TechSpot

Windows has encountered a critical problem...Sept 2012

Inactive
By KNSW12
Sep 6, 2012
  1. I've read through the recent postings (2012) for this issue and have found that my laptop has begun to receive this same message... and then reboots in "1 minute". I have a Gateway NV59C with Windows 7 Home Premium Version 6.1, Build 7600. I can log on in safe mode without the problem.

    I've run through the first part of another posting: "Read all of my instructions very carefully" and Ihave generated the "FRST.txt" file. Please help.

    Thank you.
  2. KNSW12

    KNSW12 TS Rookie Topic Starter

    This is the information generated in the FRST.txt file:

    Scan result of Farbar Recovery Scan Tool (x64) Version: 05-09-2012
    Ran by SYSTEM at 06-09-2012 22:00:48
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9913376 2009-12-29] (Realtek Semiconductor)
    HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [206208 2010-04-09] ()
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM\...\Run: [lxecmon.exe] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [770728 2011-01-23] ()
    HKLM\...\Run: [IntelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe" [1464928 2012-06-26] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe" [2004584 2012-06-26] (Microsoft Corporation)
    HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [148280 2011-01-23] ()
    HKLM\...\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated)
    HKLM-x32\...\Run: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a [1480032 2010-05-03] (Suyin)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [Sprint SmartView] "C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a [75072 2010-12-15] (Sprint)
    HKLM-x32\...\Run: [RDVCHG] "C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe" [316736 2010-12-15] (C-motech Co.,Ltd)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [588648 2009-07-24] (Symantec Corporation)
    HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-07] (Dritek System Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
    HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [70792 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd)
    HKLM-x32\...\Run: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [743560 2011-12-26] (CHENGDU YIWO Tech Development Co., Ltd)
    HKLM-x32\...\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey [1858152 2012-03-30] (Microsoft Corp.)
    HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k [252928 2010-03-08] (NewTech Infosystems, Inc.)
    HKLM-x32\...\Run: [ArcSoft MediaImpression Monitor] C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe [80448 2010-12-15] (ArcSoft, Inc.)
    HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [41944 2012-07-31] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640480 2012-07-30] (Adobe Systems Inc.)
    HKU\Ctx_StreamingSvc\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-04-19] (Google Inc.)
    HKU\Ctx_StreamingSvc\...\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1446760 2012-01-06] (Garmin)
    HKU\Ctx_StreamingSvc\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [154144 2010-01-14] ()
    HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [154144 2010-01-14] ()
    HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [154144 2010-01-14] ()
    HKU\KenW\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-04-19] (Google Inc.)
    HKU\KenW\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
    HKU\KenW\...\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1446760 2012-01-06] (Garmin)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    ==================== Services ====================
    2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    2 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [151656 2012-03-30] (Microsoft Corp.)
    3 CASprint; "C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe" /n "CASprint" [124224 2010-12-15] (SmithMicro Inc.)
    2 CdfSvc; "C:\Program Files (x86)\Common Files\Citrix\System32\CdfSvc.exe" [321448 2011-05-03] (Citrix Systems, Inc.)
    3 DMService; C:\Windows\DOWNLO~1\DMService.exe [468368 2011-07-08] (Microsoft ® Corporation)
    2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [61064 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd)
    3 GSService; "C:\Windows\SysWOW64\GSService.exe" [249856 2012-01-23] ()
    2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23176 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd)
    2 IHA_MessageCenter; "C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" [335888 2012-06-11] (Verizon)
    3 LiveUpdate; "C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE" [3093880 2008-12-10] (Symantec Corporation)
    2 lxecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
    2 lxec_device; C:\Windows\system32\lxeccoms.exe -service [1052328 2010-04-14] ( )
    2 lxec_device; C:\Windows\SysWow64\lxeccoms.exe -service [598696 2010-04-14] ( )
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    2 NvtlService; "C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe" [82944 2010-01-11] ()
    2 RadeHlprSvc; "C:\Program Files (x86)\Citrix\Streaming Client\RadeHlprSvc.exe" [210864 2011-07-19] (Citrix Systems, Inc.)
    2 RadeSvc; "C:\Program Files (x86)\Citrix\Streaming Client\RadeSvc.exe" [1034152 2011-07-19] (Citrix Systems, Inc.)
    2 SepMasterService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe" /s "Symantec Endpoint Protection" /m "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\sms.dll" /prefetch:1 [167344 2011-10-30] (Symantec Corporation)
    3 SmcService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe" /prefetch:1 [2594816 2011-10-30] (Symantec Corporation)
    3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\snac64.exe [324016 2011-10-30] (Symantec Corporation)
    3 SprintRcAppSvc; "C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe" /n "SprintRcAppSvc" [120128 2010-12-15] (SmithMicro Inc.)
    2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [149904 2010-04-08] (Microsoft ® Corporation)
    ==================== Drivers =================================
    3 bcm; C:\Windows\System32\DRIVERS\drxvi314_64.sys [359040 2010-03-26] (Beceem communications pvt ltd.)
    3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys [62976 2010-03-26] (Beceem communications pvt ltd.)
    1 BHDrvx64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20120823.013_559\BHDrvx64.sys [1161376 2012-08-22] (Symantec Corporation)
    1 cdfdrv; C:\Windows\System32\Drivers\cdfdrv.sys [38448 2011-03-01] (Citrix Systems, Inc.)
    3 cm_net; C:\Windows\System32\Drivers\cm_net.sys [133120 2008-05-29] (C-motech Co.,Ltd.)
    3 cm_ser; C:\Windows\System32\Drivers\cm_ser.sys [118272 2008-05-29] (C-motech Co.,Ltd.)
    1 ctxpidmn; C:\Windows\System32\Drivers\ctxpidmn.sys [83288 2011-06-30] (Citrix Systems, Inc.)
    2 CtxSbx; C:\Windows\System32\Drivers\CtxSbx.sys [309080 2011-06-30] (Citrix Systems, Inc.)
    3 CVPNDRVA; C:\Windows\System32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
    1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-24] (Symantec Corporation)
    3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-09-04] (Symantec Corporation)
    0 EUBKMON; C:\Windows\System32\Drivers\EUBKMON.sys [51336 2011-12-22] ()
    1 IDSVia64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20120831.001_562\IDSvia64.sys [509088 2012-08-13] (Symantec Corporation)
    3 NAVENG; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120904.002\ENG64.SYS [125600 2012-09-04] (Symantec Corporation)
    3 NAVEX15; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120904.002\EX64.SYS [2084000 2012-09-04] (Symantec Corporation)
    3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [43032 2010-12-15] (Smith Micro Inc.)
    1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SRTSP64.SYS [678008 2011-09-27] (Symantec Corporation)
    1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SRTSPX64.SYS [39032 2011-09-27] (Symantec Corporation)
    3 SyDvCtrl; \??\C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\SyDvCtrl64.sys [29664 2011-10-30] (Symantec Corporation)
    0 SymDS; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS [451192 2011-07-16] (Symantec Corporation)
    0 SymEFA; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS [931448 2011-08-27] (Symantec Corporation)
    3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-08-24] (Symantec Corporation)
    1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS [171128 2011-09-13] (Symantec Corporation)
    1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SYMNETS.SYS [386168 2011-09-08] (Symantec Corporation)
    1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [118768 2012-08-24] (Symantec Corporation)
    1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [62672 2011-08-16] (Symantec Corporation)
    2 {B154377D-700F-42cc-9474-23858FBDF4BD}; \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-03-19] (CyberLink Corp.)
    ==================== NetSvcs (Whitelisted) =================

    ==================== One Month Created Files and Folders ======================
    2012-09-06 17:26 - 2012-09-06 17:26 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
    2012-09-06 17:18 - 2012-09-06 17:22 - 272394240 ____A C:\Users\KenW\Downloads\kav_rescue_10.iso
    2012-09-06 17:05 - 2012-09-06 17:07 - 00180000 ____A (Kaspersky Lab) C:\Users\KenW\Downloads\kss12.0.1.117mlg_en-ru_ru-ru_fr-ru_de-ru.exe
    2012-09-04 15:04 - 2012-09-04 15:04 - 00000000 ____D C:\Windows\pss
    2012-09-03 14:46 - 2012-09-03 14:46 - 00000000 ____D C:\Program Files (x86)\Panasonic
    2012-09-01 05:52 - 2012-09-01 05:52 - 00061314 ____A C:\Users\All Users\SPL1DEB.tmp
    2012-09-01 05:36 - 2012-09-01 05:36 - 00061314 ____A C:\Users\All Users\SPLD613.tmp
    2012-08-31 17:07 - 2012-08-31 17:07 - 01879190 ____A C:\Users\All Users\SPL966C.tmp
    2012-08-30 17:23 - 2012-08-30 17:23 - 01031780 ____A C:\Users\KenW\Downloads\IM_00001 (9)
    2012-08-30 17:23 - 2012-08-30 17:23 - 00528164 ____A C:\Users\KenW\Downloads\IM_00024
    2012-08-30 17:23 - 2012-08-30 17:23 - 00528160 ____A C:\Users\KenW\Downloads\IM_00006
    2012-08-30 17:22 - 2012-08-30 17:22 - 01031780 ____A C:\Users\KenW\Downloads\IM_00001 (8)
    2012-08-30 17:22 - 2012-08-30 17:22 - 01031780 ____A C:\Users\KenW\Downloads\IM_00001 (7)
    2012-08-30 17:21 - 2012-08-30 17:21 - 01031780 ____A C:\Users\KenW\Downloads\IM_00001 (6)
    2012-08-30 17:21 - 2012-08-30 17:21 - 01031780 ____A C:\Users\KenW\Downloads\IM_00001 (5)
    2012-08-30 17:21 - 2012-08-30 17:21 - 00528160 ____A C:\Users\KenW\Downloads\IM_00002 (5)
    2012-08-30 17:21 - 2012-08-30 17:21 - 00528160 ____A C:\Users\KenW\Downloads\IM_00002 (4)
    2012-08-30 17:20 - 2012-08-30 17:20 - 00528164 ____A C:\Users\KenW\Downloads\IM_00025
    2012-08-30 17:19 - 2012-08-30 17:19 - 00528160 ____A C:\Users\KenW\Downloads\IM_00004 (1)
    2012-08-30 17:19 - 2012-08-30 17:19 - 00528160 ____A C:\Users\KenW\Downloads\IM_00004
    2012-08-30 17:18 - 2012-08-30 17:18 - 01031780 ____A C:\Users\KenW\Downloads\IM_00001 (4)
    2012-08-30 17:18 - 2012-08-30 17:18 - 00528160 ____A C:\Users\KenW\Downloads\IM_00002 (3)
    2012-08-30 17:18 - 2012-08-30 17:18 - 00528156 ____A C:\Users\KenW\Downloads\IM_00005 (1)
    2012-08-30 17:18 - 2012-08-30 17:18 - 00528156 ____A C:\Users\KenW\Downloads\IM_00005
    2012-08-30 17:17 - 2012-08-30 17:17 - 00528160 ____A C:\Users\KenW\Downloads\IM_00002 (2)
    2012-08-30 17:16 - 2012-08-30 17:16 - 01031780 ____A C:\Users\KenW\Downloads\IM_00001 (3)
    2012-08-30 17:16 - 2012-08-30 17:16 - 01031780 ____A C:\Users\KenW\Downloads\IM_00001 (2)
    2012-08-26 16:44 - 2012-08-26 16:44 - 01339919 ____A C:\Users\All Users\SPL247D.tmp
    2012-08-24 07:23 - 2012-08-24 07:23 - 00999840 ____A (Solid State Networks) C:\Users\KenW\Downloads\install_flashplayer11x32_mssa_au_aih.exe
    2012-08-24 07:12 - 2012-08-24 07:12 - 00174200 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
    2012-08-24 07:12 - 2012-08-24 07:12 - 00007530 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
    2012-08-24 07:12 - 2012-08-24 07:12 - 00000000 ____D C:\Program Files\Symantec
    2012-08-24 07:12 - 2012-08-24 07:12 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
    2012-08-24 07:11 - 2012-08-24 07:11 - 00512944 ____A (Symantec Corporation) C:\Windows\System32\sysfer.dll
    2012-08-24 07:11 - 2012-08-24 07:11 - 00374704 ____A (Symantec Corporation) C:\Windows\SysWOW64\sysfer.dll
    2012-08-24 07:11 - 2012-08-24 07:11 - 00288176 ____A (Symantec Corporation) C:\Windows\System32\SymVPN.dll
    2012-08-24 07:11 - 2012-08-24 07:11 - 00118768 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SysPlant.sys
    2012-08-24 07:11 - 2012-08-24 07:11 - 00081840 ____A (Symantec Corporation) C:\Windows\System32\FwsVpn.dll
    2012-08-24 07:11 - 2012-08-24 07:11 - 00058288 ____A (Symantec Corporation) C:\Windows\SysWOW64\snacnp.dll
    2012-08-24 07:11 - 2012-08-24 07:11 - 00058288 ____A (Symantec Corporation) C:\Windows\System32\snacnp.dll
    2012-08-24 07:11 - 2012-08-24 07:11 - 00042632 ____A (Symantec Corporation) C:\Windows\System32\Drivers\WGX64.SYS
    2012-08-24 07:11 - 2012-08-24 07:11 - 00011184 ____A (Symantec Corporation) C:\Windows\System32\sysferThunk.dll
    2012-08-24 07:11 - 2012-08-24 07:11 - 00010672 ____A (Symantec Corporation) C:\Windows\SysWOW64\sysferThunk.dll
    2012-08-24 07:10 - 2012-08-24 07:10 - 00000000 ____D C:\Windows\System32\Drivers\SEP
    2012-08-24 07:10 - 2012-08-24 07:10 - 00000000 ____D C:\Users\All Users\regid.1992_12.com.symantec
    2012-08-19 16:31 - 2009-08-19 19:50 - 00024416 ___RA (Adobe Systems Inc.) C:\Windows\System32\AdobePDFUI.dll
    2012-08-18 12:04 - 2012-08-18 12:04 - 00000114 ____A C:\Users\KenW\Desktop\Home Depot.url
    2012-08-14 16:03 - 2012-08-14 16:04 - 00000000 ____D C:\Program Files\Microsoft Device Center
    2012-08-14 15:54 - 2012-02-10 22:36 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2012-08-14 15:54 - 2012-02-10 22:29 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
    2012-08-14 15:54 - 2012-02-10 22:29 - 00067584 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
    2012-08-14 15:54 - 2012-02-10 21:44 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2012-08-14 14:24 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-14 14:24 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-14 14:24 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-14 14:24 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-14 14:24 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-14 14:24 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-14 14:24 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-14 14:24 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-14 14:24 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-14 14:24 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-14 14:24 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-14 14:24 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-14 14:24 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-14 14:24 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-14 14:24 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-14 14:24 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-14 14:24 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-14 14:24 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-14 14:24 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-14 14:24 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-14 14:24 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-14 14:24 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-14 14:24 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-14 14:24 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-14 14:24 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-14 14:24 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-14 14:24 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-14 14:24 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-14 14:18 - 2012-07-18 09:31 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-08-14 14:18 - 2012-07-04 14:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-08-14 14:18 - 2012-07-04 14:01 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-08-14 14:18 - 2012-07-04 14:01 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-08-14 14:18 - 2012-07-04 13:26 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-08-14 14:18 - 2012-07-04 13:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-08-14 14:18 - 2012-05-13 21:20 - 00956416 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
    2012-08-14 14:18 - 2012-05-05 00:30 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
    2012-08-14 14:18 - 2012-05-04 23:44 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2012-08-09 13:24 - 2012-08-09 13:24 - 00000000 ____D C:\Users\KenW\Tracing
    2012-08-09 05:35 - 2012-08-09 05:35 - 01336553 ____A C:\Users\All Users\SPL4A9F.tmp

    ==================== 3 Months Modified Files ================================
    2012-09-06 17:54 - 2009-07-13 20:51 - 00059147 ____A C:\Windows\setupact.log
    2012-09-06 17:50 - 2011-03-17 14:01 - 00053473 ____A C:\Users\All Users\lxecscan.log
    2012-09-06 17:50 - 2011-03-16 18:33 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-09-06 17:49 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-06 17:34 - 2009-07-13 21:13 - 00729880 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-06 17:22 - 2012-09-06 17:18 - 272394240 ____A C:\Users\KenW\Downloads\kav_rescue_10.iso
    2012-09-06 17:07 - 2012-09-06 17:05 - 00180000 ____A (Kaspersky Lab) C:\Users\KenW\Downloads\kss12.0.1.117mlg_en-ru_ru-ru_fr-ru_de-ru.exe
    2012-09-06 17:05 - 2010-07-13 03:31 - 01573340 ____A C:\Windows\WindowsUpdate.log
    2012-09-04 15:17 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-04 15:17 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-04 15:15 - 2012-07-24 18:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-02 02:59 - 2011-06-26 19:58 - 01976320 __ASH C:\Users\KenW\Desktop\Thumbs.db
    2012-09-01 05:52 - 2012-09-01 05:52 - 00061314 ____A C:\Users\All Users\SPL1DEB.tmp
    2012-09-01 05:36 - 2012-09-01 05:36 - 00061314 ____A C:\Users\All Users\SPLD613.tmp
    2012-09-01 03:17 - 2011-03-17 14:08 - 00088182 ____A C:\Users\All Users\lxecJSW.log
    2012-08-31 17:07 - 2012-08-31 17:07 - 01879190 ____A C:\Users\All Users\SPL966C.tmp
    2012-08-30 17:23 - 2012-08-30 17:23 - 01031780 ____A C:\Users\KenW\Downloads\IM_00001 (9)
    2012-08-30 17:23 - 2012-08-30 17:23 - 00528164 ____A C:\Users\KenW\Downloads\IM_00024
    2012-08-30 17:23 - 2012-08-30 17:23 - 00528160 ____A C:\Users\KenW\Downloads\IM_00006
    2012-08-30 17:22 - 2012-08-30 17:22 - 01031780 ____A C:\Users\KenW\Downloads\IM_00001 (8)
    2012-08-30 17:22 - 2012-08-30 17:22 - 01031780 ____A C:\Users\KenW\Downloads\IM_00001 (7)
    2012-08-30 17:21 - 2012-08-30 17:21 - 01031780 ____A C:\Users\KenW\Downloads\IM_00001 (6)
    2012-08-30 17:21 - 2012-08-30 17:21 - 01031780 ____A C:\Users\KenW\Downloads\IM_00001 (5)
    2012-08-30 17:21 - 2012-08-30 17:21 - 00528160 ____A C:\Users\KenW\Downloads\IM_00002 (5)
    2012-08-30 17:21 - 2012-08-30 17:21 - 00528160 ____A C:\Users\KenW\Downloads\IM_00002 (4)
    2012-08-30 17:20 - 2012-08-30 17:20 - 00528164 ____A C:\Users\KenW\Downloads\IM_00025
    2012-08-30 17:19 - 2012-08-30 17:19 - 00528160 ____A C:\Users\KenW\Downloads\IM_00004 (1)
    2012-08-30 17:19 - 2012-08-30 17:19 - 00528160 ____A C:\Users\KenW\Downloads\IM_00004
    2012-08-30 17:18 - 2012-08-30 17:18 - 01031780 ____A C:\Users\KenW\Downloads\IM_00001 (4)
    2012-08-30 17:18 - 2012-08-30 17:18 - 00528160 ____A C:\Users\KenW\Downloads\IM_00002 (3)
    2012-08-30 17:18 - 2012-08-30 17:18 - 00528156 ____A C:\Users\KenW\Downloads\IM_00005 (1)
    2012-08-30 17:18 - 2012-08-30 17:18 - 00528156 ____A C:\Users\KenW\Downloads\IM_00005
    2012-08-30 17:17 - 2012-08-30 17:17 - 00528160 ____A C:\Users\KenW\Downloads\IM_00002 (2)
    2012-08-30 17:16 - 2012-08-30 17:16 - 01031780 ____A C:\Users\KenW\Downloads\IM_00001 (3)
    2012-08-30 17:16 - 2012-08-30 17:16 - 01031780 ____A C:\Users\KenW\Downloads\IM_00001 (2)
    2012-08-26 16:44 - 2012-08-26 16:44 - 01339919 ____A C:\Users\All Users\SPL247D.tmp
    2012-08-26 15:49 - 2011-10-24 23:21 - 00007605 ____A C:\Users\KenW\AppData\Local\Resmon.ResmonCfg
    2012-08-25 06:38 - 2011-03-16 18:33 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-08-24 07:23 - 2012-08-24 07:23 - 00999840 ____A (Solid State Networks) C:\Users\KenW\Downloads\install_flashplayer11x32_mssa_au_aih.exe
    2012-08-24 07:12 - 2012-08-24 07:12 - 00174200 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
    2012-08-24 07:12 - 2012-08-24 07:12 - 00007530 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
    2012-08-24 07:11 - 2012-08-24 07:11 - 00512944 ____A (Symantec Corporation) C:\Windows\System32\sysfer.dll
    2012-08-24 07:11 - 2012-08-24 07:11 - 00374704 ____A (Symantec Corporation) C:\Windows\SysWOW64\sysfer.dll
    2012-08-24 07:11 - 2012-08-24 07:11 - 00288176 ____A (Symantec Corporation) C:\Windows\System32\SymVPN.dll
    2012-08-24 07:11 - 2012-08-24 07:11 - 00118768 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SysPlant.sys
    2012-08-24 07:11 - 2012-08-24 07:11 - 00081840 ____A (Symantec Corporation) C:\Windows\System32\FwsVpn.dll
    2012-08-24 07:11 - 2012-08-24 07:11 - 00058288 ____A (Symantec Corporation) C:\Windows\SysWOW64\snacnp.dll
    2012-08-24 07:11 - 2012-08-24 07:11 - 00058288 ____A (Symantec Corporation) C:\Windows\System32\snacnp.dll
    2012-08-24 07:11 - 2012-08-24 07:11 - 00042632 ____A (Symantec Corporation) C:\Windows\System32\Drivers\WGX64.SYS
    2012-08-24 07:11 - 2012-08-24 07:11 - 00011184 ____A (Symantec Corporation) C:\Windows\System32\sysferThunk.dll
    2012-08-24 07:11 - 2012-08-24 07:11 - 00010672 ____A (Symantec Corporation) C:\Windows\SysWOW64\sysferThunk.dll
    2012-08-22 15:12 - 2010-04-19 01:17 - 01156254 ____A C:\Windows\PFRO.log
    2012-08-21 14:39 - 2012-05-04 05:14 - 00002351 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-08-18 12:04 - 2012-08-18 12:04 - 00000114 ____A C:\Users\KenW\Desktop\Home Depot.url
    2012-08-17 14:17 - 2012-07-31 15:44 - 00014455 ____A C:\Users\KenW\Desktop\KDW_BloodWorkResults.xlsx
    2012-08-15 08:15 - 2012-05-04 03:31 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-15 08:15 - 2011-06-05 10:21 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-14 15:47 - 2009-07-13 20:45 - 00428400 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-14 14:19 - 2011-03-18 07:07 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-08-09 05:35 - 2012-08-09 05:35 - 01336553 ____A C:\Users\All Users\SPL4A9F.tmp
    2012-08-06 14:16 - 2011-04-01 05:36 - 00016896 ____A C:\Users\KenW\Desktop\Post-It_Memoryboard.xlsx
    2012-08-04 05:42 - 2012-08-04 05:42 - 00010772 ____A C:\Users\KenW\Desktop\CabinetCostEstimator.xlsx
    2012-07-31 16:07 - 2012-07-31 16:07 - 00528160 ____A C:\Users\KenW\Downloads\IM_00002 (1)
    2012-07-31 16:06 - 2012-07-31 16:06 - 00528160 ____A C:\Users\KenW\Downloads\IM_00002
    2012-07-31 16:05 - 2012-07-31 16:05 - 01031780 ____A C:\Users\KenW\Downloads\IM_00001 (1)
    2012-07-31 16:05 - 2012-07-31 16:05 - 01031780 ____A C:\Users\KenW\Downloads\IM_00001
    2012-07-30 16:00 - 2012-07-30 16:00 - 00010045 ____A C:\Users\KenW\Desktop\Kitchen_Remodel_Specs.xlsx
    2012-07-30 15:28 - 2012-07-30 15:28 - 00001794 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-07-30 15:22 - 2012-07-30 15:22 - 00001856 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2012-07-18 16:58 - 2012-07-18 16:58 - 00001882 ____A C:\Users\KenW\Desktop\JDownloader.lnk
    2012-07-18 16:57 - 2012-07-18 16:57 - 00302425 ____A C:\Users\KenW\AppData\Local\funmoods-speeddial.crx
    2012-07-18 16:57 - 2012-07-18 16:57 - 00031470 ____A C:\Users\KenW\AppData\Local\funmoods.crx
    2012-07-18 09:31 - 2012-08-14 14:18 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-17 17:44 - 2012-07-17 17:44 - 00000247 ____A C:\user.js
    2012-07-17 17:43 - 2012-07-17 17:43 - 01064720 ____A C:\Users\KenW\Downloads\DownloadManagerSetup.exe
    2012-07-17 16:18 - 2012-07-17 16:18 - 00001018 ____A C:\Users\KenW\Desktop\Audacity.lnk
    2012-07-12 11:50 - 2012-07-12 11:50 - 00001339 ____A C:\Users\KenW\Documents\KDW MRI Rt Foot 7-12-12 - Shortcut.lnk
    2012-07-11 18:04 - 2012-07-11 18:04 - 26433600 ____A C:\Users\KenW\Downloads\Lexmark_Pro800-Pro900_Series_C082511_00_FWUpdate (2).exe
    2012-07-11 13:57 - 2012-07-11 13:57 - 26433600 ____A C:\Users\KenW\Downloads\Lexmark_Pro800-Pro900_Series_C082511_00_FWUpdate (1).exe
    2012-07-11 13:57 - 2012-07-11 13:56 - 26433600 ____A C:\Users\KenW\Downloads\Lexmark_Pro800-Pro900_Series_C082511_00_FWUpdate.exe
    2012-07-11 13:28 - 2012-07-11 13:27 - 00265004 ____A C:\Windows\msxml4-KB2721691-enu.LOG
    2012-07-11 13:28 - 2009-07-13 18:34 - 00000551 ____A C:\Windows\win.ini
    2012-07-04 14:04 - 2012-08-14 14:18 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-07-04 14:01 - 2012-08-14 14:18 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-07-04 14:01 - 2012-08-14 14:18 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-07-04 13:26 - 2012-08-14 14:18 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-07-04 13:23 - 2012-08-14 14:18 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-07-02 15:39 - 2012-07-02 15:39 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-07-02 15:39 - 2012-07-02 15:39 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-07-02 15:39 - 2012-07-02 15:39 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-07-02 15:39 - 2012-07-02 15:39 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-07-02 15:39 - 2011-06-16 17:41 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-07-02 15:32 - 2011-09-01 17:29 - 00000258 _RASH C:\Users\All Users\ntuser.pol
    2012-06-28 20:55 - 2012-08-14 14:24 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-28 20:09 - 2012-08-14 14:24 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-28 19:56 - 2012-08-14 14:24 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-28 19:49 - 2012-08-14 14:24 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-28 19:49 - 2012-08-14 14:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-28 19:48 - 2012-08-14 14:24 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-28 19:47 - 2012-08-14 14:24 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-28 19:45 - 2012-08-14 14:24 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-28 19:44 - 2012-08-14 14:24 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-28 19:43 - 2012-08-14 14:24 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-28 19:42 - 2012-08-14 14:24 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-28 19:40 - 2012-08-14 14:24 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-28 19:39 - 2012-08-14 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-28 19:35 - 2012-08-14 14:24 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-28 16:52 - 2012-08-14 14:24 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-28 16:27 - 2012-08-14 14:24 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-28 16:16 - 2012-08-14 14:24 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-28 16:09 - 2012-08-14 14:24 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-28 16:09 - 2012-08-14 14:24 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-28 16:08 - 2012-08-14 14:24 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-28 16:07 - 2012-08-14 14:24 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-28 16:06 - 2012-08-14 14:24 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-28 16:04 - 2012-08-14 14:24 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-28 16:04 - 2012-08-14 14:24 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-28 16:01 - 2012-08-14 14:24 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-28 16:01 - 2012-08-14 14:24 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-28 16:00 - 2012-08-14 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-28 15:57 - 2012-08-14 14:24 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-28 15:52 - 2012-06-28 15:52 - 00001141 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-06-26 17:38 - 2012-06-26 17:38 - 00827728 ____A (Microsoft Corporation) C:\Windows\System32\msvcr100.dll
    2012-06-26 17:38 - 2012-06-26 17:38 - 00770384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
    2012-06-26 17:38 - 2012-06-26 17:38 - 00607568 ____A (Microsoft Corporation) C:\Windows\System32\msvcp100.dll
    2012-06-26 17:38 - 2012-06-26 17:38 - 00421200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
    2012-06-25 12:04 - 2012-06-25 12:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
    2012-06-10 10:37 - 2012-06-10 10:37 - 00039908 ____A C:\Users\KenW\Downloads\files (1).zip
    2012-06-10 10:36 - 2012-06-10 10:36 - 00039908 ____A C:\Users\KenW\Downloads\files.zip
    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2012-08-14 14:19:22
    Restore point made on: 2012-08-14 15:55:05
    Restore point made on: 2012-08-14 16:03:39
    Restore point made on: 2012-08-14 16:15:40
    Restore point made on: 2012-08-17 16:20:37
    Restore point made on: 2012-08-21 16:20:21
    Restore point made on: 2012-08-24 07:09:10
    Restore point made on: 2012-08-25 07:29:50
    Restore point made on: 2012-08-26 15:07:37
    Restore point made on: 2012-08-28 14:10:01
    Restore point made on: 2012-09-03 10:58:45
    ==================== Memory info ===========================
    Percentage of memory in use: 19%
    Total physical RAM: 3766.71 MB
    Available physical RAM: 3035.21 MB
    Total Pagefile: 3764.86 MB
    Available Pagefile: 3035.94 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ==================== Partitions ============================
    1 Drive c: (Gateway) (Fixed) (Total:283.99 GB) (Free:98.38 GB) NTFS
    2 Drive e: (PQSERVICE) (Fixed) (Total:14 GB) (Free:2.69 GB) NTFS
    4 Drive g: () (Removable) (Total:1.97 GB) (Free:1.37 GB) FAT
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 2026 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 14 GB 1024 KB
    Partition 2 Primary 100 MB 14 GB
    Partition 3 Primary 283 GB 14 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E PQSERVICE NTFS Partition 14 GB Healthy Hidden
    ==================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy
    ==================================================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C Gateway NTFS Partition 283 GB Healthy
    ==================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 2022 MB 4096 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G FAT Removable 2022 MB Healthy
    ==================================================================================
    Last Boot: 2012-08-27 14:57
    ==================== End Of Log =============================
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    1. Download the Kaspersky Rescue Disk iso image
    from the Kaspersky Lab server. (Direct download link)

    Please note that this is a large downloaded, so please be patient while it downloads.

    2. Record the Kaspersky Rescue Disk iso image to a CD/DVD. You can use any CD/DVD record software you like. If you don't have any, please download and installImgBurn

    So, open up ImgBurn and choose Write image file to disc

    [​IMG]

    Click on the small Browse for file icon as shown in the image. Browse into your download folder and select kav_rescue_10.iso as your source file.

    [​IMG]

    OK, so know we are ready to burn the .iso file. Simply click the Write image file to disc button below and after a few minutes you will have a bootable Kaspersky Rescue Disk 10.

    [​IMG]

    3. Configure your computer to boot from CD/DVD. Use the Delete, F2, or F11 keys, to load the BIOS menu. Normally, the information how to enter the BIOS menu is displayed on the screen at the start of the OS boot.

    [​IMG]

    The keys F1, F8, F10, F12 might be used for some motherboards, as well as the following key combinations:
    • Ctrl+Esc
    • Ctrl+Ins
    • Ctrl+Alt
    • Ctrl+Alt+Esc
    • Ctrl+Alt+Enter
    • Ctrl+Alt+Del
    • Ctrl+Alt+Ins
    • Ctrl+Alt+S
    If you can enter Boot Menu directly then simply select your CD/DVD-ROM as your 1st boot device
    If you can't enter Boot Menu directly then simply use Delete key to enter BIOS menu. Select
    Boot from the main BIOS menu and then select Boot Device Priority

    [​IMG]

    Set CD/DVD-ROM as your 1st Boot Device. Save changes and exist BIOS menu.

    [​IMG]

    4. Let's boot your computer from Kaspersky Rescue Disk.

    Restart your computer. After restart, a message will appear on the screen:
    Press any key to enter the menu. So, press Enter or any other key to load the Kaspersky Rescue Disk.

    [​IMG]

    5. Select your language and press Enter to continue.

    [​IMG]

    6. Press 1 to accept the End User License Agreement.

    [​IMG]

    7. Select Kaspersky Rescue Disk. Graphic Mode as your startup method. Press Enter. Once the actions described above have been performed, the operating system starts.

    [​IMG]

    8. Click on the Start button located in the left bottom corner of the screen. Run Kaspersky WindowsUnlocker to remove Windows system and registry changes made by Sirefef. It won't take very long.

    [​IMG]

    9. Click on the Start button once again and fire up the Kaspersky Rescue Disk utility. First, select My Update Center tab and press Start update to get the latest malware definitions. Don't worry if you can't download the updates. Just proceed to the next step.

    [​IMG]

    10. Select Object Scan tab. Place a check mark next to your local drive C:\. If you have two or more local drives make sure to check those as well. Then click Start Objects Scan to scan your computer for malicious software.

    [​IMG]

    11. Quarantine (recommended) or delete every piece of malicious code detected during the system scan.

    [​IMG]

    12. You can now close the Kaspersky Rescue Disk utility. Click on the Start button and select Restart computer

    [​IMG]

    13. Please restart your computer into the Normal Mode and tell me how it went.
  4. KNSW12

    KNSW12 TS Rookie Topic Starter

    Thank you for the assistance. I have followed every detail of the instructions.. .ran the KAV program and at the end... it found nothing. So what ever has caused the issue with others is apparently not the issue causing my problem.
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Let's go ahead in Safe Mode with Networking please...

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi! This is the last check-in for you. Please update us on your situation here. We'd love to help!


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.