Solved Windows has encountered a critical error and will be restarted in one minute... yes again

Status
Not open for further replies.
S

Spottyfriend

Posts: 81   +0
Hello,
It looks like I've been having a similar issue as other users, where I (stupidly) installed a fake Flash update, only to find that I had gotten the Live Security Platinum virus. I removed it using Microsoft Security Essentials, but now when I start up the computer, it says that "windows has encountered a critical error and will be restarted in one minute." I have tried to simple run a full virus scan but one minute is not enough time for it to complete. I have tried to pospone the restart by unchecking the "automatically restart" box in the Startup and Recovery section of control panel and I have tried making a 'shutdown -a' shortcut and running this but to no avail.

Note that the critical error message still appears if I boot in Safe Mode.

Any help would be appreciated.

Regards,
Callum
 
Oh, I forgot to mention I am going on holiday and will not return until the Friday of next week and during this time I will not have access to my computer.
 
Please review the 5-Step removal instructions and post the logs back here for my review.

Also, include this scan:

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
 
I'm afraid that windows does not allow me enough time to follow any of these steps. It restarts far too quickly and does not even give me enough time to start to run any of these programs.

Is there any method of postponing the the automatic restart?
 
That's okay. Let's do the following:

This is for Vista and 7 only, if you have XP...let me know and don't run steps below.

Download Farbar Recovery Scan Tool and save it to a flash drive.


Depending on your type of system, you will have to select 32-bit or 64-bit accordingly. How do I tell?

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button. It will do its scan and save a log on your flash drive.
  • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
    frst2.jpg

    When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
  • Type exit in the Command Prompt window and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 28-08-2012
Ran by SYSTEM at 28-08-2012 17:36:28
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1602856 2010-01-07] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [495708 2010-01-05] (IDT, Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3853080 2009-12-18] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)
HKLM\...\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM\...\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [203776 2009-11-11] (Microsoft)
HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [718688 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1983816 2009-10-18] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [136544 2009-05-19] (CANON INC.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-06-27] (LogMeIn Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Callum\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-05-25] (Google Inc.)
HKU\Callum\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [357696 2010-04-01] (DT Soft Ltd)
HKU\Callum\...\Run: [Google Update] "C:\Users\Callum\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-20] (Google Inc.)
HKU\Callum\...\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKU\Callum\...\Run: [Lyzuov] C:\Users\Callum\AppData\Roaming\Meefxu\afxeu.exe [259439 2011-10-23] ()
HKU\Callum\...\Run: [ostex] rundll32.exe "C:\Users\Callum\AppData\Roaming\ostex.dll",Unlock [163840 2012-08-15] ()
HKLM\...\RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-03] (Microsoft)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\DigitalPersona\Bin\DPAgent.exe, [795984 2011-05-02] (DigitalPersona, Inc.)
Lsa: [Notification Packages] DPPassFilter
scecli
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Callum\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
========================== Services (Whitelisted) ========================
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation)
2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe /DisableUI [1253376 2009-08-27] (MAGIX AG)
3 FirebirdServerMAGIXInstance; "C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe" [3276800 2008-08-07] (MAGIX®)
2 Hamachi2Svc; "C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" -s [1385896 2012-06-27] (LogMeIn Inc.)
2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [8704 2012-05-30] (Hi-Rez Studios)
2 InstallFilterService; C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-11-29] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [247152 2010-08-19] ()
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\STacSV.exe [229458 2010-01-05] (IDT, Inc.)
2 vcsFPService; C:\Windows\system32\vcsFPService.exe [1656112 2009-07-12] (Validity Sensors, Inc.)
2 btwdins; c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [x]==================== Drivers (Whitelisted) ===================
3 Acceler; C:\Windows\System32\DRIVERS\Acceler.sys [41648 2009-12-02] (ST Microelectronics)
3 CamSpaceBus; C:\Windows\System32\drivers\CamSpaceBus.sys [14848 2008-08-24] (CamTrax Technologies)
3 CamSpaceJoy; C:\Windows\System32\drivers\CamSpaceJoy.sys [30464 2008-08-24] (CamTrax Technologies)
3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1149280 2010-10-06] (Ralink Technology Corp.)
2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [49152 2009-06-30] (REDC)
2 rixdpcie; C:\Windows\System32\DRIVERS\rixdpe86.sys [38400 2009-07-04] (REDC)
3 SndTDriverV32; C:\Windows\System32\drivers\SndTDriverV32.sys [513152 2006-12-13] (Windows (R) 2000/XP)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-10-30] (Duplex Secure Ltd.)
3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [66152 2009-08-21] (Microsoft Corporation)
1 MpKsl6216a263; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89A0F021-9D69-495B-90F8-E9B2BE10F0C0}\MpKsl6216a263.sys [x]
3 RkHit; \??\C:\Windows\system32\drivers\RKHit.sys [x]
3 XDva397; \??\C:\Windows\system32\XDva397.sys [x]
 
============ One Month Created Files and Folders ==============
2012-08-28 17:36 - 2012-08-28 17:36 - 00000000 ___DC C:\FRST
2012-08-15 05:58 - 2012-08-15 05:59 - 00001273 ____A C:\Users\Callum\Desktop\shutdown.lnk
2012-08-15 03:46 - 2012-08-15 03:47 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-15 03:13 - 2012-08-15 03:13 - 00000000 ____D C:\Users\Callum\AppData\Local\{2FBBBCB4-E6CA-11E1-8270-B8AC6F996F26}
2012-08-15 03:12 - 2012-08-15 03:17 - 00000000 ____D C:\Users\Callum\AppData\Roaming\Mexeal
2012-08-15 03:12 - 2012-08-15 03:12 - 00163840 __ASH C:\Users\Callum\AppData\Roaming\ostex.dll
2012-08-15 03:12 - 2012-08-15 03:12 - 00000000 ____D C:\Users\Callum\AppData\Roaming\Nuyg
2012-08-15 03:12 - 2012-08-15 03:12 - 00000000 ____D C:\Users\Callum\AppData\Roaming\Meefxu
2012-08-15 00:00 - 2012-07-06 11:23 - 00393728 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-08-15 00:00 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-15 00:00 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-15 00:00 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-15 00:00 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-15 00:00 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-15 00:00 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-15 00:00 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-15 00:00 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-15 00:00 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-15 00:00 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-15 00:00 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-15 00:00 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-15 00:00 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-15 00:00 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-14 22:42 - 2012-07-18 09:47 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-14 22:42 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-14 22:42 - 2012-07-04 13:14 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-14 22:42 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-14 22:42 - 2012-05-13 20:33 - 00769024 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-14 22:42 - 2012-05-04 23:46 - 00400896 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-14 22:42 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-14 22:42 - 2012-02-10 21:37 - 00317440 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
 
============ 3 Months Modified Files ========================
2012-08-28 08:31 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-28 08:31 - 2009-07-13 20:39 - 00138682 ____A C:\Windows\setupact.log
2012-08-27 03:29 - 2010-05-25 10:35 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-15 23:43 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-08-15 22:34 - 2011-01-18 08:37 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3347173133-1873616363-910204358-1001UA.job
2012-08-15 05:59 - 2012-08-15 05:58 - 00001273 ____A C:\Users\Callum\Desktop\shutdown.lnk
2012-08-15 05:45 - 2009-07-13 20:53 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-15 03:49 - 2009-07-13 20:34 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-15 03:49 - 2009-07-13 20:34 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-15 03:48 - 2009-07-13 20:55 - 01606860 ____A C:\Windows\WindowsUpdate.log
2012-08-15 03:47 - 2011-01-26 08:28 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-15 03:47 - 2010-05-19 17:10 - 00787942 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-15 03:35 - 2010-05-25 10:35 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-15 03:29 - 2011-05-24 07:36 - 00386560 __ASH C:\Users\Callum\Desktop\Thumbs.db
2012-08-15 03:17 - 2012-04-02 01:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-15 03:12 - 2012-08-15 03:12 - 00163840 __ASH C:\Users\Callum\AppData\Roaming\ostex.dll
2012-08-15 03:12 - 2012-04-02 01:30 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-15 03:12 - 2011-05-17 08:45 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-15 02:20 - 2009-07-13 20:33 - 02429520 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-15 00:02 - 2010-07-27 03:35 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-14 09:00 - 2011-07-21 22:34 - 00000444 ____A C:\Windows\Tasks\ParetoLogic Registration.job
2012-08-14 07:34 - 2011-01-18 08:37 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3347173133-1873616363-910204358-1001Core.job
2012-07-22 22:52 - 2012-07-22 22:52 - 00002439 ____A C:\Users\Public\Desktop\The Rise of the Witch-king.lnk
2012-07-22 22:52 - 2010-05-19 17:24 - 00379779 ____A C:\Windows\DirectX.log
2012-07-22 11:03 - 2012-07-22 11:03 - 00002298 ____A C:\Users\Public\Desktop\The Battle for Middle-earth (tm) II.lnk
2012-07-22 10:36 - 2012-07-22 10:36 - 00157928 ____A C:\Windows\Minidump\072212-30201-01.dmp
2012-07-22 10:36 - 2011-09-13 11:08 - 474174313 ____A C:\Windows\MEMORY.DMP
 
2012-07-18 09:47 - 2012-08-14 22:42 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 22:46 - 2012-07-11 22:46 - 00259788 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-06 11:23 - 2012-08-15 00:00 - 00393728 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-07-05 22:07 - 2012-07-05 22:07 - 00161096 ____A C:\Windows\Minidump\070612-22464-01.dmp
2012-07-04 13:16 - 2012-08-14 22:42 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 13:14 - 2012-08-14 22:42 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 13:14 - 2012-08-14 22:42 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 07:59 - 2012-07-04 07:59 - 00001052 ____A C:\Users\Callum\Desktop\GIMP 2.lnk
2012-07-03 08:04 - 2012-07-03 08:04 - 00010741 ____A C:\Users\Callum\.recently-used.xbel
2012-06-28 16:52 - 2012-08-15 00:00 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 16:27 - 2012-08-15 00:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 16:16 - 2012-08-15 00:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 16:09 - 2012-08-15 00:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 16:09 - 2012-08-15 00:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 16:08 - 2012-08-15 00:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 16:07 - 2012-08-15 00:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 16:06 - 2012-08-15 00:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 16:04 - 2012-08-15 00:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 16:04 - 2012-08-15 00:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 16:01 - 2012-08-15 00:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 16:01 - 2012-08-15 00:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 16:00 - 2012-08-15 00:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 15:57 - 2012-08-15 00:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-25 07:04 - 2012-06-25 07:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\System32\msxml4.dll
2012-06-24 06:45 - 2010-05-19 19:03 - 00221270 ____A C:\Windows\PFRO.log
2012-06-24 03:37 - 2012-06-24 03:37 - 00001531 ___AC C:\user.js
 
2012-06-23 21:05 - 2012-06-23 21:05 - 00151752 ____A C:\Windows\Minidump\062412-24632-01.dmp
2012-06-20 10:27 - 2011-05-01 06:53 - 00014336 ____A C:\Users\Callum\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-20 09:37 - 2012-06-20 09:37 - 00000215 ____A C:\Users\Callum\Desktop\Magic The Gathering 2013.url
2012-06-14 08:42 - 2012-06-14 08:42 - 00161472 ____A C:\Windows\Minidump\061412-22932-01.dmp
2012-06-13 22:03 - 2012-05-21 08:58 - 00000022 ____A C:\Users\Callum\Desktop\Bliz.txt
2012-06-13 10:09 - 2012-06-13 10:09 - 00001154 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-06-13 08:25 - 2012-06-13 08:25 - 00001977 ____A C:\Users\Public\Desktop\Tribes Ascend.lnk
2012-06-08 20:41 - 2012-07-11 22:13 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-06 09:12 - 2012-06-06 09:12 - 00157280 ____A C:\Windows\Minidump\060612-21762-01.dmp
2012-06-05 23:49 - 2012-06-05 23:49 - 01070152 ____A (Microsoft Corporation) C:\Windows\System32\MSCOMCTL.OCX
2012-06-05 21:05 - 2012-07-11 22:13 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:05 - 2012-07-11 22:13 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:03 - 2012-07-11 22:13 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-02 14:19 - 2012-06-19 07:14 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-19 07:14 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-19 07:14 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-19 07:14 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-19 07:14 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-19 07:14 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-19 07:14 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 08:40 - 2011-05-07 22:36 - 00000940 ____A C:\Users\Public\Desktop\BitTorrent.lnk
2012-06-02 06:19 - 2012-06-19 07:14 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:12 - 2012-06-19 07:14 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 20:45 - 2012-07-11 22:13 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:45 - 2012-07-11 22:13 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:40 - 2012-07-11 22:13 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:40 - 2012-07-11 22:13 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:39 - 2012-07-11 22:13 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 10:48 - 2012-06-01 10:48 - 00161344 ____A C:\Windows\Minidump\060112-22464-01.dmp
2012-06-01 07:46 - 2012-06-01 07:46 - 00155976 ____A C:\Windows\Minidump\060112-22245-01.dmp
2012-06-01 07:23 - 2012-06-01 07:23 - 00000930 ____A C:\Users\Callum\Desktop\MagicDisc.lnk
 
ZeroAccess:
C:\Windows\Installer\{c6ba95ec-9916-b920-e62b-91a126022618}
C:\Windows\Installer\{c6ba95ec-9916-b920-e62b-91a126022618}\@
C:\Windows\Installer\{c6ba95ec-9916-b920-e62b-91a126022618}\L
C:\Windows\Installer\{c6ba95ec-9916-b920-e62b-91a126022618}\n
C:\Windows\Installer\{c6ba95ec-9916-b920-e62b-91a126022618}\U
C:\Windows\Installer\{c6ba95ec-9916-b920-e62b-91a126022618}\U\00000001.@
C:\Windows\Installer\{c6ba95ec-9916-b920-e62b-91a126022618}\U\80000000.@
C:\Windows\Installer\{c6ba95ec-9916-b920-e62b-91a126022618}\U\800000cb.@
ZeroAccess:
C:\Users\Callum\AppData\Local\{c6ba95ec-9916-b920-e62b-91a126022618}
C:\Users\Callum\AppData\Local\{c6ba95ec-9916-b920-e62b-91a126022618}\@
C:\Users\Callum\AppData\Local\{c6ba95ec-9916-b920-e62b-91a126022618}\L
C:\Users\Callum\AppData\Local\{c6ba95ec-9916-b920-e62b-91a126022618}\n
C:\Users\Callum\AppData\Local\{c6ba95ec-9916-b920-e62b-91a126022618}\U
C:\Users\Callum\AppData\Local\{c6ba95ec-9916-b920-e62b-91a126022618}\U\00000001.@
C:\Users\Callum\AppData\Local\{c6ba95ec-9916-b920-e62b-91a126022618}\U\80000000.@
C:\Users\Callum\AppData\Local\{c6ba95ec-9916-b920-e62b-91a126022618}\U\800000cb.@
==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-07-12 09:06:50
Restore point made on: 2012-07-15 10:00:41
Restore point made on: 2012-07-19 07:21:45
Restore point made on: 2012-07-22 09:34:04
Restore point made on: 2012-07-22 11:03:41
Restore point made on: 2012-07-22 22:51:53
Restore point made on: 2012-07-25 22:45:13
Restore point made on: 2012-07-30 03:42:05
Restore point made on: 2012-08-04 06:14:07
Restore point made on: 2012-08-07 23:24:56
Restore point made on: 2012-08-11 22:48:54
Restore point made on: 2012-08-14 23:59:13
==================== Memory info ===========================
Percentage of memory in use: 16%
Total physical RAM: 2998.61 MB
Available physical RAM: 2508.05 MB
Total Pagefile: 2996.88 MB
Available Pagefile: 2510.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB
==================== Partitions ============================
1 Drive c: (Alberto) (Fixed) (Total:283.4 GB) (Free:51.82 GB) NTFS
3 Drive f: (MRS MEMORY) (Removable) (Total:7.45 GB) (Free:7.42 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:10.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7648 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 283 GB 14 GB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 14 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Alberto NTFS Partition 283 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7646 MB 1124 KB
==================================================================================
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F MRS MEMORY FAT32 Removable 7646 MB Healthy
==================================================================================
Last Boot: 2012-08-04 09:54
==================== End Of Log =============================
 
Farbar Recovery Scan Tool Version: 28-08-2012
Ran by SYSTEM at 2012-08-28 17:41:56
Running from F:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2012-08-15 23:43] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9
=== End Of Search ===
 
Looks good to me. :)

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKU\Callum\...\Run: [Lyzuov] C:\Users\Callum\AppData\Roaming\Meefxu\afxeu.exe [259439 2011-10-23] ()
HKU\Callum\...\Run: [ostex] rundll32.exe "C:\Users\Callum\AppData\Roaming\ostex.dll",Unlock [163840 2012-08-15] ()
2012-08-15 03:13 - 2012-08-15 03:13 - 00000000 ____D C:\Users\Callum\AppData\Local\{2FBBBCB4-E6CA-11E1-8270-B8AC6F996F26}
2012-08-15 03:12 - 2012-08-15 03:17 - 00000000 ____D C:\Users\Callum\AppData\Roaming\Mexeal
2012-08-15 03:12 - 2012-08-15 03:12 - 00163840 __ASH C:\Users\Callum\AppData\Roaming\ostex.dll
2012-08-15 03:12 - 2012-08-15 03:12 - 00000000 ____D C:\Users\Callum\AppData\Roaming\Nuyg
2012-08-15 03:12 - 2012-08-15 03:12 - 00000000 ____D C:\Users\Callum\AppData\Roaming\Meefxu
C:\Windows\Installer\{c6ba95ec-9916-b920-e62b-91a126022618}
C:\Users\Callum\AppData\Local\{c6ba95ec-9916-b920-e62b-91a126022618}
Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe
end
Click to expand...

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 28-08-2012
Ran by SYSTEM at 2012-08-29 12:08:28 Run:1
Running from F:\
==============================================
HKEY_USERS\ Callum\Software\Microsoft\Windows\CurrentVersion\Run\\ Lyzuov Value not found.
HKEY_USERS\ Callum\Software\Microsoft\Windows\CurrentVersion\Run\\ ostex Value not found.
Could not find C:\Windows\System32\services.exe.
Could not find C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe.
==== End of Fixlog ====
 
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 28-08-2012
Ran by SYSTEM at 31-08-2012 08:21:21
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1602856 2010-01-07] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [495708 2010-01-05] (IDT, Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3853080 2009-12-18] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)
HKLM\...\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM\...\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [203776 2009-11-11] (Microsoft)
HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [718688 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1983816 2009-10-18] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [136544 2009-05-19] (CANON INC.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-06-27] (LogMeIn Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Callum\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-05-25] (Google Inc.)
HKU\Callum\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [357696 2010-04-01] (DT Soft Ltd)
HKU\Callum\...\Run: [Google Update] "C:\Users\Callum\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-20] (Google Inc.)
HKU\Callum\...\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKU\Callum\...\Run: [Lyzuov] C:\Users\Callum\AppData\Roaming\Meefxu\afxeu.exe [259439 2011-10-23] ()
HKU\Callum\...\Run: [ostex] rundll32.exe "C:\Users\Callum\AppData\Roaming\ostex.dll",Unlock [163840 2012-08-15] ()
HKLM\...\RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-03] (Microsoft)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\DigitalPersona\Bin\DPAgent.exe, [795984 2011-05-02] (DigitalPersona, Inc.)
Lsa: [Notification Packages] DPPassFilter
scecli
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Callum\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
========================== Services (Whitelisted) ========================
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation)
2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe /DisableUI [1253376 2009-08-27] (MAGIX AG)
3 FirebirdServerMAGIXInstance; "C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe" [3276800 2008-08-07] (MAGIX®)
2 Hamachi2Svc; "C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" -s [1385896 2012-06-27] (LogMeIn Inc.)
2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [8704 2012-05-30] (Hi-Rez Studios)
2 InstallFilterService; C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-11-29] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [247152 2010-08-19] ()
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\STacSV.exe [229458 2010-01-05] (IDT, Inc.)
2 vcsFPService; C:\Windows\system32\vcsFPService.exe [1656112 2009-07-12] (Validity Sensors, Inc.)
2 btwdins; c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [x]
 
==================== Drivers (Whitelisted) ===================
3 Acceler; C:\Windows\System32\DRIVERS\Acceler.sys [41648 2009-12-02] (ST Microelectronics)
3 CamSpaceBus; C:\Windows\System32\drivers\CamSpaceBus.sys [14848 2008-08-24] (CamTrax Technologies)
3 CamSpaceJoy; C:\Windows\System32\drivers\CamSpaceJoy.sys [30464 2008-08-24] (CamTrax Technologies)
3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1149280 2010-10-06] (Ralink Technology Corp.)
2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [49152 2009-06-30] (REDC)
2 rixdpcie; C:\Windows\System32\DRIVERS\rixdpe86.sys [38400 2009-07-04] (REDC)
3 SndTDriverV32; C:\Windows\System32\drivers\SndTDriverV32.sys [513152 2006-12-13] (Windows (R) 2000/XP)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-10-30] (Duplex Secure Ltd.)
3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [66152 2009-08-21] (Microsoft Corporation)
1 MpKsl6216a263; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89A0F021-9D69-495B-90F8-E9B2BE10F0C0}\MpKsl6216a263.sys [x]
3 RkHit; \??\C:\Windows\system32\drivers\RKHit.sys [x]
3 XDva397; \??\C:\Windows\system32\XDva397.sys [x]
 
============ One Month Created Files and Folders ==============
2012-08-28 17:36 - 2012-08-28 17:36 - 00000000 ___DC C:\FRST
2012-08-15 05:58 - 2012-08-15 05:59 - 00001273 ____A C:\Users\Callum\Desktop\shutdown.lnk
2012-08-15 03:46 - 2012-08-15 03:47 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-15 03:13 - 2012-08-15 03:13 - 00000000 ____D C:\Users\Callum\AppData\Local\{2FBBBCB4-E6CA-11E1-8270-B8AC6F996F26}
2012-08-15 03:12 - 2012-08-15 03:17 - 00000000 ____D C:\Users\Callum\AppData\Roaming\Mexeal
2012-08-15 03:12 - 2012-08-15 03:12 - 00163840 __ASH C:\Users\Callum\AppData\Roaming\ostex.dll
2012-08-15 03:12 - 2012-08-15 03:12 - 00000000 ____D C:\Users\Callum\AppData\Roaming\Nuyg
2012-08-15 03:12 - 2012-08-15 03:12 - 00000000 ____D C:\Users\Callum\AppData\Roaming\Meefxu
2012-08-15 00:00 - 2012-07-06 11:23 - 00393728 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-08-15 00:00 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-15 00:00 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-15 00:00 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-15 00:00 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-15 00:00 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-15 00:00 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-15 00:00 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-15 00:00 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-15 00:00 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
 
2012-08-15 00:00 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-15 00:00 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-15 00:00 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-15 00:00 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-15 00:00 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-14 22:42 - 2012-07-18 09:47 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-14 22:42 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-14 22:42 - 2012-07-04 13:14 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-14 22:42 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-14 22:42 - 2012-05-13 20:33 - 00769024 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-14 22:42 - 2012-05-04 23:46 - 00400896 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-14 22:42 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-14 22:42 - 2012-02-10 21:37 - 00317440 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
============ 3 Months Modified Files ========================
2012-08-29 03:13 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-29 03:13 - 2009-07-13 20:39 - 00138794 ____A C:\Windows\setupact.log
2012-08-29 03:10 - 2010-05-25 10:35 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-15 23:43 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-08-15 22:34 - 2011-01-18 08:37 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3347173133-1873616363-910204358-1001UA.job
2012-08-15 05:59 - 2012-08-15 05:58 - 00001273 ____A C:\Users\Callum\Desktop\shutdown.lnk
2012-08-15 05:45 - 2009-07-13 20:53 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-15 03:49 - 2009-07-13 20:34 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-15 03:49 - 2009-07-13 20:34 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-15 03:48 - 2009-07-13 20:55 - 01606860 ____A C:\Windows\WindowsUpdate.log
2012-08-15 03:47 - 2011-01-26 08:28 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-15 03:47 - 2010-05-19 17:10 - 00787942 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-15 03:35 - 2010-05-25 10:35 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-15 03:29 - 2011-05-24 07:36 - 00386560 __ASH C:\Users\Callum\Desktop\Thumbs.db
2012-08-15 03:17 - 2012-04-02 01:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-15 03:12 - 2012-08-15 03:12 - 00163840 __ASH C:\Users\Callum\AppData\Roaming\ostex.dll
 
2012-08-15 03:12 - 2012-04-02 01:30 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-15 03:12 - 2011-05-17 08:45 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-15 02:20 - 2009-07-13 20:33 - 02429520 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-15 00:02 - 2010-07-27 03:35 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-14 09:00 - 2011-07-21 22:34 - 00000444 ____A C:\Windows\Tasks\ParetoLogic Registration.job
2012-08-14 07:34 - 2011-01-18 08:37 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3347173133-1873616363-910204358-1001Core.job
2012-07-22 22:52 - 2012-07-22 22:52 - 00002439 ____A C:\Users\Public\Desktop\The Rise of the Witch-king.lnk
2012-07-22 22:52 - 2010-05-19 17:24 - 00379779 ____A C:\Windows\DirectX.log
2012-07-22 11:03 - 2012-07-22 11:03 - 00002298 ____A C:\Users\Public\Desktop\The Battle for Middle-earth (tm) II.lnk
2012-07-22 10:36 - 2012-07-22 10:36 - 00157928 ____A C:\Windows\Minidump\072212-30201-01.dmp
2012-07-22 10:36 - 2011-09-13 11:08 - 474174313 ____A C:\Windows\MEMORY.DMP
2012-07-18 09:47 - 2012-08-14 22:42 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 22:46 - 2012-07-11 22:46 - 00259788 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-06 11:23 - 2012-08-15 00:00 - 00393728 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-07-05 22:07 - 2012-07-05 22:07 - 00161096 ____A C:\Windows\Minidump\070612-22464-01.dmp
2012-07-04 13:16 - 2012-08-14 22:42 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 13:14 - 2012-08-14 22:42 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 13:14 - 2012-08-14 22:42 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 07:59 - 2012-07-04 07:59 - 00001052 ____A C:\Users\Callum\Desktop\GIMP 2.lnk
2012-07-03 08:04 - 2012-07-03 08:04 - 00010741 ____A C:\Users\Callum\.recently-used.xbel
2012-06-28 16:52 - 2012-08-15 00:00 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 16:27 - 2012-08-15 00:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 16:16 - 2012-08-15 00:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 16:09 - 2012-08-15 00:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 16:09 - 2012-08-15 00:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
 
2012-06-28 16:08 - 2012-08-15 00:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 16:07 - 2012-08-15 00:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 16:06 - 2012-08-15 00:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 16:04 - 2012-08-15 00:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 16:04 - 2012-08-15 00:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 16:01 - 2012-08-15 00:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 16:01 - 2012-08-15 00:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 16:00 - 2012-08-15 00:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 15:57 - 2012-08-15 00:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-25 07:04 - 2012-06-25 07:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\System32\msxml4.dll
2012-06-24 06:45 - 2010-05-19 19:03 - 00221270 ____A C:\Windows\PFRO.log
2012-06-24 03:37 - 2012-06-24 03:37 - 00001531 ___AC C:\user.js
2012-06-23 21:05 - 2012-06-23 21:05 - 00151752 ____A C:\Windows\Minidump\062412-24632-01.dmp
2012-06-20 10:27 - 2011-05-01 06:53 - 00014336 ____A C:\Users\Callum\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-20 09:37 - 2012-06-20 09:37 - 00000215 ____A C:\Users\Callum\Desktop\Magic The Gathering 2013.url
2012-06-14 08:42 - 2012-06-14 08:42 - 00161472 ____A C:\Windows\Minidump\061412-22932-01.dmp
2012-06-13 22:03 - 2012-05-21 08:58 - 00000022 ____A C:\Users\Callum\Desktop\Bliz.txt
2012-06-13 10:09 - 2012-06-13 10:09 - 00001154 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-06-13 08:25 - 2012-06-13 08:25 - 00001977 ____A C:\Users\Public\Desktop\Tribes Ascend.lnk
2012-06-08 20:41 - 2012-07-11 22:13 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-06 09:12 - 2012-06-06 09:12 - 00157280 ____A C:\Windows\Minidump\060612-21762-01.dmp
2012-06-05 23:49 - 2012-06-05 23:49 - 01070152 ____A (Microsoft Corporation) C:\Windows\System32\MSCOMCTL.OCX
2012-06-05 21:05 - 2012-07-11 22:13 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:05 - 2012-07-11 22:13 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:03 - 2012-07-11 22:13 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
ZeroAccess:
C:\Windows\Installer\{c6ba95ec-9916-b920-e62b-91a126022618}
C:\Windows\Installer\{c6ba95ec-9916-b920-e62b-91a126022618}\@
C:\Windows\Installer\{c6ba95ec-9916-b920-e62b-91a126022618}\L
C:\Windows\Installer\{c6ba95ec-9916-b920-e62b-91a126022618}\n
C:\Windows\Installer\{c6ba95ec-9916-b920-e62b-91a126022618}\U
C:\Windows\Installer\{c6ba95ec-9916-b920-e62b-91a126022618}\U\00000001.@
ZeroAccess:
C:\Users\Callum\AppData\Local\{c6ba95ec-9916-b920-e62b-91a126022618}
C:\Users\Callum\AppData\Local\{c6ba95ec-9916-b920-e62b-91a126022618}\@
C:\Users\Callum\AppData\Local\{c6ba95ec-9916-b920-e62b-91a126022618}\L
C:\Users\Callum\AppData\Local\{c6ba95ec-9916-b920-e62b-91a126022618}\n
C:\Users\Callum\AppData\Local\{c6ba95ec-9916-b920-e62b-91a126022618}\U
C:\Users\Callum\AppData\Local\{c6ba95ec-9916-b920-e62b-91a126022618}\U\00000001.@
C:\Users\Callum\AppData\Local\{c6ba95ec-9916-b920-e62b-91a126022618}\U\80000000.@
C:\Users\Callum\AppData\Local\{c6ba95ec-9916-b920-e62b-91a126022618}\U\800000cb.@
 
Status
Not open for further replies.

Similar threads

A
Microsoft breaks users' PCs again with latest Windows 11 update
Replies
19
Views
397
trparky
T
Cal Jeffrey
RTX 4090 has a meltdown after proper installation and only one year of use
2
Replies
46
Views
1K
user556
U
Cal Jeffrey
Someone created a video game with nothing but AI tools ChatGPT, Dall-E, and Midjourney
Replies
15
Views
552
havok585
havok585

Latest posts

Back