Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Frequent freezes/ crahses with blue screen and memory dump


(!)

sir_comp's Avatar
sir_comp sir_comp is offline
Member with 171 posts.
THREAD STARTER
 
Join Date: Mar 2004
27-Jun-2012, 07:54 PM #1
Frequent freezes/ crahses with blue screen and memory dump
Computer crashes and does a memory dump with blue screen often in windows 7 and then reboots when it reboots it goes through a scan disk. The scandisk freezes at about halfway though then reboots goes into windows after a time in windows it crashes again with a memory dump then reboots all over again.

Included is a hijack this log in hopes that maybe something can be found would hate to reload windows and everything.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:52:01 PM, on 6/27/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: CodecC - {0B68DEB9-952D-455B-BB5B-9E5F3DECE3FA} - C:\ProgramData\CodecC\bhoclass.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: CodecC - {F9BAC55F-43F2-4646-A67D-528B7DE7A847} - C:\ProgramData\CodecC\bhoclass.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10w_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Hawkes Update Notifier.lnk = C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Hawkes Unattended Updater (HawkesUpdater) - Unknown owner - C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 8164 bytes
Mark1956's Avatar
Malware Removal Specialist with 14,074 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
01-Jul-2012, 01:32 PM #2
Hi Sir_comp, my name is Mark and I will be helping you.

There is a bad BHO in the HJT log but I don't think it could be causing the BSOD's you are having.

We need to do a run with Malwarebytes and I would like to see a few of your crash dumps.


STEP 1
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Double click on the Malwarebytes icon on your desktop to launch the program
  • Under the Scanner tab, make sure the Perform Quick Scan option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click Show Results to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

Note: A 14-day trial of Malwarebytes Anti-Malware PRO is available as an option when first installing the free version so all users can test the real-time protection component for a period of two weeks. When the limited time period expires those features will be deactivated and locked. Enabling the Protection Module feature again requires registration and purchase of a license key that includes free lifetime upgrades and support. If you continue to use the free version, there is no requirement to buy a license...you can just use it as a stand-alone scanner.

NOTE: Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

STEP 2
First locate your minidump files, they are usually found by clicking on your C: drive, in Windows Explorer, then click on Windows to view the contents. NOTE: If your operating system is installed under a different drive letter then look there. They are stored in a folder called minidump. The files will have a .dmp extension.
Zip up at least 6 of the most recent files into one zip folder and save on your desktop (if there are less then just zip up what you have).

NOTE To zip up a file in Windows (all versions). Right-click the file or folder, click on Send To, and then click Compressed (zipped) Folder and save it to your desktop.
Open Windows Explorer, click on Desktop in the left column so you can see the zip file. In the left column click on C: > Windows > Minidump and then drag & drop any additional .dmp files into the zip folder.

  • Below the Message Box click on Go Advanced. Then scroll down until you see a button, Manage Attachments. Click on that and a new window opens.
  • Click on the Browse button, find the zip folder you made earlier and doubleclick on it.
  • Now click on the Upload button. Wait for the Upload to complete, it will appear just below the Browse box.
  • When done, click on the Close this window button at the bottom of the page.
  • Enter your message-text in the message box, then click on Submit Message/Reply.
sir_comp's Avatar
sir_comp sir_comp is offline
Member with 171 posts.
THREAD STARTER
 
Join Date: Mar 2004
02-Jul-2012, 12:41 AM #3
Ok here is the dmp files you needed
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Mark1956's Avatar
Malware Removal Specialist with 14,074 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
02-Jul-2012, 03:45 AM #4
There is quite a selection of different errors in those dump files which is quite common when the RAM has a fault so we first need to run a test on your memory.

Did you run Malwarebytes, I need to see the log.

Please follow these instructions to test the RAM, it is a very long test so please be patient and allow it to complete a full 8 passes before switching it off.

Please read all the instructions before starting.
IMPORTANT
Always disconnect your PC from the mains supply when removing Ram sticks and earth your hands to discharge any static electricity to avoid damage to sensitive components. If performing this test on a laptop PC you should also remove the battery before removing or replacing the RAM sticks.
Preliminary checks
For a new build: You should first check the model of RAM stick that you have on the manufacturers site for the recommended voltage setting and then make sure it is set correctly in the PC's Bios. An incorrect voltage setting may be the reason for your problems so test the PC's performance again if the voltage was incorrect.
For older PC's: Errors can also be caused by dirty contacts: Remove all the sticks and clean the contacts with a soft pencil eraser and blow out the slots with a can of compressed air.

If the error you are experiencing is frequent, or you are unable to boot the PC without a crash occuring, you could first try removing all but one of your RAM sticks. Then boot up the PC and see if the problem persists. If it does, shut down the PC and swap the sticks around and try again, repeat this untill all sticks have been tried. If the error only occurs with one particular stick then there is no need to continue with the tests simply get the stick replaced with an exact match. (Ask for guidance if required).

Download Memtest86+ from here
If you wish to run the test from a USB flash drive use this link Auto installer for USB key
When the download is complete right click the file and select Extract Here and burn the image to a CD.
In windows 7 right click the extracted file, select Open With, then select Windows Disc Image Burning Tool then follow the prompts.
For all other versions of windows (if you do not have an ISO burner) download this free software. ImgBurn
Install the program and start the application. Select the top left hand option to Write image file to disk and then on the next window click on the small yellow folder icon and browse to the ISO file you have downloaded. Then click on the two grey discs with the arrow in between (bottom left) and leave it to complete the operation.
Testing
  • Boot the PC into the Bios setup and set the CD/DVD drive to 1st in the boot sequence.
  • Insert the disk in the drive then reboot and the disc will load into dos.
  • Leave the test to run through at least 8 passes or until it is showing some errors.
  • If errors show in the test, stop the test and remove all but one of your RAM sticks then start the test again. Repeat the test on each stick until you find the one that is faulty.
NOTE: This is a long slow test and for convenience should ideally be run overnight.
The memtest will not be 100% accurate but should easily detect any major faults
sir_comp's Avatar
sir_comp sir_comp is offline
Member with 171 posts.
THREAD STARTER
 
Join Date: Mar 2004
02-Jul-2012, 08:13 AM #5
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.02.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Kevin :: KEVIN-PC [administrator]

7/2/2012 12:40:47 AM
mbam-log-2012-07-02 (00-40-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200520
Time elapsed: 9 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 15
HKCR\CLSID\{0B68DEB9-952D-455B-BB5B-9E5F3DECE3FA} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B68DEB9-952D-455B-BB5B-9E5F3DECE3FA} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044044435} (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055045535} (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.BHO.1 (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.BHO (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCU\Software\sistemanet (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 12
C:\ProgramData\CodecC\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
C:\Users\Kevin\AppData\Local\Temp\Addons\{05B46CB4-AAA3-0416-E6FD-E281DE574E42}\codecc_extension.exe (Trojan.LilyJade) -> Quarantined and deleted successfully.
C:\Users\Kevin\Downloads\Softonic-Downloader17558(1).exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.
C:\Users\Kevin\Downloads\Softonic-Downloader17558.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.
C:\Users\Kevin\Downloads\Codec-C(3).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Kevin\Downloads\Codec-C (1).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Kevin\Downloads\Codec-C(1).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Kevin\Downloads\Codec-C(2).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Kevin\Downloads\MPLSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Kevin\Downloads\Codec-C.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Kevin\Downloads\Codec-V (1).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Kevin\Downloads\Codec-V.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.

(end)
Mark1956's Avatar
Malware Removal Specialist with 14,074 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
02-Jul-2012, 09:44 AM #6
Malwarebytes found the bad BHO I mentioned earlier and a lot of related files. We will run some other checks once you have completed the test on your RAM. Just post back when you have the results.
sir_comp's Avatar
sir_comp sir_comp is offline
Member with 171 posts.
THREAD STARTER
 
Join Date: Mar 2004
03-Jul-2012, 05:24 PM #7
ran memtest for over 15 hours it cycled 18 times without any errors
Mark1956's Avatar
Malware Removal Specialist with 14,074 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
03-Jul-2012, 05:44 PM #8
Ok, looks like your RAM is ok. Are you seeing any more crashes since using Malwarebytes?
sir_comp's Avatar
sir_comp sir_comp is offline
Member with 171 posts.
THREAD STARTER
 
Join Date: Mar 2004
04-Jul-2012, 12:42 AM #9
hasn't noticed any yet but ran the memtest most of the day so gonna give it a couple days and see if anything happens
Mark1956's Avatar
Malware Removal Specialist with 14,074 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
04-Jul-2012, 04:38 AM #10
Ok, lets see if we can get the Disc Check to complete a scan and run an on-line Anti Virus scan just to be sure there are no other infections lurking in the system. The Eset scan can take several hours to complete so be prepared from a long wait.

Eset online scan instructions.

IMPORTANT ---> Please make sure you follow the instruction to uncheck the box next to Remove found threats. Eset will detect anything that looks even remotely suspicious, this can include legitimate program files. If you do not uncheck the box, as instructed, Eset will automatically remove all suspect files which could leave some of your software inoperative. If you make a mistake these files can be restored from quarantine, but it would be preferable not to add any extra work to the clean up of your system.
  • Disable your existing Anti Virus following these instructions.
  • Please go here to use the Eset Online Scanner.
  • When the web page opens click on this button
  • If you are not using Internet Explorer you will see a message box open asking you to to download the ESET Smart Installer, click on the link and allow it to download and then run it. Accept the Terms of use and click on Start. The required components will download.
  • If using Internet Explorer the Terms of use box will open immediately, accept it and click on Start.
  • After the download is complete the Computer scan settings window will open, IMPORTANT ----> uncheck the box next to Remove found threats and click on Start. The virus signature database will then download which may take some time depending on the speed of your internet connection. The scan will automatically start when the download is complete.
  • This is a very thorough scan and may take several hours to complete depending on how much data you have on your hard drive. Do not interrupt it, be patient and let it finish.
  • A Scan Results window will appear at the end of the scan. If it lists any number of Infected Files click on List of found threats. Click on Copy to clipboard, come back to this thread and right click on the message box. Select Paste and the report will appear, add any comments you have and post the reply.
  • Back on the Eset window, click the Back button and then click on Finish.
________________________________________________________________________
  • Disk Check
  • Click on Start then type cmd in the search box. A menu will pop up with cmd at the top, right click on it and select Run as Administrator. Another box will open, at the prompt type chkdsk /r and hit Enter. Note: you must include a space between the k and the /
  • You will then see the following message:
    chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)
  • Type Y for yes, and hit Enter. Then reboot the computer.
  • chkdsk will start when Windows begins loading again. Let all 5 phases run and don't use or turn off the computer. (The chkdsk process may take an hour or more to finish, if it appears to freeze this is normal so do not interrupt it. On drives above 500GB it can take several hours.)
  • When the Disk Check is done, it will finish loading Windows.
Then follow this guide to find the chkdsk log. NOTE: You need to do the search for wininit not chkdsk.
Windows 7 Disk Check log
Once the log is in view then click on Copy in the right hand pane and select "Copy details as text".
You can then right click on the message box on this forum and select Paste and the log will appear, add any further information asked for and then click on Submit/Post Quick Reply and your done.
sir_comp's Avatar
sir_comp sir_comp is offline
Member with 171 posts.
THREAD STARTER
 
Join Date: Mar 2004
05-Jul-2012, 02:12 PM #11
C:\Program Files\14 Degrees East\Klingon Academy\KA.ICD a variant of Win32/Kryptik.BGE trojan
C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application
C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application
C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll probably a variant of Win32/Toolbar.SearchSuite application
C:\ProgramData\musica19.mp3 Win32/Injector.SSQ trojan
C:\Users\All Users\musica19.mp3 Win32/Injector.SSQ trojan
C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9D7DPC3U\showthread[1].htm JS/Agent.NDR trojan
C:\Users\Kevin\AppData\Local\Temp\Addons\318A453A\babylon.exe Win32/Toolbar.Babylon application
C:\Users\Kevin\AppData\Local\Temp\ICReinstall\cnet2_WebUpdater_252_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\6dd8f5e6-3443f3f9 a variant of Win32/Kryptik.VKX trojan
C:\Users\Kevin\Downloads\cnet2_WebUpdater_252_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Kevin\Downloads\movie_player_1280.exe a variant of Win32/InstallIQ application
C:\Windows.old\Documents and Settings\All Users\Application Data\Documents\My Pictures\Sample Pictures\clippy\clippy.exe probably a variant of Win32/Agent.FWOEDNL trojan
C:\Windows.old\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\clippy\clippy.exe probably a variant of Win32/Agent.FWOEDNL trojan
C:\Windows.old\Documents and Settings\Owner\AppData\Local\obexoyenevudamum.dll a variant of Win32/Cimag.FT trojan
C:\Windows.old\Documents and Settings\Owner\AppData\Local\Application Data\obexoyenevudamum.dll a variant of Win32/Cimag.FT trojan
C:\Windows.old\Documents and Settings\Owner\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\npgvtl.dll probably a variant of Win32/Adware.Gamevance.BH application
C:\Windows.old\Documents and Settings\Owner\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FIS7W37G\27[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Documents and Settings\Owner\AppData\Local\Application Data\Temp\byyHHfoo.exe.part a variant of Win32/Adware.Gamevance.AJ application
C:\Windows.old\Documents and Settings\Owner\AppData\Local\Application Data\Temp\jar_cache7594213629337141464.tmp Win32/Adware.SystemSecurity application
C:\Windows.old\Documents and Settings\Owner\AppData\Local\Application Data\Temp\r9AjvsZx.exe.part a variant of Win32/Adware.Gamevance.AJ application
C:\Windows.old\Documents and Settings\Owner\AppData\Local\Application Data\Temp\ZSq5pQhs.exe.part a variant of Win32/Adware.Gamevance.AJ application
C:\Windows.old\Documents and Settings\Owner\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\FIS7W37G\27[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Documents and Settings\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\npgvtl.dll probably a variant of Win32/Adware.Gamevance.BH application
C:\Windows.old\Documents and Settings\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FIS7W37G\27[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Documents and Settings\Owner\AppData\Local\Temp\byyHHfoo.exe.part a variant of Win32/Adware.Gamevance.AJ application
C:\Windows.old\Documents and Settings\Owner\AppData\Local\Temp\jar_cache7594213629337141464.tmp Win32/Adware.SystemSecurity application
C:\Windows.old\Documents and Settings\Owner\AppData\Local\Temp\r9AjvsZx.exe.part a variant of Win32/Adware.Gamevance.AJ application
C:\Windows.old\Documents and Settings\Owner\AppData\Local\Temp\ZSq5pQhs.exe.part a variant of Win32/Adware.Gamevance.AJ application
C:\Windows.old\Documents and Settings\Owner\AppData\Local\Temporary Internet Files\Low\Content.IE5\FIS7W37G\27[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Documents and Settings\Owner\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@plpickle.com\components\pptlf.dll a variant of Win32/Adware.Gamevance.BQ application
C:\Windows.old\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@plpickle.com\components\pptlf.dll a variant of Win32/Adware.Gamevance.BQ application
C:\Windows.old\Documents and Settings\Owner\Documents\LimeWire\Saved\must increase bust.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Windows.old\Documents and Settings\Owner\Documents\My Music\mp3\midnight star weird al.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Windows.old\Documents and Settings\Owner\Documents\My Music\mp3\Ventures_ - Soundtracks - Star Trek movie.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Windows.old\Documents and Settings\Owner\Downloads\QuizulousSearchToolbar02.exe Win32/Toolbar.Zugo application
C:\Windows.old\Documents and Settings\Owner\Local Settings\obexoyenevudamum.dll a variant of Win32/Cimag.FT trojan
C:\Windows.old\Documents and Settings\Owner\Local Settings\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\npgvtl.dll probably a variant of Win32/Adware.Gamevance.BH application
C:\Windows.old\Documents and Settings\Owner\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FIS7W37G\27[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Documents and Settings\Owner\Local Settings\Temp\byyHHfoo.exe.part a variant of Win32/Adware.Gamevance.AJ application
C:\Windows.old\Documents and Settings\Owner\Local Settings\Temp\jar_cache7594213629337141464.tmp Win32/Adware.SystemSecurity application
C:\Windows.old\Documents and Settings\Owner\Local Settings\Temp\r9AjvsZx.exe.part a variant of Win32/Adware.Gamevance.AJ application
C:\Windows.old\Documents and Settings\Owner\Local Settings\Temp\ZSq5pQhs.exe.part a variant of Win32/Adware.Gamevance.AJ application
C:\Windows.old\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Low\Content.IE5\FIS7W37G\27[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Documents and Settings\Owner\Music\mp3\midnight star weird al.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Windows.old\Documents and Settings\Owner\Music\mp3\Ventures_ - Soundtracks - Star Trek movie.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Windows.old\Documents and Settings\Owner\My Documents\LimeWire\Saved\must increase bust.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Windows.old\Documents and Settings\Owner\My Documents\My Music\mp3\midnight star weird al.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Windows.old\Documents and Settings\Owner\My Documents\My Music\mp3\Ventures_ - Soundtracks - Star Trek movie.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Windows.old\Documents and Settings\Public\Documents\My Pictures\Sample Pictures\clippy\clippy.exe probably a variant of Win32/Agent.FWOEDNL trojan
C:\Windows.old\Documents and Settings\Public\Pictures\Sample Pictures\clippy\clippy.exe probably a variant of Win32/Agent.FWOEDNL trojan
C:\Windows.old\Program Files\Play Pickle\playpickle32.exe a variant of Win32/Adware.Gamevance.AR application
C:\Windows.old\Program Files\Play Pickle\playpicklelib32.dll a variant of Win32/Adware.Gamevance.BQ application
C:\Windows.old\Program Files\Play Pickle\pptl.dll a variant of Win32/Adware.Gamevance.BE application
C:\Windows.old\Program Files\Play Pickle\ppun.exe a variant of Win32/Adware.Gamevance.AR application
C:\Windows.old\ProgramData\Documents\My Pictures\Sample Pictures\clippy\clippy.exe probably a variant of Win32/Agent.FWOEDNL trojan
C:\Windows.old\Users\All Users\Application Data\Documents\My Pictures\Sample Pictures\clippy\clippy.exe probably a variant of Win32/Agent.FWOEDNL trojan
C:\Windows.old\Users\All Users\Documents\My Pictures\Sample Pictures\clippy\clippy.exe probably a variant of Win32/Agent.FWOEDNL trojan
C:\Windows.old\Users\Owner\AppData\Local\obexoyenevudamum.dll a variant of Win32/Cimag.FT trojan
C:\Windows.old\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\npgvtl.dll probably a variant of Win32/Adware.Gamevance.BH application
C:\Windows.old\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FIS7W37G\27[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Users\Owner\AppData\Local\Temp\byyHHfoo.exe.part a variant of Win32/Adware.Gamevance.AJ application
C:\Windows.old\Users\Owner\AppData\Local\Temp\jar_cache7594213629337141464. tmp Win32/Adware.SystemSecurity application
C:\Windows.old\Users\Owner\AppData\Local\Temp\r9AjvsZx.exe.part a variant of Win32/Adware.Gamevance.AJ application
C:\Windows.old\Users\Owner\AppData\Local\Temp\ZSq5pQhs.exe.part a variant of Win32/Adware.Gamevance.AJ application
C:\Windows.old\Users\Owner\AppData\Local\Temporary Internet Files\Low\Content.IE5\FIS7W37G\27[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Users\Owner\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@plpickle.com\components\pptlf.dll a variant of Win32/Adware.Gamevance.BQ application
C:\Windows.old\Users\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@plpickle.com\components\pptlf.dll a variant of Win32/Adware.Gamevance.BQ application
C:\Windows.old\Users\Owner\Documents\LimeWire\Saved\must increase bust.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Windows.old\Users\Owner\Documents\My Music\mp3\midnight star weird al.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Windows.old\Users\Owner\Documents\My Music\mp3\Ventures_ - Soundtracks - Star Trek movie.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Windows.old\Users\Owner\Downloads\QuizulousSearchToolbar02.exe Win32/Toolbar.Zugo application
C:\Windows.old\Users\Owner\Local Settings\obexoyenevudamum.dll a variant of Win32/Cimag.FT trojan
C:\Windows.old\Users\Owner\Local Settings\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\npgvtl.dll probably a variant of Win32/Adware.Gamevance.BH application
C:\Windows.old\Users\Owner\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FIS7W37G\27[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Users\Owner\Local Settings\Temp\byyHHfoo.exe.part a variant of Win32/Adware.Gamevance.AJ application
C:\Windows.old\Users\Owner\Local Settings\Temp\jar_cache7594213629337141464.tmp Win32/Adware.SystemSecurity application
C:\Windows.old\Users\Owner\Local Settings\Temp\r9AjvsZx.exe.part a variant of Win32/Adware.Gamevance.AJ application
C:\Windows.old\Users\Owner\Local Settings\Temp\ZSq5pQhs.exe.part a variant of Win32/Adware.Gamevance.AJ application
C:\Windows.old\Users\Owner\Local Settings\Temporary Internet Files\Low\Content.IE5\FIS7W37G\27[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Users\Owner\Music\mp3\midnight star weird al.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Windows.old\Users\Owner\Music\mp3\Ventures_ - Soundtracks - Star Trek movie.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Windows.old\Users\Owner\My Documents\LimeWire\Saved\must increase bust.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Windows.old\Users\Owner\My Documents\My Music\mp3\midnight star weird al.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Windows.old\Users\Owner\My Documents\My Music\mp3\Ventures_ - Soundtracks - Star Trek movie.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Windows.old\Users\Public\Documents\My Pictures\Sample Pictures\clippy\clippy.exe probably a variant of Win32/Agent.FWOEDNL trojan
C:\Windows.old\Users\Public\Pictures\Sample Pictures\clippy\clippy.exe probably a variant of Win32/Agent.FWOEDNL trojan
Mark1956's Avatar
Malware Removal Specialist with 14,074 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
05-Jul-2012, 05:22 PM #12
Ok, and the Disk Check log?


The Eset scan has detected quite a lot of bad files in C:\Windows.old. This folder would have been created during a re-install, it is a back up of all your old files from a previous installation which includes a good number of Adware and Trojan infections. To avoid any possibility of reinfecting the PC I would suggest deleting the entire folder.

Please use Windows Explorer and navigate to C:\Windows.old, right click on the folder and select Delete. If you do wish to save any of its contents be aware that it may be infected. I would suggest anything you do need to save you burn to CD's or DVD's prior to deleting it.

Now onto the other detections.

This appears to be a game, if it is a legal copy then you can ignore it, if you downloaded it from a file sharing site I would recommend you uninstall it, then navigate to C:\Program Files and delete the folder 14 Degrees East if it still exists.

C:\Program Files\14 Degrees East\Klingon Academy\KA.ICD a variant of Win32/Kryptik.BGE trojan

These are related to file sharing programs the use of which is one of the best ways to get your PC infected.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application
C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application
C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll probably a variant of Win32/Toolbar.SearchSuite application
C:\ProgramData\musica19.mp3 Win32/Injector.SSQ trojan
C:\Users\All Users\musica19.mp3 Win32/Injector.SSQ trojan

I would recommend you uninstall iMesh Applications and Musica19.mp3. Then navigate to:
C:\Program Files and delete the folder iMesh Applications
C:\ProgramData and delete the folder musica19.mp3
C:\Users\All Users and delete the folder musica19.mp3

These are all in Temporary folders:
C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9D7DPC3U\showthread[1].htm JS/Agent.NDR trojan
C:\Users\Kevin\AppData\Local\Temp\Addons\318A453A\babylon.exe Win32/Toolbar.Babylon application
C:\Users\Kevin\AppData\Local\Temp\ICReinstall\cnet2_WebUpdater_252_exe.exe a variant of Win32/InstallCore.D application

Please run this program which will clean out all the temp folders on the system:
Download Temporary file cleaner and save it to the desktop.
Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select Run as Administrator.
When the window opens click on Start. It will close all running programs and clear the desktop icons.
When complete you will be asked to reboot, accept the request and your PC will reboot automatically.

This is a detection in your Java cache:
C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\6dd8f5e6-3443f3f9 a variant of Win32/Kryptik.VKX trojan
Follow this guide: How to clear the Java cache

These detections are in your downloads folder, navigate to it and delete the folders in red.
C:\Users\Kevin\Downloads\cnet2_WebUpdater_252_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Kevin\Downloads\movie_player_1280.exe a variant of Win32/InstallIQ application

Once you have got through all that please tell me of any problems you have had with any of the deletions and post the Disk Check log.


I would also like you to run this scan and post both the logs as requested.

We need to see some additional information about what is happening in your machine.
Please download DDS by sUBs from one of the following links and save it to your desktop.`
DDS is a specialized tool that produces a Psuedo HijackThis Report (a scaled down and simplified version of 'HJT lines') that provides the same + more information in a condensed format.NOTE If your Anti Virus attempts to block the download please disable it following the instructions at the end of this guide.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • When done, DDS will open two (2) logs.
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instruction here asks you to attach the Attach.txt.
  • Instead of attaching, please copy & paste both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE
sir_comp's Avatar
sir_comp sir_comp is offline
Member with 171 posts.
THREAD STARTER
 
Join Date: Mar 2004
05-Jul-2012, 10:30 PM #13
Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 7/5/2012 5:00:47 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Kevin-PC
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is HP.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
510976 file records processed.

File verification completed.
1673 large file records processed.

0 bad file records processed.

2 EA records processed.

106 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
629266 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
510976 file SDs/SIDs processed.

Cleaning up 33 unused index entries from index $SII of file 0x9.
Cleaning up 33 unused index entries from index $SDH of file 0x9.
Cleaning up 33 unused security descriptors.
Security descriptor verification completed.
59146 data files processed.

CHKDSK is verifying Usn Journal...
36504600 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Read failure with status 0xc0000185 at offset 0xae24000 for 0x10000 bytes.
Read failure with status 0xc0000185 at offset 0xae28000 for 0x1000 bytes.
Windows replaced bad clusters in file 213731
of name \Users\Kevin\AppData\Roaming\MICROS~1\Windows\Cookies\Low\index.dat.
510960 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
36993407 free clusters processed.

Free space verification is complete.
Adding 1 bad clusters to the Bad Clusters File.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

478696805 KB total disk space.
329877312 KB in 308654 files.
217320 KB in 59147 indexes.
4 KB in bad sectors.
628541 KB in use by the system.
65536 KB occupied by the log file.
147973628 KB available on disk.

4096 bytes in each allocation unit.
119674201 total allocation units on disk.
36993407 allocation units available on disk.

Internal Info:
00 cc 07 00 c3 9c 05 00 58 d5 09 00 00 00 00 00 ........X.......
1b fe 00 00 6a 00 00 00 00 00 00 00 00 00 00 00 ....j...........
48 8d 2c 00 50 01 2b 00 68 1a 2b 00 00 00 2b 00 H.,.P.+.h.+...+.

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-07-05T21:00:47.000000000Z" />
<EventRecordID>17910</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Kevin-PC</Computer>
<Security />
</System>
<EventData>
<Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is HP.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
510976 file records processed.

File verification completed.
1673 large file records processed.

0 bad file records processed.

2 EA records processed.

106 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
629266 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
510976 file SDs/SIDs processed.

Cleaning up 33 unused index entries from index $SII of file 0x9.
Cleaning up 33 unused index entries from index $SDH of file 0x9.
Cleaning up 33 unused security descriptors.
Security descriptor verification completed.
59146 data files processed.

CHKDSK is verifying Usn Journal...
36504600 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Read failure with status 0xc0000185 at offset 0xae24000 for 0x10000 bytes.
Read failure with status 0xc0000185 at offset 0xae28000 for 0x1000 bytes.
Windows replaced bad clusters in file 213731
of name \Users\Kevin\AppData\Roaming\MICROS~1\Windows\Cookies\Low\index.dat.
510960 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
36993407 free clusters processed.

Free space verification is complete.
Adding 1 bad clusters to the Bad Clusters File.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

478696805 KB total disk space.
329877312 KB in 308654 files.
217320 KB in 59147 indexes.
4 KB in bad sectors.
628541 KB in use by the system.
65536 KB occupied by the log file.
147973628 KB available on disk.

4096 bytes in each allocation unit.
119674201 total allocation units on disk.
36993407 allocation units available on disk.

Internal Info:
00 cc 07 00 c3 9c 05 00 58 d5 09 00 00 00 00 00 ........X.......
1b fe 00 00 6a 00 00 00 00 00 00 00 00 00 00 00 ....j...........
48 8d 2c 00 50 01 2b 00 68 1a 2b 00 00 00 2b 00 H.,.P.+.h.+...+.

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>
sir_comp's Avatar
sir_comp sir_comp is offline
Member with 171 posts.
THREAD STARTER
 
Join Date: Mar 2004
05-Jul-2012, 10:32 PM #14
I am not so worried about the windows old it was an upgrade from windows vista to 7
Klingon academy is a legit game I own and Imesh was removed sometime ago not sure why it is still there
sir_comp's Avatar
sir_comp sir_comp is offline
Member with 171 posts.
THREAD STARTER
 
Join Date: Mar 2004
05-Jul-2012, 10:32 PM #15
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Kevin at 22:30:29 on 2012-07-05
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3062.1779 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe
C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~1\imesha~1\mediabar\datamngr\toolbar\imeshdtxmltbpi.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\progra~1\imesha~1\mediabar\datamngr\IEBHO.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: CodecC Class: {f9bac55f-43f2-4646-a67d-528b7de7a847} - c:\programdata\codecc\bhoclass.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~1\imesha~1\mediabar\datamngr\toolbar\imeshdtxmltbpi.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hawkes~1.lnk - c:\program files\hawkes learning systems\hawkes update service manager\HawkesUpdater.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
TCP: Interfaces\{3915043D-4FBF-44AD-9F19-20091E3C85C1} : DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\imesha~1\mediabar\datamngr\datamngr.dll c:\progra~1\imesha~1\mediabar\datamngr\IEBHO.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kevin\appdata\roaming\mozilla\firefox\profiles\6xi467tw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://forecast.weather.gov/MapClick.php?CityName=Rockaway&state=NJ&site=PHI&lat=40.8969&lon=-74.5148
FF - prefs.js: keyword.URL - hxxp://search.imesh.com//web?src=ffb&appid=203&systemid=1&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\kevin\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 HawkesUpdater;Hawkes Unattended Updater;c:\program files\hawkes learning systems\hawkes update service manager\srvany.exe [2011-7-25 8192]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-28 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-10 4640000]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-13 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-11 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-11 136176]
S4 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\stumbleupon\StumbleUponUpdateService.exe [2011-4-14 103336]
.
=============== Created Last 30 ================
.
2012-07-05 02:35:56 -------- d-----w- c:\program files\ESET
2012-07-03 01:18:40 89184 ------w- c:\windows\system32\drivers\imagedrv.sys
2012-07-03 01:18:40 57344 ------w- c:\windows\system32\ImageDrive.cpl
2012-07-03 01:17:29 38912 ----a-r- c:\windows\system32\picn20.dll
2012-07-03 01:17:17 544768 ----a-r- c:\windows\system32\imagx5.dll
2012-07-03 01:17:16 569344 ----a-r- c:\windows\system32\imagr5.dll
2012-07-03 01:17:15 283920 ----a-r- c:\windows\system32\ImagXpr5.dll
2012-07-03 01:17:08 155648 ----a-r- c:\windows\system32\NeroCheck.exe
2012-07-02 04:34:11 -------- d-----w- c:\users\kevin\appdata\roaming\Malwarebytes
2012-07-02 04:32:31 -------- d-----w- c:\programdata\Malwarebytes
2012-07-02 04:32:30 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-02 04:32:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-28 16:30:05 -------- d-sh--w- C:\found.000
2012-06-27 23:50:33 388096 ----a-r- c:\users\kevin\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-06-27 23:50:33 -------- d-----w- c:\program files\Trend Micro
2012-06-21 04:58:51 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 04:58:22 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 04:58:15 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 04:58:15 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-20 12:21:18 459610 ----a-w- c:\programdata\musica19.mp3
2012-06-19 05:22:42 -------- d-sh--w- c:\programdata\UvtoNqicCnBpFmT
2012-06-13 01:58:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 01:56:33 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 01:56:32 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 01:56:30 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 01:56:30 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 01:56:30 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 01:56:28 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 01:56:22 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 01:56:22 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 01:56:22 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-08 02:23:04 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-08 02:23:04 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-06-05 03:18:26 29135287 ----a-w- c:\programdata\LM7RQOZ4.lnk
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-01 15:58:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 22:31:14.64 ===============
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑