Alexander\Desktop\tdsskiller.zip
[2012/09/16 01:54:30 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2012/09/16 00:37:18 | 000,035,526 | ---- | M] () -- C:\Users\Alexander\Documents\550709_10150140471684964_2086251364_n.jpg
[2012/09/16 00:35:24 | 000,028,905 | ---- | M] () -- C:\Users\Alexander\Documents\564300_10150140471619964_967030815_n.jpg
[2012/09/16 00:17:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001Core.job
[2012/09/16 00:09:03 | 000,501,248 | ---- | M] (Facebook Inc.) -- C:\Users\Alexander\Desktop\FacebookVideoCallSetup_v1.2.205.0.exe
[2012/09/15 23:50:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001Core.job
[2012/09/15 14:56:23 | 000,010,096 | ---- | M] () -- C:\bootsqm.dat
[2012/09/15 13:42:05 | 000,130,247 | ---- | M] () -- C:\Users\Alexander\Desktop\bluescreenview_setup.exe
[2012/09/15 13:36:09 | 000,006,138 | ---- | M] () -- C:\Users\Alexander\Desktop\Attach.zip
[2012/09/15 13:34:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Alexander\Desktop\dds.com
[2012/09/15 04:13:29 | 000,049,909 | ---- | M] () -- C:\Users\Alexander\Documents\534294_409928879067856_1538314160_n.jpg
[2012/09/15 02:58:57 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/14 21:00:24 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Alexander\Documents\esetsmartinstaller_enu.exe
[2012/09/14 19:49:24 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixTDSS.sys
[2012/09/10 20:04:22 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/30 17:28:55 | 000,000,132 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/08/26 00:48:18 | 000,035,163 | ---- | M] () -- C:\Users\Alexander\Desktop\ppp.jpg
[2012/08/26 00:32:39 | 000,011,718 | ---- | M] () -- C:\Users\Alexander\Desktop\brighty.jpg
[2012/08/24 13:28:40 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alexander\Desktop\TDSSKiller.exe
[2012/08/20 13:48:56 | 004,972,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/09/16 19:06:56 | 000,000,512 | ---- | C] () -- C:\Users\Alexander\Desktop\MBR.dat
[2012/09/16 16:22:57 | 001,378,816 | ---- | C] () -- C:\Users\Alexander\Desktop\RogueKiller.exe
[2012/09/16 15:33:10 | 002,193,184 | ---- | C] () -- C:\Users\Alexander\Desktop\tdsskiller.zip
[2012/09/16 00:37:17 | 000,035,526 | ---- | C] () -- C:\Users\Alexander\Documents\550709_10150140471684964_2086251364_n.jpg
[2012/09/16 00:35:23 | 000,028,905 | ---- | C] () -- C:\Users\Alexander\Documents\564300_10150140471619964_967030815_n.jpg
[2012/09/16 00:12:53 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001UA.job
[2012/09/16 00:12:52 | 000,000,922 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001Core.job
[2012/09/15 14:56:23 | 000,010,096 | ---- | C] () -- C:\bootsqm.dat
[2012/09/15 13:42:04 | 000,130,247 | ---- | C] () -- C:\Users\Alexander\Desktop\bluescreenview_setup.exe
[2012/09/15 13:36:09 | 000,006,138 | ---- | C] () -- C:\Users\Alexander\Desktop\Attach.zip
[2012/09/15 04:13:28 | 000,049,909 | ---- | C] () -- C:\Users\Alexander\Documents\534294_409928879067856_1538314160_n.jpg
[2012/09/15 02:58:57 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/14 20:18:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/14 20:18:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/14 20:18:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/14 20:18:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/14 20:18:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/12 23:47:03 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/26 00:48:30 | 000,035,163 | ---- | C] () -- C:\Users\Alexander\Desktop\ppp.jpg
[2012/08/26 00:32:51 | 000,011,718 | ---- | C] () -- C:\Users\Alexander\Desktop\brighty.jpg
[2012/06/13 18:29:38 | 000,000,132 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/03/18 16:11:25 | 000,137,732 | ---- | C] () -- C:\Windows\hpoins44.dat
[2012/03/18 16:11:25 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat
[2012/03/15 18:55:31 | 000,008,192 | -HS- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012/03/15 18:11:59 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2012/03/15 17:34:07 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/03/15 17:34:07 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/03/15 04:41:42 | 000,764,302 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/15 00:27:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2012/03/15 18:44:18 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Avid
[2012/03/15 19:08:28 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\DAEMON Tools Lite
[2012/09/17 17:16:02 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Dropbox
[2012/03/15 19:04:42 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\ESET
[2012/09/14 19:49:24 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\FixTDSS
[2012/03/15 04:48:11 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\IObit
[2012/03/15 18:43:28 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\PACE Anti-Piracy
[2012/04/23 04:42:20 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2012/03/18 23:38:09 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/08/31 02:33:55 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\uTorrent
[2012/09/16 00:17:00 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001Core.job
[2012/09/16 18:17:01 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3046589895-3326246652-1605513513-1001UA.job
[2012/09/17 16:20:44 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2012/09/10 13:31:26 | 000,000,000 | ---D | M](C:\Users\Alexander\AppData\Local\Adob?) -- C:\Users\Alexander\AppData\Local\Adob�
[2012/09/10 13:31:26 | 000,000,000 | ---D | M](C:\Users\Alexander\AppData\Local\Adob?) -- C:\Users\Alexander\AppData\Local\Adob�
[2012/09/10 13:31:26 | 000,000,000 | ---D | C](C:\Users\Alexander\AppData\Local\Adob?) -- C:\Users\Alexander\AppData\Local\Adob�

========== Alternate Data Streams ==========

@Alternate Data Stream - 986 bytes -> C:\Users\Alexander\AppData\Local\vmimpwJI9oEK07:HPoQngA1QAsHdWEBqOB8tEF
@Alternate Data Stream - 971 bytes -> C:\ProgramData\Microsoft:Mu2ePpHVqymc1sc5PmQ
@Alternate Data Stream - 1155 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:YKaXIyp8b0VGOSq2fYPm
@Alternate Data Stream - 1145 bytes -> C:\ProgramData\Microsoft:STK4Ux4NYmKMKG69Ydx8jLaQl
@Alternate Data Stream - 1122 bytes -> C:\ProgramData\Microsoft:KfNtKI0z1OtxLef6Slx4Q
@Alternate Data Stream - 1102 bytes -> C:\ProgramData\Microsoft:hlk4OfCMsvzegbNrJfY4HRN
@Alternate Data Stream - 1092 bytes -> C:\ProgramData\Microsoft:HDYi4fa5LnsvA6uv45r
@Alternate Data Stream - 1079 bytes -> C:\ProgramData\Microsoft:kEm0boXkOjUe3gSk8PDYLrei
@Alternate Data Stream - 1062 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:zHvOmu1Um4iHz9BLE
@Alternate Data Stream - 1042 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:v7IMK1UQ0kivNVURgKmHvsVimo

< End of report >

Broni · Sep 17, 2012

Extras.txt?

AlexMcNeill · Sep 17, 2012

As said-the extras.txt file didn't come up, only the OTL.txt file. I looked into where OTL was saved and couldn't see it there either. Also did a search for it-no show.

Also to update you on computer status-the display randomly changed to the basic grey Windows theme for a minute and then computer subsequently froze, had to shut it off.

Broni · Sep 17, 2012

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
PRC - [2012/07/26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
SRV - [2012/07/26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
[2012/09/18 01:18:32 | 000,000,000 | ---D | C] -- C:\FRST
@Alternate Data Stream - 986 bytes -> C:\Users\Alexander\AppData\Local\vmimpwJI9oEK07:HPoQngA1QAsHdWEBqOB8tEF
@Alternate Data Stream - 971 bytes -> C:\ProgramData\Microsoft:Mu2ePpHVqymc1sc5PmQ
@Alternate Data Stream - 1155 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:YKaXIyp8b0VGOSq2fYPm
@Alternate Data Stream - 1145 bytes -> C:\ProgramData\Microsoft:STK4Ux4NYmKMKG69Ydx8jLaQl
@Alternate Data Stream - 1122 bytes -> C:\ProgramData\Microsoft:KfNtKI0z1OtxLef6Slx4Q
@Alternate Data Stream - 1102 bytes -> C:\ProgramData\Microsoft:hlk4OfCMsvzegbNrJfY4HRN
@Alternate Data Stream - 1092 bytes -> C:\ProgramData\Microsoft:HDYi4fa5LnsvA6uv45r
@Alternate Data Stream - 1079 bytes -> C:\ProgramData\Microsoft:kEm0boXkOjUe3gSk8PDYLrei
@Alternate Data Stream - 1062 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:zHvOmu1Um4iHz9BLE
@Alternate Data Stream - 1042 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:v7IMK1UQ0kivNVURgKmHvsVimo

:Services

:Reg

:Files
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

==================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

Double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

5. Please, run F-Secure Online Scanner

Disable your Antivirus program.
Checkmark I have read and accepted the license terms.
Click on Run Check button.
Quick scan (recommended) option will come pre-checked. Don't change it.
Click on Start button.
When scan is done, in Step 3: Clean the files, leave all settings as they're.
Click Next button.
Click Full report... button.
Copy report's content and paste it into your next reply.

AlexMcNeill · Sep 17, 2012

OTL Log:

All processes killed
========== OTL ==========
Process ApplicationUpdater.exe killed successfully!
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
ADS C:\Users\Alexander\AppData\Local\vmimpwJI9oEK07:HPoQngA1QAsHdWEBqOB8tEF deleted successfully.
ADS C:\ProgramData\Microsoft:Mu2ePpHVqymc1sc5PmQ deleted successfully.
ADS C:\Program Files (x86)\Common Files\microsoft shared:YKaXIyp8b0VGOSq2fYPm deleted successfully.
ADS C:\ProgramData\Microsoft:STK4Ux4NYmKMKG69Ydx8jLaQl deleted successfully.
ADS C:\ProgramData\Microsoft:KfNtKI0z1OtxLef6Slx4Q deleted successfully.
ADS C:\ProgramData\Microsoft:hlk4OfCMsvzegbNrJfY4HRN deleted successfully.
ADS C:\ProgramData\Microsoft:HDYi4fa5LnsvA6uv45r deleted successfully.
ADS C:\ProgramData\Microsoft:kEm0boXkOjUe3gSk8PDYLrei deleted successfully.
ADS C:\Program Files (x86)\Common Files\microsoft shared:zHvOmu1Um4iHz9BLE deleted successfully.
ADS C:\Program Files (x86)\Common Files\microsoft shared:v7IMK1UQ0kivNVURgKmHvsVimo deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Alexander
->Temp folder emptied: 22898796 bytes
->Temporary Internet Files folder emptied: 240873 bytes
->FireFox cache emptied: 47112664 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 2339 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2513556 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 111958 bytes

Total Files Cleaned = 70.00 mb

[EMPTYJAVA]

User: Alexander

User: All Users

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Alexander
->Flash cache emptied: 0 bytes

(Currently performing other scans-will post after)

Solved Win32/Toolbar.Widgi virus computer crashing/BSODing

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 18 +0

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 56,041 +516

Attachments

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Similar threads