Jump to content

Bobzor

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

 Content Type 

Everything posted by Bobzor

  1. Bobzor
    KK, thanks again for all your help.
  2. Bobzor
    K cleared out all the programs you had me run during this and ran TFC. Out of curiosity since I am a novice at looking through the logs from all these scans/tools you had be run I was wondering if my machine was actually infected with anything specific that just got past my existing protection, or was it just infested with tons of stuff suggesting that I need to vastly improve the way I interact with the internet. And thanks a lot for taking the time to run me through all these steps to get my PC back to working condition, an unplanned forced reformat is one of the things I try to avoid like the plague.
  3. Bobzor
    K got rid of C:\Users\Kyle Winninghoff\Downloads\DriverSweeper_3.2.0.exe, and updated Adobe Reader and Java. As a question my Add Remove said I was already using Java 7 u21, so I just removed that and as far as I can tell reinstalled it, was there some other older version hiding somewhere beyond the add remove list that you saw in a log that you wanted me to get rid of? My computer seems to be running at the same level as it was before I made the original post at this point.
  4. Bobzor
    Sorry it took me a bit to respond. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x64 Ran by Kyle Winninghoff on Sun 05/19/2013 at 13:54:30.79 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\dnu.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1 ~~~ Files Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll" Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnu.xpt" Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll" Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.xpt" Successfully deleted: [File] C:\eula.1028.txt Successfully deleted: [File] C:\eula.1031.txt Successfully deleted: [File] C:\eula.1033.txt Successfully deleted: [File] C:\eula.1036.txt Successfully deleted: [File] C:\eula.1040.txt Successfully deleted: [File] C:\eula.1041.txt Successfully deleted: [File] C:\eula.1042.txt Successfully deleted: [File] C:\eula.1049.txt Successfully deleted: [File] C:\eula.2052.txt Successfully deleted: [File] C:\install.res.1028.dll Successfully deleted: [File] C:\install.res.1031.dll Successfully deleted: [File] C:\install.res.1033.dll Successfully deleted: [File] C:\install.res.1036.dll Successfully deleted: [File] C:\install.res.1040.dll Successfully deleted: [File] C:\install.res.1041.dll Successfully deleted: [File] C:\install.res.1042.dll Successfully deleted: [File] C:\install.res.1049.dll Successfully deleted: [File] C:\install.res.2052.dll Successfully deleted: [File] C:\install.res.3082.dll ~~~ Folders Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility" ~~~ FireFox Successfully deleted: [File] C:\Users\Kyle Winninghoff\AppData\Roaming\mozilla\firefox\profiles\q9awmc5p.default-1347400038011\user.js Successfully deleted the following from C:\Users\Kyle Winninghoff\AppData\Roaming\mozilla\firefox\profiles\q9awmc5p.default-1347400038011\prefs.js user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/redirector/sredir?invocationType=bu10aiminstabie7&sredir=2706&query="); Emptied folder: C:\Users\Kyle Winninghoff\AppData\Roaming\mozilla\firefox\profiles\q9awmc5p.default-1347400038011\minidumps [37 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 05/19/2013 at 13:56:46.01 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.301 - Logfile created 05/19/2013 at 14:03:39 # Updated 16/05/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Kyle Winninghoff - KYLEWINNINGHOFF # Boot Mode : Normal # Running from : C:\Users\Kyle Winninghoff\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16483 [OK] Registry is clean. -\\ Mozilla Firefox v20.0.1 (en-US) File : C:\Users\Kyle Winninghoff\AppData\Roaming\Mozilla\Firefox\Profiles\q9awmc5p.default-1347400038011\prefs.js [OK] File is clean. ************************* AdwCleaner[s1].txt - [1988 octets] - [19/05/2013 14:03:39] ########## EOF - C:\AdwCleaner[s1].txt - [2048 octets] ########## Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.19.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Kyle Winninghoff :: KYLEWINNINGHOFF [administrator] 5/19/2013 2:10:08 PM mbam-log-2013-05-19 (14-10-08).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 240670 Time elapsed: 3 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) (ESETSCAN): C:\Users\Kyle Winninghoff\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\4ae2f8a-7d255d19 a variant of Java/JShrink.A application C:\Users\Kyle Winninghoff\Downloads\DriverSweeper_3.2.0.exe Win32/OpenCandy application
  5. Bobzor
    K so I ran the Root-kit scan and it came back clean, so I went and made sure the mentioned items were all on and everything was up to date. I went back and turned Microsoft Security Client start-up process back on and reinstalled the current version of Java. On restart everything started up fine and windows is running normally as far as i can tell. Here are the logs from the Root-kit scan: Malwarebytes Anti-Rootkit BETA 1.05.0.1001 www.malwarebytes.org Database version: v2013.05.19.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Kyle Winninghoff :: KYLEWINNINGHOFF [administrator] 5/18/2013 8:40:30 PM mbar-log-2013-05-18 (20-40-30).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 29729 Time elapsed: 7 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED CPU speed: 3.073000 GHz Memory total: 12875579392, free: 7840481280 ------------ Kernel report ------------ 05/18/2013 20:30:50 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\spde.sys \SystemRoot\System32\Drivers\WMILIB.SYS \SystemRoot\System32\Drivers\SCSIPORT.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\DRIVERS\vsflt53.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\DRIVERS\AiCharger.sys \SystemRoot\system32\DRIVERS\jraid.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\iaStorV.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\DRIVERS\msahci.sys \SystemRoot\system32\DRIVERS\mv91xx.sys \SystemRoot\system32\DRIVERS\mvxxmm.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\DRIVERS\MpFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\vididr.sys \SystemRoot\system32\DRIVERS\timntr.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\system32\DRIVERS\snapman.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\avgrkx64.sys \SystemRoot\system32\DRIVERS\avgloga.sys \SystemRoot\system32\DRIVERS\avgmfx64.sys \SystemRoot\system32\DRIVERS\avgidsha.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\avgtdia.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\avgldx64.sys \SystemRoot\system32\DRIVERS\avgidsdrivera.sys \SystemRoot\SysWow64\drivers\AsUpIO.sys \SystemRoot\SysWow64\drivers\AsIO.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\nusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\DRIVERS\ASACPI.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\intelsmb.sys \SystemRoot\System32\Drivers\a6y6cig9.SYS \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\ICTDrv.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\nusb3hub.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtihdW76.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\RzSynapse.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\LHidFilt.Sys \SystemRoot\system32\DRIVERS\LMouFilt.Sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \SystemRoot\system32\drivers\qwavedrv.sys \??\C:\Windows\system32\Drivers\PROCEXP113.SYS \SystemRoot\system32\DRIVERS\NisDrvWFP.sys \SystemRoot\system32\drivers\spsys.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa800c28a060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Scsi\mv91xx1Port2Path0Target1Lun0\ Lower Device Object: 0xfffffa800acde050 Lower Device Driver Name: \Driver\mv91xx\ Driver name found: mv91xx Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\scsiport.sys (0x0) Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa800c289060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-4\ Lower Device Object: 0xfffffa800acd6050 Lower Device Driver Name: \Driver\iaStor\ Driver name found: iaStor Initialization returned 0x0 Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa800c288060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-3\ Lower Device Object: 0xfffffa800acd8050 Lower Device Driver Name: \Driver\iaStor\ Driver name found: iaStor <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa800c151790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-2\ Lower Device Object: 0xfffffa800acd2050 Lower Device Driver Name: \Driver\iaStor\ Driver name found: iaStor <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800c14b790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa800acd4050 Lower Device Driver Name: \Driver\iaStor\ Driver name found: iaStor Downloaded database version: v2013.05.19.01 Downloaded database version: v2013.05.14.03 Initializing... Done! <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa800c14b790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800c14b0b0, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xfffffa800c14b2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800c14b790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800afd7b50, DeviceName: Unknown, DriverName: \Driver\vidsflt53\ DevicePointer: 0xfffffa800acd4050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\ Upper DeviceData: 0xfffff8a02c7460a0, 0xfffffa800c14b790, 0xfffffa801cf37090 Lower DeviceData: 0xfffff8a00fba7b20, 0xfffffa800acd4050, 0xfffffa802135de40 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes File user open failed: C:\Windows\system32\drivers\sptd.sys (0x00000020) Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: F8E1EE76 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 1953314816 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204886016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)... Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa800c151790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800afdf870, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xfffffa800c1512c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800c151790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800afdfa80, DeviceName: Unknown, DriverName: \Driver\vidsflt53\ DevicePointer: 0xfffffa800acd2050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\ Upper DeviceData: 0xfffff8a005e037b0, 0xfffffa800c151790, 0xfffffa8020591790 Lower DeviceData: 0xfffff8a006035c20, 0xfffffa800acd2050, 0xfffffa801adc0370 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: CF11CF11 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 1250242497 Partition file system is NTFS Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 640135028736 bytes Sector size: 512 bytes Physical Sector Size: 512 Drive: 2, DevicePointer: 0xfffffa800c288060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800afe8940, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xfffffa800c288b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800c288060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800afe6940, DeviceName: Unknown, DriverName: \Driver\vidsflt53\ DevicePointer: 0xfffffa800acd8050, DeviceName: \Device\Ide\IAAStorageDevice-3\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\ Upper DeviceData: 0xfffff8a02de1a730, 0xfffffa800c288060, 0xfffffa801eb97790 Lower DeviceData: 0xfffff8a0002a3040, 0xfffffa800acd8050, 0xfffffa801934ae40 Drive 2 Scanning MBR on drive 2... Inspecting partition table: MBR Signature: 55AA Disk Signature: 97A2AC1D Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 1953520002 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204886016 bytes Sector size: 512 bytes Physical Sector Size: 512 Drive: 3, DevicePointer: 0xfffffa800c289060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800aff0940, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xfffffa800c289b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800c289060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800afecd60, DeviceName: Unknown, DriverName: \Driver\vidsflt53\ DevicePointer: 0xfffffa800acd6050, DeviceName: \Device\Ide\IAAStorageDevice-4\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\ Upper DeviceData: 0xfffff8a00fff2520, 0xfffffa800c289060, 0xfffffa8020e45090 Lower DeviceData: 0xfffff8a010897370, 0xfffffa800acd6050, 0xfffffa801bdc0730 Drive 3 Scanning MBR on drive 3... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: B67C7785 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 1864972104 GPT Header CurrentLba = 1 BackupLba 5860533167 GPT Header FirstUsableLba 34 LastUsableLba 5860533134 GPT Header Guid d2691329-c20a-4196-a4ab-ee7b707b865a GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 1864972104 Backup GPT header CurrentLba = 1565565871 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 1565565838 Backup GPT header Guid d2691329-c20a-4196-a4ab-ee7b707b865a Backup GPT header Contains 128 partition entries starting at LBA 1565565839 Backup GPT header Partition entry size = 128 GPT header and Backup GPT header have conflicting data Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 8f3b4483-cc91-4876-bb70-9bc11b3a50d4 FirstLBA 34 Last LBA 262177 Attributes 0 Partition Name Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID c1e5ce23-25bb-440e-9588-2ee27c97079 FirstLBA 262656 Last LBA 5860530467 Attributes 0 Partition Name Basic data partition Disk Size: 3000592982016 bytes Sector size: 512 bytes Physical Sector Size: 512 Drive: 4, DevicePointer: 0xfffffa800c28a060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800c28a980, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xfffffa800c28ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800c28a060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800aff3940, DeviceName: Unknown, DriverName: \Driver\vidsflt53\ DevicePointer: 0xfffffa800acde050, DeviceName: \Device\Scsi\mv91xx1Port2Path0Target1Lun0\, DriverName: \Driver\mv91xx\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\ Upper DeviceData: 0xfffff8a020629ae0, 0xfffffa800c28a060, 0xfffffa80116ba790 Lower DeviceData: 0xfffff8a000493510, 0xfffffa800acde050, 0xfffffa800f637190 Drive 4 Scanning MBR on drive 4... Inspecting partition table: MBR Signature: 55AA Disk Signature: E450B253 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 234231808 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 120034123776 bytes Sector size: 512 bytes Done! Performing system, memory and registry scan... Read File: File "c:\ProgramData\AVG2013\chjw\4b413cdb413bfda.dat" is sparse (flags = 32768) Read File: File "c:\Users\Kyle Winninghoff\AppData\Local\Avg2013\log\avgual.2013-03-28.log" is compressed (flags = 1) Read File: File "c:\Users\Kyle Winninghoff\AppData\Local\Avg2013\log\avgual.2013-03-30.log" is compressed (flags = 1) Read File: File "c:\Users\Kyle Winninghoff\AppData\Local\Avg2013\log\avgual.2013-04-01.log" is compressed (flags = 1) Read File: File "c:\Users\Kyle Winninghoff\AppData\Local\Avg2013\log\avgual.2013-04-02.log" is compressed (flags = 1) Read File: File "c:\Users\Kyle Winninghoff\AppData\Local\Avg2013\log\avgual.2013-03-28.log" is compressed (flags = 1) Read File: File "c:\Users\Kyle Winninghoff\AppData\Local\Avg2013\log\avgual.2013-03-30.log" is compressed (flags = 1) Read File: File "c:\Users\Kyle Winninghoff\AppData\Local\Avg2013\log\avgual.2013-04-01.log" is compressed (flags = 1) Read File: File "c:\Users\Kyle Winninghoff\AppData\Local\Avg2013\log\avgual.2013-04-02.log" is compressed (flags = 1) Done! Scan finished =======================================
  6. Bobzor
    ComboFix 13-05-18.03 - Kyle Winninghoff 05/18/2013 17:22:25.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.5626 [GMT -7:00] Running from: c:\users\Kyle Winninghoff\Desktop\ComboFix.exe AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\Kyle Winninghoff\AppData\Roaming\mIRC\logs\status.log c:\users\Kyle Winninghoff\Desktop\Internet Explorer.lnk c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\WanPacket.dll c:\windows\SysWow64\wpcap.dll . . ((((((((((((((((((((((((( Files Created from 2013-04-19 to 2013-05-19 ))))))))))))))))))))))))))))))) . . 2013-05-19 00:27 . 2013-05-19 00:27 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp 2013-05-19 00:27 . 2013-05-19 00:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-18 23:33 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C083459-0BBE-4F55-9CD6-42AC2257E45A}\mpengine.dll 2013-05-18 07:09 . 2013-05-18 07:09 -------- d-----w- C:\FRST 2013-05-17 23:33 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-05-15 11:00 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll 2013-05-15 11:00 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-15 11:00 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-05-15 02:17 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2013-04-24 06:01 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-23 21:56 . 2013-04-23 21:53 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F71EDD8-1A64-4E38-A344-2CAA8F98648C}\gapaengine.dll 2013-04-19 19:12 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll 2013-04-19 19:10 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2013-04-19 19:10 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys 2013-04-19 19:10 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll 2013-04-19 19:10 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll 2013-04-19 19:10 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2013-04-19 19:10 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2013-04-19 19:10 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2013-04-19 18:45 . 2013-04-19 18:45 -------- d-----w- c:\users\Kyle Winninghoff\AppData\Local\Programs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-15 11:03 . 2010-12-06 00:11 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-02 15:29 . 2010-12-01 06:33 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-19 19:06 . 2012-09-11 22:12 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-04-19 19:06 . 2012-09-11 22:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-13 05:49 . 2013-05-15 02:17 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-15 02:17 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-15 02:17 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-15 02:17 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-15 02:17 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-15 02:17 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-06 05:00 . 2011-09-30 03:11 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2013-04-06 05:00 . 2011-09-30 02:46 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-04-06 05:00 . 2011-09-30 02:46 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2013-04-04 21:50 . 2010-11-30 22:55 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-20 18:25 . 2013-03-20 18:25 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-20 18:25 . 2012-07-22 22:36 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-03-20 18:25 . 2011-03-25 08:41 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-03-19 06:04 . 2013-04-10 20:23 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-10 20:23 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-10 20:23 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 20:23 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-10 20:23 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-10 20:23 112640 ----a-w- c:\windows\system32\smss.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Kyle Winninghoff\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Kyle Winninghoff\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Kyle Winninghoff\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Kyle Winninghoff\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim"="c:\program files (x86)\AIM\aim.exe" [2012-05-30 4331392] "Steam"="c:\program files (x86)\Steam\steam.exe" [2013-05-03 1635752] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QFan Help"="c:\program files (x86)\ASUS\Fan Xpert\QFanHelp.exe" [2010-04-19 611968] "ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632] "Razer Blackwidow Driver"="c:\program files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe" [2011-05-16 887712] "DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-06-30 2638152] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 ATICDSDr;ATICDSDr;c:\users\KYLEWI~1\AppData\Local\Temp\ATICDSDr.sys [x] R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE1200w764.sys [2011-03-30 1254464] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-01 1255736] S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2010-05-06 14592] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800] S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2009-12-25 297512] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-01 834544] S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-11-30 210016] S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-11-30 141920] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [2010-02-03 30384] S2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe [2007-11-20 1039872] S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-06-30 1191408] S2 XTUService;Intel® Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-04-10 22280] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256] S3 ICTDrv;ICTDrv;c:\windows\system32\DRIVERS\ICTDrv.sys [2009-07-11 22488] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-05-13 154624] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Contents of the 'Scheduled Tasks' folder . 2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-11 09:02] . 2013-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-11 09:02] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Kyle Winninghoff\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Kyle Winninghoff\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Kyle Winninghoff\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Kyle Winninghoff\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] "lxdpmon.exe"="c:\program files (x86)\Lexmark Z2300 Series\lxdpmon.exe" [2010-02-04 672424] "EzPrint"="c:\program files (x86)\Lexmark Z2300 Series\ezprint.exe" [2010-02-04 107176] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2011-06-30 395152] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 FF - ProfilePath - c:\users\Kyle Winninghoff\AppData\Roaming\Mozilla\Firefox\Profiles\q9awmc5p.default-1347400038011\ FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?invocationType=bu10aiminstabie7&sredir=2706&query= FF - prefs.js: network.proxy.type - 0 FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-ROC_ROC_APR2013_AV - c:\users\Kyle Winninghoff\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe Wow6432Node-HKLM-Run-AVG_TRAY - c:\program files (x86)\AVG\AVG2012\avgtray.exe AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1182413079-1598480923-2472889761-1000\Software\SecuROM\License information*] "datasecu"=hex:8e,3f,4e,d2,01,af,ad,9e,f1,40,34,a6,45,63,30,a6,0e,6b,25,fe,dc, 4b,c5,44,23,f2,f2,ff,2c,32,b0,85,8b,ee,e4,c5,2a,90,78,06,8e,f7,7d,7f,67,a8,\ "rkeysecu"=hex:9b,7f,1a,a1,78,63,40,f9,4f,7d,57,cc,ce,52,19,fa . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-05-18 17:30:27 ComboFix-quarantined-files.txt 2013-05-19 00:30 . Pre-Run: 399,806,763,008 bytes free Post-Run: 401,166,856,192 bytes free . - - End Of File - - 52F8B86B6FC25EB9CEAB7A0A33C15EEF
  7. Bobzor
    Thanks for getting to this post. Since my first post 2 weeks back I have just been running my computer basically the same way it was able to start up normally before, that is with the Micorsoft Security Client and thus MSSE disabled. Here are the logs you requested via Farbar: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-05-2013 Ran by Kyle Winninghoff (administrator) on 18-05-2013 00:10:02 Running from C:\Users\Kyle Winninghoff\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (AMD) C:\Windows\system32\atiesrxx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe ( ) C:\Windows\system32\lxdpcoms.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe (AMD) C:\Windows\system32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Lexmark International Inc.) C:\Program Files (x86)\Lexmark Z2300 Series\ezprint.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (AOL Inc.) C:\Program Files (x86)\AIM\aim.exe (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Fan Xpert\QFanHelp.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (Razer USA Ltd) C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe (Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe (Thorvald Natvig) C:\Program Files (x86)\Mumble\mumble.exe (mIRC Co. Ltd.) C:\Program Files (x86)\mIRC\mirc.exe (Farbar) C:\Users\Kyle Winninghoff\Desktop\FRST64.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10038304 2010-01-29] (Realtek Semiconductor) HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x] HKLM\...\Run: [lxdpmon.exe] "C:\Program Files (x86)\Lexmark Z2300 Series\lxdpmon.exe" [672424 2010-02-04] () HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Lexmark Z2300 Series\ezprint.exe" [107176 2010-02-04] (Lexmark International Inc.) HKLM\...\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [395152 2011-06-30] (Seagate) HKCU\...\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US [4331392 2012-05-30] (AOL Inc.) HKCU\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1635752 2013-05-03] (Valve Corporation) HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [357696 2010-04-01] (DT Soft Ltd) HKCU\...\Run: [ROC_ROC_APR2013_AV] C:\Users\Kyle Winninghoff\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 1e016d2c33a647d6b9d1f186769500ce-5c87895d3b356dd23a1434c2b3f9f54daa8ce9d9 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 [x] MountPoints2: {3676c0ff-1e0a-11e1-94ef-806e6f6e6963} - D:\.\Bin\Assetup.exe HKLM-x32\...\Run: [QFan Help] "C:\Program Files (x86)\ASUS\Fan Xpert\QFanHelp.exe" [611968 2010-04-19] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [465536 2010-05-10] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [x] HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] () HKLM-x32\...\Run: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe [887712 2011-05-16] (Razer USA Ltd) HKLM-x32\...\Run: [DiscWizardMonitor.exe] "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2638152 2011-06-30] (Seagate) HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\SetPointII.lnk ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll No File BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File PDF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab PDF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab PDF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 FireFox: ======== FF ProfilePath: C:\Users\Kyle Winninghoff\AppData\Roaming\Mozilla\Firefox\Profiles\q9awmc5p.default-1347400038011 FF Homepage: hxxp://www.msn.com FF Keyword.URL: hxxp://slirsredirect.search.aol.com/redirector/sredir?invocationType=bu10aiminstabie7&sredir=2706&query= FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=1.102.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ==================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-16] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.) R2 lxdp_device; C:\Windows\system32\lxdpcoms.exe [1039872 2007-11-19] ( ) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-01-19] () R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation) R2 XTUService; C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [22280 2010-04-09] (Intel Corporation) ==================== Drivers (Whitelisted) ==================== R0 AiCharger; C:\Windows\System32\DRIVERS\AiCharger.sys [14592 2010-05-05] (ASUSTek Computer Inc.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] () S3 ATICDSDr; C:\Users\KYLEWI~1\AppData\Local\Temp\ATICDSDr.sys [6656 2007-11-01] (ATI Technologies Inc.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. ) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. ) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111968 2012-11-16] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.) R3 ICTDrv; C:\Windows\System32\DRIVERS\ICTDrv.sys [22488 2009-07-10] (Intel Corporation) R2 IOCBIOS; C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [30384 2010-02-03] (Intel Corporation) S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w764.sys [1254464 2011-03-30] (Broadcom Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] () R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [154624 2011-05-12] (Razer USA Ltd) S3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [22792 2010-08-10] (Saitek) S3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [50056 2010-08-10] (Saitek) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-11-30] () U3 a6y6cig9; C:\Windows\System32\Drivers\a6y6cig9.sys [0 ] (Microsoft Corporation) R0 snapman; system32\DRIVERS\snapman.sys [x] R0 vidsflt53; system32\DRIVERS\vsflt53.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-18 00:09 - 2013-05-18 00:09 - 00000000 ____D C:\FRST 2013-05-18 00:08 - 2013-05-18 00:09 - 01877468 ____A (Farbar) C:\Users\Kyle Winninghoff\Desktop\FRST64.exe 2013-05-15 04:00 - 2013-05-05 14:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-15 04:00 - 2013-05-05 14:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-15 04:00 - 2013-05-05 12:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-15 04:00 - 2013-05-05 12:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-15 03:59 - 2013-04-04 18:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-15 03:59 - 2013-04-04 18:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-15 03:59 - 2013-04-04 18:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-15 03:59 - 2013-04-04 18:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-15 03:59 - 2013-04-04 17:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-05-15 03:59 - 2013-04-04 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-05-15 03:59 - 2013-04-04 17:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-15 03:59 - 2013-04-04 17:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-05-15 03:59 - 2013-04-04 17:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-15 03:59 - 2013-04-04 17:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-05-15 03:59 - 2013-04-04 17:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-15 03:59 - 2013-04-04 17:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-15 03:59 - 2013-04-04 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-05-15 03:59 - 2013-04-04 17:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-15 03:59 - 2013-04-04 15:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-15 03:59 - 2013-04-04 15:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-15 03:59 - 2013-04-04 15:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-05-15 03:59 - 2013-04-04 15:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-15 03:59 - 2013-04-04 15:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-15 03:59 - 2013-04-04 15:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-05-15 03:59 - 2013-04-04 14:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-15 03:59 - 2013-04-04 14:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-15 03:59 - 2013-04-04 14:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-05-15 03:59 - 2013-04-04 14:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-05-15 03:59 - 2013-04-04 14:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-15 03:59 - 2013-04-04 14:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-15 03:59 - 2013-04-04 14:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-05-15 03:59 - 2013-04-04 14:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-15 02:44 - 2013-05-15 03:07 - 369298041 ____A C:\Users\Kyle Winninghoff\Desktop\NCIS.Los.Angeles.S04E24.HDTV.x264-LOL.mp4 2013-05-14 19:17 - 2013-04-09 23:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-14 19:17 - 2013-04-09 23:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-14 19:17 - 2013-04-09 20:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-14 19:17 - 2013-03-18 22:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2013-05-14 19:17 - 2013-03-18 22:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll 2013-05-14 19:17 - 2013-02-26 23:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-14 19:17 - 2013-02-26 22:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-14 19:17 - 2013-02-26 22:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-14 19:17 - 2013-02-26 22:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-14 19:17 - 2013-02-26 22:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-14 19:17 - 2013-02-26 21:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-14 19:17 - 2013-02-26 21:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-14 19:17 - 2013-02-26 21:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-14 19:17 - 2011-02-03 04:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll 2013-05-08 03:27 - 2013-05-08 03:45 - 307135980 ____A C:\Users\Kyle Winninghoff\Desktop\NCIS.Los.Angeles.S04E23.HDTV.x264-LOL.mp4 2013-05-04 17:54 - 2013-05-04 17:54 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage 2013-05-04 15:54 - 2013-05-04 15:54 - 00791040 ____A C:\Users\Kyle Winninghoff\Desktop\RogueKillerX64.exe 2013-05-04 15:41 - 2013-05-04 15:41 - 00024839 ____A C:\Users\Kyle Winninghoff\Desktop\attach.txt 2013-05-04 15:41 - 2013-05-04 15:41 - 00018067 ____A C:\Users\Kyle Winninghoff\Desktop\dds.txt 2013-05-04 14:31 - 2013-05-04 14:31 - 00276424 ____A C:\Windows\Minidump\050413-29234-01.dmp 2013-05-04 13:27 - 2013-05-04 13:27 - 00276424 ____A C:\Windows\Minidump\050413-33056-01.dmp 2013-05-04 05:58 - 2013-05-04 05:58 - 00688992 ____R (Swearware) C:\Users\Kyle Winninghoff\Desktop\dds.scr 2013-05-04 05:51 - 2013-05-04 05:51 - 00276424 ____A C:\Windows\Minidump\050413-32307-01.dmp 2013-05-04 03:36 - 2013-05-04 03:36 - 00276368 ____A C:\Windows\Minidump\050413-32370-01.dmp 2013-05-04 03:18 - 2013-05-04 03:19 - 00276424 ____A C:\Windows\Minidump\050413-36863-01.dmp 2013-05-04 03:14 - 2013-05-04 03:14 - 00276368 ____A C:\Windows\Minidump\050413-46535-01.dmp 2013-05-04 03:10 - 2013-05-04 03:11 - 00276368 ____A C:\Windows\Minidump\050413-46925-01.dmp 2013-05-01 02:42 - 2013-05-01 03:00 - 282671826 ____A C:\Users\Kyle Winninghoff\Desktop\NCIS.Los.Angeles.S04E22.HDTV.x264-LOL.mp4 2013-04-30 01:38 - 2013-04-30 02:11 - 314125960 ____A C:\Users\Kyle Winninghoff\Desktop\The.Following.S01E15.HDTV.x264-LOL.mp4 2013-04-24 03:36 - 2013-04-24 03:54 - 285781557 ____A C:\Users\Kyle Winninghoff\Desktop\NCIS.Los.Angeles.S04E21.HDTV.x264-LOL.mp4 2013-04-23 23:01 - 2013-04-12 07:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-23 14:51 - 2013-04-23 15:14 - 262733883 ____A C:\Users\Kyle Winninghoff\Desktop\The.Following.S01E14.HDTV.x264-LOL.mp4 2013-04-19 12:14 - 2012-08-23 07:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll 2013-04-19 12:14 - 2012-08-23 07:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys 2013-04-19 12:14 - 2012-08-23 07:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys 2013-04-19 12:14 - 2012-08-23 06:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2013-04-19 12:14 - 2012-08-23 06:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2013-04-19 12:14 - 2012-08-23 06:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe 2013-04-19 12:14 - 2012-08-23 06:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll 2013-04-19 12:14 - 2012-08-23 06:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll 2013-04-19 12:14 - 2012-08-23 06:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll 2013-04-19 12:14 - 2012-08-23 06:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2013-04-19 12:14 - 2012-08-23 06:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll 2013-04-19 12:14 - 2012-08-23 06:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll 2013-04-19 12:14 - 2012-08-23 05:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll 2013-04-19 12:14 - 2012-08-23 04:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe 2013-04-19 12:14 - 2012-08-23 04:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2013-04-19 12:14 - 2012-08-23 04:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe 2013-04-19 12:14 - 2012-08-23 04:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll 2013-04-19 12:14 - 2012-08-23 03:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll 2013-04-19 12:14 - 2012-08-23 03:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll 2013-04-19 12:14 - 2012-08-23 03:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2013-04-19 12:14 - 2012-08-23 03:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe 2013-04-19 12:14 - 2012-08-23 02:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll 2013-04-19 12:14 - 2012-08-23 01:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2013-04-19 12:14 - 2012-08-23 01:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll 2013-04-19 12:12 - 2013-01-13 14:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-04-19 12:12 - 2013-01-13 14:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-04-19 12:12 - 2013-01-13 14:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-04-19 12:12 - 2013-01-13 14:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-04-19 12:12 - 2013-01-13 14:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-04-19 12:12 - 2013-01-13 14:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-04-19 12:12 - 2013-01-13 14:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-04-19 12:12 - 2013-01-13 14:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll 2013-04-19 12:12 - 2013-01-13 14:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-04-19 12:12 - 2013-01-13 13:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-04-19 12:12 - 2013-01-13 13:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-04-19 12:12 - 2013-01-13 13:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-04-19 12:12 - 2013-01-13 13:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-04-19 12:12 - 2013-01-13 13:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-04-19 12:12 - 2013-01-13 13:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-04-19 12:12 - 2013-01-13 13:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-04-19 12:12 - 2013-01-13 13:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-04-19 12:12 - 2013-01-13 13:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-04-19 12:12 - 2013-01-13 13:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-04-19 12:12 - 2013-01-13 13:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2013-04-19 12:12 - 2013-01-13 13:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2013-04-19 12:12 - 2013-01-13 13:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2013-04-19 12:12 - 2013-01-13 13:08 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-04-19 12:12 - 2013-01-13 13:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2013-04-19 12:12 - 2013-01-13 12:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2013-04-19 12:12 - 2013-01-13 12:58 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll 2013-04-19 12:12 - 2013-01-13 12:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2013-04-19 12:12 - 2013-01-13 12:53 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2013-04-19 12:12 - 2013-01-13 12:53 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2013-04-19 12:12 - 2013-01-13 12:51 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2013-04-19 12:12 - 2013-01-13 12:49 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll 2013-04-19 12:12 - 2013-01-13 12:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2013-04-19 12:12 - 2013-01-13 12:46 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2013-04-19 12:12 - 2013-01-13 12:43 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-04-19 12:12 - 2013-01-13 12:38 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-04-19 12:12 - 2013-01-13 12:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll 2013-04-19 12:12 - 2013-01-13 12:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll 2013-04-19 12:12 - 2013-01-13 12:37 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2013-04-19 12:12 - 2013-01-13 12:25 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll 2013-04-19 12:12 - 2013-01-13 12:24 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2013-04-19 12:12 - 2013-01-13 12:24 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll 2013-04-19 12:12 - 2013-01-13 12:20 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll 2013-04-19 12:12 - 2013-01-13 12:20 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll 2013-04-19 12:12 - 2013-01-13 12:15 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-04-19 12:12 - 2013-01-13 12:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll 2013-04-19 12:12 - 2013-01-13 12:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-04-19 12:12 - 2013-01-13 11:34 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-04-19 12:12 - 2013-01-13 11:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll 2013-04-19 12:12 - 2013-01-13 11:09 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll 2013-04-19 12:12 - 2013-01-13 10:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2013-04-19 12:12 - 2013-01-13 10:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll 2013-04-19 12:12 - 2013-01-03 23:11 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll 2013-04-19 12:12 - 2013-01-03 23:11 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2013-04-19 12:10 - 2012-08-24 11:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2013-04-19 12:10 - 2012-08-24 11:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2013-04-19 12:10 - 2012-08-24 11:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2013-04-19 12:10 - 2012-08-24 11:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2013-04-19 12:10 - 2012-08-24 09:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-04-19 12:10 - 2012-08-24 09:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2013-04-19 12:10 - 2012-08-24 09:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll ==================== One Month Modified Files and Folders ======= 2013-05-18 00:09 - 2013-05-18 00:09 - 00000000 ____D C:\FRST 2013-05-18 00:09 - 2013-05-18 00:08 - 01877468 ____A (Farbar) C:\Users\Kyle Winninghoff\Desktop\FRST64.exe 2013-05-17 23:23 - 2010-11-30 22:39 - 01679736 ____A C:\Windows\WindowsUpdate.log 2013-05-17 23:20 - 2012-12-11 02:02 - 00000918 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-17 22:35 - 2010-12-01 00:13 - 00000000 ____D C:\Users\Kyle Winninghoff\AppData\Roaming\Mumble 2013-05-17 18:01 - 2010-12-01 15:28 - 00000000 ____D C:\ProgramData\MFAData 2013-05-17 10:20 - 2012-12-11 02:02 - 00000914 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-17 03:39 - 2010-12-01 23:30 - 00000000 ____D C:\Users\Kyle Winninghoff\Documents\Word Docs 2013-05-16 22:30 - 2010-11-30 16:42 - 00000000 ____D C:\Users\Kyle Winninghoff\AppData\Roaming\mIRC 2013-05-15 23:14 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache 2013-05-15 22:35 - 2010-11-30 16:42 - 00000000 ____D C:\Program Files (x86)\mIRC 2013-05-15 16:32 - 2010-12-01 00:48 - 00000000 ____D C:\Program Files (x86)\Steam 2013-05-15 16:32 - 2009-07-13 21:45 - 00015344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-15 16:32 - 2009-07-13 21:45 - 00015344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-15 16:25 - 2010-11-30 22:39 - 00000000 ____D C:\users\Kyle Winninghoff 2013-05-15 16:23 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-15 16:23 - 2009-07-13 21:51 - 00107217 ____A C:\Windows\setupact.log 2013-05-15 16:22 - 2009-07-13 21:45 - 00421800 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-15 04:06 - 2010-11-30 23:32 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-05-15 04:03 - 2010-12-05 17:11 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-15 04:01 - 2009-07-13 22:13 - 00832892 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-15 03:57 - 2010-12-02 04:14 - 00000000 ____D C:\Users\Kyle Winninghoff\AppData\Roaming\uTorrent 2013-05-15 03:07 - 2013-05-15 02:44 - 369298041 ____A C:\Users\Kyle Winninghoff\Desktop\NCIS.Los.Angeles.S04E24.HDTV.x264-LOL.mp4 2013-05-08 03:45 - 2013-05-08 03:27 - 307135980 ____A C:\Users\Kyle Winninghoff\Desktop\NCIS.Los.Angeles.S04E23.HDTV.x264-LOL.mp4 2013-05-05 14:36 - 2013-05-15 04:00 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-05 14:16 - 2013-05-15 04:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-05 12:25 - 2013-05-15 04:00 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-05 12:12 - 2013-05-15 04:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-04 18:17 - 2011-05-26 23:31 - 00000000 ___RD C:\Users\Kyle Winninghoff\Dropbox 2013-05-04 18:17 - 2011-05-26 23:30 - 00000000 ____D C:\Users\Kyle Winninghoff\AppData\Roaming\Dropbox 2013-05-04 17:54 - 2013-05-04 17:54 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage 2013-05-04 15:54 - 2013-05-04 15:54 - 00791040 ____A C:\Users\Kyle Winninghoff\Desktop\RogueKillerX64.exe 2013-05-04 15:41 - 2013-05-04 15:41 - 00024839 ____A C:\Users\Kyle Winninghoff\Desktop\attach.txt 2013-05-04 15:41 - 2013-05-04 15:41 - 00018067 ____A C:\Users\Kyle Winninghoff\Desktop\dds.txt 2013-05-04 14:31 - 2013-05-04 14:31 - 00276424 ____A C:\Windows\Minidump\050413-29234-01.dmp 2013-05-04 14:31 - 2011-06-02 04:19 - 00000000 ____D C:\Windows\Minidump 2013-05-04 14:31 - 2011-06-02 04:18 - 578967433 ____A C:\Windows\MEMORY.DMP 2013-05-04 14:17 - 2012-12-27 14:19 - 00000000 ____D C:\ProgramData\AVG2013 2013-05-04 13:27 - 2013-05-04 13:27 - 00276424 ____A C:\Windows\Minidump\050413-33056-01.dmp 2013-05-04 05:58 - 2013-05-04 05:58 - 00688992 ____R (Swearware) C:\Users\Kyle Winninghoff\Desktop\dds.scr 2013-05-04 05:51 - 2013-05-04 05:51 - 00276424 ____A C:\Windows\Minidump\050413-32307-01.dmp 2013-05-04 05:34 - 2012-12-27 14:17 - 00000000 ____D C:\Users\Kyle Winninghoff\AppData\Local\Avg2013 2013-05-04 03:36 - 2013-05-04 03:36 - 00276368 ____A C:\Windows\Minidump\050413-32370-01.dmp 2013-05-04 03:19 - 2013-05-04 03:18 - 00276424 ____A C:\Windows\Minidump\050413-36863-01.dmp 2013-05-04 03:14 - 2013-05-04 03:14 - 00276368 ____A C:\Windows\Minidump\050413-46535-01.dmp 2013-05-04 03:11 - 2013-05-04 03:10 - 00276368 ____A C:\Windows\Minidump\050413-46925-01.dmp 2013-05-04 03:06 - 2010-12-01 13:53 - 00061442 ____A C:\Windows\PFRO.log 2013-05-03 23:32 - 2010-12-02 04:15 - 00000000 ____D C:\Program Files (x86)\uTorrent 2013-05-02 08:29 - 2010-11-30 23:33 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2013-05-01 03:00 - 2013-05-01 02:42 - 282671826 ____A C:\Users\Kyle Winninghoff\Desktop\NCIS.Los.Angeles.S04E22.HDTV.x264-LOL.mp4 2013-04-30 02:11 - 2013-04-30 01:38 - 314125960 ____A C:\Users\Kyle Winninghoff\Desktop\The.Following.S01E15.HDTV.x264-LOL.mp4 2013-04-24 03:54 - 2013-04-24 03:36 - 285781557 ____A C:\Users\Kyle Winninghoff\Desktop\NCIS.Los.Angeles.S04E21.HDTV.x264-LOL.mp4 2013-04-23 15:14 - 2013-04-23 14:51 - 262733883 ____A C:\Users\Kyle Winninghoff\Desktop\The.Following.S01E14.HDTV.x264-LOL.mp4 2013-04-19 12:37 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK 2013-04-19 12:37 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR 2013-04-19 12:37 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\zh-HK 2013-04-19 12:37 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\tr-TR 2013-04-19 12:37 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-04-19 12:06 - 2012-09-11 15:12 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-04-19 12:06 - 2012-09-11 15:12 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-04-19 12:06 - 2010-11-30 20:56 - 00000000 ____D C:\ProgramData\Adobe 2013-04-19 11:55 - 2013-03-08 04:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-04-19 11:55 - 2012-04-29 14:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-04-19 11:55 - 2010-11-30 15:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-04-19 11:45 - 2012-03-17 20:27 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit Last Boot: 2013-05-14 23:15 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-05-2013 Ran by Kyle Winninghoff at 2013-05-18 00:10:37 Run: Running from C:\Users\Kyle Winninghoff\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Update for Microsoft Office 2007 (KB2508958) µTorrent (Version: 3.3.0.29625) AaAaAA!!! - A Reckless Disregard for Gravity Acrobat.com (Version: 1.6.65) Adobe Flash Player 11 ActiveX (Version: 11.4.402.265) Adobe Flash Player 11 Plugin (Version: 11.7.700.169) Adobe Reader X (10.1.7) (Version: 10.1.7) Advertising Center (Version: 0.0.0.2) AIM 7 Amazon Kindle AMD Accelerated Video Transcoding (Version: 12.5.100.21219) AMD APP SDK Runtime (Version: 10.0.1084.4) AMD Catalyst Install Manager (Version: 8.0.903.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Media Foundation Decoders (Version: 1.0.71219.1540) Application Profiles (Version: 2.0.4357.40145) Assassin's Creed ASUS Ai Charger (Version: 1.00.06) ASUS E-Green Uninstall ASUSUpdate (Version: 7.18.03) Audiosurf AutoHotkey 1.0.48.05 (Version: 1.0.48.05) AVG 2012 (Version: 12.0.1809) AVG 2012 (Version: 12.0.1831) AVG 2012 (Version: 12.0.1834) AVG 2012 (Version: 12.0.1869) AVG 2012 (Version: 12.0.1872) AVG 2012 (Version: 12.0.1873) AVG 2012 (Version: 12.0.1890) AVG 2012 (Version: 12.0.1901) AVG 2012 (Version: 12.0.1913) AVG 2012 (Version: 12.0.2171) AVG 2012 (Version: 12.0.2176) AVG 2012 (Version: 12.0.2178) AVG 2012 (Version: 12.0.2180) AVG 2012 (Version: 12.0.2193) AVG 2012 (Version: 12.0.2195) AVG 2012 (Version: 12.0.2197) AVG 2012 (Version: 12.0.2221) AVG 2013 (Version: 13.0.2805) AVG 2013 (Version: 13.0.2890) AVG 2013 (Version: 13.0.2897) AVG 2013 (Version: 13.0.2899) AVG 2013 (Version: 13.0.2904) AVG 2013 (Version: 13.0.3162) AVG 2013 (Version: 2013.0.2904) Bastion Battlefield 3™ (Version: 1.4.0.0) Battlelog Web Plugins (Version: 2.1.3) Beat Hazard BIT.TRIP BEAT Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center (Version: 2012.1219.1521.27485) Catalyst Control Center Graphics Previews Common (Version: 2012.1219.1521.27485) Catalyst Control Center InstallProxy (Version: 2011.1109.2212.39826) Catalyst Control Center InstallProxy (Version: 2012.1219.1521.27485) Catalyst Control Center Localization All (Version: 2012.1219.1521.27485) CCC Help Chinese Standard (Version: 2012.1219.1520.27485) CCC Help Chinese Traditional (Version: 2012.1219.1520.27485) CCC Help Czech (Version: 2012.1219.1520.27485) CCC Help Danish (Version: 2012.1219.1520.27485) CCC Help Dutch (Version: 2012.1219.1520.27485) CCC Help English (Version: 2012.1219.1520.27485) CCC Help Finnish (Version: 2012.1219.1520.27485) CCC Help French (Version: 2012.1219.1520.27485) CCC Help German (Version: 2012.1219.1520.27485) CCC Help Greek (Version: 2012.1219.1520.27485) CCC Help Hungarian (Version: 2012.1219.1520.27485) CCC Help Italian (Version: 2012.1219.1520.27485) CCC Help Japanese (Version: 2012.1219.1520.27485) CCC Help Korean (Version: 2012.1219.1520.27485) CCC Help Norwegian (Version: 2012.1219.1520.27485) CCC Help Polish (Version: 2012.1219.1520.27485) CCC Help Portuguese (Version: 2012.1219.1520.27485) CCC Help Russian (Version: 2012.1219.1520.27485) CCC Help Spanish (Version: 2012.1219.1520.27485) CCC Help Swedish (Version: 2012.1219.1520.27485) CCC Help Thai (Version: 2012.1219.1520.27485) CCC Help Turkish (Version: 2012.1219.1520.27485) ccc-utility64 (Version: 2012.1219.1521.27485) Cities XL 2011 Combined Community Codec Pack 2010-10-10 (Version: 2010.10.10.0) Darwinia Day of Defeat: Source DEFCON Defense Grid: The Awakening Diablo III (Version: 1.0.7.15295) Download Updater (AOL LLC) Driver Sweeper version 3.2.0 (Version: 3.2.0) Dropbox (Version: 1.1.35) E-Hammer (Version: 1.0.0) Empire: Total War erLT (Version: 1.20.0137) ESN Sonar (Version: 0.70.0) ESN Sonar (Version: 0.70.4) Fan Xpert (Version: 1.00.13) FileZilla Client 3.6.0.2 (Version: 3.6.0.2) GOM Player (Version: 2.1.37.5085) Google Drive (Version: 1.9.4536.8202) Google Update Helper (Version: 1.3.21.145) Heroes of Newerth (Version: 2.0.26) ImagXpress (Version: 7.0.74.0) Intel Extreme Tuning Utility 2.0.143.16 (Version: 2.0.143.16) Intel® SMBus Intel® Matrix Storage Manager Java Auto Updater (Version: 2.1.9.0) JMicron JMB36X Driver (Version: 1.17.56.2) Just Cause 2 Killing Floor Left 4 Dead Left 4 Dead 2 Lexmark Z2300 Series Logitech SetPoint 5.20 (Version: 5.20) Magicka Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) marvell 91xx driver (Version: 1.0.0.1034) Mass Effect (Version: 1.00) Mass Effect 2 Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000) Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Security Client (Version: 4.2.0223.1) Microsoft Security Essentials (Version: 4.2.223.1) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0) mIRC (Version: 7.15) Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1) Mozilla Maintenance Service (Version: 20.0.1) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Mumble and Murmur (Version: 1.2.2) Natural Selection 2 Nero 9 Essentials Nero BurnRights (Version: 3.4.13.100) Nero BurnRights Help (Version: 3.4.4.100) Nero ControlCenter (Version: 9.0.0.1) Nero CoverDesigner (Version: 4.4.12.100) Nero CoverDesigner Help (Version: 4.4.9.100) Nero Disc Copy Gadget (Version: 2.4.34.0) Nero Disc Copy Gadget Help (Version: 2.4.34.0) Nero DiscSpeed (Version: 5.4.13.100) Nero DiscSpeed Help (Version: 5.4.4.100) Nero DriveSpeed (Version: 4.4.12.100) Nero DriveSpeed Help (Version: 4.4.4.100) Nero Express Help (Version: 9.4.33.100) Nero InfoTool (Version: 6.4.12.100) Nero InfoTool Help (Version: 6.4.4.100) Nero Installer (Version: 4.4.9.0) Nero Online Upgrade (Version: 1.3.0.0) Nero StartSmart (Version: 9.4.33.100) Nero StartSmart Help (Version: 9.4.27.100) Nero StartSmart OEM (Version: 9.4.10.100) NeroExpress (Version: 9.4.33.100) neroxml (Version: 1.0.0) NVIDIA PhysX (Version: 9.10.0224) OpenAL Origin (Version: 8.5.0.4550) PC Probe II (Version: 1.04.88) PlanetSide 2 Plants vs. Zombies: Game of the Year Portal Portal 2 PunkBuster Services (Version: 0.991) Razer BlackWidow Ultimate (Version: 1.04.04) Realtek High Definition Audio Driver (Version: 6.0.1.6037) Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.4.0) RIFT Roll RUSH Saints Row: The Third Sanctum Seagate DiscWizard (Version: 13.0.14387) Sid Meier's Civilization V SimCity™ (Version: 1.0.0.0) Sins of a Solar Empire: Rebellion Skype™ 5.10 (Version: 5.10.116) SmoothPING Elite (Version: 1.1.0.116) Star Wars: The Old Republic (Version: 1.00) Steam (Version: 1.0.0.0) Super Meat Boy swMSM (Version: 12.0.0.1) Team Fortress 2 Toki Tori Torchlight Total War: SHOGUN 2 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) User's Guides (Version: 1.20.0000) Veetle TV (Version: 0.9.18) Ventrilo Client for Windows x64 (Version: 3.0.7.0) Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2) Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1) VLC media player 0.9.2 (Version: 0.9.2) Windows Live OneCare safety scanner (Version: 1.0.0.0) WinRAR archiver World of Goo World of Warcraft (Version: 5.2.0.16826) ==================== Restore Points ========================= 05-05-2013 05:02:44 Installed JMicron JMB36X Driver 05-05-2013 05:04:52 Installed Realtek Ethernet Controller Driver For Windows Vista aï¾â7 05-05-2013 05:06:40 Installed Renesas Electronics USB 3.0 Host Controller Driver 05-05-2013 05:07:36 Installed Browser Configuration Utility. 05-05-2013 05:10:23 Installed ASUSUpdate 05-05-2013 05:10:32 Installed Fan Xpert 05-05-2013 05:11:03 Installed PC Probe II 05-05-2013 05:11:08 Installed ASUS Ai Charger 05-05-2013 05:15:35 Removed Browser Configuration Utility. 05-05-2013 05:25:21 Installed Nero 9 Essentials 4.4.9.0 05-05-2013 05:40:40 Windows Update 05-05-2013 05:47:09 Windows Update 05-05-2013 05:49:29 Windows Update 05-05-2013 05:50:25 Windows Update 05-05-2013 05:51:03 Windows Update 05-05-2013 06:00:35 Windows Update 08-05-2013 06:40:01 Windows Update 11-05-2013 13:29:03 Windows Update 15-05-2013 10:58:58 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/04/2013 01:35:11 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object. Details: Could not query the status of the EventSystem service. System Error: A system shutdown is in progress. . Error: (04/22/2013 00:04:02 AM) (Source: Application Error) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e Exception code: 0xc0000374 Fault offset: 0x00000000000c40f2 Faulting process id: 0x9b8 Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (04/18/2013 03:58:49 AM) (Source: Application Hang) (User: ) Description: The program WoW-64.exe version 5.2.0.16826 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2e10 Start Time: 01ce3c01214292ea Termination Time: 989 Application Path: C:\Program Files (x86)\World of Warcraft\WoW-64.exe Report Id: ecd5efc4-a816-11e2-b67c-20cf3071e93d Error: (04/12/2013 03:14:50 PM) (Source: Application Error) (User: ) Description: Faulting application name: plugin-container.exe, version: 19.0.2.4814, time stamp: 0x5138a158 Faulting module name: mozalloc.dll, version: 19.0.2.4814, time stamp: 0x513883c4 Exception code: 0x80000003 Fault offset: 0x00001988 Faulting process id: 0x192c Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (03/20/2013 10:49:25 AM) (Source: Application Error) (User: ) Description: Faulting application name: MsiExec.exe, version: 5.0.7601.17514, time stamp: 0x4ce792c4 Faulting module name: MSI3A88.tmp, version: 2.0.0.9, time stamp: 0x4d4b089c Exception code: 0xc000000d Fault offset: 0x00019d88 Faulting process id: 0x106c Faulting application start time: 0xMsiExec.exe0 Faulting application path: MsiExec.exe1 Faulting module path: MsiExec.exe2 Report Id: MsiExec.exe3 Error: (03/20/2013 10:49:09 AM) (Source: Application Error) (User: ) Description: Faulting application name: MsiExec.exe, version: 5.0.7601.17514, time stamp: 0x4ce792c4 Faulting module name: MSIE015.tmp, version: 2.0.0.9, time stamp: 0x4d4b089c Exception code: 0xc000000d Fault offset: 0x00019d88 Faulting process id: 0x5a0 Faulting application start time: 0xMsiExec.exe0 Faulting application path: MsiExec.exe1 Faulting module path: MsiExec.exe2 Report Id: MsiExec.exe3 Error: (03/08/2013 09:29:42 AM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- SA_Error25101: StandardAction(0xC007620D): We have detected that Microsoft Security Essentials, is already installed on your system, therefore the installation can not continue. We recommend that you uninstall this product first and then try to launch the installation again. Error: (03/08/2013 09:29:41 AM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- SA_Error25101: StandardAction(0xC007620D): We have detected that Microsoft Security Essentials, is already installed on your system, therefore the installation can not continue. We recommend that you uninstall this product first and then try to launch the installation again. Error: (03/08/2013 09:29:40 AM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- SA_Error25101: StandardAction(0xC007620D): We have detected that Microsoft Security Essentials, is already installed on your system, therefore the installation can not continue. We recommend that you uninstall this product first and then try to launch the installation again. Error: (03/08/2013 09:29:39 AM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- SA_Error25101: StandardAction(0xC007620D): We have detected that Microsoft Security Essentials, is already installed on your system, therefore the installation can not continue. We recommend that you uninstall this product first and then try to launch the installation again. System errors: ============= Error: (05/15/2013 04:23:10 PM) (Source: Service Control Manager) (User: ) Description: The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error: (05/15/2013 04:23:06 PM) (Source: Service Control Manager) (User: ) Description: The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error: (05/14/2013 03:56:23 PM) (Source: Service Control Manager) (User: ) Description: The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error: (05/14/2013 03:56:19 PM) (Source: Service Control Manager) (User: ) Description: The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error: (05/14/2013 04:33:48 AM) (Source: Service Control Manager) (User: ) Description: The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error: (05/05/2013 03:35:48 PM) (Source: volsnap) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (05/04/2013 11:28:53 PM) (Source: Service Control Manager) (User: ) Description: The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error: (05/04/2013 11:28:46 PM) (Source: Service Control Manager) (User: ) Description: The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error: (05/04/2013 07:32:06 PM) (Source: Service Control Manager) (User: ) Description: The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error: (05/04/2013 05:53:52 PM) (Source: VDS Basic Provider) (User: ) Description: Unexpected failure. Error code: 490@01010004 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2011-02-17 01:59:18.094 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\KYLEWI~1\AppData\Local\Temp\ATICDSDr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-02-17 01:59:18.083 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\KYLEWI~1\AppData\Local\Temp\ATICDSDr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-02-17 01:59:17.875 Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\Install Pack\BIN\aticd64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-02-17 01:59:17.865 Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\Install Pack\BIN\aticd64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-02-17 01:59:17.103 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\KYLEWI~1\AppData\Local\Temp\ATICDSDr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-02-17 01:59:17.092 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\KYLEWI~1\AppData\Local\Temp\ATICDSDr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-02-17 01:59:16.905 Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\Install Pack\BIN\aticd64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-02-17 01:59:16.895 Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\Install Pack\BIN\aticd64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-02-17 01:59:16.112 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\KYLEWI~1\AppData\Local\Temp\ATICDSDr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-02-17 01:59:16.102 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\KYLEWI~1\AppData\Local\Temp\ATICDSDr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 53% Total physical RAM: 12279.11 MB Available physical RAM: 5724.89 MB Total Pagefile: 24556.4 MB Available Pagefile: 18627.64 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:373.07 GB) NTFS (Disk=0 Partition=2) Drive e: () (Fixed) (Total:596.16 GB) (Free:120 GB) NTFS (Disk=1 Partition=1) Drive f: (SuperStorage) (Fixed) (Total:2794.39 GB) (Free:2113.03 GB) NTFS (Disk=3 Partition=2) Drive g: (MegaStorage) (Fixed) (Total:931.51 GB) (Free:259.95 GB) NTFS (Disk=2 Partition=1) Drive i: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS (Disk=4 Partition=1) ==>[system with boot components (obtained from reading drive)] Drive j: () (Fixed) (Total:111.69 GB) (Free:71.28 GB) NTFS (Disk=4 Partition=2) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: F8E1EE76) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 596 GB) (Disk ID: CF11CF11) Partition 1: (Active) - (Size=596 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 97A2AC1D) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (Size: 2795 GB) (Disk ID: B67C7785) Partition: GPT Partition Type ======================================================== Disk: 4 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: E450B253) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  8. Bobzor
    So I was doing what I normally do on my computer last night, playing Wow on one monitor while watching a TV show on MPC on my second with Firefox and a bunch of tabs minimized. I was prompted with a Windows warning msg telling me my Java was dangerously out of date, and the warning gave three options; Update now, Later, Do nothing. I was rather suspect of the warning msg that I had never seen before knowing that anything related to Java was the easiest way to get your computer infected with something. I fiddled around trying to close the warning box without actually choosing anything, but then I remembered that I had a Java update sitting in my system tray for a few days and I had just gotten lazy and not installed it. Figuring the msg was actually legitimate I clicked the Later option thinking I would just install the update before I went to sleep. Rather than just going away my computer right then decided to restart, and this wasn't a blue screen crash or anything, it restarted as if I had gone to the start menu with every program still on and clicked restart, it closed everything one at a time and restarted. When it came back up and I logged into Windows my computer hung while trying to load up its start up programs and it blue screen crashed. I went through this a few time and then started in Safe Mode with networking and was able to get into Windows fine. I then with my limited tech knowledge tried to "troubleshoot". -First I updated MBAM and ran a full system scan and that came up clean, I then tried to update MSSE but encountered an error and just decided to run a quick scan which came up clean. Having changed nothing I decided to go after Java thinking it the culprit. I tried to uninstall it in Add/Remove but couldn't(might just be a safe mode thing) so I went to my C drive and just got rid of the folder. I restarted in normal and blue screened at the same point and went back to safe mode. -Second I looked in the event viewer to try to find something error wise that might lead me to an answer via google. These 3 seemed useful and the later 2 lead me to these forums and a similar issue that one of your users seemed to resolve. Session "Microsoft Security Client OOBE" stopped due to the following error: 0xC000000D DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: -Third I decided since everything ran fine in safe mode and I was crashing while Windows was starting up that I would start to disable start up programs and start Windows normally. First I went for the Java Updater that was still on the list, that didn't work and I blue screened. Remembering the Microsoft Security Client error I disabled that second and Windows started up normally. -Forth I ran an AVG scan and it came back with 28 not great sounding infections all along the lines of: "";"IRP hook, \Driver\iaStor IRP_MJ_WRITE -> 0xFFFFFA800CCE0674, <unknown>";"Infected" I tried to fix them through AVG which had me restart, but when I ran another scan they were back. -Sixth I ran Windows Update which had me restart after, which promptly blue screened my again after logging into Windows, after a restart I was able to get back in again fine. -Seventh I ran an MBAM quick scan and it came back with nothing, so I came here knowing something was wrong but being about out of ideas beyond a reformat to fix things. Hope my "troubleshooting" doesn't make it harder for you to try to get me to a solution. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.17.2 Run by Kyle Winninghoff at 15:40:44 on 2013-05-04 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.8238 [GMT -7:00] . AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2013\avgrsa.exe C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\syswow64\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\svchost.exe -k apphost C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Windows\system32\lxdpcoms.exe C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe C:\Program Files (x86)\AVG\AVG2013\avgemca.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k iissvcs C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Lexmark Z2300 Series\ezprint.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe C:\Program Files (x86)\AIM\aim.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files\Logitech\SetPoint II\SetPointII.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\ASUS\Fan Xpert\QFanHelp.exe C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files (x86)\Mumble\mumble.exe C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE C:\Windows\splwow64.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [ROC_ROC_APR2013_AV] C:\Users\Kyle Winninghoff\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 1e016d2c33a647d6b9d1f186769500ce-5c87895d3b356dd23a1434c2b3f9f54daa8ce9d9 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 mRun: [QFan Help] "C:\Program Files (x86)\ASUS\Fan Xpert\QFanHelp.exe" mRun: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe mRun: [DiscWizardMonitor.exe] "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files\Logitech\SetPoint II\SetPointII.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - <no file> IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{066BAA1E-9784-467E-935F-59E5CEC69D9C} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{98DC3924-DC6A-48C8-9486-CEA55A386707} : DHCPNameServer = 209.18.47.61 209.18.47.62 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE x64-Run: [lxdpmon.exe] "C:\Program Files (x86)\Lexmark Z2300 Series\lxdpmon.exe" x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark Z2300 Series\ezprint.exe" x64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe x64-Run: [seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Kyle Winninghoff\AppData\Roaming\Mozilla\Firefox\Profiles\q9awmc5p.default-1347400038011\ FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?invocationType=bu10aiminstabie7&sredir=2706&query= FF - prefs.js: network.proxy.type - 0 FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false ============= SERVICES / DRIVERS =============== . R0 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2010-11-30 14592] R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-16 111968] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2009-12-25 297512] R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-11-29 210016] R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2012-11-29 141920] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] R2 IOCBIOS;IOCBIOS;C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBios.sys [2010-2-3 30384] R2 lxdp_device;lxdp_device;C:\Windows\System32\lxdpcoms.exe -service --> C:\Windows\System32\lxdpcoms.exe -service [?] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008] R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-6-30 1191408] R2 XTUService;Intel® Extreme Tuning Utility;C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-4-9 22280] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256] R3 ICTDrv;ICTDrv;C:\Windows\System32\drivers\ICTDrv.sys [2009-7-10 22488] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] R3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-5-12 154624] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 ATICDSDr;ATICDSDr;C:\Users\KYLEWI~1\AppData\Local\Temp\ATICDSDr.sys [2007-11-1 6656] S3 Linksys_adapter_H;Linksys Adapter Network Driver;C:\Windows\System32\drivers\AE1200w764.sys [2011-3-30 1254464] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-19 19456] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-19 57856] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-1 1255736] . =============== Created Last 30 ================ . 2013-05-03 21:47:26 9317456 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{33F8D563-287E-4734-9DBD-B72E24C164EA}\mpengine.dll 2013-05-03 12:46:43 9317456 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-04-24 06:01:55 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-23 21:56:45 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1F71EDD8-1A64-4E38-A344-2CAA8F98648C}\gapaengine.dll 2013-04-19 19:13:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-04-19 19:12:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll 2013-04-19 19:10:59 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2013-04-19 19:10:59 458712 ----a-w- C:\Windows\System32\drivers\cng.sys 2013-04-19 19:10:59 340992 ----a-w- C:\Windows\System32\schannel.dll 2013-04-19 19:10:59 247808 ----a-w- C:\Windows\SysWow64\schannel.dll 2013-04-19 19:10:59 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2013-04-19 19:10:59 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2013-04-19 19:10:59 1448448 ----a-w- C:\Windows\System32\lsasrv.dll 2013-04-19 18:45:19 -------- d-----w- C:\Users\Kyle Winninghoff\AppData\Local\Programs 2013-04-12 22:15:03 26520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe 2013-04-10 20:23:13 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-04-10 20:23:11 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys 2013-04-10 20:23:09 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-04-10 20:23:08 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-04-10 20:23:08 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-04-10 20:23:06 112640 ----a-w- C:\Windows\System32\smss.exe 2013-04-10 20:23:05 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-04-10 20:23:05 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-04-06 10:08:17 -------- d-----w- C:\Users\Kyle Winninghoff\AppData\Local\Amazon 2013-04-06 10:08:12 -------- d-----w- C:\Program Files (x86)\Amazon . ==================== Find3M ==================== . 2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-04-19 19:06:55 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-04-19 19:06:54 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-06 05:00:59 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2013-04-06 05:00:59 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2013-04-06 05:00:48 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2013-04-04 21:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-03-20 18:25:40 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-20 18:25:38 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2013-03-20 18:25:38 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys . ============= FINISH: 15:41:03.39 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 11/30/2010 9:39:15 PM System Uptime: 5/4/2013 2:35:24 PM (1 hours ago) . Motherboard: ASUSTeK Computer INC. | | SABERTOOTH X58 Processor: Intel® Core i7 CPU 950 @ 3.07GHz | LGA1366 | 3068/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 331.596 GiB free. D: is CDROM () E: is FIXED (NTFS) - 596 GiB total, 118.314 GiB free. F: is FIXED (NTFS) - 2794 GiB total, 2121.049 GiB free. G: is FIXED (NTFS) - 932 GiB total, 259.95 GiB free. H: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP389: 4/25/2013 2:47:21 PM - Windows Update RP390: 4/29/2013 6:19:23 AM - Windows Update RP391: 5/2/2013 6:43:29 AM - Windows Update RP392: 5/4/2013 1:53:32 PM - Removed Java 7 Update 17 RP393: 5/4/2013 2:24:36 PM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) µTorrent AaAaAA!!! - A Reckless Disregard for Gravity Acrobat.com Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.6) Advertising Center AIM 7 Amazon Kindle AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Media Foundation Decoders Application Profiles Assassin's Creed ASUS Ai Charger ASUS E-Green Uninstall ASUSUpdate Audiosurf AutoHotkey 1.0.48.05 AVG 2012 AVG 2013 Bastion Battlefield 3™ Battlelog Web Plugins Beat Hazard BIT.TRIP BEAT Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Cities XL 2011 Combined Community Codec Pack 2010-10-10 Darwinia Day of Defeat: Source DEFCON Defense Grid: The Awakening Diablo III Download Updater (AOL LLC) Driver Sweeper version 3.2.0 Dropbox E-Hammer Empire: Total War erLT ESN Sonar Fan Xpert FileZilla Client 3.6.0.2 GOM Player Google Drive Google Update Helper Guild Wars 2 Gw2Dev Heroes of Newerth ImagXpress Intel Extreme Tuning Utility 2.0.143.16 Intel® SMBus Intel® Matrix Storage Manager Java Auto Updater JMicron JMB36X Driver Just Cause 2 Killing Floor Left 4 Dead Left 4 Dead 2 Lexmark Z2300 Series Logitech SetPoint 5.20 Magicka Malwarebytes Anti-Malware version 1.75.0.1300 marvell 91xx driver Mass Effect Mass Effect 2 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft XNA Framework Redistributable 3.1 mIRC Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mumble and Murmur Natural Selection 2 Nero 9 Essentials Nero BurnRights Nero BurnRights Help Nero ControlCenter Nero CoverDesigner Nero CoverDesigner Help Nero Disc Copy Gadget Nero Disc Copy Gadget Help Nero DiscSpeed Nero DiscSpeed Help Nero DriveSpeed Nero DriveSpeed Help Nero Express Help Nero InfoTool Nero InfoTool Help Nero Installer Nero Online Upgrade Nero StartSmart Nero StartSmart Help Nero StartSmart OEM NeroExpress neroxml NVIDIA PhysX OpenAL Origin PC Probe II PlanetSide 2 Plants vs. Zombies: Game of the Year Portal Portal 2 PunkBuster Services Razer BlackWidow Ultimate Realtek High Definition Audio Driver Renesas Electronics USB 3.0 Host Controller Driver RIFT Roll RUSH Saints Row: The Third Sanctum Seagate DiscWizard Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Sid Meier's Civilization V SimCity™ Sins of a Solar Empire: Rebellion Skype™ 5.10 SmoothPING Elite Star Wars: The Old Republic Steam Super Meat Boy swMSM Team Fortress 2 Toki Tori Torchlight Total War: SHOGUN 2 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) User's Guides Veetle TV Ventrilo Client for Windows x64 Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables VLC media player 0.9.2 Windows Live OneCare safety scanner WinRAR archiver World of Goo World of Warcraft World of Warcraft Public Test . ==== Event Viewer Messages From Past Week ======== . 5/4/2013 6:23:41 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1193.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 5/4/2013 6:23:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 5/4/2013 5:51:50 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff800034bddda, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050413-32307-01. 5/4/2013 5:48:44 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PnkBstrA service to connect. 5/4/2013 5:48:44 AM, Error: Service Control Manager [7000] - The PnkBstrA service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/4/2013 5:44:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 5/4/2013 5:42:16 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1193.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 5/4/2013 5:38:26 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1193.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 5/4/2013 5:37:53 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1193.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 5/4/2013 5:31:26 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1193.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 5/4/2013 3:36:36 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80003495315). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050413-32370-01. 5/4/2013 3:33:44 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Nero BackItUp Scheduler 4.0 service to connect. 5/4/2013 3:33:44 AM, Error: Service Control Manager [7000] - The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/4/2013 3:24:52 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 5/4/2013 3:19:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 5/4/2013 3:19:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 5/4/2013 3:19:20 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800034fbd35). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050413-36863-01. 5/4/2013 3:19:02 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AsUpIO AVGIDSDriver Avgldx64 Avgtdia DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vwififlt Wanarpv6 WfpLwf 5/4/2013 3:19:02 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 5/4/2013 3:19:02 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 5/4/2013 3:19:02 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 5/4/2013 3:19:02 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/4/2013 3:19:02 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/4/2013 3:19:00 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/4/2013 3:19:00 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 5/4/2013 3:19:00 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 5/4/2013 3:19:00 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 5/4/2013 3:19:00 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 5/4/2013 3:14:37 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dd, 0x0000000000000002, 0x0000000000000001, 0xfffff80003505d35). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050413-46535-01. 5/4/2013 3:11:14 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff8000347e315). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050413-46925-01. 5/4/2013 2:52:41 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.149.1247.0). 5/4/2013 2:50:44 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1193.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x80070643 Error description: Fatal error during installation. 5/4/2013 2:36:23 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 5/4/2013 2:33:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 5/4/2013 2:33:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 5/4/2013 2:32:57 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 5/4/2013 2:32:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 5/4/2013 2:32:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 5/4/2013 2:32:54 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 5/4/2013 2:32:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 5/4/2013 2:32:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 5/4/2013 2:31:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO AsUpIO AVGIDSDriver Avgldx64 discache MpFilter spldr sptd Wanarpv6 5/4/2013 2:31:40 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning. 5/4/2013 2:31:34 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000ec, 0x0000000000000002, 0x0000000000000001, 0xfffff800034afd35). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050413-29234-01. 5/4/2013 2:30:59 PM, Error: sptd [4] - Driver detected an internal error in its data structures for . 5/4/2013 1:27:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000180000004dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800034b1d35). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050413-33056-01. 4/29/2013 6:20:14 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.149.825.0). 4/29/2013 6:20:09 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.803.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x80070643 Error description: Fatal error during installation. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.