1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Frequent freezes/ crahses with blue screen and memory dump

Discussion in 'Virus & Other Malware Removal' started by sir_comp, Jun 27, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. sir_comp

    sir_comp Thread Starter

    Joined:
    Mar 31, 2004
    Messages:
    171
    Computer crashes and does a memory dump with blue screen often in windows 7 and then reboots when it reboots it goes through a scan disk. The scandisk freezes at about halfway though then reboots goes into windows after a time in windows it crashes again with a memory dump then reboots all over again.

    Included is a hijack this log in hopes that maybe something can be found would hate to reload windows and everything.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:52:01 PM, on 6/27/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16446)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: CodecC - {0B68DEB9-952D-455B-BB5B-9E5F3DECE3FA} - C:\ProgramData\CodecC\bhoclass.dll
    O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
    O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
    O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: CodecC - {F9BAC55F-43F2-4646-A67D-528B7DE7A847} - C:\ProgramData\CodecC\bhoclass.dll
    O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
    O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
    O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10w_Plugin.exe -update plugin
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: Hawkes Update Notifier.lnk = C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Hawkes Unattended Updater (HawkesUpdater) - Unknown owner - C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    --
    End of file - 8164 bytes
     
  2. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Hi Sir_comp, my name is Mark and I will be helping you.

    There is a bad BHO in the HJT log but I don't think it could be causing the BSOD's you are having.

    We need to do a run with Malwarebytes and I would like to see a few of your crash dumps.


    STEP 1
    Please download Malwarebytes Anti-Malware [​IMG] and save it to your desktop.
    • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
    • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
    • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
    • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
    Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • Double click on the Malwarebytes icon on your desktop to launch the program
    • Under the Scanner tab, make sure the Perform Quick Scan option is selected.
    • Click on the Scan button.
    • When finished, a message box will say "The scan completed successfully. Click Show Results to display all objects found".
    • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.
    If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    Note: A 14-day trial of Malwarebytes Anti-Malware PRO is available as an option when first installing the free version so all users can test the real-time protection component for a period of two weeks. When the limited time period expires those features will be deactivated and locked. Enabling the Protection Module feature again requires registration and purchase of a license key that includes free lifetime upgrades and support. If you continue to use the free version, there is no requirement to buy a license...you can just use it as a stand-alone scanner.

    NOTE: Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

    STEP 2
    First locate your minidump files, they are usually found by clicking on your C: drive, in Windows Explorer, then click on Windows to view the contents. NOTE: If your operating system is installed under a different drive letter then look there. They are stored in a folder called minidump. The files will have a .dmp extension.
    Zip up at least 6 of the most recent files into one zip folder and save on your desktop (if there are less then just zip up what you have).

    NOTE To zip up a file in Windows (all versions). Right-click the file or folder, click on Send To, and then click Compressed (zipped) Folder and save it to your desktop.
    Open Windows Explorer, click on Desktop in the left column so you can see the zip file. In the left column click on C: > Windows > Minidump and then drag & drop any additional .dmp files into the zip folder.


    • Below the Message Box click on Go Advanced. Then scroll down until you see a button, Manage Attachments. Click on that and a new window opens.
    • Click on the Browse button, find the zip folder you made earlier and doubleclick on it.
    • Now click on the Upload button. Wait for the Upload to complete, it will appear just below the Browse box.
    • When done, click on the Close this window button at the bottom of the page.
    • Enter your message-text in the message box, then click on Submit Message/Reply.
     
  3. sir_comp

    sir_comp Thread Starter

    Joined:
    Mar 31, 2004
    Messages:
    171
    Ok here is the dmp files you needed
     

    Attached Files:

  4. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    There is quite a selection of different errors in those dump files which is quite common when the RAM has a fault so we first need to run a test on your memory.

    Did you run Malwarebytes, I need to see the log.

    Please follow these instructions to test the RAM, it is a very long test so please be patient and allow it to complete a full 8 passes before switching it off.

    Please read all the instructions before starting.
    IMPORTANT
    Always disconnect your PC from the mains supply when removing Ram sticks and earth your hands to discharge any static electricity to avoid damage to sensitive components. If performing this test on a laptop PC you should also remove the battery before removing or replacing the RAM sticks.
    Preliminary checks
    For a new build: You should first check the model of RAM stick that you have on the manufacturers site for the recommended voltage setting and then make sure it is set correctly in the PC's Bios. An incorrect voltage setting may be the reason for your problems so test the PC's performance again if the voltage was incorrect.
    For older PC's: Errors can also be caused by dirty contacts: Remove all the sticks and clean the contacts with a soft pencil eraser and blow out the slots with a can of compressed air.

    If the error you are experiencing is frequent, or you are unable to boot the PC without a crash occuring, you could first try removing all but one of your RAM sticks. Then boot up the PC and see if the problem persists. If it does, shut down the PC and swap the sticks around and try again, repeat this untill all sticks have been tried. If the error only occurs with one particular stick then there is no need to continue with the tests simply get the stick replaced with an exact match. (Ask for guidance if required).

    Download Memtest86+ from here
    If you wish to run the test from a USB flash drive use this link Auto installer for USB key
    When the download is complete right click the file and select Extract Here and burn the image to a CD.
    In windows 7 right click the extracted file, select Open With, then select Windows Disc Image Burning Tool then follow the prompts.
    For all other versions of windows (if you do not have an ISO burner) download this free software. ImgBurn
    Install the program and start the application. Select the top left hand option to Write image file to disk and then on the next window click on the small yellow folder icon and browse to the ISO file you have downloaded. Then click on the two grey discs with the arrow in between (bottom left) and leave it to complete the operation.
    Testing
    • Boot the PC into the Bios setup and set the CD/DVD drive to 1st in the boot sequence.
    • Insert the disk in the drive then reboot and the disc will load into dos.
    • Leave the test to run through at least 8 passes or until it is showing some errors.
    • If errors show in the test, stop the test and remove all but one of your RAM sticks then start the test again. Repeat the test on each stick until you find the one that is faulty.
    NOTE: This is a long slow test and for convenience should ideally be run overnight.
    The memtest will not be 100% accurate but should easily detect any major faults
     
  5. sir_comp

    sir_comp Thread Starter

    Joined:
    Mar 31, 2004
    Messages:
    171
    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.02.01

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Kevin :: KEVIN-PC [administrator]

    7/2/2012 12:40:47 AM
    mbam-log-2012-07-02 (00-40-47).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 200520
    Time elapsed: 9 minute(s), 40 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 15
    HKCR\CLSID\{0B68DEB9-952D-455B-BB5B-9E5F3DECE3FA} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B68DEB9-952D-455B-BB5B-9E5F3DECE3FA} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKCR\CLSID\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{44444444-4444-4444-4444-440044044435} (PUP.Codec.PR) -> Quarantined and deleted successfully.
    HKCR\Interface\{55555555-5555-5555-5555-550055045535} (PUP.Codec.PR) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0000435.BHO.1 (PUP.Codec.PR) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0000435.BHO (PUP.Codec.PR) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0000435.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0000435.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0000435.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0000435.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
    HKCU\Software\sistemanet (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 12
    C:\ProgramData\CodecC\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    C:\Users\Kevin\AppData\Local\Temp\Addons\{05B46CB4-AAA3-0416-E6FD-E281DE574E42}\codecc_extension.exe (Trojan.LilyJade) -> Quarantined and deleted successfully.
    C:\Users\Kevin\Downloads\Softonic-Downloader17558(1).exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.
    C:\Users\Kevin\Downloads\Softonic-Downloader17558.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.
    C:\Users\Kevin\Downloads\Codec-C(3).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
    C:\Users\Kevin\Downloads\Codec-C (1).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
    C:\Users\Kevin\Downloads\Codec-C(1).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
    C:\Users\Kevin\Downloads\Codec-C(2).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
    C:\Users\Kevin\Downloads\MPLSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Users\Kevin\Downloads\Codec-C.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
    C:\Users\Kevin\Downloads\Codec-V (1).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
    C:\Users\Kevin\Downloads\Codec-V.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.

    (end)
     
  6. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Malwarebytes found the bad BHO I mentioned earlier and a lot of related files. We will run some other checks once you have completed the test on your RAM. Just post back when you have the results.
     
  7. sir_comp

    sir_comp Thread Starter

    Joined:
    Mar 31, 2004
    Messages:
    171
    ran memtest for over 15 hours it cycled 18 times without any errors
     
  8. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Ok, looks like your RAM is ok. Are you seeing any more crashes since using Malwarebytes?
     
  9. sir_comp

    sir_comp Thread Starter

    Joined:
    Mar 31, 2004
    Messages:
    171
    hasn't noticed any yet but ran the memtest most of the day so gonna give it a couple days and see if anything happens
     
  10. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Ok, lets see if we can get the Disc Check to complete a scan and run an on-line Anti Virus scan just to be sure there are no other infections lurking in the system. The Eset scan can take several hours to complete so be prepared from a long wait.

    Eset online scan instructions.

    IMPORTANT ---> Please make sure you follow the instruction to uncheck the box next to Remove found threats. Eset will detect anything that looks even remotely suspicious, this can include legitimate program files. If you do not uncheck the box, as instructed, Eset will automatically remove all suspect files which could leave some of your software inoperative. If you make a mistake these files can be restored from quarantine, but it would be preferable not to add any extra work to the clean up of your system.
    • Disable your existing Anti Virus following these instructions.
    • Please go here to use the Eset Online Scanner.
    • When the web page opens click on this button [​IMG]
    • If you are not using Internet Explorer you will see a message box open asking you to to download the ESET Smart Installer, click on the link and allow it to download and then run it. Accept the Terms of use and click on Start. The required components will download.
    • If using Internet Explorer the Terms of use box will open immediately, accept it and click on Start.
    • After the download is complete the Computer scan settings window will open, IMPORTANT ----> uncheck the box next to Remove found threats and click on Start. The virus signature database will then download which may take some time depending on the speed of your internet connection. The scan will automatically start when the download is complete.
    • This is a very thorough scan and may take several hours to complete depending on how much data you have on your hard drive. Do not interrupt it, be patient and let it finish.
    • A Scan Results window will appear at the end of the scan. If it lists any number of Infected Files click on List of found threats. Click on Copy to clipboard, come back to this thread and right click on the message box. Select Paste and the report will appear, add any comments you have and post the reply.
    • Back on the Eset window, click the Back button and then click on Finish.
    ________________________________________________________________________

    • Disk Check
    • Click on Start then type cmd in the search box. A menu will pop up with cmd at the top, right click on it and select Run as Administrator. Another box will open, at the prompt type chkdsk /r and hit Enter. Note: you must include a space between the k and the /
    • You will then see the following message:
      chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)
    • Type Y for yes, and hit Enter. Then reboot the computer.
    • chkdsk will start when Windows begins loading again. Let all 5 phases run and don't use or turn off the computer. (The chkdsk process may take an hour or more to finish, if it appears to freeze this is normal so do not interrupt it. On drives above 500GB it can take several hours.)
    • When the Disk Check is done, it will finish loading Windows.
    Then follow this guide to find the chkdsk log. NOTE: You need to do the search for wininit not chkdsk.
    Windows 7 Disk Check log
    Once the log is in view then click on Copy in the right hand pane and select "Copy details as text".
    You can then right click on the message box on this forum and select Paste and the log will appear, add any further information asked for and then click on Submit/Post Quick Reply and your done.
     
  11. sir_comp

    sir_comp Thread Starter

    Joined:
    Mar 31, 2004
    Messages:
    171
    C:\Program Files\14 Degrees East\Klingon Academy\KA.ICD a variant of Win32/Kryptik.BGE trojan
    C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application
    C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application
    C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll probably a variant of Win32/Toolbar.SearchSuite application
    C:\ProgramData\musica19.mp3 Win32/Injector.SSQ trojan
    C:\Users\All Users\musica19.mp3 Win32/Injector.SSQ trojan
    C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9D7DPC3U\showthread[1].htm JS/Agent.NDR trojan
    C:\Users\Kevin\AppData\Local\Temp\Addons\318A453A\babylon.exe Win32/Toolbar.Babylon application
    C:\Users\Kevin\AppData\Local\Temp\ICReinstall\cnet2_WebUpdater_252_exe.exe a variant of Win32/InstallCore.D application
    C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\6dd8f5e6-3443f3f9 a variant of Win32/Kryptik.VKX trojan
    C:\Users\Kevin\Downloads\cnet2_WebUpdater_252_exe.exe a variant of Win32/InstallCore.D application
    C:\Users\Kevin\Downloads\movie_player_1280.exe a variant of Win32/InstallIQ application
    C:\Windows.old\Documents and Settings\All Users\Application Data\Documents\My Pictures\Sample Pictures\clippy\clippy.exe probably a variant of Win32/Agent.FWOEDNL trojan
    C:\Windows.old\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\clippy\clippy.exe probably a variant of Win32/Agent.FWOEDNL trojan
    C:\Windows.old\Documents and Settings\Owner\AppData\Local\obexoyenevudamum.dll a variant of Win32/Cimag.FT trojan
    C:\Windows.old\Documents and Settings\Owner\AppData\Local\Application Data\obexoyenevudamum.dll a variant of Win32/Cimag.FT trojan
    C:\Windows.old\Documents and Settings\Owner\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\npgvtl.dll probably a variant of Win32/Adware.Gamevance.BH application
    C:\Windows.old\Documents and Settings\Owner\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FIS7W37G\27[1].htm HTML/Iframe.B.Gen virus
    C:\Windows.old\Documents and Settings\Owner\AppData\Local\Application Data\Temp\byyHHfoo.exe.part a variant of Win32/Adware.Gamevance.AJ application
    C:\Windows.old\Documents and Settings\Owner\AppData\Local\Application Data\Temp\jar_cache7594213629337141464.tmp Win32/Adware.SystemSecurity application
    C:\Windows.old\Documents and Settings\Owner\AppData\Local\Application Data\Temp\r9AjvsZx.exe.part a variant of Win32/Adware.Gamevance.AJ application
    C:\Windows.old\Documents and Settings\Owner\AppData\Local\Application Data\Temp\ZSq5pQhs.exe.part a variant of Win32/Adware.Gamevance.AJ application
    C:\Windows.old\Documents and Settings\Owner\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\FIS7W37G\27[1].htm HTML/Iframe.B.Gen virus
    C:\Windows.old\Documents and Settings\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\npgvtl.dll probably a variant of Win32/Adware.Gamevance.BH application
    C:\Windows.old\Documents and Settings\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FIS7W37G\27[1].htm HTML/Iframe.B.Gen virus
    C:\Windows.old\Documents and Settings\Owner\AppData\Local\Temp\byyHHfoo.exe.part a variant of Win32/Adware.Gamevance.AJ application
    C:\Windows.old\Documents and Settings\Owner\AppData\Local\Temp\jar_cache7594213629337141464.tmp Win32/Adware.SystemSecurity application
    C:\Windows.old\Documents and Settings\Owner\AppData\Local\Temp\r9AjvsZx.exe.part a variant of Win32/Adware.Gamevance.AJ application
    C:\Windows.old\Documents and Settings\Owner\AppData\Local\Temp\ZSq5pQhs.exe.part a variant of Win32/Adware.Gamevance.AJ application
    C:\Windows.old\Documents and Settings\Owner\AppData\Local\Temporary Internet Files\Low\Content.IE5\FIS7W37G\27[1].htm HTML/Iframe.B.Gen virus
    C:\Windows.old\Documents and Settings\Owner\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\pptlf.dll a variant of Win32/Adware.Gamevance.BQ application
    C:\Windows.old\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\pptlf.dll a variant of Win32/Adware.Gamevance.BQ application
    C:\Windows.old\Documents and Settings\Owner\Documents\LimeWire\Saved\must increase bust.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\Windows.old\Documents and Settings\Owner\Documents\My Music\mp3\midnight star weird al.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\Windows.old\Documents and Settings\Owner\Documents\My Music\mp3\Ventures_ - Soundtracks - Star Trek movie.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\Windows.old\Documents and Settings\Owner\Downloads\QuizulousSearchToolbar02.exe Win32/Toolbar.Zugo application
    C:\Windows.old\Documents and Settings\Owner\Local Settings\obexoyenevudamum.dll a variant of Win32/Cimag.FT trojan
    C:\Windows.old\Documents and Settings\Owner\Local Settings\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\npgvtl.dll probably a variant of Win32/Adware.Gamevance.BH application
    C:\Windows.old\Documents and Settings\Owner\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FIS7W37G\27[1].htm HTML/Iframe.B.Gen virus
    C:\Windows.old\Documents and Settings\Owner\Local Settings\Temp\byyHHfoo.exe.part a variant of Win32/Adware.Gamevance.AJ application
    C:\Windows.old\Documents and Settings\Owner\Local Settings\Temp\jar_cache7594213629337141464.tmp Win32/Adware.SystemSecurity application
    C:\Windows.old\Documents and Settings\Owner\Local Settings\Temp\r9AjvsZx.exe.part a variant of Win32/Adware.Gamevance.AJ application
    C:\Windows.old\Documents and Settings\Owner\Local Settings\Temp\ZSq5pQhs.exe.part a variant of Win32/Adware.Gamevance.AJ application
    C:\Windows.old\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Low\Content.IE5\FIS7W37G\27[1].htm HTML/Iframe.B.Gen virus
    C:\Windows.old\Documents and Settings\Owner\Music\mp3\midnight star weird al.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\Windows.old\Documents and Settings\Owner\Music\mp3\Ventures_ - Soundtracks - Star Trek movie.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\Windows.old\Documents and Settings\Owner\My Documents\LimeWire\Saved\must increase bust.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\Windows.old\Documents and Settings\Owner\My Documents\My Music\mp3\midnight star weird al.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\Windows.old\Documents and Settings\Owner\My Documents\My Music\mp3\Ventures_ - Soundtracks - Star Trek movie.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\Windows.old\Documents and Settings\Public\Documents\My Pictures\Sample Pictures\clippy\clippy.exe probably a variant of Win32/Agent.FWOEDNL trojan
    C:\Windows.old\Documents and Settings\Public\Pictures\Sample Pictures\clippy\clippy.exe probably a variant of Win32/Agent.FWOEDNL trojan
    C:\Windows.old\Program Files\Play Pickle\playpickle32.exe a variant of Win32/Adware.Gamevance.AR application
    C:\Windows.old\Program Files\Play Pickle\playpicklelib32.dll a variant of Win32/Adware.Gamevance.BQ application
    C:\Windows.old\Program Files\Play Pickle\pptl.dll a variant of Win32/Adware.Gamevance.BE application
    C:\Windows.old\Program Files\Play Pickle\ppun.exe a variant of Win32/Adware.Gamevance.AR application
    C:\Windows.old\ProgramData\Documents\My Pictures\Sample Pictures\clippy\clippy.exe probably a variant of Win32/Agent.FWOEDNL trojan
    C:\Windows.old\Users\All Users\Application Data\Documents\My Pictures\Sample Pictures\clippy\clippy.exe probably a variant of Win32/Agent.FWOEDNL trojan
    C:\Windows.old\Users\All Users\Documents\My Pictures\Sample Pictures\clippy\clippy.exe probably a variant of Win32/Agent.FWOEDNL trojan
    C:\Windows.old\Users\Owner\AppData\Local\obexoyenevudamum.dll a variant of Win32/Cimag.FT trojan
    C:\Windows.old\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\npgvtl.dll probably a variant of Win32/Adware.Gamevance.BH application
    C:\Windows.old\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FIS7W37G\27[1].htm HTML/Iframe.B.Gen virus
    C:\Windows.old\Users\Owner\AppData\Local\Temp\byyHHfoo.exe.part a variant of Win32/Adware.Gamevance.AJ application
    C:\Windows.old\Users\Owner\AppData\Local\Temp\jar_cache7594213629337141464.tmp Win32/Adware.SystemSecurity application
    C:\Windows.old\Users\Owner\AppData\Local\Temp\r9AjvsZx.exe.part a variant of Win32/Adware.Gamevance.AJ application
    C:\Windows.old\Users\Owner\AppData\Local\Temp\ZSq5pQhs.exe.part a variant of Win32/Adware.Gamevance.AJ application
    C:\Windows.old\Users\Owner\AppData\Local\Temporary Internet Files\Low\Content.IE5\FIS7W37G\27[1].htm HTML/Iframe.B.Gen virus
    C:\Windows.old\Users\Owner\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\pptlf.dll a variant of Win32/Adware.Gamevance.BQ application
    C:\Windows.old\Users\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\pptlf.dll a variant of Win32/Adware.Gamevance.BQ application
    C:\Windows.old\Users\Owner\Documents\LimeWire\Saved\must increase bust.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\Windows.old\Users\Owner\Documents\My Music\mp3\midnight star weird al.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\Windows.old\Users\Owner\Documents\My Music\mp3\Ventures_ - Soundtracks - Star Trek movie.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\Windows.old\Users\Owner\Downloads\QuizulousSearchToolbar02.exe Win32/Toolbar.Zugo application
    C:\Windows.old\Users\Owner\Local Settings\obexoyenevudamum.dll a variant of Win32/Cimag.FT trojan
    C:\Windows.old\Users\Owner\Local Settings\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\npgvtl.dll probably a variant of Win32/Adware.Gamevance.BH application
    C:\Windows.old\Users\Owner\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FIS7W37G\27[1].htm HTML/Iframe.B.Gen virus
    C:\Windows.old\Users\Owner\Local Settings\Temp\byyHHfoo.exe.part a variant of Win32/Adware.Gamevance.AJ application
    C:\Windows.old\Users\Owner\Local Settings\Temp\jar_cache7594213629337141464.tmp Win32/Adware.SystemSecurity application
    C:\Windows.old\Users\Owner\Local Settings\Temp\r9AjvsZx.exe.part a variant of Win32/Adware.Gamevance.AJ application
    C:\Windows.old\Users\Owner\Local Settings\Temp\ZSq5pQhs.exe.part a variant of Win32/Adware.Gamevance.AJ application
    C:\Windows.old\Users\Owner\Local Settings\Temporary Internet Files\Low\Content.IE5\FIS7W37G\27[1].htm HTML/Iframe.B.Gen virus
    C:\Windows.old\Users\Owner\Music\mp3\midnight star weird al.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\Windows.old\Users\Owner\Music\mp3\Ventures_ - Soundtracks - Star Trek movie.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\Windows.old\Users\Owner\My Documents\LimeWire\Saved\must increase bust.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\Windows.old\Users\Owner\My Documents\My Music\mp3\midnight star weird al.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\Windows.old\Users\Owner\My Documents\My Music\mp3\Ventures_ - Soundtracks - Star Trek movie.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\Windows.old\Users\Public\Documents\My Pictures\Sample Pictures\clippy\clippy.exe probably a variant of Win32/Agent.FWOEDNL trojan
    C:\Windows.old\Users\Public\Pictures\Sample Pictures\clippy\clippy.exe probably a variant of Win32/Agent.FWOEDNL trojan
     
  12. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Ok, and the Disk Check log?


    The Eset scan has detected quite a lot of bad files in C:\Windows.old. This folder would have been created during a re-install, it is a back up of all your old files from a previous installation which includes a good number of Adware and Trojan infections. To avoid any possibility of reinfecting the PC I would suggest deleting the entire folder.

    Please use Windows Explorer and navigate to C:\Windows.old, right click on the folder and select Delete. If you do wish to save any of its contents be aware that it may be infected. I would suggest anything you do need to save you burn to CD's or DVD's prior to deleting it.

    Now onto the other detections.

    This appears to be a game, if it is a legal copy then you can ignore it, if you downloaded it from a file sharing site I would recommend you uninstall it, then navigate to C:\Program Files and delete the folder 14 Degrees East if it still exists.

    C:\Program Files\14 Degrees East\Klingon Academy\KA.ICD a variant of Win32/Kryptik.BGE trojan

    These are related to file sharing programs the use of which is one of the best ways to get your PC infected.
    C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application
    C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application
    C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll probably a variant of Win32/Toolbar.SearchSuite application
    C:\ProgramData\musica19.mp3 Win32/Injector.SSQ trojan
    C:\Users\All Users\musica19.mp3 Win32/Injector.SSQ trojan

    I would recommend you uninstall iMesh Applications and Musica19.mp3. Then navigate to:
    C:\Program Files and delete the folder iMesh Applications
    C:\ProgramData and delete the folder musica19.mp3
    C:\Users\All Users and delete the folder musica19.mp3

    These are all in Temporary folders:
    C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9D7DPC3U\showthread[1].htm JS/Agent.NDR trojan
    C:\Users\Kevin\AppData\Local\Temp\Addons\318A453A\babylon.exe Win32/Toolbar.Babylon application
    C:\Users\Kevin\AppData\Local\Temp\ICReinstall\cnet2_WebUpdater_252_exe.exe a variant of Win32/InstallCore.D application

    Please run this program which will clean out all the temp folders on the system:
    Download Temporary file cleaner and save it to the desktop.
    Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select Run as Administrator.
    When the window opens click on Start. It will close all running programs and clear the desktop icons.
    When complete you will be asked to reboot, accept the request and your PC will reboot automatically.

    This is a detection in your Java cache:
    C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\6dd8f5e6-3443f3f9 a variant of Win32/Kryptik.VKX trojan
    Follow this guide: How to clear the Java cache

    These detections are in your downloads folder, navigate to it and delete the folders in red.
    C:\Users\Kevin\Downloads\cnet2_WebUpdater_252_exe.exe a variant of Win32/InstallCore.D application
    C:\Users\Kevin\Downloads\movie_player_1280.exe a variant of Win32/InstallIQ application

    Once you have got through all that please tell me of any problems you have had with any of the deletions and post the Disk Check log.


    I would also like you to run this scan and post both the logs as requested.

    We need to see some additional information about what is happening in your machine.
    Please download DDS by sUBs from one of the following links and save it to your desktop.`
    DDS is a specialized tool that produces a Psuedo HijackThis Report (a scaled down and simplified version of 'HJT lines') that provides the same + more information in a condensed format.
    NOTE If your Anti Virus attempts to block the download please disable it following the instructions at the end of this guide.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool.
    • When done, DDS will open two (2) logs.
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop.
    • The instruction here asks you to attach the Attach.txt.
      [​IMG]
    • Instead of attaching, please copy & paste both logs into your next reply.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run.
    After downloading the tool, disconnect from the internet and disable all antivirus protection.
    Run the scan, enable your A/V and reconnect to the internet.
    Information on A/V control HERE
     
  13. sir_comp

    sir_comp Thread Starter

    Joined:
    Mar 31, 2004
    Messages:
    171
    Log Name: Application
    Source: Microsoft-Windows-Wininit
    Date: 7/5/2012 5:00:47 PM
    Event ID: 1001
    Task Category: None
    Level: Information
    Keywords: Classic
    User: N/A
    Computer: Kevin-PC
    Description:


    Checking file system on C:
    The type of the file system is NTFS.
    Volume label is HP.

    A disk check has been scheduled.
    Windows will now check the disk.

    CHKDSK is verifying files (stage 1 of 5)...
    510976 file records processed.

    File verification completed.
    1673 large file records processed.

    0 bad file records processed.

    2 EA records processed.

    106 reparse records processed.

    CHKDSK is verifying indexes (stage 2 of 5)...
    629266 index entries processed.

    Index verification completed.
    0 unindexed files scanned.

    0 unindexed files recovered.

    CHKDSK is verifying security descriptors (stage 3 of 5)...
    510976 file SDs/SIDs processed.

    Cleaning up 33 unused index entries from index $SII of file 0x9.
    Cleaning up 33 unused index entries from index $SDH of file 0x9.
    Cleaning up 33 unused security descriptors.
    Security descriptor verification completed.
    59146 data files processed.

    CHKDSK is verifying Usn Journal...
    36504600 USN bytes processed.

    Usn Journal verification completed.
    CHKDSK is verifying file data (stage 4 of 5)...
    Read failure with status 0xc0000185 at offset 0xae24000 for 0x10000 bytes.
    Read failure with status 0xc0000185 at offset 0xae28000 for 0x1000 bytes.
    Windows replaced bad clusters in file 213731
    of name \Users\Kevin\AppData\Roaming\MICROS~1\Windows\Cookies\Low\index.dat.
    510960 files processed.

    File data verification completed.
    CHKDSK is verifying free space (stage 5 of 5)...
    36993407 free clusters processed.

    Free space verification is complete.
    Adding 1 bad clusters to the Bad Clusters File.
    Correcting errors in the Volume Bitmap.
    Windows has made corrections to the file system.

    478696805 KB total disk space.
    329877312 KB in 308654 files.
    217320 KB in 59147 indexes.
    4 KB in bad sectors.
    628541 KB in use by the system.
    65536 KB occupied by the log file.
    147973628 KB available on disk.

    4096 bytes in each allocation unit.
    119674201 total allocation units on disk.
    36993407 allocation units available on disk.

    Internal Info:
    00 cc 07 00 c3 9c 05 00 58 d5 09 00 00 00 00 00 ........X.......
    1b fe 00 00 6a 00 00 00 00 00 00 00 00 00 00 00 ....j...........
    48 8d 2c 00 50 01 2b 00 68 1a 2b 00 00 00 2b 00 H.,.P.+.h.+...+.

    Windows has finished checking your disk.
    Please wait while your computer restarts.

    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-07-05T21:00:47.000000000Z" />
    <EventRecordID>17910</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Kevin-PC</Computer>
    <Security />
    </System>
    <EventData>
    <Data>

    Checking file system on C:
    The type of the file system is NTFS.
    Volume label is HP.

    A disk check has been scheduled.
    Windows will now check the disk.

    CHKDSK is verifying files (stage 1 of 5)...
    510976 file records processed.

    File verification completed.
    1673 large file records processed.

    0 bad file records processed.

    2 EA records processed.

    106 reparse records processed.

    CHKDSK is verifying indexes (stage 2 of 5)...
    629266 index entries processed.

    Index verification completed.
    0 unindexed files scanned.

    0 unindexed files recovered.

    CHKDSK is verifying security descriptors (stage 3 of 5)...
    510976 file SDs/SIDs processed.

    Cleaning up 33 unused index entries from index $SII of file 0x9.
    Cleaning up 33 unused index entries from index $SDH of file 0x9.
    Cleaning up 33 unused security descriptors.
    Security descriptor verification completed.
    59146 data files processed.

    CHKDSK is verifying Usn Journal...
    36504600 USN bytes processed.

    Usn Journal verification completed.
    CHKDSK is verifying file data (stage 4 of 5)...
    Read failure with status 0xc0000185 at offset 0xae24000 for 0x10000 bytes.
    Read failure with status 0xc0000185 at offset 0xae28000 for 0x1000 bytes.
    Windows replaced bad clusters in file 213731
    of name \Users\Kevin\AppData\Roaming\MICROS~1\Windows\Cookies\Low\index.dat.
    510960 files processed.

    File data verification completed.
    CHKDSK is verifying free space (stage 5 of 5)...
    36993407 free clusters processed.

    Free space verification is complete.
    Adding 1 bad clusters to the Bad Clusters File.
    Correcting errors in the Volume Bitmap.
    Windows has made corrections to the file system.

    478696805 KB total disk space.
    329877312 KB in 308654 files.
    217320 KB in 59147 indexes.
    4 KB in bad sectors.
    628541 KB in use by the system.
    65536 KB occupied by the log file.
    147973628 KB available on disk.

    4096 bytes in each allocation unit.
    119674201 total allocation units on disk.
    36993407 allocation units available on disk.

    Internal Info:
    00 cc 07 00 c3 9c 05 00 58 d5 09 00 00 00 00 00 ........X.......
    1b fe 00 00 6a 00 00 00 00 00 00 00 00 00 00 00 ....j...........
    48 8d 2c 00 50 01 2b 00 68 1a 2b 00 00 00 2b 00 H.,.P.+.h.+...+.

    Windows has finished checking your disk.
    Please wait while your computer restarts.
    </Data>
    </EventData>
    </Event>
     
  14. sir_comp

    sir_comp Thread Starter

    Joined:
    Mar 31, 2004
    Messages:
    171
    I am not so worried about the windows old it was an upgrade from windows vista to 7
    Klingon academy is a legit game I own and Imesh was removed sometime ago not sure why it is still there
     
  15. sir_comp

    sir_comp Thread Starter

    Joined:
    Mar 31, 2004
    Messages:
    171
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by Kevin at 22:30:29 on 2012-07-05
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3062.1779 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe
    C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\rundll32.exe
    C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\mmc.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~1\imesha~1\mediabar\datamngr\toolbar\imeshdtxmltbpi.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\progra~1\imesha~1\mediabar\datamngr\IEBHO.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: CodecC Class: {f9bac55f-43f2-4646-a67d-528b7de7a847} - c:\programdata\codecc\bhoclass.dll
    TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
    TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    TB: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~1\imesha~1\mediabar\datamngr\toolbar\imeshdtxmltbpi.dll
    EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hawkes~1.lnk - c:\program files\hawkes learning systems\hawkes update service manager\HawkesUpdater.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
    IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
    TCP: Interfaces\{3915043D-4FBF-44AD-9F19-20091E3C85C1} : DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\imesha~1\mediabar\datamngr\datamngr.dll c:\progra~1\imesha~1\mediabar\datamngr\IEBHO.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\kevin\appdata\roaming\mozilla\firefox\profiles\6xi467tw.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://forecast.weather.gov/MapClick.php?CityName=Rockaway&state=NJ&site=PHI&lat=40.8969&lon=-74.5148
    FF - prefs.js: keyword.URL - hxxp://search.imesh.com//web?src=ffb&appid=203&systemid=1&sr=0&q=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\nos\bin\np_gp.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\users\kevin\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 HawkesUpdater;Hawkes Unattended Updater;c:\program files\hawkes learning systems\hawkes update service manager\srvany.exe [2011-7-25 8192]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-28 113120]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-10 4640000]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
    S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-13 1343400]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
    S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
    S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-11 136176]
    S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-11 136176]
    S4 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\stumbleupon\StumbleUponUpdateService.exe [2011-4-14 103336]
    .
    =============== Created Last 30 ================
    .
    2012-07-05 02:35:56 -------- d-----w- c:\program files\ESET
    2012-07-03 01:18:40 89184 ------w- c:\windows\system32\drivers\imagedrv.sys
    2012-07-03 01:18:40 57344 ------w- c:\windows\system32\ImageDrive.cpl
    2012-07-03 01:17:29 38912 ----a-r- c:\windows\system32\picn20.dll
    2012-07-03 01:17:17 544768 ----a-r- c:\windows\system32\imagx5.dll
    2012-07-03 01:17:16 569344 ----a-r- c:\windows\system32\imagr5.dll
    2012-07-03 01:17:15 283920 ----a-r- c:\windows\system32\ImagXpr5.dll
    2012-07-03 01:17:08 155648 ----a-r- c:\windows\system32\NeroCheck.exe
    2012-07-02 04:34:11 -------- d-----w- c:\users\kevin\appdata\roaming\Malwarebytes
    2012-07-02 04:32:31 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-02 04:32:30 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-02 04:32:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-06-28 16:30:05 -------- d-sh--w- C:\found.000
    2012-06-27 23:50:33 388096 ----a-r- c:\users\kevin\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2012-06-27 23:50:33 -------- d-----w- c:\program files\Trend Micro
    2012-06-21 04:58:51 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 04:58:22 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-21 04:58:15 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-21 04:58:15 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-20 12:21:18 459610 ----a-w- c:\programdata\musica19.mp3
    2012-06-19 05:22:42 -------- d-sh--w- c:\programdata\UvtoNqicCnBpFmT
    2012-06-13 01:58:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-13 01:56:33 2342400 ----a-w- c:\windows\system32\msi.dll
    2012-06-13 01:56:32 164352 ----a-w- c:\windows\system32\profsvc.dll
    2012-06-13 01:56:30 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-13 01:56:30 58880 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-13 01:56:30 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-13 01:56:28 2343936 ----a-w- c:\windows\system32\win32k.sys
    2012-06-13 01:56:22 140288 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-13 01:56:22 1158656 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-13 01:56:22 103936 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-08 02:23:04 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
    2012-06-08 02:23:04 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
    .
    ==================== Find3M ====================
    .
    2012-06-05 03:18:26 29135287 ----a-w- c:\programdata\LM7RQOZ4.lnk
    2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-05-01 15:58:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    .
    ============= FINISH: 22:31:14.64 ===============
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1058846