Page 1 of 4 123 ... LastLast
Results 1 to 20 of 64

Thread: Having blue screen problem

  1. #1
    FPCH Member Shvensk's Avatar
    Join Date
    Jun 2012
    Location
    Pennsylvania
    Posts
    41

    PC Experience:
    Beginner


    Operating System:
    Windows 7- Home Premium

    Default Having blue screen problem

    Ok, so. Here's my problem. I recently had the problem where I couldn't do anything upon startup. If I tried opening something, it wouldn't open, my internet connection never connected, couldn't even do the "ctrl+alt+delete" thing and go to the task manager. So then I went to safemode, which worked, and searched for a solution. I used the simplest solution I found, which was downloading and running Malwarebytes. I found 2 errors, which I decided to delete. According to Malwarebytes, their Vendor was PUP.PrivacySafeGuard, although I don't know if that matters. Malwarebytes told me I needed to restart my computer to complete the fix, but when my laptop started up again, I had an error message that said something like this:
    "There was a problem starting
    C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll
    The specified module could not be found."

    After clicking the ok button, the screen loaded up, and after about 10 seconds, a blue screen appeared! It said something along the lines of:
    "A device driver attempting to corrupt the system has been caught. The faulty driver currently on the kernel stack must be replaced with a working version.
    If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:
    Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any Windows updates you may need.
    If problems continue, disable or remove any newly installed hardware or sofware. Disable BIOS memory options such as caching or shadowing. If you need to use safe mode to remove or disable components, restart your computer, press f8 to select Advanced Startup Options, and then select safe mode."

    This was all I was able to read before my laptop automatically restarted. If there is information I haven't given, just ask and I'll most likely tell you. Please keep in mind that I don't know too much about computers, so please keep your responses easy to follow. Thank you very much, I hope you can help me out!

  2. #2
    FPCH Member Shvensk's Avatar
    Join Date
    Jun 2012
    Location
    Pennsylvania
    Posts
    41

    PC Experience:
    Beginner


    Operating System:
    Windows 7- Home Premium

    Default

    Oh, and by the way. I do NOT have any new hardware/software so I'm quite sure that isn't the problem.

  3. #3
    FPCH Member Shvensk's Avatar
    Join Date
    Jun 2012
    Location
    Pennsylvania
    Posts
    41

    PC Experience:
    Beginner


    Operating System:
    Windows 7- Home Premium

    Default

    Sorry for the multiple replies, (is there a way to edit?). Anyways, after starting up on Safe Mode, I got a message that says:
    "Windows has recovered from an unexpected shutdown.
    Windows can check online for a solution.

    Problem signature:
    Problem Event Name: BlueScreen
    OS Version: 6.1.7601.2.1.0.768.3
    Locale ID: 1033


    Additional information about the problem:
    BCCode: c4
    BCP1: 00000000000000F6
    BCP2: 0000000000000208
    BCP3: FFFFFA8007BEC630
    BCP4: FFFFF880046F79AE
    OS Version: 6_1_7601
    Service Pack: 1_0
    Product: 768_1


    Files that help describe the problem:
    C:\Windows\Minidump\061212-20701-01.dmp
    C:\Users\Henrik Lindholm\AppData\Local\Temp\WER-178745-0.sysdata.xml


    Read our privacy statement online:
    http://go.microsoft.com/fwlink/?link...8&clcid=0x0409


    If the online privacy statement is not available, please read our privacy statement offline:
    C:\Windows\system32\en-US\erofflps.txt"

    In case that helps, there it is.

  4. #4
    Administrator KenB's Avatar
    Join Date
    Oct 2008
    Location
    Wirral UK
    Posts
    7,244

    PC Experience:
    Learning all the Time


    Operating System:
    XP / Vista / Win 7 / Win 8.1

    Default

    Hi and welcome to FpcH

    So then I went to safemode, which worked
    Can you confirm that you can boot up OK in Safe Mode please?

    If you can ....

    Start > type in .....devmgmt.msc ............ENTER
    Click the + next to each of the devices listed.
    Are there any yellow exclamation marks or red Xs ?
    Light travels faster than sound.
    This is why some people appear bright - until you hear them speak !


    Network Test
    Wireless Test

    Donations are welcome. Read Here

  5. #5
    FPCH Member Shvensk's Avatar
    Join Date
    Jun 2012
    Location
    Pennsylvania
    Posts
    41

    PC Experience:
    Beginner


    Operating System:
    Windows 7- Home Premium

    Default

    No, there are no exclamation marks or Xs.

  6. #6
    Administrator KenB's Avatar
    Join Date
    Oct 2008
    Location
    Wirral UK
    Posts
    7,244

    PC Experience:
    Learning all the Time


    Operating System:
    XP / Vista / Win 7 / Win 8.1

    Default

    Start ......type in ......System Restore ..........ENTER
    Select a date just before the start of your problem.

    Your data / photos etc will be fine.
    Light travels faster than sound.
    This is why some people appear bright - until you hear them speak !


    Network Test
    Wireless Test

    Donations are welcome. Read Here

  7. #7
    FPCH Member Shvensk's Avatar
    Join Date
    Jun 2012
    Location
    Pennsylvania
    Posts
    41

    PC Experience:
    Beginner


    Operating System:
    Windows 7- Home Premium

    Default

    Problem. It says that no system restore points have been created on your computer's system drive.

  8. #8
    Administrator KenB's Avatar
    Join Date
    Oct 2008
    Location
    Wirral UK
    Posts
    7,244

    PC Experience:
    Learning all the Time


    Operating System:
    XP / Vista / Win 7 / Win 8.1

    Default

    OK - try using F8 to get to the Advanced Startup Options ..........then select "Last Known Good Configuration"
    Light travels faster than sound.
    This is why some people appear bright - until you hear them speak !


    Network Test
    Wireless Test

    Donations are welcome. Read Here

  9. #9
    Administrator KenB's Avatar
    Join Date
    Oct 2008
    Location
    Wirral UK
    Posts
    7,244

    PC Experience:
    Learning all the Time


    Operating System:
    XP / Vista / Win 7 / Win 8.1

    Default

    I have asked Starbuck to take a look at this thread.

    I will pick this up again tomorrow ( it is late here in the UK )
    Light travels faster than sound.
    This is why some people appear bright - until you hear them speak !


    Network Test
    Wireless Test

    Donations are welcome. Read Here

  10. #10
    Administrator & Security Team Starbuck's Avatar
    Join Date
    Feb 2010
    Location
    Midlands, UK
    Posts
    3,312

    PC Experience:
    Very Experienced


    Operating System:
    XP Home / Win7 Pro / Win8.1 Pro

    Default

    Hi Shvensk

    Can you post the report from MBAM?
    PUP.PrivacySafeGuard
    removing a Potentially UnWanted Program shouldn't have caused this.

    Start Malwarebytes AntiMalware.
    Click on the logs tab.
    The logs are date stamped ... double click on the log that showed the infection items.



    It'll open in notepad.

    Please copy/paste the report in your next reply.

    Thanks
    Member of:
    UNITE

  11. #11
    FPCH Member Shvensk's Avatar
    Join Date
    Jun 2012
    Location
    Pennsylvania
    Posts
    41

    PC Experience:
    Beginner


    Operating System:
    Windows 7- Home Premium

    Default

    Okay, thank you very much for your patience so far. To get the Advanced Startup Options, do I click f8 when my laptop is booting up? It doesn't do anything right now. I'm a technical newbie, so sorry for the stupid question.

  12. #12
    FPCH Member Shvensk's Avatar
    Join Date
    Jun 2012
    Location
    Pennsylvania
    Posts
    41

    PC Experience:
    Beginner


    Operating System:
    Windows 7- Home Premium

    Default

    @Starbuck Here's the Malwarebytes Log:


    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org


    Database version: v2012.06.12.05


    Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    Henrik Lindholm :: TORCHWOOD-PC [administrator]


    Protection: Disabled


    6/12/2012 11:46:01 AM
    mbam-log-2012-06-12 (11-46-01).txt


    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 371891
    Time elapsed: 9 minute(s), 57 second(s)


    Memory Processes Detected: 0
    (No malicious items detected)


    Memory Modules Detected: 0
    (No malicious items detected)


    Registry Keys Detected: 0
    (No malicious items detected)


    Registry Values Detected: 0
    (No malicious items detected)


    Registry Data Items Detected: 0
    (No malicious items detected)


    Folders Detected: 0
    (No malicious items detected)


    Files Detected: 2
    C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
    C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.


    (end)

  13. #13
    Administrator & Security Team Starbuck's Avatar
    Join Date
    Feb 2010
    Location
    Midlands, UK
    Posts
    3,312

    PC Experience:
    Very Experienced


    Operating System:
    XP Home / Win7 Pro / Win8.1 Pro

    Default

    Hi Shvensk

    To get the Advanced Startup Options, do I click f8 when my laptop is booting up? It doesn't do anything right now.
    This link may help explain how to get to the Advanced Boot Options:
    http://www.sevenforums.com/tutorials...t-options.html

    I'm a technical newbie, so sorry for the stupid question
    If you don't know something... it's never a stupid question.
    When in doubt, always ask.

    So back tracking a bit.... you had problems before you ran MBAM?
    I recently had the problem where I couldn't do anything upon startup. If I tried opening something, it wouldn't open, my internet connection never connected, couldn't even do the "ctrl+alt+delete" thing and go to the task manager
    I think we need to have a look at what else may be going on with this system.

    We have a couple of programs we can use to get this information, but first i need to know if you can boot to normal mode or not.
    Also if needed do you have another Pc you can use if we need to download anything?
    Member of:
    UNITE

  14. #14
    FPCH Member Shvensk's Avatar
    Join Date
    Jun 2012
    Location
    Pennsylvania
    Posts
    41

    PC Experience:
    Beginner


    Operating System:
    Windows 7- Home Premium

    Default

    I will try rebooting now and go to Advanced Boot Options and try the last known good configuration. And yes, I did have problems before MBAM, it seems as if the blue screen itself only appeared directly after I deleted the threats. However, before MBAM, there was about a 25% chance that I could do stuff normally, and a 75% chance that it would lock up, and preventing me from doing anything successfully. Finally, the rest of my family has mostly Macs, so that may interfere, but if needed, I may be able to get access to one of my father's laptops.

    EDIT: Figured out how to edit, go me! Unfortunately, the same blue screen appeared, it didn't work.
    Last edited by Shvensk; 13-06-2012 at 02:47 AM.

  15. #15
    Administrator KenB's Avatar
    Join Date
    Oct 2008
    Location
    Wirral UK
    Posts
    7,244

    PC Experience:
    Learning all the Time


    Operating System:
    XP / Vista / Win 7 / Win 8.1

    Default

    the same blue screen appeared, it didn't work.
    Was this after you tried "Last Known Good Configuration" ?

    I assume that you get a blue screen if you try to boot normally ?

    If you use F8 ( about once per second ) after switching on - can you boot up in Safe Mode ?

    After you have answered these questions I will leave you in Starbuck's capable hands as this could be a malware problem.
    Light travels faster than sound.
    This is why some people appear bright - until you hear them speak !


    Network Test
    Wireless Test

    Donations are welcome. Read Here

  16. #16
    FPCH Member Shvensk's Avatar
    Join Date
    Jun 2012
    Location
    Pennsylvania
    Posts
    41

    PC Experience:
    Beginner


    Operating System:
    Windows 7- Home Premium

    Default

    1. This was after I tried the last known good configuration
    2. Yes, if I boot normally, I get the blue screen
    3. I can boot up in Safe Mode like that, yes.
    Well, thank you for your help so far, I appreciate it.

  17. #17
    Administrator & Security Team Starbuck's Avatar
    Join Date
    Feb 2010
    Location
    Midlands, UK
    Posts
    3,312

    PC Experience:
    Very Experienced


    Operating System:
    XP Home / Win7 Pro / Win8.1 Pro

    Default

    Hi Shvensk,

    I'll give you the information on how we're going to get a report from your system (although it's not working lol).
    The instructions may seem complicated, but if you take it slowly you'll be fine.
    If at any time you have any questions, just shout out and i'll help you through it.

    In addition to another PC, you'll also need a USB stick (flash drive, pen drive etc).

    2 terms we use
    Clean Computer and Infected Computer.
    The clean computer will be the one that you use to download the program on to ( hopefully your fathers as you said)
    The infected computer will be the one we are trying to fix.

    You may want to print these instructions out so you can have access to follow them.


    Please plug a flash drive into a clean computer.

    Since your Operating System is 64-bit, download Farbar Recovery Scan Tool 64-Bit
    and save the program to the >> USB flash drive.

    Next, plug the flash drive into the infected computer.

    >>>Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select your language settings, and click: Next
    • Select your User account and click: OK (If you did not set a password, leave blank.)


    On the System Recovery Options menu you get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Scan your computer's memory for errors.
        Command Prompt
    • Select Command Prompt
    • In the Command window, at the bliking cursor type notepad and press: Enter
    • In Notepad, under the File menu select: Open
    • Double-click Computer, find the flash drive letter (remember what letter it is), click on it, and press: Open
    • Close out of Notepad.
    • Click the Command window.
    • Type g:\frst64.exe, and press: Enter
      Note:
      Replace the drive letter g with the drive letter of your flash drive!
    • The tool starts and prepares to run. Follow the prompts.
    • Click Yes to the disclaimer.
    • Press the Scan button.
    • When done, the program saves the FRST.txt, on the flash drive.
    • Click the Command prompt window, type exit, and press: Enter
    • Back at the System Recovery Options, press: ShutDown


    Please provide the FRST.txt, stored in the USB flash drive, in your next reply.
    Member of:
    UNITE

  18. #18
    FPCH Member Shvensk's Avatar
    Join Date
    Jun 2012
    Location
    Pennsylvania
    Posts
    41

    PC Experience:
    Beginner


    Operating System:
    Windows 7- Home Premium

    Default

    Done. I'm guessing that you want this as an attachment since it's so long. FRST.txt


    Scan result of Farbar Recovery Scan Tool Version: 12-06-2012 02
    Ran by SYSTEM at 13-06-2012 21:00:40
    Running from E:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet002

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-17] (IDT, Inc.)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2392872 2010-11-29] (Synaptics Incorporated)
    HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [315496 2011-06-26] (NVIDIA Corporation)
    HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
    HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2011-01-05] (Intel(R) Corporation)
    HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9569096 2012-03-11] (COMODO)
    HKLM\...\Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe" [57672 2009-07-15] (Alienware Corporation)
    HKLM\...\Run: [] [x]
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4031368 2012-02-23] (AVAST Software)
    HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
    HKLM-x32\...\Run: [Integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd)
    HKLM-x32\...\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup [881144 2011-12-23] (Iminent)
    HKLM-x32\...\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C" [445416 2011-12-23] (Iminent)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
    HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
    HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
    HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
    HKLM-x32\...\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe [184120 2011-11-23] (COMODO)
    HKLM-x32\...\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe [213304 2011-11-23] (COMODO)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1636208 2011-09-02] ()
    HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [198032 2011-10-21] (Lavasoft)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
    HKLM-x32\...\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe [95496 2009-06-24] (Sensible Vision )
    HKLM-x32\...\Run: [FAStartup] [x]
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1987976 2012-02-28] (LogMeIn Inc.)
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462408 2012-04-04] (Malwarebytes Corporation)
    HKLM-x32\...\Runonce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x]
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    AppInit_DLLs: C:\Windows\system32\guard64.dll
    Tcpip\..\Interfaces\{9AF6957B-66E4-4A9C-AF41-7B491B64CBC9}: [NameServer]8.26.56.26,156.154.70.22
    Tcpip\..\Interfaces\{CAF5E964-6261-4D67-A780-29E52408DAC9}: [NameServer]8.26.56.26,156.154.70.22
    Lsa: [Notification Packages] scecli
    FAPassSync
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\LOLRecorder.lnk
    ShortcutTarget: LOLRecorder.lnk -> C:\Program Files (x86)\LOLReplay\LOLRecorder.exe (LOL Replay)

    ==================== Services (Whitelisted) ======

    2 Ad-Aware Service; "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe" [1226096 2012-05-03] (Lavasoft Limited)
    2 AlienFusionService; "C:\Program Files\Alienware\Command Center\AlienFusionService.exe" [13624 2009-07-15] (Alienware)
    2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-02-23] (AVAST Software)
    2 CLPSLS; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [1267000 2011-11-23] (COMODO)
    2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2815496 2012-03-11] (COMODO)
    2 FAService; C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2368776 2009-06-24] (Sensible Vision )
    2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2343816 2012-02-28] (LogMeIn Inc.)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
    3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
    3 RoxMediaDB12OEM; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-11-25] (Sonic Solutions)
    2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
    2 SBAMSvc; "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe" [3289032 2011-12-19] (GFI Software)
    2 SftService; "C:\Program Files (x86)\AlienRespawn\sftservice.EXE" [1692480 2011-09-22] (SoftThinks SAS)

    ========================== Drivers (Whitelisted) =============

    2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-02-23] (AVAST Software)
    2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software)
    1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-11-28] (AVAST Software)
    1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)
    1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [335704 2012-02-23] (AVAST Software)
    1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software)
    1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [577824 2012-03-11] (COMODO)
    1 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [43248 2012-03-11] (COMODO)
    0 EMSC; C:\Windows\System32\Drivers\EMSC.sys [16752 2009-06-26] (Windows (R) Win 7 DDK provider)
    0 EMSC; C:\Windows\SysWow64\Drivers\EMSC.sys [13680 2009-06-26] (Windows (R) Win 7 DDK provider)
    3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
    1 inspect; C:\Windows\System32\Drivers\inspect.sys [93200 2011-12-19] (COMODO)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
    3 NvStUSB; C:\Windows\System32\Drivers\NvStUSB.sys [122472 2011-03-21] ()
    2 sbapifs; C:\Windows\System32\Drivers\sbapifs.sys [74872 2011-11-29] (GFI Software)
    1 SbFw; C:\Windows\System32\Drivers\SbFw.sys [256632 2011-12-19] (GFI Software)
    3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [119416 2011-09-29] (GFI Software)
    3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [119416 2011-09-29] (GFI Software)
    3 sbhips; C:\Windows\System32\Drivers\sbhips.sys [60536 2011-12-19] (GFI Software)
    1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [57976 2011-10-26] (GFI Software)
    3 sbwtis; C:\Windows\System32\Drivers\sbwtis.sys [84600 2011-12-19] (GFI Software)

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-06-13 16:10 - 2012-06-13 16:10 - 00002153 ____A C:\Users\Henrik Lindholm\Desktop\Fix - Instructions.txt
    2012-06-13 14:15 - 2012-06-13 14:14 - 00014215 ____A C:\Users\Henrik Lindholm\Desktop\Anime Stub.png
    2012-06-12 20:45 - 2012-06-12 20:45 - 00288016 ____A C:\Windows\Minidump\061212-5881-01.dmp
    2012-06-12 15:18 - 2012-06-12 15:18 - 00288000 ____A C:\Windows\Minidump\061212-6052-01.dmp
    2012-06-12 13:41 - 2012-06-12 13:41 - 00069939 ____A C:\Users\Henrik Lindholm\Downloads\Activate Sound in SafeMode (1).zip
    2012-06-12 13:38 - 2012-06-12 13:38 - 00069939 ____A C:\Users\Henrik Lindholm\Downloads\Activate Sound in SafeMode.zip
    2012-06-12 11:13 - 2012-06-12 11:13 - 00288016 ____A C:\Windows\Minidump\061212-20701-01.dmp
    2012-06-12 11:08 - 2012-06-12 11:08 - 00288096 ____A C:\Windows\Minidump\061212-20888-01.dmp
    2012-06-12 11:03 - 2012-06-12 20:45 - 1094923259 ____A C:\Windows\MEMORY.DMP
    2012-06-12 11:03 - 2012-06-12 20:45 - 00000000 ____D C:\Windows\Minidump
    2012-06-12 11:03 - 2012-06-12 11:03 - 00288096 ____A C:\Windows\Minidump\061212-20794-01.dmp
    2012-06-12 10:45 - 2012-06-12 10:45 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-12 10:45 - 2012-06-12 10:45 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-12 10:45 - 2012-06-12 10:45 - 00000000 ____D C:\Users\Henrik Lindholm\Application Data\Malwarebytes
    2012-06-12 10:45 - 2012-06-12 10:45 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Roaming\Malwarebytes
    2012-06-12 10:45 - 2012-06-12 10:45 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-06-12 10:45 - 2012-06-12 10:45 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
    2012-06-12 10:45 - 2012-06-12 10:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-12 10:45 - 2012-04-04 14:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-12 10:44 - 2012-06-12 10:44 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Henrik Lindholm\Downloads\mbam-setup-1.61.0.1400.exe
    2012-06-12 10:32 - 2012-06-13 18:57 - 01857206 ____A C:\Windows\ntbtlog.txt
    2012-06-12 10:31 - 2012-06-12 15:02 - 00001936 ____A C:\Windows\PFRO.log
    2012-06-11 17:27 - 2012-06-13 11:20 - 00001064 ____A C:\Windows\setupact.log
    2012-06-11 17:27 - 2012-06-11 17:27 - 00000000 ____A C:\Windows\setuperr.log
    2012-06-09 09:38 - 2012-06-09 09:38 - 00001907 ____A C:\Users\Public\Desktop\LOL Recorder.lnk
    2012-06-09 09:38 - 2012-06-09 09:38 - 00001907 ____A C:\Users\All Users\Desktop\LOL Recorder.lnk
    2012-06-09 09:37 - 2012-06-09 09:37 - 01480920 ____A C:\Users\Henrik Lindholm\Downloads\LOLReplay-0.7.8.10.exe
    2012-06-08 15:20 - 2012-06-11 21:23 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\LogMeIn Hamachi
    2012-06-08 15:20 - 2012-06-11 21:23 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Application Data\LogMeIn Hamachi
    2012-06-08 15:20 - 2012-06-11 21:23 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Local\LogMeIn Hamachi
    2012-06-08 15:20 - 2012-06-08 15:20 - 00000928 ____A C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
    2012-06-08 15:20 - 2012-06-08 15:20 - 00000928 ____A C:\Users\All Users\Desktop\LogMeIn Hamachi.lnk
    2012-06-08 15:20 - 2012-06-08 15:20 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
    2012-06-08 15:19 - 2012-06-08 15:19 - 03857920 ____A C:\Users\Henrik Lindholm\Downloads\hamachi (1).msi
    2012-06-08 05:13 - 2012-06-12 17:25 - 00129702 ____A C:\Windows\WindowsUpdate.log
    2012-06-07 17:27 - 2012-06-07 17:27 - 00001843 ____A C:\Users\Public\Desktop\Alienware Command Center.lnk
    2012-06-07 17:27 - 2012-06-07 17:27 - 00001843 ____A C:\Users\All Users\Desktop\Alienware Command Center.lnk
    2012-06-07 17:18 - 2012-06-07 17:18 - 36849648 ____A C:\Users\Henrik Lindholm\Downloads\R232274.exe
    2012-06-07 17:04 - 2012-06-07 17:04 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-06-07 17:04 - 2012-06-07 17:04 - 00000824 ____A C:\Users\All Users\Desktop\CCleaner.lnk
    2012-06-07 17:04 - 2012-06-07 17:04 - 00000000 ____D C:\Program Files\CCleaner
    2012-06-07 17:03 - 2012-06-07 17:03 - 03862112 ____A (Piriform Ltd) C:\Users\Henrik Lindholm\Downloads\ccsetup319.exe
    2012-06-06 14:06 - 2012-06-06 14:15 - 1519417223 ____A C:\Users\Henrik Lindholm\Downloads\LOLPBE.zip
    2012-06-05 04:18 - 2012-06-05 04:18 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\ElevatedDiagnostics
    2012-06-05 04:18 - 2012-06-05 04:18 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Application Data\ElevatedDiagnostics
    2012-06-05 04:18 - 2012-06-05 04:18 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Local\ElevatedDiagnostics
    2012-06-04 21:55 - 2012-06-04 21:55 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\LoL_Skin_Installer
    2012-06-04 21:55 - 2012-06-04 21:55 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Application Data\LoL_Skin_Installer
    2012-06-04 21:55 - 2012-06-04 21:55 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Local\LoL_Skin_Installer
    2012-06-04 21:38 - 2012-06-04 21:38 - 00875251 ____A C:\Users\Henrik Lindholm\Downloads\Skin_Installer_Ultimate.zip
    2012-06-04 21:28 - 2012-06-04 21:28 - 03915260 ____A C:\Users\Henrik Lindholm\Downloads\6980.zip
    2012-06-04 14:11 - 2012-06-04 14:14 - 00000964 ____A C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
    2012-06-03 07:09 - 2012-06-03 07:09 - 00000012 ____A C:\Users\Henrik Lindholm\Downloads\FSSC.dat
    2012-06-03 07:08 - 2012-06-05 14:05 - 00001870 ____A C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    2012-06-03 07:08 - 2012-06-05 14:05 - 00001870 ____A C:\Users\All Users\Desktop\Ad-Aware Antivirus.lnk
    2012-06-03 07:08 - 2012-06-03 07:19 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
    2012-06-03 07:08 - 2012-06-03 07:12 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Application Data\adaware
    2012-06-03 07:08 - 2012-06-03 07:12 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\adaware
    2012-06-03 07:08 - 2012-06-03 07:12 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Local\adaware
    2012-06-03 07:08 - 2011-12-19 12:21 - 00045936 ____A (GFI Software) C:\Windows\System32\sbbd.exe
    2012-06-03 07:08 - 2011-12-19 11:44 - 00256632 ____A (GFI Software) C:\Windows\System32\Drivers\SbFw.sys
    2012-06-03 07:08 - 2011-12-19 11:44 - 00060536 ____A (GFI Software) C:\Windows\System32\Drivers\sbhips.sys
    2012-06-03 07:08 - 2011-09-29 11:16 - 00119416 ____A (GFI Software) C:\Windows\System32\Drivers\SbFwIm.sys
    2012-06-03 07:07 - 2012-06-03 07:12 - 00000000 ____D C:\Users\Henrik Lindholm\Application Data\Ad-Aware Antivirus
    2012-06-03 07:07 - 2012-06-03 07:12 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Roaming\Ad-Aware Antivirus
    2012-06-03 07:06 - 2012-06-03 07:07 - 06236280 ____A (Lavasoft Limited) C:\Users\Henrik Lindholm\Downloads\Adaware_Installer.exe
    2012-06-02 07:32 - 2012-06-02 07:32 - 00051661 ____A C:\Users\Henrik Lindholm\Downloads\DoubleknotExport07D79.pdf
    2012-05-31 20:13 - 2012-05-31 20:14 - 72079841 ____A C:\Users\Henrik Lindholm\Downloads\Final Fantasy Tactics A2 - Grimoire of the Rift.zip
    2012-05-30 14:22 - 2012-05-30 14:22 - 00000000 ____D C:\dell
    2012-05-30 14:20 - 2012-05-30 14:21 - 41255256 ____A C:\Users\Henrik Lindholm\Downloads\R218985.exe
    2012-05-30 05:50 - 2012-05-30 05:50 - 60805809 ____A C:\Users\Henrik Lindholm\Downloads\Pokemon - HeartGold.zip
    2012-05-28 08:51 - 2012-05-28 08:51 - 00002016 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
    2012-05-28 08:51 - 2012-05-28 08:51 - 00002016 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk
    2012-05-28 08:51 - 2012-05-28 08:51 - 00000000 ____D C:\Program Files (x86)\Adobe
    2012-05-27 08:26 - 2012-05-27 08:26 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Downloaded Installations
    2012-05-27 08:26 - 2012-05-27 08:26 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Application Data\Downloaded Installations
    2012-05-27 08:26 - 2012-05-27 08:26 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Local\Downloaded Installations
    2012-05-27 08:26 - 2010-05-22 00:39 - 00000900 ____A C:\Users\Public\Desktop\setup.iss
    2012-05-27 08:26 - 2010-05-22 00:39 - 00000900 ____A C:\Users\All Users\Desktop\setup.iss
    2012-05-27 08:26 - 2010-05-21 16:03 - 54359456 ____A (Alienware Corp. ) C:\Users\Public\Desktop\setup.exe
    2012-05-27 08:26 - 2010-05-21 16:03 - 54359456 ____A (Alienware Corp. ) C:\Users\All Users\Desktop\setup.exe
    2012-05-27 08:24 - 2012-05-27 08:25 - 53938856 ____A C:\Users\Henrik Lindholm\Downloads\R272621.exe
    2012-05-27 07:55 - 2012-05-27 07:55 - 00000000 ____D C:\Users\Henrik Lindholm\Desktop\Emulator Stuff
    2012-05-26 16:08 - 2012-05-26 16:10 - 111175112 ____A C:\Users\Henrik Lindholm\Downloads\5594.zip
    2012-05-26 16:08 - 2012-05-26 16:08 - 00063348 ____A C:\Users\Henrik Lindholm\Downloads\Dicastia_AP_Patch_v0.2.zip
    2012-05-26 15:45 - 2012-05-26 15:45 - 00051710 ____A C:\Users\Henrik Lindholm\Downloads\DoubleknotExportC9815.pdf
    2012-05-26 13:12 - 2012-05-26 13:25 - 110780348 ____A C:\Users\Henrik Lindholm\Downloads\5585 - Pokemon - Black Version (DSi Enhanced)(USA) (E).zip
    2012-05-26 13:09 - 2012-05-26 13:09 - 02196552 ____A C:\Users\Henrik Lindholm\Downloads\desmume-0.9.7-win32.zip
    2012-05-25 05:52 - 2012-05-25 05:52 - 00071680 ____A C:\Users\Henrik Lindholm\Downloads\Calc_7_3.doc
    2012-05-24 15:09 - 2012-05-24 15:09 - 01476337 ____A C:\Users\Henrik Lindholm\Downloads\LOLReplay-0.7.8.6.exe
    2012-05-23 15:45 - 2012-05-23 15:45 - 00000000 ____D C:\Users\Henrik Lindholm\Application Data\LolClient2
    2012-05-23 15:45 - 2012-05-23 15:45 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Roaming\LolClient2
    2012-05-23 11:23 - 2012-05-23 11:23 - 00000000 ___HD C:\VritualRoot
    2012-05-23 09:53 - 2012-05-23 09:53 - 00000000 ____D C:\Users\Henrik Lindholm\Desktop\Morrowind Stuff
    2012-05-21 14:52 - 2012-05-21 14:52 - 00182272 ____A C:\Users\Henrik Lindholm\Downloads\Calc_7_2_1.doc
    2012-05-21 14:52 - 2012-05-21 14:52 - 00050176 ____A C:\Users\Henrik Lindholm\Downloads\Calc_WS_7_2_1.doc
    2012-05-18 16:35 - 2012-05-18 16:35 - 07937960 ____A C:\Users\Henrik Lindholm\Downloads\Gaias Retaliation v1.1L3.w3x
    2012-05-18 16:35 - 2012-05-18 16:35 - 05254579 ____A C:\Users\Henrik Lindholm\Downloads\GoH RPG v1.30e protected.w3x
    2012-05-18 16:30 - 2012-05-18 16:32 - 00000000 ____D C:\Program Files (x86)\Warcraft 3
    2012-05-17 16:54 - 2012-05-17 16:54 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2012-05-17 16:54 - 2012-05-17 16:54 - 00001847 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
    2012-05-17 16:54 - 2012-05-17 16:54 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2012-05-15 05:48 - 2012-05-15 05:48 - 00079872 ____A C:\Users\Henrik Lindholm\Downloads\Calc_PT_5.doc
    2012-05-15 05:48 - 2012-05-15 05:48 - 00040960 ____A C:\Users\Henrik Lindholm\Downloads\Calc_WS_5_6_4.doc


    ============ 3 Months Modified Files and Folders =============

    2012-06-13 21:00 - 2012-06-13 21:00 - 00000000 ____D C:\FRST
    2012-06-13 18:57 - 2012-06-12 10:32 - 01857206 ____A C:\Windows\ntbtlog.txt
    2012-06-13 17:51 - 2009-07-14 00:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-13 16:10 - 2012-06-13 16:10 - 00002153 ____A C:\Users\Henrik Lindholm\Desktop\Fix - Instructions.txt
    2012-06-13 14:14 - 2012-06-13 14:15 - 00014215 ____A C:\Users\Henrik Lindholm\Desktop\Anime Stub.png
    2012-06-13 14:02 - 2012-02-02 20:56 - 00000000 ____D C:\Program Files (x86)\Steam
    2012-06-13 11:20 - 2012-06-11 17:27 - 00001064 ____A C:\Windows\setupact.log
    2012-06-12 20:45 - 2012-06-12 20:45 - 00288016 ____A C:\Windows\Minidump\061212-5881-01.dmp
    2012-06-12 20:45 - 2012-06-12 11:03 - 1094923259 ____A C:\Windows\MEMORY.DMP
    2012-06-12 20:45 - 2012-06-12 11:03 - 00000000 ____D C:\Windows\Minidump
    2012-06-12 20:42 - 2012-04-20 14:32 - 00000478 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
    2012-06-12 20:42 - 2012-02-02 19:40 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
    2012-06-12 20:42 - 2012-02-02 19:40 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
    2012-06-12 20:42 - 2012-02-02 19:40 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
    2012-06-12 20:42 - 2012-02-02 19:40 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
    2012-06-12 20:42 - 2012-02-02 19:40 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
    2012-06-12 20:42 - 2012-02-02 19:40 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
    2012-06-12 20:42 - 2012-02-02 19:36 - 00000000 ____D C:\Program Files (x86)\AlienRespawn
    2012-06-12 20:41 - 2012-02-09 16:28 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-06-12 20:41 - 2012-02-02 21:07 - 00000000 ____D C:\Users\All Users\NVIDIA
    2012-06-12 20:41 - 2012-02-02 21:07 - 00000000 ____D C:\Users\All Users\Application Data\NVIDIA
    2012-06-12 20:41 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-12 17:25 - 2012-06-08 05:13 - 00129702 ____A C:\Windows\WindowsUpdate.log
    2012-06-12 15:18 - 2012-06-12 15:18 - 00288000 ____A C:\Windows\Minidump\061212-6052-01.dmp
    2012-06-12 15:02 - 2012-06-12 10:31 - 00001936 ____A C:\Windows\PFRO.log
    2012-06-12 13:43 - 2012-03-04 18:14 - 00000000 ____D C:\Users\All Users\InstallMate
    2012-06-12 13:43 - 2012-03-04 18:14 - 00000000 ____D C:\Users\All Users\Application Data\InstallMate
    2012-06-12 13:41 - 2012-06-12 13:41 - 00069939 ____A C:\Users\Henrik Lindholm\Downloads\Activate Sound in SafeMode (1).zip
    2012-06-12 13:38 - 2012-06-12 13:38 - 00069939 ____A C:\Users\Henrik Lindholm\Downloads\Activate Sound in SafeMode.zip
    2012-06-12 11:13 - 2012-06-12 11:13 - 00288016 ____A C:\Windows\Minidump\061212-20701-01.dmp
    2012-06-12 11:08 - 2012-06-12 11:08 - 00288096 ____A C:\Windows\Minidump\061212-20888-01.dmp
    2012-06-12 11:03 - 2012-06-12 11:03 - 00288096 ____A C:\Windows\Minidump\061212-20794-01.dmp
    2012-06-12 10:56 - 2012-04-09 22:46 - 00000000 ____D C:\Program Files\PrivacySafeGuard
    2012-06-12 10:45 - 2012-06-12 10:45 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-12 10:45 - 2012-06-12 10:45 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-12 10:45 - 2012-06-12 10:45 - 00000000 ____D C:\Users\Henrik Lindholm\Application Data\Malwarebytes
    2012-06-12 10:45 - 2012-06-12 10:45 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Roaming\Malwarebytes
    2012-06-12 10:45 - 2012-06-12 10:45 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-06-12 10:45 - 2012-06-12 10:45 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
    2012-06-12 10:45 - 2012-06-12 10:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-12 10:44 - 2012-06-12 10:44 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Henrik Lindholm\Downloads\mbam-setup-1.61.0.1400.exe
    2012-06-11 23:46 - 2012-02-09 16:28 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-06-11 21:51 - 2012-05-02 15:29 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\PMB Files
    2012-06-11 21:51 - 2012-05-02 15:29 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Application Data\PMB Files
    2012-06-11 21:51 - 2012-05-02 15:29 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Local\PMB Files
    2012-06-11 21:28 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-11 21:28 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-11 21:23 - 2012-06-08 15:20 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\LogMeIn Hamachi
    2012-06-11 21:23 - 2012-06-08 15:20 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Application Data\LogMeIn Hamachi
    2012-06-11 21:23 - 2012-06-08 15:20 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Local\LogMeIn Hamachi
    2012-06-11 21:18 - 2012-02-02 19:43 - 00000000 ____D C:\Users\All Users\Sonic
    2012-06-11 21:18 - 2012-02-02 19:43 - 00000000 ____D C:\Users\All Users\Application Data\Sonic
    2012-06-11 18:22 - 2012-04-30 18:09 - 00000000 ____D C:\Users\Henrik Lindholm\Application Data\.minecraft
    2012-06-11 18:22 - 2012-04-30 18:09 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Roaming\.minecraft
    2012-06-11 17:27 - 2012-06-11 17:27 - 00000000 ____A C:\Windows\setuperr.log
    2012-06-11 14:33 - 2012-05-02 15:29 - 00000000 ____D C:\Users\All Users\PMB Files
    2012-06-11 14:33 - 2012-05-02 15:29 - 00000000 ____D C:\Users\All Users\Application Data\PMB Files
    2012-06-11 13:47 - 2012-02-09 16:29 - 00002346 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-06-11 13:47 - 2012-02-09 16:29 - 00002346 ____A C:\Users\All Users\Desktop\Google Chrome.lnk
    2012-06-10 18:48 - 2012-02-09 16:22 - 00000000 ____D C:\Users\All Users\Application Data\Ad-Aware Browsing Protection
    2012-06-10 18:48 - 2012-02-09 16:22 - 00000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
    2012-06-09 09:38 - 2012-06-09 09:38 - 00001907 ____A C:\Users\Public\Desktop\LOL Recorder.lnk
    2012-06-09 09:38 - 2012-06-09 09:38 - 00001907 ____A C:\Users\All Users\Desktop\LOL Recorder.lnk
    2012-06-09 09:38 - 2012-05-06 09:54 - 00000000 ____D C:\Program Files (x86)\LOLReplay
    2012-06-09 09:37 - 2012-06-09 09:37 - 01480920 ____A C:\Users\Henrik Lindholm\Downloads\LOLReplay-0.7.8.10.exe
    2012-06-08 15:20 - 2012-06-08 15:20 - 00000928 ____A C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
    2012-06-08 15:20 - 2012-06-08 15:20 - 00000928 ____A C:\Users\All Users\Desktop\LogMeIn Hamachi.lnk
    2012-06-08 15:20 - 2012-06-08 15:20 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
    2012-06-08 15:19 - 2012-06-08 15:19 - 03857920 ____A C:\Users\Henrik Lindholm\Downloads\hamachi (1).msi
    2012-06-07 17:27 - 2012-06-07 17:27 - 00001843 ____A C:\Users\Public\Desktop\Alienware Command Center.lnk
    2012-06-07 17:27 - 2012-06-07 17:27 - 00001843 ____A C:\Users\All Users\Desktop\Alienware Command Center.lnk
    2012-06-07 17:23 - 2012-02-02 19:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-06-07 17:18 - 2012-06-07 17:18 - 36849648 ____A C:\Users\Henrik Lindholm\Downloads\R232274.exe
    2012-06-07 17:07 - 2012-04-09 22:46 - 00000000 ____D C:\Users\Henrik Lindholm\Application Data\Azureus
    2012-06-07 17:07 - 2012-04-09 22:46 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Roaming\Azureus
    2012-06-07 17:07 - 2011-02-10 09:02 - 00000000 ____D C:\Windows\panther
    2012-06-07 17:04 - 2012-06-07 17:04 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-06-07 17:04 - 2012-06-07 17:04 - 00000824 ____A C:\Users\All Users\Desktop\CCleaner.lnk
    2012-06-07 17:04 - 2012-06-07 17:04 - 00000000 ____D C:\Program Files\CCleaner
    2012-06-07 17:03 - 2012-06-07 17:03 - 03862112 ____A (Piriform Ltd) C:\Users\Henrik Lindholm\Downloads\ccsetup319.exe
    2012-06-06 19:18 - 2012-05-02 15:29 - 00000000 ____D C:\Users\Henrik Lindholm\Desktop\League Of Legends Stuff
    2012-06-06 14:15 - 2012-06-06 14:06 - 1519417223 ____A C:\Users\Henrik Lindholm\Downloads\LOLPBE.zip
    2012-06-05 14:05 - 2012-06-03 07:08 - 00001870 ____A C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    2012-06-05 14:05 - 2012-06-03 07:08 - 00001870 ____A C:\Users\All Users\Desktop\Ad-Aware Antivirus.lnk
    2012-06-05 04:18 - 2012-06-05 04:18 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\ElevatedDiagnostics
    2012-06-05 04:18 - 2012-06-05 04:18 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Application Data\ElevatedDiagnostics
    2012-06-05 04:18 - 2012-06-05 04:18 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Local\ElevatedDiagnostics
    2012-06-04 21:55 - 2012-06-04 21:55 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\LoL_Skin_Installer
    2012-06-04 21:55 - 2012-06-04 21:55 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Application Data\LoL_Skin_Installer
    2012-06-04 21:55 - 2012-06-04 21:55 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Local\LoL_Skin_Installer
    2012-06-04 21:38 - 2012-06-04 21:38 - 00875251 ____A C:\Users\Henrik Lindholm\Downloads\Skin_Installer_Ultimate.zip
    2012-06-04 21:28 - 2012-06-04 21:28 - 03915260 ____A C:\Users\Henrik Lindholm\Downloads\6980.zip
    2012-06-04 14:14 - 2012-06-04 14:11 - 00000964 ____A C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
    2012-06-03 07:19 - 2012-06-03 07:08 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
    2012-06-03 07:12 - 2012-06-03 07:08 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Application Data\adaware
    2012-06-03 07:12 - 2012-06-03 07:08 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\adaware
    2012-06-03 07:12 - 2012-06-03 07:08 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Local\adaware
    2012-06-03 07:12 - 2012-06-03 07:07 - 00000000 ____D C:\Users\Henrik Lindholm\Application Data\Ad-Aware Antivirus
    2012-06-03 07:12 - 2012-06-03 07:07 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Roaming\Ad-Aware Antivirus
    2012-06-03 07:09 - 2012-06-03 07:09 - 00000012 ____A C:\Users\Henrik Lindholm\Downloads\FSSC.dat
    2012-06-03 07:08 - 2012-02-09 16:22 - 00000000 ____D C:\Users\All Users\Lavasoft
    2012-06-03 07:08 - 2012-02-09 16:22 - 00000000 ____D C:\Users\All Users\Application Data\Lavasoft
    2012-06-03 07:07 - 2012-06-03 07:06 - 06236280 ____A (Lavasoft Limited) C:\Users\Henrik Lindholm\Downloads\Adaware_Installer.exe
    2012-06-03 07:06 - 2012-02-09 16:22 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat
    2012-06-03 07:06 - 2012-02-09 16:22 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat
    2012-06-03 07:05 - 2012-02-28 16:10 - 00050989 ____A C:\aaw7boot.log
    2012-06-02 07:32 - 2012-06-02 07:32 - 00051661 ____A C:\Users\Henrik Lindholm\Downloads\DoubleknotExport07D79.pdf
    2012-05-31 20:14 - 2012-05-31 20:13 - 72079841 ____A C:\Users\Henrik Lindholm\Downloads\Final Fantasy Tactics A2 - Grimoire of the Rift.zip
    2012-05-30 14:22 - 2012-05-30 14:22 - 00000000 ____D C:\dell
    2012-05-30 14:21 - 2012-05-30 14:20 - 41255256 ____A C:\Users\Henrik Lindholm\Downloads\R218985.exe
    2012-05-30 05:50 - 2012-05-30 05:50 - 60805809 ____A C:\Users\Henrik Lindholm\Downloads\Pokemon - HeartGold.zip
    2012-05-28 08:51 - 2012-05-28 08:51 - 00002016 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
    2012-05-28 08:51 - 2012-05-28 08:51 - 00002016 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk
    2012-05-28 08:51 - 2012-05-28 08:51 - 00000000 ____D C:\Program Files (x86)\Adobe
    2012-05-28 08:51 - 2012-02-20 22:06 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Application Data\Adobe
    2012-05-28 08:51 - 2012-02-20 22:06 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Adobe
    2012-05-28 08:51 - 2012-02-20 22:06 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Local\Adobe
    2012-05-28 08:51 - 2012-02-02 19:36 - 00000000 ____D C:\Users\All Users\Application Data\Adobe
    2012-05-28 08:51 - 2012-02-02 19:36 - 00000000 ____D C:\Users\All Users\Adobe
    2012-05-28 08:49 - 2009-07-13 23:45 - 00461512 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-05-27 08:28 - 2012-02-09 15:57 - 00126456 ____A C:\Users\Henrik Lindholm\Local Settings\GDIPFONTCACHEV1.DAT
    2012-05-27 08:28 - 2012-02-09 15:57 - 00126456 ____A C:\Users\Henrik Lindholm\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2012-05-27 08:28 - 2012-02-09 15:57 - 00126456 ____A C:\Users\Henrik Lindholm\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-05-27 08:26 - 2012-05-27 08:26 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Downloaded Installations
    2012-05-27 08:26 - 2012-05-27 08:26 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Application Data\Downloaded Installations
    2012-05-27 08:26 - 2012-05-27 08:26 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Local\Downloaded Installations
    2012-05-27 08:25 - 2012-05-27 08:24 - 53938856 ____A C:\Users\Henrik Lindholm\Downloads\R272621.exe
    2012-05-27 07:55 - 2012-05-27 07:55 - 00000000 ____D C:\Users\Henrik Lindholm\Desktop\Emulator Stuff
    2012-05-26 16:10 - 2012-05-26 16:08 - 111175112 ____A C:\Users\Henrik Lindholm\Downloads\5594.zip
    2012-05-26 16:08 - 2012-05-26 16:08 - 00063348 ____A C:\Users\Henrik Lindholm\Downloads\Dicastia_AP_Patch_v0.2.zip
    2012-05-26 15:45 - 2012-05-26 15:45 - 00051710 ____A C:\Users\Henrik Lindholm\Downloads\DoubleknotExportC9815.pdf
    2012-05-26 13:25 - 2012-05-26 13:12 - 110780348 ____A C:\Users\Henrik Lindholm\Downloads\5585 - Pokemon - Black Version (DSi Enhanced)(USA) (E).zip
    2012-05-26 13:09 - 2012-05-26 13:09 - 02196552 ____A C:\Users\Henrik Lindholm\Downloads\desmume-0.9.7-win32.zip
    2012-05-25 05:52 - 2012-05-25 05:52 - 00071680 ____A C:\Users\Henrik Lindholm\Downloads\Calc_7_3.doc
    2012-05-24 15:09 - 2012-05-24 15:09 - 01476337 ____A C:\Users\Henrik Lindholm\Downloads\LOLReplay-0.7.8.6.exe
    2012-05-23 15:47 - 2012-05-09 14:13 - 00000000 ____D C:\Users\Henrik Lindholm\Desktop\Java Stuff
    2012-05-23 15:45 - 2012-05-23 15:45 - 00000000 ____D C:\Users\Henrik Lindholm\Application Data\LolClient2
    2012-05-23 15:45 - 2012-05-23 15:45 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Roaming\LolClient2
    2012-05-23 15:39 - 2009-07-14 00:08 - 00032590 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-05-23 11:23 - 2012-05-23 11:23 - 00000000 ___HD C:\VritualRoot
    2012-05-23 09:53 - 2012-05-23 09:53 - 00000000 ____D C:\Users\Henrik Lindholm\Desktop\Morrowind Stuff
    2012-05-21 14:52 - 2012-05-21 14:52 - 00182272 ____A C:\Users\Henrik Lindholm\Downloads\Calc_7_2_1.doc
    2012-05-21 14:52 - 2012-05-21 14:52 - 00050176 ____A C:\Users\Henrik Lindholm\Downloads\Calc_WS_7_2_1.doc
    2012-05-18 16:35 - 2012-05-18 16:35 - 07937960 ____A C:\Users\Henrik Lindholm\Downloads\Gaias Retaliation v1.1L3.w3x
    2012-05-18 16:35 - 2012-05-18 16:35 - 05254579 ____A C:\Users\Henrik Lindholm\Downloads\GoH RPG v1.30e protected.w3x
    2012-05-18 16:32 - 2012-05-18 16:30 - 00000000 ____D C:\Program Files (x86)\Warcraft 3
    2012-05-17 16:54 - 2012-05-17 16:54 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2012-05-17 16:54 - 2012-05-17 16:54 - 00001847 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
    2012-05-17 16:54 - 2012-05-17 16:54 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2012-05-15 05:48 - 2012-05-15 05:48 - 00079872 ____A C:\Users\Henrik Lindholm\Downloads\Calc_PT_5.doc
    2012-05-15 05:48 - 2012-05-15 05:48 - 00040960 ____A C:\Users\Henrik Lindholm\Downloads\Calc_WS_5_6_4.doc
    2012-05-13 13:37 - 2012-04-20 14:32 - 00000536 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    2012-05-12 23:19 - 2012-05-12 23:18 - 37997816 ____A C:\Users\Henrik Lindholm\Downloads\GraboidVideoSetup-3.1-Complete.exe
    2012-05-12 19:42 - 2012-05-12 19:36 - 00000000 ____D C:\Users\Henrik Lindholm\Downloads\world
    2012-05-12 19:42 - 2012-04-30 18:51 - 00000000 ____D C:\Users\Henrik Lindholm\Desktop\Minecraft Stuff
    2012-05-11 15:18 - 2012-03-14 18:40 - 00000000 ____D C:\Users\Henrik Lindholm\Application Data\HpUpdate
    2012-05-11 15:18 - 2012-03-14 18:40 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Roaming\HpUpdate
    2012-05-09 21:41 - 2012-04-22 19:26 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-05-09 21:41 - 2012-04-22 19:26 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
    2012-05-09 21:41 - 2012-02-10 06:36 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-05-09 21:37 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
    2012-05-09 14:15 - 2012-02-09 16:01 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\VirtualStore
    2012-05-09 14:15 - 2012-02-09 16:01 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Application Data\VirtualStore
    2012-05-09 14:15 - 2012-02-09 16:01 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Local\VirtualStore
    2012-05-09 14:14 - 2012-05-09 14:14 - 00000000 ____D C:\Users\Henrik Lindholm\Application Data\JCreator
    2012-05-09 14:14 - 2012-05-09 14:14 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Roaming\JCreator
    2012-05-09 14:14 - 2012-05-09 14:14 - 00000000 ____D C:\Users\All Users\JCreator
    2012-05-09 14:14 - 2012-05-09 14:14 - 00000000 ____D C:\Users\All Users\Application Data\JCreator
    2012-05-06 10:36 - 2012-05-06 09:54 - 00000000 ____D C:\Users\Henrik Lindholm\My Documents\LOLReplay
    2012-05-06 10:36 - 2012-05-06 09:54 - 00000000 ____D C:\Users\Henrik Lindholm\Documents\LOLReplay
    2012-05-06 09:53 - 2012-05-06 09:53 - 01312201 ____A C:\Users\Henrik Lindholm\Downloads\LOLReplay-0.7.7.0.exe
    2012-05-02 17:10 - 2012-05-02 17:10 - 00000000 ____D C:\Users\Henrik Lindholm\Application Data\LolClient
    2012-05-02 17:10 - 2012-05-02 17:10 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Roaming\LolClient
    2012-05-02 15:55 - 2012-05-02 15:55 - 00001722 ____A C:\Users\Public\Desktop\Play League of Legends.lnk
    2012-05-02 15:55 - 2012-05-02 15:55 - 00001722 ____A C:\Users\All Users\Desktop\Play League of Legends.lnk
    2012-05-02 15:54 - 2012-05-02 15:54 - 00000000 ____D C:\Riot Games
    2012-05-02 15:29 - 2012-05-02 15:29 - 02288128 ____A C:\Users\Henrik Lindholm\Downloads\LeagueofLegends.exe
    2012-05-02 15:29 - 2012-05-02 15:29 - 00000000 ____D C:\Program Files (x86)\Pando Networks
    2012-05-02 14:21 - 2012-05-02 14:21 - 00073728 ____A C:\Users\Henrik Lindholm\Downloads\Calc_WS_5_6_1.doc
    2012-05-02 14:21 - 2012-05-02 14:21 - 00073728 ____A C:\Users\Henrik Lindholm\Downloads\Calc_WS_5_6_1 (1).doc
    2012-04-30 18:09 - 2012-04-30 18:09 - 00278561 ____A C:\Users\Henrik Lindholm\Desktop\Minecraft.exe
    2012-04-30 14:07 - 2012-04-30 14:07 - 00050688 ____A C:\Users\Henrik Lindholm\Downloads\Calc_WS_4_7_1.doc
    2012-04-30 14:07 - 2012-04-30 14:07 - 00046592 ____A C:\Users\Henrik Lindholm\Downloads\Calc_WS_4_7_2.doc
    2012-04-23 05:23 - 2009-07-13 21:34 - 00000513 ____A C:\Windows\win.ini
    2012-04-22 19:38 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2012-04-22 19:37 - 2012-04-22 19:37 - 00000000 ____D C:\Users\Default\Local Settings\Microsoft Help
    2012-04-22 19:37 - 2012-04-22 19:37 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\Microsoft Help
    2012-04-22 19:37 - 2012-04-22 19:37 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
    2012-04-22 19:37 - 2012-04-22 19:37 - 00000000 ____D C:\Users\Default User\Local Settings\Microsoft Help
    2012-04-22 19:37 - 2012-04-22 19:37 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\Microsoft Help
    2012-04-22 19:37 - 2012-04-22 19:37 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
    2012-04-22 19:29 - 2012-02-02 19:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2012-04-22 19:28 - 2010-11-21 02:16 - 00000000 ____D C:\Windows\ShellNew
    2012-04-22 19:27 - 2012-04-22 19:27 - 00000000 ____D C:\Windows\PCHEALTH
    2012-04-22 19:27 - 2012-04-22 19:27 - 00000000 ____D C:\Program Files\Microsoft Office
    2012-04-22 19:26 - 2012-04-22 19:26 - 00000000 __RHD C:\MSOCache
    2012-04-22 19:26 - 2012-04-22 19:26 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Microsoft Help
    2012-04-22 19:26 - 2012-04-22 19:26 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Application Data\Microsoft Help
    2012-04-22 19:26 - 2012-04-22 19:26 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Local\Microsoft Help
    2012-04-22 19:26 - 2012-04-22 19:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
    2012-04-22 19:24 - 2012-04-22 19:24 - 00039936 ____A C:\Users\Henrik Lindholm\Downloads\WS 4[1].1-2.doc
    2012-04-22 19:24 - 2012-04-22 19:24 - 00039936 ____A C:\Users\Henrik Lindholm\Downloads\WS 4[1].1-1.doc
    2012-04-22 19:24 - 2012-04-22 19:24 - 00035840 ____A C:\Users\Henrik Lindholm\Downloads\WS 4[1].1-3.doc
    2012-04-20 14:32 - 2012-02-18 14:05 - 00000000 ____D C:\Program Files\AlienAutopsy
    2012-04-18 19:56 - 2012-04-18 19:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
    2012-04-18 19:56 - 2012-04-18 19:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
    2012-04-14 19:23 - 2012-04-14 19:23 - 04777753 ____A C:\Users\Henrik Lindholm\Downloads\X Hero Siege v6.30.w3x
    2012-04-14 19:19 - 2012-04-14 19:19 - 00114239 ____A C:\Users\Henrik Lindholm\Downloads\Wintermaul (Final) (1).w3m
    2012-04-14 19:18 - 2012-04-14 19:18 - 00114239 ____A C:\Users\Henrik Lindholm\Downloads\Wintermaul (Final).w3m
    2012-04-14 11:23 - 2012-04-14 11:23 - 00173960 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-04-14 11:23 - 2012-04-14 11:23 - 00173960 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-04-14 11:23 - 2012-04-14 11:23 - 00000000 ____D C:\Program Files (x86)\Oracle
    2012-04-14 11:23 - 2012-02-09 15:57 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\LocalLow
    2012-04-10 14:16 - 2012-04-10 14:16 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Sonic_Solutions
    2012-04-10 14:16 - 2012-04-10 14:16 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Application Data\Sonic_Solutions
    2012-04-10 14:16 - 2012-04-10 14:16 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Local\Sonic_Solutions
    2012-04-10 14:16 - 2012-02-09 16:01 - 00000000 ____D C:\Users\Henrik Lindholm\Application Data\Roxio
    2012-04-10 14:16 - 2012-02-09 16:01 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Roaming\Roxio
    2012-04-10 14:16 - 2012-02-02 19:43 - 00000000 ____D C:\Users\All Users\Roxio
    2012-04-10 14:16 - 2012-02-02 19:43 - 00000000 ____D C:\Users\All Users\Application Data\Roxio
    2012-04-10 14:15 - 2012-04-10 14:15 - 00000981 ____A C:\Users\Public\Desktop\WinRAR.lnk
    2012-04-10 14:15 - 2012-04-10 14:15 - 00000981 ____A C:\Users\All Users\Desktop\WinRAR.lnk
    2012-04-10 14:15 - 2012-04-10 14:15 - 00000000 ____D C:\Users\Henrik Lindholm\Application Data\WinRAR
    2012-04-10 14:15 - 2012-04-10 14:15 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Roaming\WinRAR
    2012-04-10 14:15 - 2012-04-10 14:14 - 00000000 ____D C:\Program Files\WinRAR
    2012-04-10 14:14 - 2012-04-10 14:14 - 01639789 ____A C:\Users\Henrik Lindholm\Downloads\winrar-x64-411.exe
    2012-04-09 22:49 - 2012-04-09 22:49 - 00000000 ____D C:\Users\Henrik Lindholm\My Documents\Vuze Downloads
    2012-04-09 22:49 - 2012-04-09 22:49 - 00000000 ____D C:\Users\Henrik Lindholm\Documents\Vuze Downloads
    2012-04-09 22:48 - 2012-04-09 22:48 - 00012898 ____A C:\Users\Henrik Lindholm\Downloads\[kat.ph]hentaishare.fate.hollow.ataraxia.torrent
    2012-04-09 22:47 - 2012-04-09 22:47 - 00000000 ____D C:\Users\All Users\Tarma Installer
    2012-04-09 22:47 - 2012-04-09 22:47 - 00000000 ____D C:\Users\All Users\Application Data\Tarma Installer
    2012-04-09 22:46 - 2012-04-09 22:46 - 00001854 ____A C:\Users\Public\Desktop\Vuze.lnk
    2012-04-09 22:46 - 2012-04-09 22:46 - 00001854 ____A C:\Users\All Users\Desktop\Vuze.lnk
    2012-04-09 22:46 - 2012-04-09 22:46 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Conduit
    2012-04-09 22:46 - 2012-04-09 22:46 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Application Data\Conduit
    2012-04-09 22:46 - 2012-04-09 22:46 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Local\Conduit
    2012-04-09 22:46 - 2012-04-09 22:46 - 00000000 ____D C:\Users\Henrik Lindholm\.swt
    2012-04-09 22:46 - 2012-04-09 22:46 - 00000000 ____D C:\Program Files (x86)\Vuze_Remote
    2012-04-09 22:46 - 2012-04-09 22:46 - 00000000 ____D C:\Program Files (x86)\Vuze
    2012-04-09 22:46 - 2012-04-09 22:46 - 00000000 ____D C:\Program Files (x86)\Conduit
    2012-04-09 22:46 - 2012-04-09 22:45 - 09740728 ____A (Vuze Inc.) C:\Users\Henrik Lindholm\Downloads\Vuze_Installer.exe
    2012-04-09 22:46 - 2012-02-09 15:57 - 00000000 ____D C:\users\Henrik Lindholm
    2012-04-05 14:36 - 2012-04-05 14:36 - 01673408 ____A (W3i, LLC) C:\Users\Henrik Lindholm\Downloads\movie_player_1280.exe
    2012-04-04 22:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\LiveKernelReports
    2012-04-04 14:56 - 2012-06-12 10:45 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-04-04 00:26 - 2012-04-04 00:26 - 00011398 ____A C:\Users\Henrik Lindholm\Downloads\[NemuNemu] Tsuntsun Shichau Otoshigoro ch1-3 [Eng].zip.torrent
    2012-03-31 01:05 - 2012-05-09 21:08 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-03-30 23:39 - 2012-05-09 21:08 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-03-30 23:39 - 2012-05-09 21:08 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-03-30 22:10 - 2012-05-09 21:08 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-03-30 06:35 - 2012-05-09 21:06 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-03-29 15:46 - 2012-03-29 15:46 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-03-29 15:46 - 2012-03-29 15:46 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
    2012-03-29 15:46 - 2012-03-29 15:46 - 00000000 ____D C:\Program Files\iTunes
    2012-03-29 15:46 - 2012-03-29 15:46 - 00000000 ____D C:\Program Files\iPod
    2012-03-29 15:46 - 2012-03-29 15:46 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-03-28 05:44 - 2012-03-28 05:44 - 00088910 ____A C:\Users\Henrik Lindholm\Downloads\Calc_4_2_2_PDF.pdf
    2012-03-27 05:52 - 2011-02-10 11:10 - 00773050 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-03-27 05:49 - 2012-03-27 05:49 - 00056832 ____A C:\Users\Henrik Lindholm\Downloads\WS 4[1].2-1.doc
    2012-03-21 20:09 - 2012-03-21 20:09 - 00317663 ____A C:\Users\Henrik Lindholm\Downloads\Scan3.pdf
    2012-03-21 19:31 - 2012-03-21 19:31 - 00000000 ___RD C:\Users\Henrik Lindholm\My Documents\Scanned Documents
    2012-03-21 19:31 - 2012-03-21 19:31 - 00000000 ___RD C:\Users\Henrik Lindholm\Documents\Scanned Documents
    2012-03-21 19:31 - 2012-03-21 19:31 - 00000000 ____D C:\Users\Henrik Lindholm\My Documents\Fax
    2012-03-21 19:31 - 2012-03-21 19:31 - 00000000 ____D C:\Users\Henrik Lindholm\Documents\Fax
    2012-03-19 21:40 - 2012-03-14 18:51 - 00000000 ____D C:\Users\Henrik Lindholm\Application Data\Apple Computer
    2012-03-19 21:40 - 2012-03-14 18:51 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Roaming\Apple Computer
    2012-03-19 21:38 - 2012-03-14 18:51 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Application Data\Apple Computer
    2012-03-19 21:38 - 2012-03-14 18:51 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Apple Computer
    2012-03-19 21:38 - 2012-03-14 18:51 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Local\Apple Computer
    2012-03-19 21:36 - 2012-03-19 21:35 - 39401336 ____A (Apple Inc.) C:\Users\Henrik Lindholm\Downloads\QuickTimeInstaller.exe
    2012-03-19 21:33 - 2012-03-19 21:29 - 00000000 ____D C:\Windows\pss
    2012-03-18 11:57 - 2012-02-15 18:34 - 00000000 ____D C:\Users\Henrik Lindholm\My Documents\StarCraft II
    2012-03-18 11:57 - 2012-02-15 18:34 - 00000000 ____D C:\Users\Henrik Lindholm\Documents\StarCraft II
    2012-03-17 12:58 - 2012-02-15 18:34 - 00000000 ____D C:\Program Files (x86)\StarCraft II
    2012-03-17 02:58 - 2012-05-09 21:07 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 10%
    Total physical RAM: 8173.82 MB
    Available physical RAM: 7356.16 MB
    Total Pagefile: 8172.02 MB
    Available Pagefile: 7342.25 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ======================= Partitions =========================

    1 Drive c: (OS) (Fixed) (Total:227.23 GB) (Free:125.54 GB) NTFS
    3 Drive e: () (Removable) (Total:7.46 GB) (Free:7.46 GB) FAT32
    4 Drive f: (RECOVERY) (Fixed) (Total:11.2 GB) (Free:3.88 GB) NTFS
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 238 GB 1024 KB
    Disk 1 Online 7648 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 11 GB 40 MB
    Partition 3 Primary 227 GB 11 GB

    ================================================== ================================================== ==

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 FAT Partition 39 MB Healthy Hidden

    ================================================== ================================================== ==

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 F RECOVERY NTFS Partition 11 GB Healthy

    ================================================== ================================================== ==

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 227 GB Healthy

    ================================================== ================================================== ==

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 7648 MB 0 B

    ================================================== ================================================== ==

    Disk: 1
    There is no partition selected.

    There is no partition selected.
    Please select a partition and try again.

    ================================================== ================================================== ==

    ================================================== ========

    Last Boot: 2012-06-09 16:00

    ======================= End Of Log ==========================
    Last edited by Starbuck; 14-06-2012 at 10:06 PM.

  19. #19
    Administrator & Security Team Starbuck's Avatar
    Join Date
    Feb 2010
    Location
    Midlands, UK
    Posts
    3,312

    PC Experience:
    Very Experienced


    Operating System:
    XP Home / Win7 Pro / Win8.1 Pro

    Default

    Hi Shvensk

    Thanks for the report, well done.
    I'll have a good look through it tomorrow as i'm just off to bed now.
    I can see a few problems already, but i'd like time to go through the report properly before making any fix.

    The problems are more software conflicts than malware though.
    Member of:
    UNITE

  20. #20
    Administrator & Security Team Starbuck's Avatar
    Join Date
    Feb 2010
    Location
    Midlands, UK
    Posts
    3,312

    PC Experience:
    Very Experienced


    Operating System:
    XP Home / Win7 Pro / Win8.1 Pro

    Default

    Hi Shvensk

    I added the FRST.txt to your last post as it's easier to read this way.
    Let's see if we can get rid of the software conflicts first and possibly get the system to boot up normally.
    The uninstall parts should be able to be completed in Safe Mode.

    It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    Having 3 AV programs running is a recipe for disaster!

    Because of the conflicts i recommend removing all 3 programs for now.
    We're not sure if any have become corrupted.

    Please boot into Safe Mode and remove the following:
    Ad-Aware Antivirus
    AVAST
    COMODO Internet Security


    I also recommend removing:
    Iminent Messenger
    The home website doesn't get a very good WOT rating and the program is advert supported.
    It's not something i'd want on my system.

    After removing these programs, see if the system will boot normally.
    Let me know if you encounter any problems.

    Thanks
    Member of:
    UNITE

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •