ravenschyld

Wow, I am blind or an idiot. I completely missed the giant green banner right at the top that says hotfix download. Thank you very much.

Thanks for the article on this. One question though. How do I apply this hotfix? I am not nearly as computer literate as I would like to be and just might not have seen it in the article on how to actually go about getting this hotfix and applying it. Any help would be greatly appreciated.

Not sure what is going on as I just had my comp reformatted and windows reinstalled. Keep getting the IRQL blue screen and sometimes have been getting one that says system exception. Also noticed that sometimes after a blue screen shutdown, windows will fail to load. Here are the dds reports. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16660 Run by Drew at 9:15:50 on 2013-08-18 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5365 [GMT -4:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\Explorer.EXE C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe C:\Windows\SysWOW64\AsHookDevice.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe C:\Users\Drew\AppData\Local\Apps\2.0\3P2B5DD6.BYH\NWL7RY99.WBO\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\World of Warcraft\Wow.exe C:\Program Files (x86)\World of Warcraft\Utils\WowBrowserProxy.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [best Buy pc app] C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 StartupFolder: C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll TCP: NameServer = 192.168.254.254 TCP: Interfaces\{DAD76672-7A98-49EA-82D8-BDF92CCA35A8} : DHCPNameServer = 192.168.254.254 SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-8-7 65336] R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-8-7 189936] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-8-7 1030952] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-8-7 378944] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-8-7 33400] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-8-7 80816] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-8-7 46808] R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2010-7-30 203392] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-18 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-18 701512] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-18 25928] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-7-30 215040] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-8-7 38456] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-7-30 1301504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-7-30 61280] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-6 704864] S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-7 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-7 1255736] . =============== Created Last 30 ================ . 2013-08-18 13:05:50 -------- d-----w- C:\Users\Drew\AppData\Roaming\Malwarebytes 2013-08-18 13:05:41 -------- d-----w- C:\ProgramData\Malwarebytes 2013-08-18 13:05:40 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-08-18 13:05:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-18 13:05:23 -------- d-----w- C:\Users\Drew\AppData\Local\Programs 2013-08-17 20:46:21 -------- d-----w- C:\Users\Drew\AppData\Local\Apple Computer 2013-08-17 20:46:06 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2013-08-17 20:45:11 -------- d-----w- C:\Program Files\iPod 2013-08-17 20:45:10 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-08-17 20:45:10 -------- d-----w- C:\Program Files\iTunes 2013-08-17 20:45:10 -------- d-----w- C:\Program Files (x86)\iTunes 2013-08-17 20:44:28 -------- d-----w- C:\Users\Drew\AppData\Local\Apple 2013-08-17 20:43:45 -------- d-----w- C:\Program Files\Bonjour 2013-08-17 20:43:45 -------- d-----w- C:\Program Files (x86)\Bonjour 2013-08-16 09:02:06 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5D60A7BC-60CD-4490-B6A1-752C10FA5AE6}\mpengine.dll 2013-08-14 13:34:43 -------- d-----w- C:\Users\Drew\AppData\Local\Blizzard Entertainment 2013-08-12 07:43:28 -------- d-----w- C:\Program Files (x86)\World of Warcraft Beta 2013-08-09 21:34:48 -------- d-----w- C:\Program Files\Ventrilo 2013-08-09 21:34:24 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2013-08-09 16:39:56 -------- d-----w- C:\Users\Drew\AppData\Roaming\Curse Advertising 2013-08-09 15:23:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-09 15:23:33 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-08-09 15:19:10 -------- d-----w- C:\Users\Drew\AppData\Local\Adobe 2013-08-09 14:57:06 -------- d-----w- C:\ProgramData\Blizzard Entertainment 2013-08-09 14:57:06 -------- d-----w- C:\Program Files (x86)\World of Warcraft 2013-08-09 14:57:06 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment 2013-08-09 14:55:53 -------- d-----w- C:\ProgramData\Battle.net 2013-08-09 14:54:09 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin 2013-08-09 13:47:59 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2013-08-08 06:09:30 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-08-08 06:09:30 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-08-08 06:07:20 1643520 ----a-w- C:\Windows\System32\DWrite.dll 2013-08-08 06:07:20 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-08-08 05:55:43 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-08-08 04:36:10 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll 2013-08-08 04:36:10 230400 ----a-w- C:\Windows\System32\wwansvc.dll 2013-08-08 04:36:05 751104 ----a-w- C:\Windows\System32\win32spl.dll 2013-08-08 04:36:05 68608 ----a-w- C:\Windows\System32\taskhost.exe 2013-08-08 04:36:05 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-08-08 04:34:54 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-08-08 00:40:49 -------- d-----w- C:\Windows\System32\MRT 2013-08-08 00:38:23 -------- d-----w- C:\Windows\System32\SPReview 2013-08-08 00:38:01 -------- d-----w- C:\Windows\System32\EventProviders 2013-08-08 00:12:22 48976 ----a-w- C:\Windows\System32\netfxperf.dll 2013-08-08 00:12:22 1942856 ----a-w- C:\Windows\System32\dfshim.dll 2013-08-08 00:12:14 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll 2013-08-08 00:12:11 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys 2013-08-08 00:12:11 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll 2013-08-08 00:12:10 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll 2013-08-08 00:12:02 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll 2013-08-08 00:12:02 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll 2013-08-08 00:12:02 1743360 ----a-w- C:\Windows\System32\sysmain.dll 2013-08-08 00:10:59 1525248 ----a-w- C:\Program Files\Windows Media Player\wmpnetwk.exe 2013-08-08 00:09:59 854016 ----a-w- C:\Windows\SysWow64\dbghelp.dll 2013-08-08 00:08:59 89600 ----a-w- C:\Windows\SysWow64\wbem\WmiApRpl.dll 2013-08-08 00:07:59 7680 ----a-w- C:\Windows\SysWow64\spwizres.dll 2013-08-08 00:06:58 529408 ----a-w- C:\Windows\System32\wbemcomn.dll 2013-08-08 00:06:58 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll 2013-08-08 00:06:56 244736 ----a-w- C:\Windows\System32\sqmapi.dll 2013-08-07 23:34:33 -------- d-----w- C:\Windows\SysWow64\Wat 2013-08-07 23:34:32 -------- d-----w- C:\Windows\System32\Wat 2013-08-07 22:47:03 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2013-08-07 22:47:02 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2013-08-07 22:47:02 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2013-08-07 22:47:02 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2013-08-07 22:25:39 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll 2013-08-07 22:25:39 46080 ----a-w- C:\Windows\System32\atmlib.dll 2013-08-07 22:25:39 367616 ----a-w- C:\Windows\System32\atmfd.dll 2013-08-07 22:25:39 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2013-08-07 22:25:39 100864 ----a-w- C:\Windows\System32\fontsub.dll 2013-08-07 22:25:38 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2013-08-07 22:24:47 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2013-08-07 22:24:47 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2013-08-07 22:24:46 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2013-08-07 22:24:46 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2013-08-07 22:24:45 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2013-08-07 22:24:45 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2013-08-07 22:24:45 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2013-08-07 22:21:28 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2013-08-07 22:21:28 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2013-08-07 22:21:28 5120 ----a-w- C:\Windows\System32\wmi.dll 2013-08-07 22:21:28 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2013-08-07 22:21:28 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2013-08-07 22:16:26 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll 2013-08-07 22:16:25 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe 2013-08-07 22:16:25 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe 2013-08-07 22:16:20 3717632 ----a-w- C:\Windows\System32\mstscax.dll 2013-08-07 22:16:20 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll 2013-08-07 22:16:19 158720 ----a-w- C:\Windows\System32\aaclient.dll 2013-08-07 22:16:18 44032 ----a-w- C:\Windows\System32\tsgqec.dll 2013-08-07 22:16:18 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll 2013-08-07 22:16:18 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll 2013-08-07 22:14:44 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll 2013-08-07 22:13:53 64512 ----a-w- C:\Windows\SysWow64\devobj.dll 2013-08-07 22:12:59 2002432 ----a-w- C:\Windows\System32\msxml6.dll 2013-08-07 22:11:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2013-08-07 21:52:43 77312 ----a-w- C:\Windows\System32\packager.dll 2013-08-07 21:52:43 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2013-08-07 20:04:09 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2013-08-07 20:04:08 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2013-08-07 20:04:08 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2013-08-07 20:04:06 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2013-08-07 20:04:05 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2013-08-07 20:03:17 41664 ----a-w- C:\Windows\avastSS.scr 2013-08-07 20:02:58 -------- d-----w- C:\Program Files\AVAST Software 2013-08-07 20:02:19 -------- d-----w- C:\ProgramData\AVAST Software 2013-08-07 19:08:02 -------- d-----w- C:\NVIDIA 2013-08-07 19:01:58 -------- d-----w- C:\Windows\System32\log 2013-08-07 18:55:24 -------- d-----w- C:\Users\Drew\AppData\Local\Google 2013-08-07 18:51:25 -------- d-----w- C:\Users\Drew\AppData\Local\Best Buy pc app 2013-08-07 18:31:58 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-08-07 18:27:23 884512 ----a-w- C:\Windows\System32\nvvsvc.exe 2013-08-07 18:27:23 6496544 ----a-w- C:\Windows\System32\nvcpl.dll 2013-08-07 18:27:23 63776 ----a-w- C:\Windows\System32\nvshext.dll 2013-08-07 18:27:23 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll 2013-08-07 18:27:23 3253909 ----a-w- C:\Windows\System32\nvcoproc.bin 2013-08-07 18:27:23 2558240 ----a-w- C:\Windows\System32\nvsvcr.dll 2013-08-07 18:27:23 237856 ----a-w- C:\Windows\System32\nvmctray.dll 2013-08-07 18:27:05 61216 ----a-w- C:\Windows\System32\OpenCL.dll 2013-08-07 18:27:05 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2013-08-07 18:26:43 -------- d-----w- C:\ProgramData\NVIDIA Corporation 2013-08-07 18:26:31 -------- d-----w- C:\Program Files\NVIDIA Corporation 2013-08-07 18:26:31 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation 2013-08-07 18:24:02 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2013-08-07 18:24:02 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2013-08-07 18:24:02 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2013-08-07 18:23:46 -------- d-----w- C:\Users\Drew\AppData\Local\Apps 2013-08-07 18:23:45 -------- d-----w- C:\Users\Drew\AppData\Local\Deployment 2013-08-07 18:23:11 -------- d-----w- C:\Users\Drew\AppData\Local\VirtualStore 2013-08-07 18:22:53 16896 ----a-w- C:\Windows\AsTaskSched.dll 2013-08-07 18:21:01 38456 ----a-w- C:\Windows\System32\drivers\usbfilter.sys 2013-08-07 18:21:00 -------- d-----w- C:\Program Files (x86)\AMD 2013-08-07 18:20:41 -------- d-----w- C:\Program Files\ATI 2013-08-07 18:19:46 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2013-08-07 18:19:37 99840 ----a-w- C:\Windows\System32\wudriver.dll 2013-08-07 18:19:15 36864 ----a-w- C:\Windows\System32\wuapp.exe 2013-08-07 18:19:15 186752 ----a-w- C:\Windows\System32\wuwebv.dll . ==================== Find3M ==================== . 2013-08-08 05:55:43 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-08-08 01:13:21 175616 ----a-w- C:\Windows\System32\msclmd.dll 2013-08-08 01:13:21 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll 2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll 2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll 2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll 2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll 2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll 2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll 2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll 2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-06-21 09:16:02 566048 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys 2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll 2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll . ============= FINISH: 9:17:02.06 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 8/7/2013 2:18:40 PM System Uptime: 8/18/2013 9:01:02 AM (0 hours ago) . Motherboard: ASUSTeK Computer INC. | | CM1630 Processor: AMD Athlon II X2 220 Processor | AM3 | 2800/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 680 GiB total, 576.384 GiB free. D: is Removable E: is Removable F: is Removable G: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP72: 8/8/2013 2:11:35 AM - Windows Update RP73: 8/9/2013 5:34:34 PM - Installed Ventrilo Client for Windows x64 RP74: 8/11/2013 3:03:54 AM - Windows Update RP75: 8/15/2013 3:00:16 AM - Windows Update RP76: 8/17/2013 1:40:14 PM - Windows Backup RP77: 8/17/2013 4:44:31 PM - Installed iTunes . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 9.1 AI Manager AMD USB Filter Driver Apple Application Support Apple Mobile Device Support Apple Software Update ASUS Backup Wizard ASUS VIBE ASUSUpdate ATI Catalyst Install Manager avast! Free Antivirus Best Buy pc app Bonjour Curse Client ebi.BookReader3J EPU-4 Engine Google Chrome Google Update Helper iTunes Junk Mail filter update Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser (KB2758694) MSXML 4.0 SP3 Parser (KB973685) NVIDIA 3D Vision Controller Driver 320.49 NVIDIA 3D Vision Driver 320.49 NVIDIA Control Panel 320.49 NVIDIA GeForce Experience 1.5 NVIDIA Graphics Driver 320.49 NVIDIA HD Audio Driver 1.3.24.2 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.13.0604 NVIDIA Stereoscopic 3D Driver NVIDIA Update 4.11.9 NVIDIA Update Components Platform Realtek 8136 8168 8169 Ethernet Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Ventrilo Client for Windows x64 VIA Platform Device Manager Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer World of Warcraft . ==== Event Viewer Messages From Past Week ======== . 8/18/2013 9:01:21 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff80003343aba, 0xfffff88002ff57f8, 0xfffff88002ff5050). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081813-18610-01. 8/18/2013 6:36:37 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000fe (0x0000000000000006, 0xfffffa80078d3d70, 0x0000000048766544, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081813-16192-01. 8/18/2013 5:36:59 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000004, 0x0000000000000002, 0x0000000000000001, 0xfffff80003075536). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081813-23166-01. 8/18/2013 5:29:14 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff800033bdde8, 0xfffff88002fef9a8, 0xfffff88002fef200). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081813-22198-01. 8/18/2013 5:16:40 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000ca, 0x000000000000000a, 0x0000000000000000, 0xfffff80003070f43). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081813-21933-01. 8/17/2013 8:58:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff880010b53a9, 0xfffff8800944e6f0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081713-21060-01. 8/17/2013 6:05:58 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5. 8/17/2013 5:39:31 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000fe (0x0000000000000006, 0xfffffa8008915960, 0x0000000048766544, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081713-16021-01. 8/17/2013 12:23:47 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000002, 0x0000000000000002, 0x0000000000000001, 0xfffff80003086536). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081713-15381-01. 8/17/2013 11:40:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000044 (0xfffffa80086f9b50, 0x0000000000000eae, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081713-21699-01. 8/17/2013 11:31:01 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000001, 0x0000000000000002, 0x0000000000000001, 0xfffff800030c0536). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081713-22027-01. 8/17/2013 11:25:35 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000000058000b, 0x0000000000000002, 0x0000000000000001, 0xfffff800030a7192). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081713-22822-01. 8/17/2013 10:33:28 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 8/17/2013 1:22:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000002, 0x0000000000000002, 0x0000000000000001, 0xfffff8000306f536). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081713-21824-01. 8/16/2013 11:15:40 AM, Error: nvlddmkm [14] - 8/16/2013 1:54:14 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007f (0x0000000000000008, 0x0000000080050031, 0x00000000000006f8, 0xfffff80003088fc1). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081613-16489-01. 8/16/2013 1:19:02 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff88004177b77, 0xfffff880045946d8, 0xfffff88004593f30). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081613-17050-01. 8/15/2013 7:52:42 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800031aa9bc, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081513-16738-01. 8/15/2013 7:50:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000007, 0x00000000001a5b10, 0x0000000000000001, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081513-15428-01. 8/15/2013 7:40:01 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x0000000000000003, 0xfffffa80069932a0, 0xfffffa80069932a0, 0xfffffa8006993220). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081513-15646-01. 8/15/2013 7:24:45 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{2b521bb8-ffa5-11e2-baa4-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{33DCDD15-D2F3-4325-AC1C-48E458E67FBD}' was corrupted and it has been recovered. Some data might have been lost. 8/15/2013 12:35:29 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file. 8/15/2013 12:35:29 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffffffffffff7f, 0x0000000000000000, 0xfffff8000307d156, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: . 8/14/2013 12:16:17 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000001, 0x0000000000000002, 0x0000000000000001, 0xfffff8000306b576). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081413-24866-01. 8/13/2013 2:49:01 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffffffffffff7f, 0x0000000000000000, 0xfffff800030c6156, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081313-15631-01. 8/13/2013 2:48:56 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost. 8/13/2013 10:42:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800030b985c, 0x0000000000000000, 0x000000000000000c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081313-17019-01. 8/12/2013 2:28:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000001, 0xfffff8000307793d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081213-18252-01. 8/12/2013 10:48:18 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xfffffa7fffffe7e0, 0x0000000000000002, 0x0000000000000001, 0xfffff80003054ac1). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081213-20545-01. 8/11/2013 3:07:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x0000000000000020, 0xfffffa8006c33390, 0xfffffa8006c33d10, 0x0000000005986810). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081113-18439-01. . ==== End Of File ===========================

No additional threats were found and all systems are functioning as they should be. Here are the logs requested. Malwarebytes Anti-Rootkit BETA 1.01.0.1021 www.malwarebytes.org Database version: v2013.03.24.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Drew :: DREW-PC [administrator] 3/24/2013 7:47:47 PM mbar-log-2013-03-24 (19-47-47).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 32344 Time elapsed: 59 minute(s), 35 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1021 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_27 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.095000 GHz Memory total: 3166552064, free: 1157812224 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1021 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_27 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.095000 GHz Memory total: 3166552064, free: 1155923968 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1021 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_27 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.095000 GHz Memory total: 3166552064, free: 720048128 ------------ Kernel report ------------ 03/24/2013 09:39:05 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\pciide.sys \SystemRoot\system32\DRIVERS\PCIIDEX.SYS \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\DRIVERS\msahci.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\DRIVERS\MpFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\wd.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\TVALZ_O.SYS \SystemRoot\system32\DRIVERS\tos_sps64.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\System32\Drivers\SCDEmu.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9763B21C-FA7E-4D37-9132-F1EC0A02DC68}\MpKslff9c39df.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\L1C62x64.sys \SystemRoot\system32\DRIVERS\rtl8192Ce.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\tdcmdpst.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\FwLnk.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\CHDRT64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\pgeffect.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\dc3d.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \??\C:\windows\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \??\C:\Users\Drew\AppData\Local\Temp\aswMBR.sys \??\C:\windows\system32\drivers\mbamchameleon.sys \??\C:\windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8005cf5060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa8003e4e050 Lower Device Driver Name: \00001005\ Driver name found: iaStor Initialization returned 0x0 Load Function returned 0x0 Downloaded database version: v2013.03.24.04 Initializing... Done! <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8005cf5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8005cf5ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8005cf5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8003e4e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \00001005\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a00f3fc650, 0xfffffa8005cf5060, 0xfffffa8005d64090 Lower DeviceData: 0xfffff8a00c4bf3c0, 0xfffffa8003e4e050, 0xfffffa8006093990 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... MBR buffers are not equal MBR is forged! [4333f673a96dbe57f4d0023e55e5303d] Inspecting partition table: MBR Signature: 55AA Disk Signature: 95469684 Partition information: Partition 0 type is Empty (0x0) Partition is ACTIVE. Partition starts at LBA: 23 Numsec = 0 Partition is not bootable Infected: VBR on Empty active partition --> [Rootkit.Pihar.c.MBR] Changing partition to empty and not active. New active partition is 1 on drive 0 ... Partition 0 type is Other (0x27) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 3072000 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 3074048 Numsec = 598001664 Partition file system is NTFS Partition is bootable Partition 2 type is HIDDEN (0x17) Partition is NOT ACTIVE. Partition starts at LBA: 601075712 Numsec = 24066048 Partition is not bootable Hidden partition VBR is not infected. Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 MBR infection found on drive 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-22-625122448-625142448)... Done! Performing system, memory and registry scan... Read File: File "c:\ProgramData\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\Best Buy pc app Setup.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\instance.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\Best Buy pc app Setup.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\instance.dat" is compressed (flags = 1) Scan Interrupted Done! ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1021 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_27 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.095000 GHz Memory total: 3166552064, free: 1009774592 ------------ Kernel report ------------ 03/24/2013 11:07:41 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\pciide.sys \SystemRoot\system32\DRIVERS\PCIIDEX.SYS \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\DRIVERS\msahci.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\DRIVERS\MpFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\wd.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\TVALZ_O.SYS \SystemRoot\system32\DRIVERS\tos_sps64.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\System32\Drivers\SCDEmu.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9763B21C-FA7E-4D37-9132-F1EC0A02DC68}\MpKslff9c39df.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\L1C62x64.sys \SystemRoot\system32\DRIVERS\rtl8192Ce.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\tdcmdpst.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\FwLnk.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\CHDRT64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\pgeffect.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\dc3d.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \??\C:\windows\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \??\C:\Users\Drew\AppData\Local\Temp\aswMBR.sys \??\C:\windows\system32\drivers\mbamchameleon.sys \??\C:\windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8005cf5060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa8003e4e050 Lower Device Driver Name: \00001005\ Device already Exists: 0xfffffa8006093990 Initializing... Done! <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8005cf5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8005cf5ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8005cf5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8003e4e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \00001005\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a002407050, 0xfffffa8005cf5060, 0xfffffa8005d64090 Lower DeviceData: 0xfffff8a0050a72d0, 0xfffffa8003e4e050, 0xfffffa8006093990 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... MBR buffers are not equal MBR is forged! [4333f673a96dbe57f4d0023e55e5303d] Inspecting partition table: MBR Signature: 55AA Disk Signature: 95469684 Partition information: Partition 0 type is Empty (0x0) Partition is ACTIVE. Partition starts at LBA: 23 Numsec = 0 Partition is not bootable Infected: VBR on Empty active partition --> [Rootkit.Pihar.c.MBR] Changing partition to empty and not active. New active partition is 1 on drive 0 ... Partition 0 type is Other (0x27) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 3072000 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 3074048 Numsec = 598001664 Partition file system is NTFS Partition is bootable Partition 2 type is HIDDEN (0x17) Partition is NOT ACTIVE. Partition starts at LBA: 601075712 Numsec = 24066048 Partition is not bootable Hidden partition VBR is not infected. Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 MBR infection found on drive 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-22-625122448-625142448)... Done! Performing system, memory and registry scan... Read File: File "c:\ProgramData\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\Best Buy pc app Setup.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\instance.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\Best Buy pc app Setup.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\instance.dat" is compressed (flags = 1) ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1021 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_27 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.095000 GHz Memory total: 3166552064, free: 1179201536 ------------ Kernel report ------------ 03/24/2013 12:32:21 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\pciide.sys \SystemRoot\system32\DRIVERS\PCIIDEX.SYS \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\DRIVERS\msahci.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\DRIVERS\MpFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\wd.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\TVALZ_O.SYS \SystemRoot\system32\DRIVERS\tos_sps64.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\System32\Drivers\SCDEmu.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9763B21C-FA7E-4D37-9132-F1EC0A02DC68}\MpKslff9c39df.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\L1C62x64.sys \SystemRoot\system32\DRIVERS\rtl8192Ce.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\tdcmdpst.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\FwLnk.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\CHDRT64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\pgeffect.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\dc3d.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \??\C:\windows\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \??\C:\Users\Drew\AppData\Local\Temp\aswMBR.sys \??\C:\windows\system32\drivers\mbamchameleon.sys \??\C:\windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8005cf5060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa8003e4e050 Lower Device Driver Name: \00001005\ Device already Exists: 0xfffffa8006093990 Downloaded database version: v2013.03.24.05 Initializing... Done! <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8005cf5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8005cf5ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8005cf5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8003e4e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \00001005\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a00b0cce20, 0xfffffa8005cf5060, 0xfffffa8005d64090 Lower DeviceData: 0xfffff8a001441300, 0xfffffa8003e4e050, 0xfffffa8006093990 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... MBR buffers are not equal MBR is forged! [4333f673a96dbe57f4d0023e55e5303d] Inspecting partition table: MBR Signature: 55AA Disk Signature: 95469684 Partition information: Partition 0 type is Empty (0x0) Partition is ACTIVE. Partition starts at LBA: 23 Numsec = 0 Partition is not bootable Infected: VBR on Empty active partition --> [Rootkit.Pihar.c.MBR] Changing partition to empty and not active. New active partition is 1 on drive 0 ... Partition 0 type is Other (0x27) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 3072000 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 3074048 Numsec = 598001664 Partition file system is NTFS Partition is bootable Partition 2 type is HIDDEN (0x17) Partition is NOT ACTIVE. Partition starts at LBA: 601075712 Numsec = 24066048 Partition is not bootable Hidden partition VBR is not infected. Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 MBR infection found on drive 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-22-625122448-625142448)... Done! Performing system, memory and registry scan... Read File: File "c:\ProgramData\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\Best Buy pc app Setup.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\instance.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\Best Buy pc app Setup.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\instance.dat" is compressed (flags = 1) Infected: c:\Users\Drew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D3J4RXIM\video_downloader.exe --> [PUP.BundleInstaller.VG] Infected: c:\Windows\svchost.exe --> [Trojan.Agent] Infected: c:\Windows\svchost.exe --> [Trojan.Agent] Done! Scan finished Creating System Restore point... Scheduling clean up... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1021 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_27 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.095000 GHz Memory total: 3166552064, free: 2112315392 Removal queue found; removal started Removing c:\Users\Drew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D3J4RXIM\video_downloader.exe... Removing c:\Windows\svchost.exe... Removal finished ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1021 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_27 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.095000 GHz Memory total: 3166552064, free: 1848487936 ------------ Kernel report ------------ 03/24/2013 18:47:36 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\pciide.sys \SystemRoot\system32\DRIVERS\PCIIDEX.SYS \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\DRIVERS\msahci.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\DRIVERS\MpFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\wd.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\TVALZ_O.SYS \SystemRoot\system32\DRIVERS\tos_sps64.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\System32\Drivers\SCDEmu.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\L1C62x64.sys \SystemRoot\system32\DRIVERS\rtl8192Ce.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\tdcmdpst.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\FwLnk.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\CHDRT64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\pgeffect.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\dc3d.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \??\C:\windows\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \??\C:\windows\system32\drivers\mbamchameleon.sys \??\C:\windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\imm32.dll \Windows\System32\ws2_32.dll \Windows\System32\Wldap32.dll \Windows\System32\urlmon.dll \Windows\System32\psapi.dll \Windows\System32\difxapi.dll \Windows\System32\kernel32.dll \Windows\System32\normaliz.dll \Windows\System32\comdlg32.dll \Windows\System32\usp10.dll \Windows\System32\gdi32.dll \Windows\System32\shlwapi.dll \Windows\System32\ole32.dll \Windows\System32\nsi.dll \Windows\System32\setupapi.dll \Windows\System32\msvcrt.dll \Windows\System32\iertutil.dll \Windows\System32\sechost.dll \Windows\System32\user32.dll \Windows\System32\imagehlp.dll \Windows\System32\rpcrt4.dll \Windows\System32\shell32.dll \Windows\System32\oleaut32.dll \Windows\System32\lpk.dll \Windows\System32\advapi32.dll \Windows\System32\clbcatq.dll \Windows\System32\msctf.dll \Windows\System32\wininet.dll \Windows\System32\comctl32.dll \Windows\System32\cfgmgr32.dll \Windows\System32\devobj.dll \Windows\System32\wintrust.dll \Windows\System32\KernelBase.dll \Windows\System32\crypt32.dll \Windows\System32\msasn1.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8005cf6060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa8004aa8050 Lower Device Driver Name: \Driver\iaStor\ Driver name found: iaStor Initialization returned 0x0 Load Function returned 0x0 Downloaded database version: v2013.03.24.06 Downloaded database version: v2013.03.24.07 Initializing... Done! <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8005cf6060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8005cf6ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8005cf6060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8004aa8050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a010ee7b70, 0xfffffa8005cf6060, 0xfffffa8004167090 Lower DeviceData: 0xfffff8a00ecd0e60, 0xfffffa8004aa8050, 0xfffffa80076fe090 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 95469684 Partition information: Partition 0 type is Other (0x27) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 3072000 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 3074048 Numsec = 598001664 Partition file system is NTFS Partition is bootable Partition 2 type is HIDDEN (0x17) Partition is NOT ACTIVE. Partition starts at LBA: 601075712 Numsec = 24066048 Partition is not bootable Hidden partition VBR is not infected. Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)... Done! Performing system, memory and registry scan... Read File: File "c:\ProgramData\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\Best Buy pc app Setup.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\instance.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\Best Buy pc app Setup.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\instance.dat" is compressed (flags = 1) Done! Scan finished =======================================

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2013-03-24 09:11:57 ----------------------------- 09:11:57.330 OS Version: Windows x64 6.1.7601 Service Pack 1 09:11:57.330 Number of processors: 4 586 0x2A07 09:11:57.410 ComputerName: DREW-PC UserName: Drew 09:12:00.090 Initialize success 09:20:37.434 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 09:20:37.434 Disk 0 Vendor: TOSHIBA_ GT00 Size: 305245MB BusType: 3 09:20:37.444 Device \Driver\iaStor -> MajorFunction fffffa80062445e8 09:20:37.444 Disk 0 MBR read successfully 09:20:37.454 Disk 0 MBR scan 09:20:37.454 Disk 0 Windows VISTA default MBR code 09:20:37.464 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048 09:20:37.484 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 291993 MB offset 3074048 09:20:37.514 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11751 MB offset 601075712 09:20:37.554 Disk 0 scanning C:\windows\system32\drivers 09:20:48.714 Service scanning 09:21:16.504 Modules scanning 09:21:16.504 Disk 0 trace - called modules: 09:21:16.514 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80062445e8]<< 09:21:16.594 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005cf5060] 09:21:16.604 3 CLASSPNP.SYS[fffff88001bba43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003e4e050] 09:21:16.604 \Driver\iaStor[0xfffffa80060c61a0] -> IRP_MJ_CREATE -> 0xfffffa80062445e8 09:21:16.604 Scan finished successfully 09:21:32.844 Disk 0 MBR has been saved successfully to "C:\Users\Drew\Desktop\MBR.dat" 09:21:32.854 The log file has been saved successfully to "C:\Users\Drew\Desktop\aswMBR.txt" MBR.zip

Here are the dds scan results. dds log DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16470 Run by Drew at 8:06:51 on 2013-03-24 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3020.1367 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\windows\SysWOW64\schtasks.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\System32\svchost.exe -k secsvcs C:\windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Users\Drew\AppData\Local\Apps\2.0\0GJ4T5R3.43G\JYNMPP5Y.BGT\curs..tion_9e9e83ddf3ed3ead_0005.0001_f98d05d4713e76ec\CurseClient.exe C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\windows\system32\wuauclt.exe C:\PROGRA~2\MICROS~3\Office14\OUTLOOK.EXE C:\Program Files (x86)\Internet Explorer\IELowutil.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe \\.\globalroot\systemroot\svchost.exe -netsvcs C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://start.toshiba.com/g/ uDefault_Page_URL = hxxp://start.toshiba.com/g/ uProxyOverride = <local> uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll uRun: [Apple Computer] rundll32 "C:\Users\Drew\AppData\Local\Best Buy pc app\Apple Computer\gkdzzofc.dll",DllRegisterServerW mRun: [PrivitizeVPNInstaller] C:\Users\Drew\AppData\Local\PrivitizeVPNInstaller\PrivitizeVPN_1.0.0.2_install_config.exe /S /delayInstall mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab TCP: NameServer = 192.168.254.254 TCP: Interfaces\{0EAF7ABD-ADCC-4150-9162-A86DD644690E}\76F676F696E666C696768647 : DHCPNameServer = 172.19.134.2 TCP: Interfaces\{F44E615D-9E29-4BDC-8055-65099188B684} : DHCPNameServer = 192.168.254.254 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384] R1 MpKslff9c39df;MpKslff9c39df;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9763B21C-FA7E-4D37-9132-F1EC0A02DC68}\MpKslff9c39df.sys [2013-3-24 35664] R2 BrowserProtect;BrowserProtect;C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2012-12-21 2469992] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-24 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-24 682344] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-5 2754984] R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2011-6-13 9216] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-2-9 77424] R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-2-24 24176] R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-6-13 38096] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-6-13 1109096] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-6-13 243712] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2011-8-2 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-10-20 1255736] S4 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-6-13 54136] S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632] S4 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-13 2656280] S4 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe --> C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-03-24 06:43:08 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9763B21C-FA7E-4D37-9132-F1EC0A02DC68}\offreg.dll 2013-03-24 06:43:02 35664 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9763B21C-FA7E-4D37-9132-F1EC0A02DC68}\MpKslff9c39df.sys 2013-03-24 06:39:38 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9763B21C-FA7E-4D37-9132-F1EC0A02DC68}\mpengine.dll 2013-03-24 04:21:13 20480 ----a-w- C:\windows\svchost.exe 2013-03-24 03:58:05 -------- d-sh--w- C:\windows\SysWow64\%APPDATA% 2013-03-24 03:38:54 7680 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\9096.tmp 2013-03-24 03:38:54 7680 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\9076.tmp 2013-03-23 08:09:54 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{175CC0A8-D81D-4A34-BF06-14DA91C15F49}\offreg.dll 2013-03-23 07:34:02 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-03-22 20:07:34 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{175CC0A8-D81D-4A34-BF06-14DA91C15F49}\mpengine.dll 2013-03-13 23:48:57 19968 ----a-w- C:\windows\System32\drivers\usb8023.sys 2013-02-24 20:09:13 24176 ----a-w- C:\windows\System32\drivers\mbam.sys 2013-02-24 20:09:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-02-24 20:09:02 -------- d-----w- C:\Users\Drew\AppData\Local\Programs . ==================== Find3M ==================== . 2013-02-14 07:44:21 488960 ----a-w- C:\Users\Drew\AppData\Roaming\wbaci.dll 2013-02-12 05:45:24 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll 2013-02-02 06:57:02 2312704 ----a-w- C:\windows\System32\jscript9.dll 2013-02-02 06:47:24 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2013-02-02 06:47:19 1392128 ----a-w- C:\windows\System32\wininet.dll 2013-02-02 06:42:18 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2013-02-02 06:41:51 599040 ----a-w- C:\windows\System32\vbscript.dll 2013-02-02 06:38:01 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2013-02-02 03:38:35 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2013-02-02 03:30:32 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2013-02-02 03:30:21 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2013-02-02 03:26:47 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2013-02-02 03:26:21 420864 ----a-w- C:\windows\SysWow64\vbscript.dll 2013-02-02 03:23:28 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2013-01-20 20:59:04 230320 ----a-w- C:\windows\System32\drivers\MpFilter.sys 2013-01-20 20:59:04 130008 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys 2013-01-17 05:28:58 273840 ------w- C:\windows\System32\MpSigStub.exe 2013-01-13 21:17:03 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 21:17:02 2560 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 21:16:42 10752 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 21:12:46 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 21:11:21 4096 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 21:11:08 5632 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 21:11:07 5632 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:35:31 9728 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 20:35:31 2560 ---ha-w- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 20:35:18 10752 ---ha-w- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 20:32:07 3584 ---ha-w- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 20:31:48 4096 ---ha-w- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 20:31:41 5632 ---ha-w- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 20:31:40 5632 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:31:00 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll 2013-01-13 20:22:22 1988096 ----a-w- C:\windows\SysWow64\d3d10warp.dll 2013-01-13 20:20:31 293376 ----a-w- C:\windows\SysWow64\dxgi.dll 2013-01-13 20:09:00 249856 ----a-w- C:\windows\SysWow64\d3d10_1core.dll 2013-01-13 20:08:43 220160 ----a-w- C:\windows\SysWow64\d3d10core.dll 2013-01-13 20:08:35 1504768 ----a-w- C:\windows\SysWow64\d3d11.dll 2013-01-13 19:59:04 1643520 ----a-w- C:\windows\System32\DWrite.dll 2013-01-13 19:58:28 1175552 ----a-w- C:\windows\System32\FntCache.dll 2013-01-13 19:54:01 604160 ----a-w- C:\windows\SysWow64\d3d10level9.dll 2013-01-13 19:53:58 207872 ----a-w- C:\windows\SysWow64\WindowsCodecsExt.dll 2013-01-13 19:53:14 187392 ----a-w- C:\windows\SysWow64\UIAnimation.dll 2013-01-13 19:51:30 2565120 ----a-w- C:\windows\System32\d3d10warp.dll 2013-01-13 19:49:17 363008 ----a-w- C:\windows\System32\dxgi.dll 2013-01-13 19:48:47 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll 2013-01-13 19:46:25 1080832 ----a-w- C:\windows\SysWow64\d3d10.dll 2013-01-13 19:43:21 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll 2013-01-13 19:38:39 333312 ----a-w- C:\windows\System32\d3d10_1core.dll 2013-01-13 19:38:32 1887232 ----a-w- C:\windows\System32\d3d11.dll 2013-01-13 19:38:21 296960 ----a-w- C:\windows\System32\d3d10core.dll 2013-01-13 19:37:57 3419136 ----a-w- C:\windows\SysWow64\d2d1.dll 2013-01-13 19:25:04 245248 ----a-w- C:\windows\System32\WindowsCodecsExt.dll 2013-01-13 19:24:33 648192 ----a-w- C:\windows\System32\d3d10level9.dll 2013-01-13 19:24:30 221184 ----a-w- C:\windows\System32\UIAnimation.dll 2013-01-13 19:20:42 194560 ----a-w- C:\windows\System32\d3d10_1.dll 2013-01-13 19:20:04 1238528 ----a-w- C:\windows\System32\d3d10.dll 2013-01-13 19:15:40 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll 2013-01-13 19:10:36 3928064 ----a-w- C:\windows\System32\d2d1.dll 2013-01-13 19:02:06 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll 2013-01-13 18:34:58 364544 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll 2013-01-13 18:32:43 465920 ----a-w- C:\windows\System32\WMPhoto.dll 2013-01-13 18:09:52 522752 ----a-w- C:\windows\System32\XpsGdiConverter.dll 2013-01-13 17:26:42 1158144 ----a-w- C:\windows\SysWow64\XpsPrint.dll 2013-01-13 17:05:09 1682432 ----a-w- C:\windows\System32\XpsPrint.dll 2013-01-05 05:53:43 5553512 ----a-w- C:\windows\System32\ntoskrnl.exe 2013-01-05 05:00:15 3967848 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00:11 3913064 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2013-01-04 06:11:21 2284544 ----a-w- C:\windows\SysWow64\msmpeg2vdec.dll 2013-01-04 06:11:13 2776576 ----a-w- C:\windows\System32\msmpeg2vdec.dll 2013-01-04 05:46:09 215040 ----a-w- C:\windows\System32\winsrv.dll 2013-01-04 04:51:16 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2013-01-04 04:43:21 44032 ----a-w- C:\windows\apppatch\acwow64.dll 2013-01-04 03:26:48 3153408 ----a-w- C:\windows\System32\win32k.sys 2013-01-04 02:47:35 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2013-01-04 02:47:34 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2013-01-04 02:47:34 2048 ----a-w- C:\windows\SysWow64\user.exe 2013-01-04 02:47:33 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2013-01-03 06:00:54 1913192 ----a-w- C:\windows\System32\drivers\tcpip.sys 2013-01-03 06:00:42 288088 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS . ============= FINISH: 8:08:28.09 =============== Attach log . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 7/27/2011 3:35:41 AM System Uptime: 3/24/2013 12:19:54 AM (8 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: Intel® Core i3-2310M CPU @ 2.10GHz | CPU | 2100/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 285 GiB total, 160.241 GiB free. D: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP161: 2/26/2013 2:11:51 PM - Windows Update RP162: 2/27/2013 3:00:12 AM - Windows Update RP163: 2/28/2013 3:00:19 AM - Windows Update RP164: 3/3/2013 9:31:55 AM - Windows Update RP165: 3/7/2013 9:31:49 AM - Windows Update RP166: 3/11/2013 10:33:34 AM - Windows Update RP167: 3/14/2013 3:00:20 AM - Windows Update RP168: 3/17/2013 3:33:09 AM - Windows Update RP169: 3/21/2013 3:33:56 AM - Windows Update . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX 64-bit Adobe Reader X MUI Apple Application Support Apple Mobile Device Support Apple Software Update ASIO4ALL Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Best Buy pc app Bonjour BrowserProtect Conexant HD Audio Coupon Printer for Windows Curse Client D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Diablo III Dolby Axon - 1.5.0.1 File Association Manager 0.1 Google Chrome Google Update Helper HP Deskjet 2050 J510 series Basic Device Software HP Deskjet 2050 J510 series Help HP Deskjet 2050 J510 series Product Improvement Study HP Photo Creations HP Update Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology iTunes IZArc 4.1.7 Java Auto Updater Java 6 Update 27 Junk Mail filter update Label@Once 1.0 Malwarebytes Anti-Malware version 1.70.0.1100 Media Player MediaPlayerLite 0.4.1 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 MSVCRT MSVCRT_amd64 Mumble 1.2.3 PlayReady PC Runtime amd64 PlayReady PC Runtime x86 PowerISO QuickTime Realtek USB 2.0 Card Reader Realtek WLAN Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Sid Meier's Civilization V Steam Synaptics Pointing Device Driver System Requirements Lab for Intel TeamSpeak 3 Client TeamViewer 7 TOSHIBA Application Installer TOSHIBA Assist Toshiba Book Place TOSHIBA Bulletin Board TOSHIBA Disc Creator TOSHIBA Face Recognition TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert TOSHIBA Media Controller TOSHIBA Media Controller Plug-in TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Service Station TOSHIBA Supervisor Password TOSHIBA Value Added Package TOSHIBA Web Camera Application TOSHIBA Wireless LAN Indicator ToshibaRegistration Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Ventrilo Client for Windows x64 Visual Studio 2008 x64 Redistributables VLC media player 1.1.11 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.20 (32-bit) WinZip 17.0 World of Logs Client (4.2) World of Warcraft World of Warcraft Beta World of Warcraft Public Test X-Elerated Guides Client Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar . ==== End Of File ===========================

Sorry, been out of town for the last week. Just saw the reply last night. It seems to have resolved the issue. Thank you for your help. Again, sorry for the later reply.

I have been playing my game, World of Warcraft, normally with no issues until tonight. Now all of the sudden if stops running and I get the window's error screen asking if i want to check for a solution online or close the program. When a game crash that is game related happens, a specialized window from blizzard entertainment pops up with the error and the ability to send the details to them so they can see bugs ect. This is not whats happening, I am getting a normal window's popup with the following details. Problem signature: Problem Event Name: BEX Application Name: Wow.exe Application Version: 5.1.0.16357 Application Timestamp: 50bd642c Fault Module Name: StackHash_beec Fault Module Version: 0.0.0.0 Fault Module Timestamp: 00000000 Exception Offset: 00360001 Exception Code: c0000005 Exception Data: 00000008 OS Version: 6.1.7601.2.1.0.768.3 Locale ID: 1033 Additional Information 1: beec Additional Information 2: beecf34a5513d68b074dd0f1442b85fb Additional Information 3: ee1f Additional Information 4: ee1fbf244288f6a6ec4cf69ef150a248 As soon as I hit close program, I get another pop-up with these details Problem signature: Problem Event Name: APPCRASH Application Name: Wow.exe Application Version: 5.1.0.16357 Application Timestamp: 50bd642c Fault Module Name: gkdzzofc.dll Fault Module Version: 4.0.31106.0 Fault Module Timestamp: 4af3af84 Exception Code: c0000005 Exception Offset: 000020e7 OS Version: 6.1.7601.2.1.0.768.3 Locale ID: 1033 Additional Information 1: 8f9c Additional Information 2: 8f9c7fa46c53b992b7e1492f08c3759e Additional Information 3: b92b Additional Information 4: b92bc189b31f97936165b18c01e1367e The following is the dds scan. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 Run by Drew at 22:04:19 on 2013-01-04 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3020.1790 [GMT -5:00] . AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2012\avgrsa.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\taskhost.exe C:\windows\system32\taskeng.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\System32\rundll32.exe C:\windows\SysWOW64\rundll32.exe C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe C:\Users\Drew\AppData\Local\Apps\2.0\0GJ4T5R3.43G\JYNMPP5Y.BGT\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\windows\system32\wuauclt.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe C:\windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://start.toshiba.com/g/ uDefault_Page_URL = hxxp://start.toshiba.com/g/ uProxyOverride = <local> uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll uRun: [Apple Computer] rundll32 "C:\Users\Drew\AppData\Local\Best Buy pc app\Apple Computer\gkdzzofc.dll",DllRegisterServerW mRun: [PrivitizeVPNInstaller] C:\Users\Drew\AppData\Local\PrivitizeVPNInstaller\PrivitizeVPN_1.0.0.2_install_config.exe /S /delayInstall mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip StartupFolder: C:\Users\Drew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LIMEWI~1.LNK - C:\Program Files (x86)\LimeWire\LimeWire.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab TCP: NameServer = 192.168.254.254 TCP: Interfaces\{0EAF7ABD-ADCC-4150-9162-A86DD644690E} : DHCPNameServer = 192.168.254.254 TCP: Interfaces\{0EAF7ABD-ADCC-4150-9162-A86DD644690E}\76F676F696E666C696768647 : DHCPNameServer = 172.19.134.2 TCP: Interfaces\{F44E615D-9E29-4BDC-8055-65099188B684} : DHCPNameServer = 192.168.254.254 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2012-4-19 28480] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2012-1-31 36944] R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2012-8-30 228768] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384] R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2012-2-22 289872] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2011-12-23 47696] R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2012-3-19 383808] R2 BrowserProtect;BrowserProtect;C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2012-12-21 2469992] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-5 2754984] R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2011-6-12 9216] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-2-9 77424] R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-6-13 38096] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496] S3 AVGIDSFilter;AVGIDSFilter;C:\windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776] S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-6-12 243712] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-6-12 1109096] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2011-8-2 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-10-20 1255736] S4 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568] S4 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288] S4 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-6-13 54136] S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632] S4 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-12 2656280] S4 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe --> C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-01-04 08:30:21 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{130F37C9-4607-47C1-9497-3155C998EE42}\mpengine.dll 2013-01-03 08:30:11 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-03 02:46:08 -------- d-----w- C:\Users\Drew\AppData\Roaming\TS3Client 2013-01-03 02:45:12 -------- d-----w- C:\Users\Drew\AppData\Local\TeamSpeak 3 Client 2012-12-23 19:40:32 -------- d-----w- C:\Users\Drew\LuckyWire 2012-12-23 19:40:08 -------- d-----w- C:\Users\Drew\.luckywire 2012-12-22 04:14:52 2262960 ----a-w- C:\windows\SysWow64\Codejock.CommandBars.v13.0.0.ocx 2012-12-22 04:14:51 571312 ----a-w- C:\windows\SysWow64\Codejock.SkinFramework.Unicode.v13.0.0.ocx 2012-12-22 04:14:48 -------- d-----w- C:\Program Files (x86)\DolbyAxon 2012-12-21 22:33:01 -------- d-----w- C:\ProgramData\BrowserProtect 2012-12-21 22:32:17 -------- d-----w- C:\Program Files (x86)\VideoLAN 2012-12-21 22:32:13 723230 ----a-w- C:\windows\unins002.exe 2012-12-21 22:26:26 -------- d-----w- C:\Users\Drew\AppData\Roaming\Media Player Lite 2012-12-21 22:25:31 -------- d-----w- C:\Users\Drew\AppData\Roaming\FileAssociationManager 2012-12-21 22:25:27 -------- d-----w- C:\Program Files (x86)\FileAssociationManager 2012-12-21 22:25:22 -------- d-----w- C:\Program Files (x86)\MediaPlayerLite 2012-12-21 08:00:47 46080 ----a-w- C:\windows\System32\atmlib.dll 2012-12-21 08:00:47 34304 ----a-w- C:\windows\SysWow64\atmlib.dll 2012-12-21 08:00:46 367616 ----a-w- C:\windows\System32\atmfd.dll 2012-12-21 08:00:46 295424 ----a-w- C:\windows\SysWow64\atmfd.dll 2012-12-13 05:56:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2012-12-12 19:13:27 -------- d-----w- C:\Program Files (x86)\IZArc 2012-12-12 19:04:10 -------- d-----w- C:\windows\SysWow64\searchplugins 2012-12-12 19:04:10 -------- d-----w- C:\windows\SysWow64\Extensions 2012-12-12 19:03:44 -------- d-----w- C:\Users\Drew\AppData\Roaming\Babylon 2012-12-12 19:03:44 -------- d-----w- C:\ProgramData\Babylon 2012-12-12 12:51:06 -------- d-----w- C:\Users\Drew\AppData\Local\WinZip 2012-12-08 01:46:49 -------- d-----w- C:\Program Files (x86)\Say.So . ==================== Find3M ==================== . 2012-12-23 19:29:23 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-11-22 03:26:40 3149824 ----a-w- C:\windows\System32\win32k.sys 2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll 2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll 2012-11-02 02:52:50 75928 ----a-w- C:\windows\System32\drivers\dc3d.sys 2012-11-02 02:52:50 1795952 ----a-w- C:\windows\System32\WdfCoInstaller01011.dll 2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll . ============= FINISH: 22:05:17.11 =============== and the attatch file . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 7/27/2011 3:35:41 AM System Uptime: 1/4/2013 9:32:45 PM (1 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: Intel® Core i3-2310M CPU @ 2.10GHz | CPU | 2100/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 285 GiB total, 166.406 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC Device ID: PCI\VEN_10EC&DEV_8176&SUBSYS_818110EC&REV_01\4&F943F65&0&00E1 Manufacturer: Realtek Semiconductor Corp. Name: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC PNP Device ID: PCI\VEN_10EC&DEV_8176&SUBSYS_818110EC&REV_01\4&F943F65&0&00E1 Service: RTL8192Ce . ==== System Restore Points =================== . RP128: 12/20/2012 3:31:19 AM - Windows Update RP129: 12/21/2012 3:00:14 AM - Windows Update RP130: 12/23/2012 2:20:20 PM - Removed Claro Chrome Toolbar RP131: 12/23/2012 2:26:55 PM - Removed Java 6 Update 20 RP132: 12/23/2012 2:29:07 PM - Installed Java 6 Update 27 RP133: 12/24/2012 3:29:01 AM - Windows Update RP134: 12/28/2012 3:29:24 AM - Windows Update RP135: 1/1/2013 3:29:38 AM - Windows Update . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX 64-bit Adobe Reader X MUI Apple Application Support Apple Mobile Device Support Apple Software Update ASIO4ALL Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver AVG 2012 Best Buy pc app Bonjour BrowserProtect Conexant HD Audio Coupon Printer for Windows Curse Client Curse Client - 1 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Diablo III Dolby Axon - 1.5.0.1 File Association Manager 0.1 Google Chrome Google Update Helper HP Deskjet 2050 J510 series Basic Device Software HP Deskjet 2050 J510 series Help HP Deskjet 2050 J510 series Product Improvement Study HP Photo Creations HP Update Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology iTunes IZArc 4.1.7 Java Auto Updater Java 6 Update 27 Junk Mail filter update Label@Once 1.0 Media Player MediaPlayerLite 0.4.1 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 MSVCRT MSVCRT_amd64 Mumble 1.2.3 PlayReady PC Runtime amd64 PlayReady PC Runtime x86 PowerISO QuickTime Realtek USB 2.0 Card Reader Realtek WLAN Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Sid Meier's Civilization V Steam Synaptics Pointing Device Driver System Requirements Lab for Intel TeamSpeak 3 Client TeamViewer 7 TOSHIBA Application Installer TOSHIBA Assist Toshiba Book Place TOSHIBA Bulletin Board TOSHIBA Disc Creator TOSHIBA Face Recognition TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert TOSHIBA Media Controller TOSHIBA Media Controller Plug-in TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Service Station TOSHIBA Supervisor Password TOSHIBA Value Added Package TOSHIBA Web Camera Application TOSHIBA Wireless LAN Indicator ToshibaRegistration Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553092) Ventrilo Client for Windows x64 Visual Studio 2008 x64 Redistributables VLC media player 1.1.11 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.20 (32-bit) WinZip 17.0 World of Logs Client (4.2) World of Warcraft World of Warcraft Beta World of Warcraft Public Test X-Elerated Guides Client Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 12/31/2012 10:40:39 AM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds. 1/4/2013 5:40:19 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR24. . ==== End Of File =========================== Any help will be greatly appreciated. Thank you in advance!

OSVersion: 6.1.7600.2.0.0.265.1 LocaleID: 1033 sorry it got split into 2 posts, accidentally hit the wrong button and don't know how to go back and edit the other post. Not sure if this will help or if there is anything that can be done at this point, but any and all help will be greatly appreciated!

I do appreciate all the help, but since I got your response, it has gotten worse. I got about 5 BS in about 20 mins. and now i cannot even logon to that comp. I keep getting the windows startup repair, and it runs, but cannot fix the problem. This is what i get, ( I wrote it down so I could let you see it and see if there is anything I can do.) Problem Event Name: StartupRepaiOffline Problem Signature 01: 6.1.7600.16385 Problem Singature 02: 6.1.7600.16385 Problem Signature 03: unknown Problem Signature 04: 77 Problem Signature 05: AutoFailOver Problem Signature 06: 1 Problem Signature 07: MissingOSLoader OSVersion:

So far, no more blue screens, so all is running good. One other question though, could you recomend a good free AV that I could get ahold of?

dds - DDS (Ver_2012-11-07.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 1.6.0_37 Run by Drew at 19:14:55 on 2012-11-14 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.6855 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Users\Drew\AppData\Local\Apps\2.0\W228WO51.YK2\WL821MM7.H1W\curs..tion_9e9e83ddf3ed3ead_0005.0001_161f1f0e4761792c\CurseClient.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\sppsvc.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll StartupFolder: C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab TCP: NameServer = 192.168.254.254 TCP: Interfaces\{13278409-1DC1-4AA4-83BD-E0BE72EE68BA} : DHCPNameServer = 192.168.254.254 SSODL: WebCheck - <orphaned> x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\gyjynieh.default\ FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Drew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2010-12-20 25312] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-12-20 38456] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-7-30 1301504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2010-12-20 838136] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-7-30 61280] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-6 704864] S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-23 1255736] S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-7-30 202752] S4 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2010-7-30 203392] S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936] S4 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-7 2754984] S4 WSWNDA3100;WSWNDA3100;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-12-20 278528] . =============== Created Last 30 ================ . 2012-11-14 23:58:08 -------- d-----w- C:\Windows\ERUNT 2012-11-14 23:58:02 -------- d-----w- C:\JRT 2012-11-13 10:40:25 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E779913-B096-4E89-B042-1D738636F201}\mpengine.dll 2012-11-07 18:12:57 -------- d-----w- C:\Program Files (x86)\Xelerated Warcraft Guides 2012-11-01 14:36:45 -------- d-sh--w- C:\$RECYCLE.BIN 2012-10-28 18:25:31 -------- d-----w- C:\TDSSKiller_Quarantine 2012-10-28 15:49:55 -------- d-----w- C:\Users\Drew\AppData\Roaming\Malwarebytes 2012-10-28 15:49:49 -------- d-----w- C:\ProgramData\Malwarebytes 2012-10-28 15:16:05 -------- d-----w- C:\Windows\pss . ==================== Find3M ==================== . 2012-10-13 02:37:37 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-13 02:37:37 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-09-24 19:32:24 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-09-24 19:32:20 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-09-20 20:02:06 1832760 ----a-w- C:\Windows\System32\LogiLDA.DLL 2012-09-14 19:23:40 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-14 18:30:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-08-31 18:02:20 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-08-30 18:11:29 5505904 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-08-30 17:18:33 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:18:33 3902832 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05:28 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-08-24 17:10:47 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-08-21 17:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll 2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2012-08-18 15:43:05 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-08-18 15:43:05 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-08-18 15:43:05 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-08-18 15:42:31 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-08-18 15:40:26 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-08-18 15:37:49 425984 ----a-w- C:\Windows\System32\KernelBase.dll 2012-08-18 15:34:13 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-08-18 11:22:55 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-08-18 11:19:45 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-08-18 11:19:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-08-18 11:17:56 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-08-18 11:17:56 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-08-18 09:12:09 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-08-18 09:12:09 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-08-18 09:07:02 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-18 09:07:02 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-18 09:07:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-18 09:07:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll . ============= FINISH: 19:16:15.16 =============== mbar log - Malwarebytes Anti-Rootkit 1.1.0.1009 www.malwarebytes.org Database version: v2012.11.14.07 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Drew :: DREW-PC [administrator] 11/14/2012 7:10:23 PM mbar-log-2012-11-14 (19-10-23).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: PUP | PUM | P2P Objects scanned: 26908 Time elapsed: 5 minute(s), 17 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) mbar log 2 - --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_37 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 2.812000 GHz Memory total: 8589070336, free: 6614851584 ------------ Kernel report ------------ 11/14/2012 19:04:21 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\DRIVERS\ACPI.sys \SystemRoot\system32\DRIVERS\WMILIB.SYS \SystemRoot\system32\DRIVERS\msisadrv.sys \SystemRoot\system32\DRIVERS\pci.sys \SystemRoot\system32\DRIVERS\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\DRIVERS\pciide.sys \SystemRoot\system32\DRIVERS\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\atapi.sys \SystemRoot\system32\DRIVERS\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\scmndisp.sys \SystemRoot\system32\DRIVERS\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\AtiPcie.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\SysWow64\drivers\AsUpIO.sys \SystemRoot\SysWow64\drivers\AsIO.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\Drivers\nvBridge.kmd \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbfilter.sys \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\ASACPI.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\viahduaa.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\dc3d.sys \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\point64k.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\Sftvollh.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\system32\DRIVERS\Sftfslh.sys \SystemRoot\system32\DRIVERS\Sftplaylh.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\Sftredirlh.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \SystemRoot\system32\DRIVERS\monitor.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\msvcrt.dll \Windows\System32\wininet.dll \Windows\System32\setupapi.dll \Windows\System32\gdi32.dll \Windows\System32\comdlg32.dll \Windows\System32\kernel32.dll \Windows\System32\usp10.dll \Windows\System32\iertutil.dll \Windows\System32\user32.dll \Windows\System32\normaliz.dll \Windows\System32\Wldap32.dll \Windows\System32\clbcatq.dll \Windows\System32\ws2_32.dll \Windows\System32\shell32.dll \Windows\System32\lpk.dll \Windows\System32\nsi.dll \Windows\System32\msctf.dll \Windows\System32\difxapi.dll \Windows\System32\rpcrt4.dll \Windows\System32\ole32.dll \Windows\System32\urlmon.dll \Windows\System32\psapi.dll \Windows\System32\imm32.dll \Windows\System32\advapi32.dll \Windows\System32\imagehlp.dll \Windows\System32\shlwapi.dll \Windows\System32\sechost.dll \Windows\System32\oleaut32.dll \Windows\System32\devobj.dll \Windows\System32\cfgmgr32.dll \Windows\System32\comctl32.dll \Windows\System32\crypt32.dll \Windows\System32\KernelBase.dll \Windows\System32\wintrust.dll \Windows\System32\msasn1.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk1\DR6 Upper Device Object: 0xfffffa800701d310 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\000000af\ Lower Device Object: 0xfffffa800a421750 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR DriverEntry returned 0x0 Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk5\DR5 Upper Device Object: 0xfffffa8008fe6790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000087\ Lower Device Object: 0xfffffa8008fd5b60 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa8008fe5790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000086\ Lower Device Object: 0xfffffa8008fdc060 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa8008fe4790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000085\ Lower Device Object: 0xfffffa8008fbc060 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa8008fe3510 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000084\ Lower Device Object: 0xfffffa8008fd4060 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa80078b6060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa80078a6060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi DriverEntry returned 0x0 Function returned 0x0 Downloaded database version: v2012.11.14.07 Downloaded database version: v2012.11.12.01 Initializing... Done! Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa80078b6060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80078b6a50, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80078b6060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800789f440, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa80078a6060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xfffff8a00e9ca060, 0xfffffa80078b6060, 0xfffffa800a95e5c0 Lower DeviceData: 0xfffff8a003c5da80, 0xfffffa80078a6060, 0xfffffa8008ab5460 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: CB5BD2B2 Partition information: Partition 0 type is Other (0x1b) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 38961152 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 38963200 Numsec = 1426182144 Partition file system is NTFS Partition is bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 750156374016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)... Physical Sector Size: 0 Drive: 1, DevicePointer: 0xfffffa800701d310, DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006f6d040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800701d310, DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8007b663b0, DeviceName: Unknown, DriverName: \Driver\usbfilter\ DevicePointer: 0xfffffa800a421750, DeviceName: \Device\000000af\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa8008fe3510, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8008fe4040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8008fe3510, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8008fbc5e0, DeviceName: Unknown, DriverName: \Driver\usbfilter\ DevicePointer: 0xfffffa8008fd4060, DeviceName: \Device\00000084\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xfffffa8008fe4790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8008fe5040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8008fe4790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8008fd9ab0, DeviceName: Unknown, DriverName: \Driver\usbfilter\ DevicePointer: 0xfffffa8008fbc060, DeviceName: \Device\00000085\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa8008fe5790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8008fe6040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8008fe5790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8008fdcbf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\ DevicePointer: 0xfffffa8008fdc060, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xfffffa8008fe6790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8008fe7040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8008fe6790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8008fdc7a0, DeviceName: Unknown, DriverName: \Driver\usbfilter\ DevicePointer: 0xfffffa8008fd5b60, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Done! Performing system, memory and registry scan... Infected: C:\Windows\Installer\AMDEx3.msi --> [Malware.Generic] Read File: File "C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\Best Buy pc app Setup.dat" is compressed (flags = 1) Read File: File "C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\instance.dat" is compressed (flags = 1) Infected: C:\Users\Drew\Favorites\FREE PORN! FREE SEX! Perfect Girls Tube - 100 000 porn movies online.url --> [Rogue.Link] Done! Scan finished Creating System Restore point... Scheduling clean up... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal scheduling successful. System shutdown needed. System shutdown occured ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_37 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 2.812000 GHz Memory total: 8589070336, free: 7583887360 JRT log - ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 3.0.9 (11.13.2012) OS: Windows 7 Home Premium x64 Ran by Drew on Wed 11/14/2012 at 18:58:09.53 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88} Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440} ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440} Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com" Successfully deleted: [Registry Key] "hkey_local_machine\software\apn" Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar" Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll" ~~~ Files Successfully deleted: [File] C:\eula.1028.txt Successfully deleted: [File] C:\eula.1031.txt Successfully deleted: [File] C:\eula.1033.txt Successfully deleted: [File] C:\eula.1036.txt Successfully deleted: [File] C:\eula.1040.txt Successfully deleted: [File] C:\eula.1041.txt Successfully deleted: [File] C:\eula.1042.txt Successfully deleted: [File] C:\eula.2052.txt Successfully deleted: [File] C:\install.res.1028.dll Successfully deleted: [File] C:\install.res.1031.dll Successfully deleted: [File] C:\install.res.1033.dll Successfully deleted: [File] C:\install.res.1036.dll Successfully deleted: [File] C:\install.res.1040.dll Successfully deleted: [File] C:\install.res.1041.dll Successfully deleted: [File] C:\install.res.1042.dll Successfully deleted: [File] C:\install.res.2052.dll Successfully deleted: [File] C:\install.res.3082.dll Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\best buy pc app" Successfully deleted: [Folder] "C:\Users\Drew\appdata\local\best buy pc app" Successfully deleted: [Folder] "C:\Users\Drew\appdata\locallow\playready" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 11/14/2012 at 19:01:59.35 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I believe I completed everything asked. Please let me know if I missed something.

Thank you. Did not realize I had posted in the wrong forum. Have started a topic there for help. Thanks for your time.

Not sure what is actually going on, but I keep getting the BSOD, as it is so lovingly refered to. Any Help would be greatly appreciated to see if it is something that can be handled here or not. Thank you in advance for your time. attach.txt dds.txt

dds.txt attach.txt

Not entirely sure what is causing this, but I have been getting the BS alot lately. Usually it is with the IRQL_not less then_equal or Bad_Pool_Header. No idea what is causing this or how to submit what you need to see if this is a problem that you can help me fix. I would appreciate any time that you can give me. Thanks