Having blue screen problem

Shvensk · June 12, 2012

Ok, so. Here's my problem. I recently had the problem where I couldn't do anything upon startup. If I tried opening something, it wouldn't open, my internet connection never connected, couldn't even do the "ctrl+alt+delete" thing and go to the task manager. So then I went to safemode, which worked, and searched for a solution. I used the simplest solution I found, which was downloading and running Malwarebytes. I found 2 errors, which I decided to delete. According to Malwarebytes, their Vendor was PUP.PrivacySafeGuard, although I don't know if that matters. Malwarebytes told me I needed to restart my computer to complete the fix, but when my laptop started up again, I had an error message that said something like this:

"There was a problem starting

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll

The specified module could not be found."

After clicking the ok button, the screen loaded up, and after about 10 seconds, a blue screen appeared! It said something along the lines of:

"A device driver attempting to corrupt the system has been caught. The faulty driver currently on the kernel stack must be replaced with a working version.

If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any Windows updates you may need.

If problems continue, disable or remove any newly installed hardware or sofware. Disable BIOS memory options such as caching or shadowing. If you need to use safe mode to remove or disable components, restart your computer, press f8 to select Advanced Startup Options, and then select safe mode."

This was all I was able to read before my laptop automatically restarted. If there is information I haven't given, just ask and I'll most likely tell you. Please keep in mind that I don't know too much about computers, so please keep your responses easy to follow. Thank you very much, I hope you can help me out!

Shvensk · June 12, 2012

Oh, and by the way. I do NOT have any new hardware/software so I'm quite sure that isn't the problem.

Shvensk · June 12, 2012

Sorry for the multiple replies, (is there a way to edit?). Anyways, after starting up on Safe Mode, I got a message that says:

"Windows has recovered from an unexpected shutdown.

Windows can check online for a solution.

Problem signature:

Problem Event Name: BlueScreen

OS Version: 6.1.7601.2.1.0.768.3

Locale ID: 1033

Additional information about the problem:

BCCode: c4

BCP1: 00000000000000F6

BCP2: 0000000000000208

BCP3: FFFFFA8007BEC630

BCP4: FFFFF880046F79AE

OS Version: 6_1_7601

Service Pack: 1_0

Product: 768_1

Files that help describe the problem:

C:\Windows\Minidump\061212-20701-01.dmp

C:\Users\Henrik Lindholm\AppData\Local\Temp\WER-178745-0.sysdata.xml

Read our privacy statement online:

http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:

C:\Windows\system32\en-US\erofflps.txt"

In case that helps, there it is.

KenB · June 12, 2012

Hi and welcome to ExTS

So then I went to safemode, which worked

Can you confirm that you can boot up OK in Safe Mode please?

If you can ....

Start > type in .....devmgmt.msc ............ENTER

Click the + next to each of the devices listed.

Are there any yellow exclamation marks or red Xs ?

Shvensk · June 12, 2012

No, there are no exclamation marks or Xs.

KenB · June 12, 2012

Start ......type in ......System Restore ..........ENTER

Select a date just before the start of your problem.

Your data / photos etc will be fine.

Shvensk · June 12, 2012

Problem. It says that no system restore points have been created on your computer's system drive.

KenB · June 12, 2012

OK - try using F8 to get to the Advanced Startup Options ..........then select "Last Known Good Configuration"

KenB · June 12, 2012

I have asked Starbuck to take a look at this thread.

I will pick this up again tomorrow ( it is late here in the UK ) :)

Starbuck · June 12, 2012

Hi Shvensk

Can you post the report from MBAM?

PUP.PrivacySafeGuard

removing a Potentially UnWanted Program shouldn't have caused this.

Start Malwarebytes AntiMalware.

Click on the logs tab.

The logs are date stamped ... double click on the log that showed the infection items.

http://img.photobucket.com/albums/v708/starbuck50/new/mbamlog.png

It'll open in notepad.

Please copy/paste the report in your next reply.

Thanks

Shvensk · June 12, 2012

Okay, thank you very much for your patience so far. To get the Advanced Startup Options, do I click f8 when my laptop is booting up? It doesn't do anything right now. I'm a technical newbie, so sorry for the stupid question.

Shvensk · June 12, 2012

@Starbuck Here's the Malwarebytes Log:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

http://www.malwarebytes.org

Database version: v2012.06.12.05

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Henrik Lindholm :: TORCHWOOD-PC [administrator]

Protection: Disabled

6/12/2012 11:46:01 AM

mbam-log-2012-06-12 (11-46-01).txt

Scan type: Full scan

Scan options disabled: P2P

Objects scanned: 371891

Time elapsed: 9 minute(s), 57 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.

C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.

(end)

Starbuck · June 12, 2012

Hi Shvensk

To get the Advanced Startup Options, do I click f8 when my laptop is booting up? It doesn't do anything right now.

This link may help explain how to get to the Advanced Boot Options:

http://www.sevenforums.com/tutorials/666-advanced-boot-options.html

I'm a technical newbie, so sorry for the stupid question

If you don't know something... it's never a stupid question.

When in doubt, always ask.

So back tracking a bit.... you had problems before you ran MBAM?

I recently had the problem where I couldn't do anything upon startup. If I tried opening something, it wouldn't open, my internet connection never connected, couldn't even do the "ctrl+alt+delete" thing and go to the task manager

I think we need to have a look at what else may be going on with this system.

We have a couple of programs we can use to get this information, but first i need to know if you can boot to normal mode or not.

Also if needed do you have another Pc you can use if we need to download anything?

Shvensk · June 13, 2012

I will try rebooting now and go to Advanced Boot Options and try the last known good configuration. And yes, I did have problems before MBAM, it seems as if the blue screen itself only appeared directly after I deleted the threats. However, before MBAM, there was about a 25% chance that I could do stuff normally, and a 75% chance that it would lock up, and preventing me from doing anything successfully. Finally, the rest of my family has mostly Macs, so that may interfere, but if needed, I may be able to get access to one of my father's laptops.

EDIT: Figured out how to edit, go me! Unfortunately, the same blue screen appeared, it didn't work.

Edited June 13, 2012 by Shvensk

KenB · June 13, 2012

the same blue screen appeared, it didn't work.

Was this after you tried "Last Known Good Configuration" ?

I assume that you get a blue screen if you try to boot normally ?

If you use F8 ( about once per second ) after switching on - can you boot up in Safe Mode ?

After you have answered these questions I will leave you in Starbuck's capable hands as this could be a malware problem.

Shvensk · June 13, 2012

1. This was after I tried the last known good configuration

2. Yes, if I boot normally, I get the blue screen

3. I can boot up in Safe Mode like that, yes.

Well, thank you for your help so far, I appreciate it.

Starbuck · June 13, 2012

Hi Shvensk,

I'll give you the information on how we're going to get a report from your system (although it's not working lol).

The instructions may seem complicated, but if you take it slowly you'll be fine.

If at any time you have any questions, just shout out and i'll help you through it.

In addition to another PC, you'll also need a USB stick (flash drive, pen drive etc).

2 terms we use

Clean Computer and Infected Computer.

The clean computer will be the one that you use to download the program on to ( hopefully your fathers as you said)

The infected computer will be the one we are trying to fix.

You may want to print these instructions out so you can have access to follow them.

Please plug a flash drive into a clean computer.

Since your Operating System is 64-bit, download Farbar Recovery Scan Tool 64-Bit

and save the program to the >> USB flash drive.

Next, plug the flash drive into the infected computer.

>>>Restart the computer.

As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
Use the arrow keys to select the Repair your computer menu item.
Select your language settings, and click: Next
Select your User account and click: OK (If you did not set a password, leave blank.)

On the System Recovery Options menu you get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Scan your computer's memory for errors.

Command Prompt

[*]Select Command Prompt

[*]In the Command window, at the bliking cursor type notepad and press: Enter

[*]In Notepad, under the File menu select: Open

[*]Double-click Computer, find the flash drive letter (remember what letter it is), click on it, and press: Open

[*]Close out of Notepad.

[*]Click the Command window.

[*]Type g:\frst64.exe, and press: Enter

Note:

Replace the drive letter g with the drive letter of your flash drive!

[*]The tool starts and prepares to run. Follow the prompts.

[*]Click Yes to the disclaimer.

[*]Press the Scan button.

[*]When done, the program saves the FRST.txt, on the flash drive.

[*]Click the Command prompt window, type exit, and press: Enter

[*]Back at the System Recovery Options, press: ShutDown

Please provide the FRST.txt, stored in the USB flash drive, in your next reply.

Shvensk · June 13, 2012

Done. I'm guessing that you want this as an attachment since it's so long. [ATTACH]770.vB5-legacyid=1549[/ATTACH]

Scan result of Farbar Recovery Scan Tool Version: 12-06-2012 02

Ran by SYSTEM at 13-06-2012 21:00:40

Running from E:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-17] (IDT, Inc.)

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2392872 2010-11-29] (Synaptics Incorporated)

HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [315496 2011-06-26] (NVIDIA Corporation)

HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)

HKLM\...\Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2011-01-05] (Intel® Corporation)

HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9569096 2012-03-11] (COMODO)

HKLM\...\Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe" [57672 2009-07-15] (Alienware Corporation)

HKLM\...\Run: [] [x]

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4031368 2012-02-23] (AVAST Software)

HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)

HKLM-x32\...\Run: [integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd)

HKLM-x32\...\Run: [iminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup [881144 2011-12-23] (Iminent)

HKLM-x32\...\Run: [iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C" [445416 2011-12-23] (Iminent)

HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)

HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()

HKLM-x32\...\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe [184120 2011-11-23] (COMODO)

HKLM-x32\...\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe [213304 2011-11-23] (COMODO)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)

HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1636208 2011-09-02] ()

HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [198032 2011-10-21] (Lavasoft)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]

HKLM-x32\...\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe [95496 2009-06-24] (Sensible Vision )

HKLM-x32\...\Run: [FAStartup] [x]

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1987976 2012-02-28] (LogMeIn Inc.)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462408 2012-04-04] (Malwarebytes Corporation)

HKLM-x32\...\Runonce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x]

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

AppInit_DLLs: C:\Windows\system32\guard64.dll

Tcpip\..\Interfaces\{9AF6957B-66E4-4A9C-AF41-7B491B64CBC9}: [NameServer]8.26.56.26,156.154.70.22

Tcpip\..\Interfaces\{CAF5E964-6261-4D67-A780-29E52408DAC9}: [NameServer]8.26.56.26,156.154.70.22

Lsa: [Notification Packages] scecli

FAPassSync

Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\LOLRecorder.lnk

ShortcutTarget: LOLRecorder.lnk -> C:\Program Files (x86)\LOLReplay\LOLRecorder.exe (LOL Replay)

==================== Services (Whitelisted) ======

2 Ad-Aware Service; "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe" [1226096 2012-05-03] (Lavasoft Limited)

2 AlienFusionService; "C:\Program Files\Alienware\Command Center\AlienFusionService.exe" [13624 2009-07-15] (Alienware)

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-02-23] (AVAST Software)

2 CLPSLS; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [1267000 2011-11-23] (COMODO)

2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2815496 2012-03-11] (COMODO)

2 FAService; C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2368776 2009-06-24] (Sensible Vision )

2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2343816 2012-02-28] (LogMeIn Inc.)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)

3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()

3 RoxMediaDB12OEM; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-11-25] (Sonic Solutions)

2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)

2 SBAMSvc; "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe" [3289032 2011-12-19] (GFI Software)

2 SftService; "C:\Program Files (x86)\AlienRespawn\sftservice.EXE" [1692480 2011-09-22] (SoftThinks SAS)

========================== Drivers (Whitelisted) =============

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-02-23] (AVAST Software)

2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software)

1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-11-28] (AVAST Software)

1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)

1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [335704 2012-02-23] (AVAST Software)

1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software)

1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [577824 2012-03-11] (COMODO)

1 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [43248 2012-03-11] (COMODO)

0 EMSC; C:\Windows\System32\Drivers\EMSC.sys [16752 2009-06-26] (Windows ® Win 7 DDK provider)

0 EMSC; C:\Windows\SysWow64\Drivers\EMSC.sys [13680 2009-06-26] (Windows ® Win 7 DDK provider)

3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)

1 inspect; C:\Windows\System32\Drivers\inspect.sys [93200 2011-12-19] (COMODO)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)

3 NvStUSB; C:\Windows\System32\Drivers\NvStUSB.sys [122472 2011-03-21] ()

2 sbapifs; C:\Windows\System32\Drivers\sbapifs.sys [74872 2011-11-29] (GFI Software)

1 SbFw; C:\Windows\System32\Drivers\SbFw.sys [256632 2011-12-19] (GFI Software)

3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [119416 2011-09-29] (GFI Software)

3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [119416 2011-09-29] (GFI Software)

3 sbhips; C:\Windows\System32\Drivers\sbhips.sys [60536 2011-12-19] (GFI Software)

1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [57976 2011-10-26] (GFI Software)

3 sbwtis; C:\Windows\System32\Drivers\sbwtis.sys [84600 2011-12-19] (GFI Software)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-06-13 16:10 - 2012-06-13 16:10 - 00002153 ____A C:\Users\Henrik Lindholm\Desktop\Fix - Instructions.txt

2012-06-13 14:15 - 2012-06-13 14:14 - 00014215 ____A C:\Users\Henrik Lindholm\Desktop\Anime Stub.png

2012-06-12 20:45 - 2012-06-12 20:45 - 00288016 ____A C:\Windows\Minidump\061212-5881-01.dmp

2012-06-12 15:18 - 2012-06-12 15:18 - 00288000 ____A C:\Windows\Minidump\061212-6052-01.dmp

2012-06-12 13:41 - 2012-06-12 13:41 - 00069939 ____A C:\Users\Henrik Lindholm\Downloads\Activate Sound in SafeMode (1).zip

2012-06-12 13:38 - 2012-06-12 13:38 - 00069939 ____A C:\Users\Henrik Lindholm\Downloads\Activate Sound in SafeMode.zip

2012-06-12 11:13 - 2012-06-12 11:13 - 00288016 ____A C:\Windows\Minidump\061212-20701-01.dmp

2012-06-12 11:08 - 2012-06-12 11:08 - 00288096 ____A C:\Windows\Minidump\061212-20888-01.dmp

2012-06-12 11:03 - 2012-06-12 20:45 - 1094923259 ____A C:\Windows\MEMORY.DMP

2012-06-12 11:03 - 2012-06-12 20:45 - 00000000 ____D C:\Windows\Minidump

2012-06-12 11:03 - 2012-06-12 11:03 - 00288096 ____A C:\Windows\Minidump\061212-20794-01.dmp

2012-06-12 10:45 - 2012-06-12 10:45 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-06-12 10:45 - 2012-06-12 10:45 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2012-06-12 10:45 - 2012-06-12 10:45 - 00000000 ____D C:\Users\Henrik Lindholm\Application Data\Malwarebytes

2012-06-12 10:45 - 2012-06-12 10:45 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Roaming\Malwarebytes

2012-06-12 10:45 - 2012-06-12 10:45 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-06-12 10:45 - 2012-06-12 10:45 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes

2012-06-12 10:45 - 2012-06-12 10:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-12 10:45 - 2012-04-04 14:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-12 10:44 - 2012-06-12 10:44 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Henrik Lindholm\Downloads\mbam-setup-1.61.0.1400.exe

2012-06-12 10:32 - 2012-06-13 18:57 - 01857206 ____A C:\Windows\ntbtlog.txt

2012-06-12 10:31 - 2012-06-12 15:02 - 00001936 ____A C:\Windows\PFRO.log

2012-06-11 17:27 - 2012-06-13 11:20 - 00001064 ____A C:\Windows\setupact.log

2012-06-11 17:27 - 2012-06-11 17:27 - 00000000 ____A C:\Windows\setuperr.log

2012-06-09 09:38 - 2012-06-09 09:38 - 00001907 ____A C:\Users\Public\Desktop\LOL Recorder.lnk

2012-06-09 09:38 - 2012-06-09 09:38 - 00001907 ____A C:\Users\All Users\Desktop\LOL Recorder.lnk

2012-06-09 09:37 - 2012-06-09 09:37 - 01480920 ____A C:\Users\Henrik Lindholm\Downloads\LOLReplay-0.7.8.10.exe

2012-06-08 15:20 - 2012-06-11 21:23 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\LogMeIn Hamachi

2012-06-08 15:20 - 2012-06-11 21:23 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Application Data\LogMeIn Hamachi

2012-06-08 15:20 - 2012-06-11 21:23 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Local\LogMeIn Hamachi

2012-06-08 15:20 - 2012-06-08 15:20 - 00000928 ____A C:\Users\Public\Desktop\LogMeIn Hamachi.lnk

2012-06-08 15:20 - 2012-06-08 15:20 - 00000928 ____A C:\Users\All Users\Desktop\LogMeIn Hamachi.lnk

2012-06-08 15:20 - 2012-06-08 15:20 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

2012-06-08 15:19 - 2012-06-08 15:19 - 03857920 ____A C:\Users\Henrik Lindholm\Downloads\hamachi (1).msi

2012-06-08 05:13 - 2012-06-12 17:25 - 00129702 ____A C:\Windows\WindowsUpdate.log

2012-06-07 17:27 - 2012-06-07 17:27 - 00001843 ____A C:\Users\Public\Desktop\Alienware Command Center.lnk

2012-06-07 17:27 - 2012-06-07 17:27 - 00001843 ____A C:\Users\All Users\Desktop\Alienware Command Center.lnk

2012-06-07 17:18 - 2012-06-07 17:18 - 36849648 ____A C:\Users\Henrik Lindholm\Downloads\R232274.exe

2012-06-07 17:04 - 2012-06-07 17:04 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk

2012-06-07 17:04 - 2012-06-07 17:04 - 00000824 ____A C:\Users\All Users\Desktop\CCleaner.lnk

2012-06-07 17:04 - 2012-06-07 17:04 - 00000000 ____D C:\Program Files\CCleaner

2012-06-07 17:03 - 2012-06-07 17:03 - 03862112 ____A (Piriform Ltd) C:\Users\Henrik Lindholm\Downloads\ccsetup319.exe

2012-06-06 14:06 - 2012-06-06 14:15 - 1519417223 ____A C:\Users\Henrik Lindholm\Downloads\LOLPBE.zip

2012-06-05 04:18 - 2012-06-05 04:18 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\ElevatedDiagnostics

2012-06-05 04:18 - 2012-06-05 04:18 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Application Data\ElevatedDiagnostics

2012-06-05 04:18 - 2012-06-05 04:18 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Local\ElevatedDiagnostics

2012-06-04 21:55 - 2012-06-04 21:55 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\LoL_Skin_Installer

2012-06-04 21:55 - 2012-06-04 21:55 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Application Data\LoL_Skin_Installer

2012-06-04 21:55 - 2012-06-04 21:55 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Local\LoL_Skin_Installer

2012-06-04 21:38 - 2012-06-04 21:38 - 00875251 ____A C:\Users\Henrik Lindholm\Downloads\Skin_Installer_Ultimate.zip

2012-06-04 21:28 - 2012-06-04 21:28 - 03915260 ____A C:\Users\Henrik Lindholm\Downloads\6980.zip

2012-06-04 14:11 - 2012-06-04 14:14 - 00000964 ____A C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job

2012-06-03 07:09 - 2012-06-03 07:09 - 00000012 ____A C:\Users\Henrik Lindholm\Downloads\FSSC.dat

2012-06-03 07:08 - 2012-06-05 14:05 - 00001870 ____A C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

2012-06-03 07:08 - 2012-06-05 14:05 - 00001870 ____A C:\Users\All Users\Desktop\Ad-Aware Antivirus.lnk

2012-06-03 07:08 - 2012-06-03 07:19 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus

2012-06-03 07:08 - 2012-06-03 07:12 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Application Data\adaware

2012-06-03 07:08 - 2012-06-03 07:12 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\adaware

2012-06-03 07:08 - 2012-06-03 07:12 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Local\adaware

2012-06-03 07:08 - 2011-12-19 12:21 - 00045936 ____A (GFI Software) C:\Windows\System32\sbbd.exe

2012-06-03 07:08 - 2011-12-19 11:44 - 00256632 ____A (GFI Software) C:\Windows\System32\Drivers\SbFw.sys

2012-06-03 07:08 - 2011-12-19 11:44 - 00060536 ____A (GFI Software) C:\Windows\System32\Drivers\sbhips.sys

2012-06-03 07:08 - 2011-09-29 11:16 - 00119416 ____A (GFI Software) C:\Windows\System32\Drivers\SbFwIm.sys

2012-06-03 07:07 - 2012-06-03 07:12 - 00000000 ____D C:\Users\Henrik Lindholm\Application Data\Ad-Aware Antivirus

2012-06-03 07:07 - 2012-06-03 07:12 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Roaming\Ad-Aware Antivirus

2012-06-03 07:06 - 2012-06-03 07:07 - 06236280 ____A (Lavasoft Limited) C:\Users\Henrik Lindholm\Downloads\Adaware_Installer.exe

2012-06-02 07:32 - 2012-06-02 07:32 - 00051661 ____A C:\Users\Henrik Lindholm\Downloads\DoubleknotExport07D79.pdf

2012-05-31 20:13 - 2012-05-31 20:14 - 72079841 ____A C:\Users\Henrik Lindholm\Downloads\Final Fantasy Tactics A2 - Grimoire of the Rift.zip

2012-05-30 14:22 - 2012-05-30 14:22 - 00000000 ____D C:\dell

2012-05-30 14:20 - 2012-05-30 14:21 - 41255256 ____A C:\Users\Henrik Lindholm\Downloads\R218985.exe

2012-05-30 05:50 - 2012-05-30 05:50 - 60805809 ____A C:\Users\Henrik Lindholm\Downloads\Pokemon - HeartGold.zip

2012-05-28 08:51 - 2012-05-28 08:51 - 00002016 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk

2012-05-28 08:51 - 2012-05-28 08:51 - 00002016 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk

2012-05-28 08:51 - 2012-05-28 08:51 - 00000000 ____D C:\Program Files (x86)\Adobe

2012-05-27 08:26 - 2012-05-27 08:26 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Downloaded Installations

2012-05-27 08:26 - 2012-05-27 08:26 - 00000000 ____D C:\Users\Henrik Lindholm\Local Settings\Application Data\Downloaded Installations

2012-05-27 08:26 - 2012-05-27 08:26 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Local\Downloaded Installations

2012-05-27 08:26 - 2010-05-22 00:39 - 00000900 ____A C:\Users\Public\Desktop\setup.iss

2012-05-27 08:26 - 2010-05-22 00:39 - 00000900 ____A C:\Users\All Users\Desktop\setup.iss

2012-05-27 08:26 - 2010-05-21 16:03 - 54359456 ____A (Alienware Corp. ) C:\Users\Public\Desktop\setup.exe

2012-05-27 08:26 - 2010-05-21 16:03 - 54359456 ____A (Alienware Corp. ) C:\Users\All Users\Desktop\setup.exe

2012-05-27 08:24 - 2012-05-27 08:25 - 53938856 ____A C:\Users\Henrik Lindholm\Downloads\R272621.exe

2012-05-27 07:55 - 2012-05-27 07:55 - 00000000 ____D C:\Users\Henrik Lindholm\Desktop\Emulator Stuff

2012-05-26 16:08 - 2012-05-26 16:10 - 111175112 ____A C:\Users\Henrik Lindholm\Downloads\5594.zip

2012-05-26 16:08 - 2012-05-26 16:08 - 00063348 ____A C:\Users\Henrik Lindholm\Downloads\Dicastia_AP_Patch_v0.2.zip

2012-05-26 15:45 - 2012-05-26 15:45 - 00051710 ____A C:\Users\Henrik Lindholm\Downloads\DoubleknotExportC9815.pdf

2012-05-26 13:12 - 2012-05-26 13:25 - 110780348 ____A C:\Users\Henrik Lindholm\Downloads\5585 - Pokemon - Black Version (DSi Enhanced)(USA) (E).zip

2012-05-26 13:09 - 2012-05-26 13:09 - 02196552 ____A C:\Users\Henrik Lindholm\Downloads\desmume-0.9.7-win32.zip

2012-05-25 05:52 - 2012-05-25 05:52 - 00071680 ____A C:\Users\Henrik Lindholm\Downloads\Calc_7_3.doc

2012-05-24 15:09 - 2012-05-24 15:09 - 01476337 ____A C:\Users\Henrik Lindholm\Downloads\LOLReplay-0.7.8.6.exe

2012-05-23 15:45 - 2012-05-23 15:45 - 00000000 ____D C:\Users\Henrik Lindholm\Application Data\LolClient2

2012-05-23 15:45 - 2012-05-23 15:45 - 00000000 ____D C:\Users\Henrik Lindholm\AppData\Roaming\LolClient2

2012-05-23 11:23 - 2012-05-23 11:23 - 00000000 ___HD C:\VritualRoot

2012-05-23 09:53 - 2012-05-23 09:53 - 00000000 ____D C:\Users\Henrik Lindholm\Desktop\Morrowind Stuff

2012-05-21 14:52 - 2012-05-21 14:52 - 00182272 ____A C:\Users\Henrik Lindholm\Downloads\Calc_7_2_1.doc

2012-05-21 14:52 - 2012-05-21 14:52 - 00050176 ____A C:\Users\Henrik Lindholm\Downloads\Calc_WS_7_2_1.doc

2012-05-18 16:35 - 2012-05-18 16:35 - 07937960 ____A C:\Users\Henrik Lindholm\Downloads\Gaias Retaliation v1.1L3.w3x

2012-05-18 16:35 - 2012-05-18 16:35 - 05254579 ____A C:\Users\Henrik Lindholm\Downloads\GoH RPG v1.30e protected.w3x

2012-05-18 16:30 - 2012-05-18 16:32 - 00000000 ____D C:\Program Files (x86)\Warcraft 3

2012-05-17 16:54 - 2012-05-17 16:54 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk

2012-05-17 16:54 - 2012-05-17 16:54 - 00001847 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk

2012-05-17 16:54 - 2012-05-17 16:54 - 00000000 ____D C:\Program Files (x86)\QuickTime

2012-05-15 05:48 - 2012-05-15 05:48 - 00079872 ____A C:\Users\Henrik Lindholm\Downloads\Calc_PT_5.doc

2012-05-15 05:48 - 2012-05-15 05:48 - 00040960 ____A C:\Users\Henrik Lindholm\Downloads\Calc_WS_5_6_4.doc

============ 3 Months Modified Files and Folders =============

2012-06-13 21:00 - 2012-06-13 21:00 - 00000000 ____D C:\FRST

2012-06-13 18:57 - 2012-06-12 10:32 - 01857206 ____A C:\Windows\ntbtlog.txt

2012-06-13 17:51 - 2009-07-14 00:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI

2012-06-13 16:10 - 2012-06-13 16:10 - 00002153 ____A C:\Users\Henrik Lindholm\Desktop\Fix - Instructions.txt

2012-06-13 14:14 - 2012-06-13 14:15 - 00014215 ____A C:\Users\Henrik Lindholm\Desktop\Anime Stub.png

2012-06-13 14:02 - 2012-02-02 20:56 - 00000000 ____D C:\Program Files (x86)\Steam

2012-06-13 11:20 - 2012-06-11 17:27 - 00001064 ____A C:\Windows\setupact.log

2012-06-12 20:45 - 2012-06-12 20:45 - 00288016 ____A C:\Windows\Minidump\061212-5881-01.dmp

2012-06-12 20:45 - 2012-06-12 11:03 - 1094923259 ____A C:\Windows\MEMORY.DMP

2012-06-12 20:45 - 2012-06-12 11:03 - 00000000 ____D C:\Windows\Minidump

2012-06-12 20:42 - 2012-04-20 14:32 - 00000478 ____A C:\Windows\Tasks\SystemToolsDailyTest.job

2012-06-12 20:42 - 2012-02-02 19:40 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks

2012-06-12 20:42 - 2012-02-02 19:40 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks

2012-06-12 20:42 - 2012-02-02 19:40 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks

2012-06-12 20:42 - 2012-02-02 19:40 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks

2012-06-12 20:42 - 2012-02-02 19:40 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks

2012-06-12 20:42 - 2012-02-02 19:40 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks

2012-06-12 20:42 - 2012-02-02 19:36 - 00000000 ____D C:\Program Files (x86)\AlienRespawn

2012-06-12 20:41 - 2012-02-09 16:28 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-06-12 20:41 - 2012-02-02 21:07 - 00000000 ____D C:\Users\All Users\NVIDIA

2012-06-12 20:41 - 2012-02-02 21:07 - 00000000 ____D C:\Users\All Users\Application Data\NVIDIA

2012-06-12 20:41 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-06-12 17:25 - 2012-06-08 05:13 - 00129702 ____A C:\Windows\WindowsUpdate.log

2012-06-12 15:18 - 2012-06-12 15:18 - 00288000 ____A C:\Windows\Minidump\061212-6052-01.dmp

2012-06-12 15:02 - 2012-06-12 10:31 - 00001936 ____A C:\Windows\PFRO.log

2012-06-12 13:43 - 2012-03-04 18:14 - 00000000 ____D C:\Users\All Users\InstallMate

2012-06-12 13:43 - 2012-03-04 18:14 - 00000000 ____D C:\Users\All Users\Application Data\InstallMate

2012-06-12 13:41 - 2012-06-12 13:41 - 00069939 ____A C:\Users\Henrik Lindholm\Downloads\Activate Sound in SafeMode (1).zip

2012-06-12 13:38 - 2012-06-12 13:38 - 00069939 ____A C:\Users\Henrik Lindholm\Downloads\Activate Sound in SafeMode.zip

2012-06-12 11:13 - 2012-06-12 11:13 - 00288016 ____A C:\Windows\Minidump\061212-20701-01.dmp

2012-06-12 11:08 - 2012-06-12 11:08 - 00288096 ____A C:\Windows\Minidump\061212-20888-01.dmp

2012-06-12 11:03 - 2012-06-12 11:03 - 00288096 ____A C:\Windows\Minidump\061212-20794-01.dmp

2012-06-12 10:56 - 2012-04-09 22:46 - 00000000 ____D C:\Program Files\PrivacySafeGuard