Jump to content

Welcome to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message and all ads will be removed once you have signed in.
Create an Account Login to Account

BSOD possible malware help please [Solved]


  • This topic is locked This topic is locked

#16
madpad1972

madpad1972

    Member

  • Member
  • PipPip
  • 49 posts
Hi sleepy would not let me stop verifier had to do it in safe mode in the end.
The BSOD messege i was getting was FNETURPX.exe and FNETURPX.sys hope they help
heres a log of all the BSOD i had.


==================================================
Dump File : 092213-22953-01.dmp
Crash Time : 9/22/2013 1:16:44 PM
Bug Check String : DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL
Bug Check Code : 0x000000d5
Parameter 1 : fffff980`1f2a4f10
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`0178c740
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75b80
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18229 (win7sp1_gdr.130801-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092213-22953-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 276,096
Dump File Time : 9/22/2013 1:17:45 PM
==================================================

==================================================
Dump File : 092213-28421-01.dmp
Crash Time : 9/22/2013 1:13:57 PM
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`036782a0
Parameter 3 : fffffa80`036782a0
Parameter 4 : fffffa80`0367821f
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75b80
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18229 (win7sp1_gdr.130801-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092213-28421-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 269,680
Dump File Time : 9/22/2013 1:15:15 PM
==================================================

==================================================
Dump File : 092213-22359-01.dmp
Crash Time : 9/22/2013 1:11:11 PM
Bug Check String : DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL
Bug Check Code : 0x000000d5
Parameter 1 : fffff980`1d5cef10
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`0148b740
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75b80
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18229 (win7sp1_gdr.130801-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092213-22359-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 315,968
Dump File Time : 9/22/2013 1:12:20 PM
==================================================

==================================================
Dump File : 092213-30406-02.dmp
Crash Time : 9/22/2013 1:08:51 PM
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 00000000`001904fb
Parameter 2 : fffff880`0331cb28
Parameter 3 : fffff880`0331c380
Parameter 4 : fffff800`02c8aced
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+4688
File Description : NT File System Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092213-30406-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 276,088
Dump File Time : 9/22/2013 1:10:00 PM
==================================================

==================================================
Dump File : 092213-23328-01.dmp
Crash Time : 9/22/2013 1:04:17 PM
Bug Check String : DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL
Bug Check Code : 0x000000d5
Parameter 1 : fffff980`1da9cf10
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`01787740
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75b80
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18229 (win7sp1_gdr.130801-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092213-23328-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 276,096
Dump File Time : 9/22/2013 1:05:29 PM
==================================================

==================================================
Dump File : 092213-28453-01.dmp
Crash Time : 9/22/2013 1:02:03 PM
Bug Check String : DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL
Bug Check Code : 0x000000d5
Parameter 1 : fffff980`1dbcef10
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`016fd740
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75b80
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18229 (win7sp1_gdr.130801-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092213-28453-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 276,096
Dump File Time : 9/22/2013 1:03:07 PM
==================================================

==================================================
Dump File : 092213-29546-01.dmp
Crash Time : 9/22/2013 12:41:32 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`000000a1
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff800`02d0d203
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75b80
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18229 (win7sp1_gdr.130801-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092213-29546-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 269,736
Dump File Time : 9/22/2013 1:00:53 PM
==================================================

==================================================
Dump File : 092213-29234-01.dmp
Crash Time : 9/22/2013 12:38:31 PM
Bug Check String : DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL
Bug Check Code : 0x000000d5
Parameter 1 : fffff980`1a01cf10
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`015ce740
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75b80
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18229 (win7sp1_gdr.130801-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092213-29234-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 315,968
Dump File Time : 9/22/2013 12:39:41 PM
==================================================

==================================================
Dump File : 092213-29046-01.dmp
Crash Time : 9/22/2013 12:36:17 PM
Bug Check String : DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL
Bug Check Code : 0x000000d5
Parameter 1 : fffff980`145b8f10
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`01677740
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75b80
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18229 (win7sp1_gdr.130801-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092213-29046-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 315,968
Dump File Time : 9/22/2013 12:37:24 PM
==================================================

==================================================
Dump File : 092213-28281-02.dmp
Crash Time : 9/22/2013 12:34:05 PM
Bug Check String : DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL
Bug Check Code : 0x000000d5
Parameter 1 : fffff980`19098f10
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`015b3740
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75b80
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18229 (win7sp1_gdr.130801-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092213-28281-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 315,968
Dump File Time : 9/22/2013 12:35:12 PM
==================================================

==================================================
Dump File : 092213-29125-01.dmp
Crash Time : 9/22/2013 12:31:54 PM
Bug Check String : DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL
Bug Check Code : 0x000000d5
Parameter 1 : fffff980`1ce56f10
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`019eb740
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75b80
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18229 (win7sp1_gdr.130801-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092213-29125-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 315,968
Dump File Time : 9/22/2013 12:32:58 PM
==================================================

==================================================
Dump File : 092213-28734-01.dmp
Crash Time : 9/22/2013 12:29:45 PM
Bug Check String : DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL
Bug Check Code : 0x000000d5
Parameter 1 : fffff980`168f4f10
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`0148b740
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75b80
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18229 (win7sp1_gdr.130801-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092213-28734-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 315,968
Dump File Time : 9/22/2013 12:30:46 PM
==================================================

==================================================
Dump File : 092213-29500-01.dmp
Crash Time : 9/22/2013 12:27:33 PM
Bug Check String : DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL
Bug Check Code : 0x000000d5
Parameter 1 : fffff980`1c2d6f10
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`015b4740
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75b80
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18229 (win7sp1_gdr.130801-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092213-29500-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 276,096
Dump File Time : 9/22/2013 12:28:40 PM
==================================================

==================================================
Dump File : 092213-28265-01.dmp
Crash Time : 9/22/2013 12:25:24 PM
Bug Check String : DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL
Bug Check Code : 0x000000d5
Parameter 1 : fffff980`18b8af10
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`019ea740
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75b80
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18229 (win7sp1_gdr.130801-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092213-28265-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 315,968
Dump File Time : 9/22/2013 12:26:31 PM
==================================================

==================================================
Dump File : 092213-29109-01.dmp
Crash Time : 9/22/2013 12:23:12 PM
Bug Check String : DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL
Bug Check Code : 0x000000d5
Parameter 1 : fffff980`1c35cf10
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`018c7740
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75b80
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18229 (win7sp1_gdr.130801-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092213-29109-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 315,968
Dump File Time : 9/22/2013 12:24:17 PM
==================================================

==================================================
Dump File : 092213-30109-01.dmp
Crash Time : 9/22/2013 12:20:59 PM
Bug Check String : DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL
Bug Check Code : 0x000000d5
Parameter 1 : fffff980`1bcdaf10
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`01677740
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75b80
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18229 (win7sp1_gdr.130801-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092213-30109-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 315,008
Dump File Time : 9/22/2013 12:22:07 PM
==================================================

==================================================
Dump File : 092213-29531-01.dmp
Crash Time : 9/22/2013 12:18:43 PM
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff800`02cf6cbe
Parameter 3 : fffff880`0226d8c0
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75b80
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18229 (win7sp1_gdr.130801-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092213-29531-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 276,088
Dump File Time : 9/22/2013 12:19:54 PM
==================================================

==================================================
Dump File : 092213-30390-01.dmp
Crash Time : 9/22/2013 12:17:03 PM
Bug Check String : DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL
Bug Check Code : 0x000000d5
Parameter 1 : fffff980`1420ef10
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`01401740
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75b80
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18229 (win7sp1_gdr.130801-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092213-30390-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 315,968
Dump File Time : 9/22/2013 12:18:09 PM
==================================================

==================================================
Dump File : 092213-29250-01.dmp
Crash Time : 9/22/2013 12:14:43 PM
Bug Check String : DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL
Bug Check Code : 0x000000d5
Parameter 1 : fffff980`1628ef10
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`0148b740
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75b80
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18229 (win7sp1_gdr.130801-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092213-29250-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 276,096
Dump File Time : 9/22/2013 12:15:56 PM
==================================================

==================================================
Dump File : 092213-21828-01.dmp
Crash Time : 9/22/2013 12:13:05 PM
Bug Check String : DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL
Bug Check Code : 0x000000d5
Parameter 1 : fffff980`198d6f10
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`0157f740
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75b80
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18229 (win7sp1_gdr.130801-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092213-21828-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 276,096
Dump File Time : 9/22/2013 12:14:05 PM
==================================================

==================================================
Dump File : 092213-23765-01.dmp
Crash Time : 9/22/2013 12:11:21 PM
Bug Check String : DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL
Bug Check Code : 0x000000d5
Parameter 1 : fffff980`14ed4f10
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`0148b740
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75b80
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18229 (win7sp1_gdr.130801-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092213-23765-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 276,096
Dump File Time : 9/22/2013 12:12:25 PM
==================================================

==================================================
Dump File : 092213-25203-01.dmp
Crash Time : 9/22/2013 12:09:38 PM
Bug Check String : DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL
Bug Check Code : 0x000000d5
Parameter 1 : fffff980`1396ef10
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`015d5740
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75b80
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18229 (win7sp1_gdr.130801-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092213-25203-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 315,960
Dump File Time : 9/22/2013 12:10:41 PM
==================================================
  • 0

Advertisement


#17
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 3,182 posts
Hello Madpad,

It seems the drivers FNETURPX.exe and FNETURPX.sys are related to XFastUsb please use the Control Panel and Uninstall the XFastUsb program. Restart and use OTL to get a new log for me please.

  • Please download a fresh copy of OTL and save it to the Desktop
  • Execute OTL by double clicking the icon Posted Image. Make sure all other windows are closed.
    (On Windows Vista or higher right click the file, select Run as Administrator and accept the Security Warning.)
  • Do not change any settings unless otherwise told to do so. Click the Posted Image button. The scan won't take long.
  • When the scan completes, it will open notepad with OTL.Txt. The file is saved on the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the full contents of the file and post in your topic.

  • 0

#18
madpad1972

madpad1972

    Member

  • Member
  • PipPip
  • 49 posts
Hi sleepy log as requested.
Got rid of XFastUsb and rebooted before scan.

OTL logfile created on: 9/22/2013 7:47:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kieron_win7\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.91 Gb Available Physical Memory | 77.60% Memory free
7.49 Gb Paging File | 6.61 Gb Available in Paging File | 88.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 113.09 Gb Free Space | 75.87% Space Free | Partition Type: NTFS

Computer Name: KIERON_WIN7-PC | User Name: kieron_win7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/22 19:44:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kieron_win7\Downloads\OTL (1).exe
PRC - [2013/09/22 19:40:10 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Users\kieron_win7\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
PRC - [2013/09/02 14:58:59 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
PRC - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/07/08 15:32:50 | 001,233,195 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
PRC - [2009/05/04 19:05:04 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
PRC - [2009/02/23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/22 19:40:12 | 000,592,896 | ---- | M] () -- C:\Users\kieron_win7\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0012\~de6248.tmp
MOD - [2013/09/22 19:40:10 | 000,697,884 | ---- | M] () -- C:\Users\kieron_win7\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0012\~df394b.tmp
MOD - [2009/04/20 11:55:58 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/02/06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2013/07/18 20:33:12 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/07/18 20:33:12 | 000,023,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/09/19 22:12:53 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/02 15:01:57 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2013/09/02 14:59:51 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2013/09/02 14:58:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2013/08/14 18:55:29 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/20 07:02:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/08/20 07:02:12 | 000,103,576 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/02/14 12:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 04:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/24 10:55:43 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/06/11 14:37:14 | 000,015,368 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2009/11/25 14:06:02 | 001,276,928 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?r...opt=0&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 95 93 8C E8 A7 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0514F587-03B3-4fcb-9A95-7EF32353E9E2}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.yahoo....icevm&type=ASRK
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/09/08 21:34:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kieron_win7\AppData\Roaming\Mozilla\Extensions
[2013/09/08 21:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/08 21:33:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://hotmail.com/
CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - Extension: Google Docs = C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Live Sports = C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\3.5_0\
CHR - Extension: VLC Remote = C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocjihlfhgfogkibimkhmmblpoihoodmm\0.9_0\
CHR - Extension: Gmail = C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [VIAAUD] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe File not found
O4 - HKLM..\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [ASRockIES] File not found
O4 - HKCU..\Run: [ASRockOCTuner] File not found
O4 - HKCU..\Run: [zASRockInstantBoot] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42EE8034-985E-49E3-A52C-482581341C6C}: DhcpNameServer = 192.168.1.254
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/20 14:55:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/09/19 18:19:15 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\Desktop\Mrs Buckets 170813
[2013/09/19 14:10:42 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\Xorion
[2013/09/19 01:49:55 | 000,000,000 | ---D | C] -- C:\db4c9e673f840282af82b954
[2013/09/17 15:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2013/09/17 15:17:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2013/09/17 15:13:57 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Roaming\FileZilla
[2013/09/16 19:26:24 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Roaming\Malwarebytes
[2013/09/16 19:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/16 19:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/16 19:26:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/09/16 19:26:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/09/16 19:25:40 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\Programs
[2013/09/13 10:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013/09/13 10:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013/09/13 10:53:08 | 000,000,000 | ---D | C] -- C:\AMD
[2013/09/13 10:13:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/09/13 10:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/09/13 09:41:05 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Roaming\Easeware
[2013/09/12 09:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative Labs
[2013/09/10 21:17:51 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\CrashDumps
[2013/09/09 18:19:59 | 000,000,000 | ---D | C] -- C:\2f0316f2edce54d5ee66697f6a7f1a6f
[2013/09/08 22:49:21 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Roaming\vlc
[2013/09/08 22:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/09/08 22:48:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/09/08 21:59:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/09/08 21:42:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/09/08 21:36:24 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\Macromedia
[2013/09/08 21:36:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/09/08 21:36:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/09/08 21:34:05 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Roaming\Mozilla
[2013/09/08 21:34:05 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\Mozilla
[2013/09/08 21:34:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/09/08 21:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/09/08 21:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/09/05 12:05:31 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/09/05 11:54:30 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator
[2013/09/05 11:54:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LinuxLive USB Creator
[2013/09/05 03:10:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/09/04 11:48:23 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\Diagnostics
[2013/09/03 13:51:33 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\Desktop\vuplus
[2013/09/02 23:35:45 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/09/02 22:39:20 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/09/02 22:37:11 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/09/02 18:38:51 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\Adobe
[2013/09/02 18:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
[2013/09/02 18:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SDA
[2013/09/02 18:17:53 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\Downloaded Installations
[2013/09/02 16:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/09/02 16:26:50 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/09/02 16:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/09/02 16:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/09/02 16:01:30 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\Google
[2013/09/02 16:01:07 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\Deployment
[2013/09/02 16:01:07 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\Apps
[2013/09/02 15:34:26 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Roaming\TuneUp Software
[2013/09/02 15:30:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/09/02 15:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/09/02 15:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/09/02 15:05:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/09/02 15:05:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
[2013/09/02 15:02:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative
[2013/09/02 15:02:09 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Creative Installation Information
[2013/09/02 15:02:02 | 002,873,822 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll
[2013/09/02 15:02:02 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/09/02 15:02:02 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/09/02 15:02:01 | 001,910,272 | ---- | C] (Creative) -- C:\Windows\SysNative\Sens_oal.dll
[2013/09/02 14:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2013/09/02 14:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2013/09/02 14:58:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
[2013/09/02 14:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2013/09/02 14:58:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2013/09/02 14:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/09/02 14:57:37 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Roaming\Macromedia
[2013/09/02 14:57:36 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Roaming\Adobe
[2013/09/02 14:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/09/02 14:56:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/09/02 14:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\FNET
[2013/09/02 14:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASRock Utility
[2013/09/02 14:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility
[2013/09/02 14:55:47 | 000,015,368 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys
[2013/09/02 14:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock Utility
[2013/09/02 14:55:33 | 000,076,912 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2013/09/02 14:55:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
[2013/09/02 14:53:08 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/09/02 14:52:50 | 000,242,176 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
[2013/09/02 14:52:50 | 000,193,024 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
[2013/09/02 14:52:50 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2013/09/02 14:52:50 | 000,082,432 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2013/09/02 14:52:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2013/09/02 14:52:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/09/02 14:52:23 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/09/02 14:51:16 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013/09/02 14:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013/09/02 14:49:19 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/09/02 14:49:19 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\Searches
[2013/09/02 14:49:19 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/09/02 14:49:19 | 000,000,000 | -H-D | C] -- C:\Users\kieron_win7\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/09/02 14:49:10 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Roaming\Identities
[2013/09/02 14:49:08 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\Contacts
[2013/09/02 14:49:06 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\VirtualStore
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\AppData\Local\Temporary Internet Files
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\Templates
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\Start Menu
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\SendTo
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\Recent
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\PrintHood
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\NetHood
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\Documents\My Videos
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\Documents\My Pictures
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\Documents\My Music
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\My Documents
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\Local Settings
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\AppData\Local\History
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\Cookies
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\Application Data
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\AppData\Local\Application Data
[2013/09/02 14:48:55 | 000,000,000 | --SD | C] -- C:\Users\kieron_win7\AppData\Roaming\Microsoft
[2013/09/02 14:48:55 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\Videos
[2013/09/02 14:48:55 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\Saved Games
[2013/09/02 14:48:55 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\Pictures
[2013/09/02 14:48:55 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\Music
[2013/09/02 14:48:55 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/09/02 14:48:55 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\Links
[2013/09/02 14:48:55 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\Favorites
[2013/09/02 14:48:55 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\Downloads
[2013/09/02 14:48:55 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\Documents
[2013/09/02 14:48:55 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\Desktop
[2013/09/02 14:48:55 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/09/02 14:48:55 | 000,000,000 | -H-D | C] -- C:\Users\kieron_win7\AppData
[2013/09/02 14:48:55 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\Temp
[2013/09/02 14:48:55 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\Microsoft
[2013/09/02 14:48:55 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Roaming\Media Center Programs
[2013/09/01 20:27:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/09/01 20:26:53 | 000,000,000 | ---D | C] -- C:\9bddfef33ecf9d8d00d0f1fd
[2013/08/28 01:41:24 | 000,000,000 | -HSD | C] -- C:\Boot
[2013/08/28 00:42:16 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/08/27 18:18:05 | 000,000,000 | ---D | C] -- C:\Intel
[2013/08/27 16:49:38 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2013/09/22 19:45:33 | 000,001,148 | ---- | M] () -- C:\Users\kieron_win7\Desktop\OTL (1) - Shortcut.lnk
[2013/09/22 19:39:58 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/22 19:39:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/22 19:39:41 | 3017,605,120 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/22 19:39:14 | 000,016,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/22 19:39:14 | 000,016,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/22 19:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/22 19:06:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/22 17:40:59 | 000,000,951 | ---- | M] () -- C:\Users\kieron_win7\Desktop\BlueScreenView.cfg
[2013/09/22 17:08:30 | 000,002,186 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/22 13:17:32 | 511,862,687 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/09/19 01:55:09 | 000,772,376 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/09/19 01:55:09 | 000,659,886 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/19 01:55:09 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/19 01:55:00 | 000,772,376 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/16 19:26:14 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/16 11:07:10 | 000,146,528 | ---- | M] (NirSoft) -- C:\Users\kieron_win7\Desktop\BlueScreenView.exe
[2013/09/13 10:13:51 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/09/13 09:33:40 | 000,275,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/08 22:49:12 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/09/08 22:35:51 | 000,000,134 | ---- | M] () -- C:\Users\kieron_win7\Desktop\Internet Explorer Troubleshooting.url
[2013/09/08 21:42:38 | 000,002,022 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/09/08 21:34:02 | 000,001,154 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/09/05 12:01:57 | 152,764,416 | ---- | M] () -- C:\Users\kieron_win7\Desktop\lubuntu-13.04-desktop-i386.iso.lili-download
[2013/09/03 08:22:49 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/09/02 23:35:33 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2013/09/02 22:40:15 | 000,122,093 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/09/02 22:40:15 | 000,122,093 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/09/02 22:38:29 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013/09/02 18:53:36 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/09/02 18:18:28 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\SDFormatter.lnk
[2013/09/02 16:26:50 | 000,000,819 | ---- | M] () -- C:\Users\kieron_win7\Desktop\7-Zip File Manager.lnk
[2013/09/02 16:09:58 | 000,002,286 | ---- | M] () -- C:\Users\kieron_win7\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/02 15:27:20 | 000,001,444 | ---- | M] () -- C:\Users\kieron_win7\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/02 15:02:07 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2013/09/02 15:02:02 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/09/02 15:02:02 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/09/02 14:58:18 | 000,001,000 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat.com.lnk
[2013/09/02 14:56:00 | 000,001,123 | ---- | M] () -- C:\Users\kieron_win7\Desktop\ASRock InstantBoot.lnk
[2013/09/02 14:55:59 | 000,001,050 | ---- | M] () -- C:\Users\Public\Desktop\ASRock IES.lnk
[2013/09/02 14:55:55 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ASRock OC Tuner.lnk
[2013/09/02 14:52:59 | 000,001,209 | ---- | M] () -- C:\Users\Public\Desktop\HD VDeck.lnk

========== Files Created - No Company Name ==========

[2013/09/22 19:45:33 | 000,001,148 | ---- | C] () -- C:\Users\kieron_win7\Desktop\OTL (1) - Shortcut.lnk
[2013/09/22 17:40:59 | 000,000,951 | ---- | C] () -- C:\Users\kieron_win7\Desktop\BlueScreenView.cfg
[2013/09/17 15:12:03 | 030,162,182 | ---- | C] () -- C:\Users\kieron_win7\Desktop\VU+ Toolbox Version 2.0.exe
[2013/09/16 19:26:14 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/13 11:17:13 | 000,772,376 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/09/13 10:13:51 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/09/13 10:13:38 | 000,002,120 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/09/08 22:49:12 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/09/08 22:35:51 | 000,000,134 | ---- | C] () -- C:\Users\kieron_win7\Desktop\Internet Explorer Troubleshooting.url
[2013/09/08 21:42:38 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/09/08 21:42:38 | 000,002,022 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/09/08 21:36:14 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/08 21:34:02 | 000,001,166 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/09/08 21:34:02 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/09/05 13:29:34 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/09/05 12:01:57 | 152,764,416 | ---- | C] () -- C:\Users\kieron_win7\Desktop\lubuntu-13.04-desktop-i386.iso.lili-download
[2013/09/04 10:11:04 | 511,862,687 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/09/03 08:22:49 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/09/02 22:40:00 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/09/02 22:40:00 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/09/02 22:38:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/09/02 18:53:36 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/09/02 18:18:28 | 000,002,089 | ---- | C] () -- C:\Users\Public\Desktop\SDFormatter.lnk
[2013/09/02 16:26:50 | 000,000,819 | ---- | C] () -- C:\Users\kieron_win7\Desktop\7-Zip File Manager.lnk
[2013/09/02 16:02:24 | 000,002,286 | ---- | C] () -- C:\Users\kieron_win7\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/02 16:02:24 | 000,002,186 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/02 16:01:39 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/02 16:01:38 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/02 15:27:20 | 000,001,444 | ---- | C] () -- C:\Users\kieron_win7\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/02 15:02:49 | 000,005,037 | ---- | C] () -- C:\Windows\SysNative\cfgfx.ini
[2013/09/02 15:02:49 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2013/09/02 15:02:49 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2013/09/02 15:02:49 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2013/09/02 15:02:07 | 000,191,488 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2013/09/02 15:02:07 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013/09/02 15:02:07 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2013/09/02 15:02:07 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013/09/02 15:02:07 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2013/09/02 14:58:18 | 000,001,012 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2013/09/02 14:58:18 | 000,001,000 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat.com.lnk
[2013/09/02 14:56:00 | 000,001,123 | ---- | C] () -- C:\Users\kieron_win7\Desktop\ASRock InstantBoot.lnk
[2013/09/02 14:55:59 | 000,001,050 | ---- | C] () -- C:\Users\Public\Desktop\ASRock IES.lnk
[2013/09/02 14:55:55 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ASRock OC Tuner.lnk
[2013/09/02 14:52:59 | 000,001,221 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
[2013/09/02 14:52:59 | 000,001,209 | ---- | C] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2013/09/02 14:49:24 | 000,001,416 | ---- | C] () -- C:\Users\kieron_win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/09/02 14:49:20 | 000,001,450 | ---- | C] () -- C:\Users\kieron_win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/09/02 14:48:55 | 000,000,290 | ---- | C] () -- C:\Users\kieron_win7\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/09/02 14:48:55 | 000,000,272 | ---- | C] () -- C:\Users\kieron_win7\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/08/28 01:41:25 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2013/08/28 01:41:24 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2013/08/28 00:42:16 | 3017,605,120 | -HS- | C] () -- C:\hiberfil.sys

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/13 09:41:05 | 000,000,000 | ---D | M] -- C:\Users\kieron_win7\AppData\Roaming\Easeware
[2013/09/19 14:13:27 | 000,000,000 | ---D | M] -- C:\Users\kieron_win7\AppData\Roaming\FileZilla
[2013/09/02 15:34:26 | 000,000,000 | ---D | M] -- C:\Users\kieron_win7\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >
  • 0

#19
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 3,182 posts
Hi,

Ok the log doesn't show the problematic drivers. Now use the machine like you usually do and let me know of new BSOD.
  • 0

#20
madpad1972

madpad1972

    Member

  • Member
  • PipPip
  • 49 posts
Hi sleepy been good for a few days but just had first BSOD for 5 days log enclosed.


==================================================
Dump File : 092713-18937-01.dmp
Crash Time : 9/27/2013 1:15:47 PM
Bug Check String : CACHE_MANAGER
Bug Check Code : 0x00000034
Parameter 1 : 00000000`00050853
Parameter 2 : fffff880`02fbd848
Parameter 3 : fffff880`02fbd0a0
Parameter 4 : fffff800`02c95aed
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75b80
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18229 (win7sp1_gdr.130801-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092713-18937-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 276,088
Dump File Time : 9/27/2013 1:16:40 PM
==================================================
  • 0

#21
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 3,182 posts
Hi,

It seems an improvement...

I would like you test the Hard Disk, Download and install SeaTools for Windows
Execute the Basic Tests only:
  • Short Drive Self Test (20 to 90 seconds long)
  • Long Drive Self Test (may take up to 4 hours, progress in 10% increments)

Let me know if it passes the two tests.
  • 0

#22
madpad1972

madpad1972

    Member

  • Member
  • PipPip
  • 49 posts
Hi sleepy Short Drive Self Test passed but there isnt a Long Drive Self Test only long generic is that the one i need to test?
  • 0

#23
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 3,182 posts

Hi sleepy Short Drive Self Test passed but there isnt a Long Drive Self Test only long generic is that the one i need to test?


Yep it must be that it seems the information on the page is outdated.
When you select the test long generic make sure it says that it doesn't write anything only read.

The page says that all the Basic Tests will do only diagnostics and no changes but I want to make sure they didn't change nothing on the way the software works.
  • 0

#24
madpad1972

madpad1972

    Member

  • Member
  • PipPip
  • 49 posts
Hi sleepy both tests passed.
  • 0

#25
madpad1972

madpad1972

    Member

  • Member
  • PipPip
  • 49 posts
Hi sleepy another BSOD this morning log enclosed.

==================================================
Dump File : 092813-17812-01.dmp
Crash Time : 9/28/2013 10:52:54 AM
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff960`0008ac90
Parameter 3 : fffff880`04851fd0
Parameter 4 : 00000000`00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+7ac90
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092813-17812-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 276,104
Dump File Time : 9/28/2013 10:53:48 AM
==================================================
  • 0
<

Advertisement


#26
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 3,182 posts
Hi,

Let's check for driver conflicts...

Step 1: Start MSConfig

Click Start, type msconfig in the Start Search box, and then press ENTER.
If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation.

Step 2: Configure Selective Startup options

  • In the System Configuration Utility dialog box, click Selective Startup on the General tab.
    Posted Image
  • Click to clear the Load Startup Items check box.
    Note: The Use Original Boot.ini check box is unavailable.
  • Click the Services tab.
    Posted Image
  • Click to select the Hide All Microsoft Services check box.
  • Click Disable All, and then click OK.
  • When you are prompted, click Restart.
Use the computer for some time and let me know if the problem still occur?
  • 0

#27
madpad1972

madpad1972

    Member

  • Member
  • PipPip
  • 49 posts
Hi sleepy just had another.

==================================================
Dump File : 092913-16828-01.dmp
Crash Time : 9/29/2013 10:03:11 AM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 00000000`00041790
Parameter 2 : fffffa80`0231c570
Parameter 3 : 00000000`0000ffff
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75b80
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18229 (win7sp1_gdr.130801-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092913-16828-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 276,088
Dump File Time : 9/29/2013 10:04:01 AM
==================================================
  • 0

#28
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 3,182 posts

Hi sleepy just had another.

Hi,

It happens after you set the system to a Clean Boot according the steps above?

I have another question do you have the ASRock InstantBoot software enabled?
  • 0

#29
madpad1972

madpad1972

    Member

  • Member
  • PipPip
  • 49 posts
Hi sleepy yes i havee ASRock InstantBoot it installed from the motherboard driver cd.
  • 0

#30
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 3,182 posts

It happens after you set the system to a Clean Boot according the steps above?

Can you answer this part please.

Hi sleepy yes i havee ASRock InstantBoot it installed from the motherboard driver cd.


I like you to suspend that, run ASRock InstantBoot and set it to Disable Instant Boot click Apply and Restart the computer.
  • 0

Advertisement




Similar Topics: BSOD possible malware help please [Solved]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured