Jump to content

Trojan.agent and BSoD?


Recommended Posts

Hi all - I've been getting a lot of random BSoD lately. I downloaded WhoCrashed, which seemed to indicate it was a software, not hardware issue, and googling led me to download Malwarebytes and Avast. These found a number of issues, one of which seems to be the Trojan.agent malware that I can't seem to get out of my computer.

Attached are the dds scans and the rogue killer scan. Thanks so much in advance to anyone able to help.

RKreport1_S_01262013_02d0910.txt

attach.txt

dds.txt

Link to post
Share on other sites

Are you aware of this proxy override, did you set that up or know it was there?

uProxyOverride = 127.0.0.1:9421;*.local;<local>

There are two security systems running, Avast and MSE. That is not good, one of those must be UNinstall asap...

Next,

Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*

  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post those logs in next reply please...

Kevin

Link to post
Share on other sites

I don't know what that proxy is...the only thing I can think of is perhaps my work vpn certificate?

I uninstalled MSE. A few months ago Windows started telling me that it wasn't a genuine copy, although it is. Trying to run the Windows correction fix didn't work.

Here are the two logs as requested, thank you so much.

AdwCleanerR1.txt

ComboFix.txt

Link to post
Share on other sites

Sorry, pasting content of AdwCleanerR1.txt:

# AdwCleaner v2.108 - Logfile created 01/26/2013 at 09:36:00

# Updated 24/01/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : krista - KRISTA-PC

# Boot Mode : Normal

# Running from : C:\Users\krista\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

Found : IB Updater Updater

***** [Files / Folders] *****

File Found : C:\END

File Found : C:\user.js

File Found : C:\Users\krista\AppData\Roaming\Mozilla\Firefox\Profiles\4vfn2h28.default\searchplugins\Askcom.xml

File Found : C:\Users\krista\AppData\Roaming\Mozilla\Firefox\Profiles\4vfn2h28.default\searchplugins\Conduit.xml

File Found : C:\Users\krista\AppData\Roaming\Mozilla\Firefox\Profiles\4vfn2h28.default\searchplugins\MyStart Search.xml

Folder Found : C:\Program Files (x86)\1ClickDownload

Folder Found : C:\Program Files\IB Updater

Folder Found : C:\ProgramData\APN

Folder Found : C:\ProgramData\Tarma Installer

Folder Found : C:\Users\krista\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Folder Found : C:\Users\krista\AppData\LocalLow\incredibar.com

Folder Found : C:\Windows\SysWOW64\WNLT

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\IM

Key Found : HKCU\Software\ImInstaller

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKCU\Software\WNLT

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL

Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject

Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}

Key Found : HKLM\Software\IB Updater

Key Found : HKLM\Software\Iminent

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

Key Found : HKLM\Software\Web Assistant

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload

Key Found : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}

Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}

Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}

Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}

Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}

Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}

Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}

Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT

Key Found : HKLM\SOFTWARE\Tarma Installer

Key Found : HKLM\SOFTWARE\Web Assistant

Key Found : HKU\S-1-5-21-341059148-3802057163-1194676567-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb128?a=6OyDzSDasv&i=26

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\krista\AppData\Roaming\Mozilla\Firefox\Profiles\4vfn2h28.default\prefs.js

Found : user_pref("extensions.incredibar.admin", false);

Found : user_pref("extensions.incredibar.aflt", "orgnl");

Found : user_pref("extensions.incredibar.cntry", "US");

Found : user_pref("extensions.incredibar.dfltLng", "");

Found : user_pref("extensions.incredibar.dfltSrch", false);

Found : user_pref("extensions.incredibar.dfltlng", "EN");

Found : user_pref("extensions.incredibar.dfltsrch", "false");

Found : user_pref("extensions.incredibar.did", "10658");

Found : user_pref("extensions.incredibar.envrmnt", "production");

Found : user_pref("extensions.incredibar.excTlbr", false);

Found : user_pref("extensions.incredibar.hdrMd5", "9B0A0E2BDF203BE4BC5B1199591FDAD7");

Found : user_pref("extensions.incredibar.hmpg", false);

Found : user_pref("extensions.incredibar.hrdid", "acd558d000000000000000044b09d321");

Found : user_pref("extensions.incredibar.id", "acd558d000000000000000044b09d321");

Found : user_pref("extensions.incredibar.installerproductid", "26");

Found : user_pref("extensions.incredibar.instlDay", "15629");

Found : user_pref("extensions.incredibar.instlRef", "");

Found : user_pref("extensions.incredibar.instlday", "15492");

Found : user_pref("extensions.incredibar.instlref", "");

Found : user_pref("extensions.incredibar.isDcmntCmplt", true);

Found : user_pref("extensions.incredibar.isdcmntcmplt", "false");

Found : user_pref("extensions.incredibar.keywordurl", "");

Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.147:26:14");

Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");

Found : user_pref("extensions.incredibar.newTab", false);

Found : user_pref("extensions.incredibar.newtab", "false");

Found : user_pref("extensions.incredibar.newtaburl", "");

Found : user_pref("extensions.incredibar.noFFXTlbr", false);

Found : user_pref("extensions.incredibar.ppd", "");

Found : user_pref("extensions.incredibar.prdct", "incredibar");

Found : user_pref("extensions.incredibar.productid", "26");

Found : user_pref("extensions.incredibar.propectorlck", 79139531);

Found : user_pref("extensions.incredibar.prtkDS", 0);

Found : user_pref("extensions.incredibar.prtkHmpg", 0);

Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");

Found : user_pref("extensions.incredibar.prtnrid", "Incredibar");

Found : user_pref("extensions.incredibar.sg", "none");

Found : user_pref("extensions.incredibar.smplGrp", "none");

Found : user_pref("extensions.incredibar.smplgrp", "none");

Found : user_pref("extensions.incredibar.srch", "");

Found : user_pref("extensions.incredibar.srchprvdr", "");

Found : user_pref("extensions.incredibar.tlbrId", "base");

Found : user_pref("extensions.incredibar.tlbrid", "base");

Found : user_pref("extensions.incredibar.upn2", "6OyDzSDasv");

Found : user_pref("extensions.incredibar.upn2n", "92261507534531223");

Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");

Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.147:26:14");

Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");

Found : user_pref("extensions.incredibar.vrsnts", "1.5.11.1420:33:31");

Found : user_pref("extensions.incredibar_i.aflt", "orgnl");

Found : user_pref("extensions.incredibar_i.dfltLng", "");

Found : user_pref("extensions.incredibar_i.did", "10658");

Found : user_pref("extensions.incredibar_i.excTlbr", false);

Found : user_pref("extensions.incredibar_i.id", "acd558d000000000000000044b09d321");

Found : user_pref("extensions.incredibar_i.installerproductid", "26");

Found : user_pref("extensions.incredibar_i.instlDay", "15629");

Found : user_pref("extensions.incredibar_i.instlRef", "");

Found : user_pref("extensions.incredibar_i.ms_url_id", "");

Found : user_pref("extensions.incredibar_i.newTab", false);

Found : user_pref("extensions.incredibar_i.ppd", "");

Found : user_pref("extensions.incredibar_i.prdct", "incredibar");

Found : user_pref("extensions.incredibar_i.productid", "26");

Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");

Found : user_pref("extensions.incredibar_i.smplGrp", "none");

Found : user_pref("extensions.incredibar_i.tlbrId", "base");

Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyDzSDasv&loc=IB[...]

Found : user_pref("extensions.incredibar_i.upn2", "6OyDzSDasv");

Found : user_pref("extensions.incredibar_i.upn2n", "92261507534531223");

Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");

Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.147:26:14");

Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");

-\\ Google Chrome v24.0.1312.56

File : C:\Users\krista\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [12700 octets] - [26/01/2013 09:36:00]

########## EOF - C:\AdwCleaner[R1].txt - [12761 octets] ##########

Link to post
Share on other sites

OK, do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:


ClearJavaCache::
DirLook::
C:\hotfix
FireFox::
FF - ProfilePath - c:\users\krista\AppData\Roaming\Mozilla\Firefox\Profiles\4vfn2h28.default\
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyDzSDasv&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - acd558d000000000000000044b09d321
FF - user.js: extensions.incredibar_i.instlDay - 15629
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.147:26
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyDzSDasv
FF - user.js: extensions.incredibar_i.upn2n - 92261507534531223
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10658
FF - user.js: extensions.incredibar_i.ppd -

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next,

When I gave instruction for AdwCleaner it was to run the "Delete" tab, not "Search" Run that again now please....

Next,

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

close program

copy and paste the report here

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

close program

copy and paste the report here

Next,

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Copy/paste those logs in reply, also give update on current issues/concerns..

Thanks,

Kevin

Link to post
Share on other sites

Thank you! Sorry about the adwcleaner - will be in my next reply. Here is the Combofix log:

ComboFix 13-01-26.02 - krista 01/26/2013 15:09:47.2.2 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3071.2013 [GMT -5:00]

Running from: c:\users\krista\Desktop\ComboFix.exe

Command switches used :: c:\users\krista\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-12-26 to 2013-01-26 )))))))))))))))))))))))))))))))

.

.

2013-01-26 20:19 . 2013-01-26 20:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-01-26 20:19 . 2013-01-26 20:19 -------- d-----w- c:\users\Mcx1-KRISTA-PC\AppData\Local\temp

2013-01-26 20:19 . 2013-01-26 20:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-26 09:00 . 2013-01-26 09:00 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84AC7DE4-C2E6-480D-A1AD-D6D826746D96}\offreg.dll

2013-01-26 00:35 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84AC7DE4-C2E6-480D-A1AD-D6D826746D96}\mpengine.dll

2013-01-25 02:13 . 2013-01-25 02:13 -------- d-----w- c:\users\krista\AppData\Local\Programs

2013-01-25 02:12 . 2013-01-25 02:12 -------- d-----w- c:\users\krista\AppData\Roaming\Malwarebytes

2013-01-25 02:12 . 2013-01-25 02:12 -------- d-----w- c:\programdata\Malwarebytes

2013-01-25 02:12 . 2013-01-25 02:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-01-25 02:12 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-24 02:11 . 2012-10-30 23:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-01-24 02:10 . 2012-10-30 23:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-01-24 02:10 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-01-24 02:10 . 2012-10-30 23:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-01-24 02:10 . 2012-10-30 23:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-01-24 02:10 . 2012-10-30 23:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-01-24 02:10 . 2012-10-30 23:50 285328 ----a-w- c:\windows\system32\aswBoot.exe

2013-01-24 02:05 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr

2013-01-24 02:05 . 2012-10-30 23:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2013-01-24 02:05 . 2013-01-24 02:05 -------- d-----w- c:\programdata\AVAST Software

2013-01-24 02:05 . 2013-01-24 02:05 -------- d-----w- c:\program files\AVAST Software

2013-01-24 01:21 . 2013-01-24 01:21 -------- d-----w- C:\hotfix

2013-01-24 01:05 . 2013-01-24 01:50 -------- d-----w- c:\program files\WhoCrashed

2013-01-20 01:31 . 2013-01-20 01:31 -------- d-----w- c:\users\krista\AppData\Roaming\Xilisoft

2013-01-20 01:28 . 2013-01-20 01:28 -------- d-----w- c:\programdata\Xilisoft

2013-01-20 01:20 . 2013-01-20 01:20 -------- d-----w- c:\users\Public\Juniper Networks

2013-01-20 01:20 . 2013-01-20 01:20 -------- d-----w- c:\program files (x86)\Common Files\Juniper Networks

2013-01-20 01:14 . 2013-01-20 01:14 -------- d-----w- c:\users\krista\AppData\Local\Juniper Networks

2013-01-20 01:14 . 2013-01-20 01:26 -------- d-----w- c:\users\krista\AppData\Roaming\Juniper Networks

2013-01-15 23:33 . 2013-01-04 15:53 9060864 ----a-w- c:\windows\system32\mshtml.dll

2013-01-12 23:00 . 2013-01-12 23:00 -------- d-----w- c:\users\krista\AppData\Roaming\Win7codecs

2013-01-12 23:00 . 2013-01-12 23:00 -------- d-----w- c:\program files (x86)\Win7codecs

2013-01-12 22:58 . 2013-01-12 23:00 -------- d-----w- c:\programdata\Win7codecs

2013-01-12 22:46 . 2013-01-12 23:20 -------- d-----w- c:\users\krista\AppData\Roaming\ConverterLite

2013-01-12 22:46 . 2013-01-12 22:46 -------- d-----w- c:\program files (x86)\ConverterLite

2013-01-12 22:46 . 2013-01-12 22:46 -------- d-----w- c:\programdata\APN

2013-01-12 22:44 . 2013-01-12 22:44 -------- d-----w- c:\users\krista\AppData\Roaming\AVS4YOU

2013-01-12 22:42 . 2013-01-12 22:43 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia

2013-01-12 22:41 . 2013-01-23 03:12 -------- d-----w- c:\program files (x86)\AVS4YOU

2013-01-12 22:41 . 2013-01-12 22:43 -------- d-----w- c:\programdata\AVS4YOU

2013-01-12 22:41 . 2012-03-24 00:59 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll

2013-01-12 22:41 . 2012-03-24 00:59 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll

2013-01-11 14:16 . 2013-01-11 14:16 4336640 ----a-w- c:\windows\SysWow64\x264vfw.dll

2013-01-09 21:12 . 2012-12-07 11:20 20480 ----a-w- c:\windows\system32\pegi-pt.rs

2013-01-09 21:11 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll

2013-01-07 15:00 . 2013-01-07 15:00 1566720 ----a-w- c:\windows\SysWow64\VSFilter.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-12 22:38 . 2011-01-21 20:38 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2013-01-12 22:38 . 2011-01-21 20:38 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2013-01-10 08:07 . 2011-01-21 23:38 67599240 ----a-w- c:\windows\system32\MRT.exe

2013-01-09 19:12 . 2012-09-03 12:33 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-01-09 19:12 . 2011-06-08 09:41 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-16 17:11 . 2012-12-24 08:01 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-24 08:01 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-24 08:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-24 08:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-01 01:33 . 2012-12-01 01:33 1120 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg

2012-12-01 01:32 . 2012-12-01 01:32 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll

2012-11-30 04:45 . 2013-01-09 21:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-11-12 12:28 . 2012-12-12 10:25 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-12 11:52 . 2012-12-12 10:25 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-11-09 05:45 . 2012-12-12 10:26 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-09 04:42 . 2012-12-12 10:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-11-02 05:59 . 2012-12-12 10:23 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-11-02 05:11 . 2012-12-12 10:23 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

2012-07-12 08:28 . 2012-07-12 08:28 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll

2012-02-12 21:35 . 2012-02-12 21:35 270142 ----a-w- c:\program files (x86)\Minecraft(10).exe

.

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of C:\hotfix ----

.

2013-01-24 01:21 . 2011-03-02 07:04 270317 ----a-w- c:\hotfix\Windows6.1-KB983554-x64.msu

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]

c:\program files\IB Updater\Extension32.dll [bU]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-22 39408]

"Wootalyzer"="c:\program files (x86)\Wootalyzer\woot.exe" [2009-03-26 374272]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 IB Updater Updater;IB Updater Updater;c:\program files\IB Updater\ExtensionUpdaterService.exe [2012-10-03 188760]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

R3 AM10;Cisco AM10 Driver;c:\windows\system32\DRIVERS\am10w7.sys [2010-03-23 1101600]

R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-21 1255736]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-01-19 21992]

S2 FileOpenManagerSvc;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManagerSvc64.exe [2011-12-09 334720]

S2 JuniperAccessService;Juniper Unified Network Service;c:\program files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2012-08-22 158832]

S2 RaAutoInstSrv_AM10;Cisco Valet Connector Service;c:\program files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe [2010-04-15 529024]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]

S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - FileOpenWebPublisherScreenHookDriver

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-01-24 00:09 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 19:12]

.

2013-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-22 02:23]

.

2013-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-22 02:23]

.

2013-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-341059148-3802057163-1194676567-1000Core.job

- c:\users\krista\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-12 02:23]

.

2013-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-341059148-3802057163-1194676567-1000UA.job

- c:\users\krista\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-12 02:23]

.

2011-07-05 c:\windows\Tasks\RegTask.job

- c:\program files (x86)\RegTask\RegTask.exe [2011-07-04 19:16]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://mystart.incredibar.com/mb128?a=6OyDzSDasv&i=26

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local>

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: gulfinsurance.com

Trusted Zone: northlandins.com

Trusted Zone: northlandonline.com

Trusted Zone: soe.com

Trusted Zone: sony.com

Trusted Zone: spt.com

Trusted Zone: stpaul.com

Trusted Zone: stpaultravelers.com

Trusted Zone: travelers.com

Trusted Zone: gulfinsurance.com

Trusted Zone: northlandins.com

Trusted Zone: northlandonline.com

Trusted Zone: spt.com

Trusted Zone: stpaul.com

Trusted Zone: stpaultravelers.com

Trusted Zone: travelers.com

Trusted Zone: travelerspc.com

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://athome.travelers.com/+CSCOL+/csvrloader32.cab

FF - ProfilePath - c:\users\krista\AppData\Roaming\Mozilla\Firefox\Profiles\4vfn2h28.default\

FF - prefs.js: keyword.URL - hxxp://www.google.com

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2013-01-23 21:06; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-26 15:24:32

ComboFix-quarantined-files.txt 2013-01-26 20:24

ComboFix2.txt 2013-01-26 15:00

.

Pre-Run: 3,989,098,496 bytes free

Post-Run: 3,782,176,768 bytes free

.

- - End Of File - - C90690F3E4A0AB63035AF9ADD3D932F2

Link to post
Share on other sites

adwcleaner log:

# AdwCleaner v2.108 - Logfile created 01/26/2013 at 15:26:57

# Updated 24/01/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : krista - KRISTA-PC

# Boot Mode : Normal

# Running from : C:\Users\krista\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : IB Updater Updater

***** [Files / Folders] *****

File Deleted : C:\END

File Deleted : C:\user.js

File Deleted : C:\Users\krista\AppData\Roaming\Mozilla\Firefox\Profiles\4vfn2h28.default\searchplugins\Askcom.xml

File Deleted : C:\Users\krista\AppData\Roaming\Mozilla\Firefox\Profiles\4vfn2h28.default\searchplugins\Conduit.xml

File Deleted : C:\Users\krista\AppData\Roaming\Mozilla\Firefox\Profiles\4vfn2h28.default\searchplugins\MyStart Search.xml

Folder Deleted : C:\Program Files (x86)\1ClickDownload

Folder Deleted : C:\Program Files\IB Updater

Folder Deleted : C:\ProgramData\APN

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Users\krista\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Folder Deleted : C:\Users\krista\AppData\LocalLow\incredibar.com

Folder Deleted : C:\Windows\SysWOW64\WNLT

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\WNLT

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL

Key Deleted : HKLM\Software\IB Updater

Key Deleted : HKLM\Software\Iminent

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

Key Deleted : HKLM\Software\Web Assistant

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT

Key Deleted : HKLM\SOFTWARE\Web Assistant

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb128?a=6OyDzSDasv&i=26 --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\krista\AppData\Roaming\Mozilla\Firefox\Profiles\4vfn2h28.default\prefs.js

C:\Users\krista\AppData\Roaming\Mozilla\Firefox\Profiles\4vfn2h28.default\user.js ... Deleted !

Deleted : user_pref("extensions.incredibar.admin", false);

Deleted : user_pref("extensions.incredibar.aflt", "orgnl");

Deleted : user_pref("extensions.incredibar.cntry", "US");

Deleted : user_pref("extensions.incredibar.dfltLng", "");

Deleted : user_pref("extensions.incredibar.dfltSrch", false);

Deleted : user_pref("extensions.incredibar.dfltlng", "EN");

Deleted : user_pref("extensions.incredibar.dfltsrch", "false");

Deleted : user_pref("extensions.incredibar.did", "10658");

Deleted : user_pref("extensions.incredibar.envrmnt", "production");

Deleted : user_pref("extensions.incredibar.excTlbr", false);

Deleted : user_pref("extensions.incredibar.hdrMd5", "9B0A0E2BDF203BE4BC5B1199591FDAD7");

Deleted : user_pref("extensions.incredibar.hmpg", false);

Deleted : user_pref("extensions.incredibar.hrdid", "acd558d000000000000000044b09d321");

Deleted : user_pref("extensions.incredibar.id", "acd558d000000000000000044b09d321");

Deleted : user_pref("extensions.incredibar.installerproductid", "26");

Deleted : user_pref("extensions.incredibar.instlDay", "15629");

Deleted : user_pref("extensions.incredibar.instlRef", "");

Deleted : user_pref("extensions.incredibar.instlday", "15492");

Deleted : user_pref("extensions.incredibar.instlref", "");

Deleted : user_pref("extensions.incredibar.isDcmntCmplt", true);

Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false");

Deleted : user_pref("extensions.incredibar.keywordurl", "");

Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.147:26:14");

Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");

Deleted : user_pref("extensions.incredibar.newTab", false);

Deleted : user_pref("extensions.incredibar.newtab", "false");

Deleted : user_pref("extensions.incredibar.newtaburl", "");

Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);

Deleted : user_pref("extensions.incredibar.ppd", "");

Deleted : user_pref("extensions.incredibar.prdct", "incredibar");

Deleted : user_pref("extensions.incredibar.productid", "26");

Deleted : user_pref("extensions.incredibar.propectorlck", 79139531);

Deleted : user_pref("extensions.incredibar.prtkDS", 0);

Deleted : user_pref("extensions.incredibar.prtkHmpg", 0);

Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");

Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar");

Deleted : user_pref("extensions.incredibar.sg", "none");

Deleted : user_pref("extensions.incredibar.smplGrp", "none");

Deleted : user_pref("extensions.incredibar.smplgrp", "none");

Deleted : user_pref("extensions.incredibar.srch", "");

Deleted : user_pref("extensions.incredibar.srchprvdr", "");

Deleted : user_pref("extensions.incredibar.tlbrId", "base");

Deleted : user_pref("extensions.incredibar.tlbrid", "base");

Deleted : user_pref("extensions.incredibar.upn2", "6OyDzSDasv");

Deleted : user_pref("extensions.incredibar.upn2n", "92261507534531223");

Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");

Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.147:26:14");

Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");

Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.1420:33:31");

-\\ Google Chrome v24.0.1312.56

File : C:\Users\krista\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [12777 octets] - [26/01/2013 09:36:00]

AdwCleaner[s1].txt - [9491 octets] - [26/01/2013 15:26:57]

########## EOF - C:\AdwCleaner[s1].txt - [9551 octets] ##########

Link to post
Share on other sites

After I ran awcleaner, it rebooted as it said it would, then malwarebytes came up and said it detected the trojan.agent - then I got two blue screens and a straight reboot - now I'm loaded up and it seems as though malwarebytes is not triggering (it was shut off for the diagnostics but reloaded on boot). Running the next test for you.

Link to post
Share on other sites

ESET log:

C:\Program Files (x86)\RegTask\RegTask.exe a variant of Win32/Adware.RegRevive application cleaned by deleting - quarantined

C:\Users\krista\Downloads\converterlite_d166363.exe probably a variant of Win32/InstallIQ application cleaned by deleting - quarantined

Link to post
Share on other sites

Security Check:

Results of screen317's Security Check version 0.99.57

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Windows Firewall Disabled!

avast! Antivirus

Microsoft Security Essentials

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Java 6 Update 30

Java 7 Update 7

Java version out of Date!

Adobe Flash Player 11.5.502.146

Adobe Reader 10.1.5 Adobe Reader out of Date!

Mozilla Firefox (18.0.1)

Google Chrome 24.0.1312.52

Google Chrome 24.0.1312.56

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Client Antimalware NisSrv.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 3%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Thanks for the logs, you still have Avast and MSE installed, one of those needs to be removed....

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

Untick the option for McAfee security scanner if offered.

Download and install.

Having the latest updates ensures there are no security vulnerabilities in your system.

Next,

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

***Note: Check in start > control panel > uninstall a program, ensure old versions of Java are removed.

Next,

Run DDS, copy paste the logs to your reply. Let me know how your system is responding, also if any issues/concerns remain....

Download and save DDS to your Desktop from either of the following links:

http://download.bleepingcomputer.com/sUBs/dds.scr

http://compendiate.net/sUBs/dds/dds.scr

Note: You must use Internet Explorer to download dds.scr, other browsers will open the file in the browser and not save it. Or if you must use Firefox, or Chrome, then right click the link and select "save link as" and save the file to your desktop.

Double-click the dds.scr file to run the program.

It will automatically run in silent mode and then you will see the following note:

"Two logs shall be created on your Desktop"

The logs will be named dds.txt and attach.txt".

Wait until the logs appear and then copy and paste their contents in your post.

Kevin..

Link to post
Share on other sites

DDS log

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.11.2

Run by krista at 20:57:23 on 2013-01-26

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3071.1487 [GMT -5:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\SysWOW64\UTSCSI.EXE

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Wootalyzer\woot.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\msiexec.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\krista\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uProxyOverride = 127.0.0.1:9421;*.local;<local>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\24.0.1312.56\npchrome_frame.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Wootalyzer] "C:\Program Files (x86)\Wootalyzer\woot.exe" /boot

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: gulfinsurance.com

Trusted Zone: northlandins.com

Trusted Zone: northlandonline.com

Trusted Zone: soe.com

Trusted Zone: sony.com

Trusted Zone: spt.com

Trusted Zone: stpaul.com

Trusted Zone: stpaultravelers.com

Trusted Zone: travelers.com

Trusted Zone: gulfinsurance.com

Trusted Zone: northlandins.com

Trusted Zone: northlandonline.com

Trusted Zone: spt.com

Trusted Zone: stpaul.com

Trusted Zone: stpaultravelers.com

Trusted Zone: travelers.com

Trusted Zone: travelerspc.com

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://athome.travelers.com/+CSCOL+/csvrloader32.cab

DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://athome.travelers.com/+CSCOL+/relayp.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{DC148650-954B-48CA-BFDD-223999C4C7CA} : DHCPNameServer = 75.75.75.75 75.75.76.76

Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\24.0.1312.56\npchrome_frame.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab

x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\krista\AppData\Roaming\Mozilla\Firefox\Profiles\4vfn2h28.default\

FF - prefs.js: keyword.URL - hxxp://www.google.com

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Users\krista\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\krista\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\krista\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\krista\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-01-23 21:06; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-1-23 984144]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-1-23 370288]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 189440]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-1-23 25232]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-1-23 71600]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-1-23 44808]

R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]

R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-3-12 21992]

R2 FileOpenManagerSvc;FileOpen Manager Service;C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe [2011-12-9 334720]

R2 JuniperAccessService;Juniper Unified Network Service;C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2012-8-22 158832]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-24 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-24 682344]

R2 RaAutoInstSrv_AM10;Cisco Valet Connector Service;C:\Program Files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe [2011-11-23 529024]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-24 24176]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2011-4-18 40832]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AM10;Cisco AM10 Driver;C:\Windows\System32\drivers\am10w7.sys [2010-6-1 1101600]

S3 cpuz134;cpuz134;C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2011-1-24 21480]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-7-14 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-14 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-21 1255736]

.

=============== Created Last 30 ================

.

2013-01-27 01:51:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-01-26 20:42:26 -------- d-----w- C:\Program Files (x86)\ESET

2013-01-26 20:28:51 -------- d-sh--w- C:\$RECYCLE.BIN

2013-01-26 14:39:27 98816 ----a-w- C:\Windows\sed.exe

2013-01-26 14:39:27 256000 ----a-w- C:\Windows\PEV.exe

2013-01-26 14:39:27 208896 ----a-w- C:\Windows\MBR.exe

2013-01-26 09:00:10 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{84AC7DE4-C2E6-480D-A1AD-D6D826746D96}\offreg.dll

2013-01-26 00:35:51 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{84AC7DE4-C2E6-480D-A1AD-D6D826746D96}\mpengine.dll

2013-01-25 02:13:13 -------- d-----w- C:\Users\krista\AppData\Local\Programs

2013-01-25 02:12:42 -------- d-----w- C:\Users\krista\AppData\Roaming\Malwarebytes

2013-01-25 02:12:31 -------- d-----w- C:\ProgramData\Malwarebytes

2013-01-25 02:12:30 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-01-25 02:12:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-01-24 02:10:41 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-01-24 02:10:35 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-01-24 02:10:30 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2013-01-24 02:05:30 41224 ----a-w- C:\Windows\avastSS.scr

2013-01-24 02:05:15 -------- d-----w- C:\ProgramData\AVAST Software

2013-01-24 02:05:15 -------- d-----w- C:\Program Files\AVAST Software

2013-01-24 01:21:27 -------- d-----w- C:\hotfix

2013-01-24 01:05:41 -------- d-----w- C:\Program Files\WhoCrashed

2013-01-20 01:31:30 -------- d-----w- C:\Users\krista\AppData\Roaming\Xilisoft

2013-01-20 01:28:03 -------- d-----w- C:\ProgramData\Xilisoft

2013-01-20 01:20:16 -------- d-----w- C:\Program Files (x86)\Common Files\Juniper Networks

2013-01-20 01:14:32 -------- d-----w- C:\Users\krista\AppData\Local\Juniper Networks

2013-01-20 01:14:31 -------- d-----w- C:\Users\krista\AppData\Roaming\Juniper Networks

2013-01-12 23:00:39 -------- d-----w- C:\Users\krista\AppData\Roaming\Win7codecs

2013-01-12 23:00:31 -------- d-----w- C:\Program Files (x86)\Win7codecs

2013-01-12 22:58:14 -------- d-----w- C:\ProgramData\Win7codecs

2013-01-12 22:46:53 -------- d-----w- C:\Users\krista\AppData\Roaming\ConverterLite

2013-01-12 22:46:52 -------- d-----w- C:\Program Files (x86)\ConverterLite

2013-01-12 22:44:09 -------- d-----w- C:\Users\krista\AppData\Roaming\AVS4YOU

2013-01-12 22:42:19 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia

2013-01-12 22:41:34 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2013-01-12 22:41:34 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll

2013-01-12 22:41:34 -------- d-----w- C:\ProgramData\AVS4YOU

2013-01-12 22:41:34 -------- d-----w- C:\Program Files (x86)\AVS4YOU

2013-01-11 14:16:52 4336640 ----a-w- C:\Windows\SysWow64\x264vfw.dll

2013-01-09 21:13:46 750592 ----a-w- C:\Windows\System32\win32spl.dll

2013-01-09 21:12:59 21504 ----a-w- C:\Windows\SysWow64\grb.rs

2013-01-09 21:11:59 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2013-01-07 15:00:00 1566720 ----a-w- C:\Windows\SysWow64\VSFilter.dll

.

==================== Find3M ====================

.

2013-01-27 01:49:51 859552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-01-27 01:49:51 780192 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-01-09 19:12:17 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-09 19:12:17 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

2012-12-01 01:33:21 1120 ----a-w- C:\Windows\SysWow64\ealregsnapshot1.reg

2012-12-01 01:32:33 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll

2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe

2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll

2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll

2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-11-12 12:28:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-12 11:52:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll

2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll

2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-07-12 08:28:44 2174976 ----a-w- C:\Program Files (x86)\Common Files\atimpenc.dll

2012-02-12 21:35:42 270142 ----a-w- C:\Program Files (x86)\Minecraft(10).exe

.

============= FINISH: 21:00:17.03 ===============

Link to post
Share on other sites

Attach log:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume2

Install Date: 1/21/2011 3:30:20 PM

System Uptime: 1/26/2013 8:41:47 PM (1 hours ago)

.

Motherboard: EVGA | | 122-CK-NF68

Processor: Intel® Core2 Duo CPU E6750 @ 2.66GHz | Socket 775 | 2666/332mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 75 GiB total, 3.273 GiB free.

D: is FIXED (NTFS) - 153 GiB total, 48.147 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP803: 1/26/2013 8:46:48 PM - Installed Java 7 Update 11

RP804: 1/26/2013 8:52:08 PM - Removed Java 6 Update 30

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Akamai NetSession Interface

Akamai NetSession Interface Service

Amazon Kindle

Apple Application Support

Apple Mobile Device Support

Apple Software Update

avast! Free Antivirus

AVS4YOU Software Navigator 1.4

Bing Bar

Bonjour

Canon IJ Network Scan Utility

Canon IJ Network Tool

Canon MG5200 series MP Drivers

Cisco Valet Connector

Comcast Desktop Software (v1.2.1)

ConverterLite 1.6.2

CPUID CPU-Z 1.57

Curse Client

Dragon Nest

Dropbox

FeralHeart version 1.009

FeralHeart version 1.13

FileOpen Client (x64)

Google Chrome

Google Chrome Frame

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

iTunes

Java 7 Update 11

Java Auto Updater

Juniper Networks Junos Pulse Collaboration 7.2.0

Juniper Networks, Inc. Setup Client

Juniper Networks, Inc. Setup Client 64-bit Activex Control

Juniper Networks, Inc. Setup Client Activex Control

Junos Pulse Collaboration 7.2.0

Junos Pulse Collaboration 7.2.0 Admin

Mabinogi

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 4 Client Profile

Microsoft Antimalware

Microsoft PowerPoint Viewer

Microsoft Security Client

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 18.0.1 (x86 en-US)

Mozilla Maintenance Service

Nexon Game Manager

NVIDIA 3D Vision Driver 306.97

NVIDIA Control Panel 306.97

NVIDIA Graphics Driver 306.97

NVIDIA HD Audio Driver 1.1.13.1

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.10.0514

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.10.8

NVIDIA Update Components

PC Wizard 2010.1.96

PowerISO

RegTask

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

SketchUp 8

Spore

SPORE™ Creature Creator Trial Edition

Steam

System Requirements Lab

Travelers Web Certificate Installation

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Ventrilo Client for Windows x64

WhoCrashed 4.01

Win7codecs

WinRAR 4.10 beta 5 (32-bit)

WolfQuest

Wootalyzer!

World of Warcraft

Xilisoft Video Converter Ultimate

.

==== Event Viewer Messages From Past Week ========

.

1/26/2013 8:50:04 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/26/2013 8:45:00 PM, Error: Service Control Manager [7023] - The Microsoft Antimalware Service service terminated with the following error: %%-2147017840

1/26/2013 8:44:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom

1/26/2013 8:43:01 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800033bd63a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012613-75582-01.

1/26/2013 8:00:37 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

1/26/2013 8:00:02 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

1/26/2013 7:59:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

1/26/2013 7:59:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

1/26/2013 7:59:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

1/26/2013 7:59:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

1/26/2013 7:59:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/26/2013 7:59:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

1/26/2013 7:59:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

1/26/2013 7:59:10 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80045a6bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012613-72602-01.

1/26/2013 7:58:37 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi cdrom CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf

1/26/2013 7:58:34 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

1/26/2013 7:58:34 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

1/26/2013 7:58:34 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

1/26/2013 7:58:34 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/26/2013 7:58:34 AM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

1/26/2013 7:58:34 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/26/2013 7:58:33 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/26/2013 7:58:33 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

1/26/2013 7:58:33 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

1/26/2013 7:58:33 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/26/2013 7:58:33 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

1/26/2013 3:39:18 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/26/2013 3:37:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.

1/26/2013 3:37:52 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/26/2013 3:31:57 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800030c30c5, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012613-46347-01.

1/26/2013 3:19:53 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

1/26/2013 3:19:14 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

1/26/2013 3:09:26 PM, Error: Service Control Manager [7034] - The IB Updater Updater service terminated unexpectedly. It has done this 1 time(s).

1/26/2013 3:07:03 PM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

1/26/2013 2:48:58 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).

1/26/2013 10:00:07 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

1/25/2013 7:30:52 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/24/2013 9:25:19 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/24/2013 9:16:13 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/24/2013 7:44:27 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/24/2013 7:42:19 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000306766b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012413-57455-01.

1/24/2013 10:39:34 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 9:59:05 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dd, 0x0000000000000002, 0x0000000000000001, 0xfffff800031070c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-54257-01.

1/23/2013 9:48:04 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 9:46:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8004649bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-56799-01.

1/23/2013 9:35:28 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 9:33:44 PM, Error: Microsoft-Windows-Subsys-SMSS [12] - The crash dump file could not be created due to a lack of free space on the destination drive. Increasing the amount of free space on the destination drive may help prevent this error.

1/23/2013 9:13:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8004589bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-85270-01.

1/23/2013 9:12:44 PM, Error: Service Control Manager [7000] - The aswFsBlk service failed to start due to the following error: The system cannot find the file specified.

1/23/2013 9:12:17 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

1/23/2013 8:56:57 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 8:56:27 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000338563a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-52088-01.

1/23/2013 8:45:19 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 8:44:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000338b63a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-56924-01.

1/23/2013 8:34:48 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 8:27:38 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 8:26:33 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000337563a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-60419-01.

1/23/2013 8:20:59 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 8:13:38 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 8:13:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff800030b816a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-71058-01.

1/23/2013 7:41:49 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 7:40:13 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80045a8bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-44725-01.

1/23/2013 7:09:16 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 7:07:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800033cb63a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-64771-01.

1/23/2013 6:25:54 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 6:25:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800033d763a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-70855-01.

1/23/2013 6:05:23 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 6:03:05 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff80003367851, 0xfffff880033f36c8, 0xfffff880033f2f20). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-54475-01.

1/23/2013 5:45:43 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000339163a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-40607-01.

1/23/2013 5:33:33 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000307566b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-42759-01.

1/23/2013 5:16:01 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800033d063a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-51792-01.

1/23/2013 5:02:10 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000001, 0x0000000000000002, 0x0000000000000000, 0xfffff8000309d242). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-459703-01.

1/23/2013 5:00:53 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 4:52:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Akamai NetSession Interface service to connect.

1/23/2013 4:27:31 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000004244f3, 0x0000000000000002, 0x0000000000000001, 0xfffff800031070c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-40435-01.

1/23/2013 4:20:42 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 4:20:11 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800030a866b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-76175-01.

1/23/2013 4:08:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80044bebb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-292065-01.

1/23/2013 4:07:51 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 4:06:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.

1/23/2013 3:59:53 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 3:58:59 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800033db63a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-44366-01.

1/23/2013 3:27:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800030bb66b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-292657-01.

1/23/2013 3:27:14 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 3:26:13 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80045ffbb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-47751-01.

1/23/2013 3:26:12 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 3:02:26 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000338763a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-51636-01.

1/23/2013 2:57:08 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 2:56:20 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8004a73bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-47845-01.

1/23/2013 2:41:18 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 2:40:55 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8004842bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-64990-01.

1/23/2013 2:33:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000339063a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-389425-01.

1/23/2013 2:32:12 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80045e0bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-62103-01.

1/23/2013 2:31:01 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 2:25:54 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 2:24:38 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Juniper Unified Network Service service to connect.

1/23/2013 2:24:38 AM, Error: Service Control Manager [7000] - The Juniper Unified Network Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/23/2013 2:24:34 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80045d3bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-50887-01.

1/23/2013 12:22:59 AM, Error: volsnap [27] - The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.

1/23/2013 12:22:26 AM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

1/23/2013 11:59:09 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 11:53:25 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000337e63a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-57611-01.

1/23/2013 10:43:56 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 10:42:25 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800033c463a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-65442-01.

1/23/2013 10:00:45 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 1:48:27 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa800460dbb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-363388-01.

1/23/2013 1:47:22 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 1:05:59 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/23/2013 1:04:40 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800033d463a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012313-105394-01.

1/23/2013 1:00:45 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/22/2013 9:47:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000338263a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-69420-01.

1/22/2013 9:06:39 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/22/2013 9:06:03 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800033bc63a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-74974-01.

1/22/2013 8:31:48 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/22/2013 8:30:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000339163a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-57065-01.

1/22/2013 8:07:16 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/22/2013 8:06:40 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000339263a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-75332-01.

1/22/2013 8:05:08 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/22/2013 8:03:29 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000337e63a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-52681-01.

1/22/2013 7:37:12 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa800491dbb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-55817-01.

1/22/2013 7:29:12 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/22/2013 7:28:33 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000306966b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-78406-01.

1/22/2013 7:21:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.

1/22/2013 7:21:15 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/22/2013 7:21:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

1/22/2013 7:19:05 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000338c63a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-49405-01.

1/22/2013 7:05:13 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000306766b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-64334-01.

1/22/2013 6:57:48 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80046c8bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-59670-01.

1/22/2013 6:50:19 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/22/2013 6:49:26 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa800452bbb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-31106-01.

1/22/2013 6:47:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000338e63a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-46223-01.

1/22/2013 6:37:18 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/22/2013 6:34:27 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000338763a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-52197-01.

1/22/2013 6:17:35 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800030b166b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-40029-01.

1/22/2013 6:03:44 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/22/2013 6:02:05 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000338663a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-86580-01.

1/22/2013 5:56:17 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/22/2013 5:54:02 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800033c663a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-70871-01.

1/22/2013 5:36:14 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/22/2013 5:35:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000338c63a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-52931-02.

1/22/2013 5:01:13 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/22/2013 5:00:16 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000306466b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-49109-01.

1/22/2013 4:58:31 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/22/2013 4:57:19 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800033c663a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-27222-01.

1/22/2013 4:27:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000306366b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-50606-01.

1/22/2013 3:44:40 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8004600bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-56394-01.

1/22/2013 3:34:54 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/22/2013 3:34:16 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000337863a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-68203-01.

1/22/2013 3:28:53 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/22/2013 3:28:02 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8004536bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-46379-01.

1/22/2013 3:21:39 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/22/2013 3:00:16 PM, Error: Service Control Manager [7022] - The Network Location Awareness service hung on starting.

1/22/2013 2:58:53 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80045d5bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-50341-01.

1/22/2013 2:54:23 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/22/2013 2:51:20 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800033bf63a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-24991-01.

1/22/2013 2:28:26 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/22/2013 2:25:19 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000310d0c5, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-85753-01.

1/22/2013 12:23:24 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/22/2013 12:21:06 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000337c63a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-52899-01.

1/22/2013 11:47:54 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/22/2013 11:44:49 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8004a30bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-51995-01.

1/22/2013 11:36:30 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/22/2013 11:34:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8004a47bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-33867-01.

1/22/2013 10:46:43 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/22/2013 10:46:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800033c863a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-85379-01.

1/22/2013 10:09:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service defragsvc with arguments "" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}

1/22/2013 10:03:55 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff8000310c0c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-48329-01.

1/22/2013 10:03:43 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf

1/22/2013 1:47:23 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800033da63a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-46176-01.

1/22/2013 1:25:10 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/22/2013 1:07:14 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/22/2013 1:05:08 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800033d563a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-36067-01.

1/22/2013 1:03:03 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/22/2013 1:01:16 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000337963a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012213-47283-01.

1/20/2013 3:02:35 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a00adaf000, 0x0000000000000000, 0xfffff800030cd6ce, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012013-52697-01.

.

==== End Of File ===========================

Link to post
Share on other sites

Regarding Microsoft Security Essentials go to the following link http://support.microsoft.com/kb/2435760 Scroll down to the "Fixit" select it and follow the prompts.

Next,

Download Farbar Recovery Scan Tool on a clean PC (if possible) and save to a flash drive (memory stick). Use which ever of the folllowing is applicable to your system. (32 or 64 bit)

Download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ <--- 64 bit version Save to USB flash drive

Download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ <--- 32 bit version Save to USB Flash drive

Plug the flashdrive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Kevin

Link to post
Share on other sites

Okay sorry about that. I uninstalled MSE per the instructions above and ran the FRST64 scan. FYI Malwarebytes is still triggering for trojan.agent and I noticed that it looks like I have some type of coupon drop down thing showing up in chrome - coupon drop down? Here is the log for FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-02-2013 03

Ran by SYSTEM at 31-01-2013 20:21:13

Running from E:\

Windows 7 Ultimate (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)

HKU\krista\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-01-21] (Google Inc.)

HKU\krista\...\Run: [Wootalyzer] "C:\Program Files (x86)\Wootalyzer\woot.exe" /boot [374272 2009-03-25] ()

HKU\Mcx1-KRISTA-PC\...\RunOnce: [Application Restart #0] C:\Program Files\Microsoft Security Client\msseces.exe -Recover [1436736 2011-06-15] (Microsoft Corporation)

HKU\Mcx1-KRISTA-PC\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

==================== Services (Whitelisted) ===================

2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll [4539712 2012-11-11] (Akamai Technologies, Inc.)

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-30] (AVAST Software)

2 FileOpenManagerSvc; "C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe" [334720 2011-12-09] (FileOpen Systems Inc.)

2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [12784 2011-04-27] (Microsoft Corporation)

3 NisSrv; "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [288272 2011-04-27] (Microsoft Corporation)

2 RaAutoInstSrv_AM10; C:\Program Files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe [529024 2010-04-15] (Cisco Consumer Products LLC)

2 UTSCSI; C:\Windows\SysWow64\UTSCSI.EXE [45056 2011-11-23] ()

==================== Drivers (Whitelisted) =====================

3 AM10; C:\Windows\System32\DRIVERS\am10w7.sys [1101600 2010-03-23] (Ralink Technology Corp.)

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)

2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)

1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)

1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)

1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)

1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)

3 cpuz134; \??\C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [21480 2010-07-09] (Windows ® Win 7 DDK provider)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)

1 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)

3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)

3 catchme; \??\C:\ComboFix\catchme.sys [x]

3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]

3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]

3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-01-31 20:14 - 2013-01-31 20:14 - 00000000 ____D C:\FRST

2013-01-31 17:05 - 2013-01-31 17:05 - 01464583 ____A (Farbar) C:\Users\krista\Downloads\FRST64.exe

2013-01-31 17:02 - 2013-01-31 17:02 - 00018332 ____A C:\FixitRegBackup.reg

2013-01-31 17:00 - 2013-01-31 17:00 - 00899584 ____A C:\Users\krista\Downloads\MicrosoftFixit50535.msi

2013-01-31 04:18 - 2013-01-31 04:18 - 00290608 ____A C:\Windows\Minidump\013113-33150-01.dmp

2013-01-28 16:59 - 2013-01-28 16:59 - 01883245 ____A C:\Users\krista\Downloads\Jet-Vac.zip

2013-01-28 16:59 - 2013-01-28 16:59 - 01883245 ____A C:\Users\krista\Downloads\Jet-Vac(1).zip

2013-01-26 17:53 - 2013-01-26 17:49 - 00261024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-01-26 17:53 - 2013-01-26 17:49 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-01-26 17:53 - 2013-01-26 17:49 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-01-26 17:51 - 2013-01-26 17:49 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-01-26 17:46 - 2013-01-26 17:46 - 31473568 ____A (Oracle Corporation) C:\Users\krista\Downloads\jre-7u11-windows-i586 (1).exe

2013-01-26 17:45 - 2013-01-26 17:45 - 00998928 ____A (Solid State Networks) C:\Users\krista\Downloads\install_reader11_en_mssd_aih.exe

2013-01-26 17:43 - 2013-01-26 17:43 - 00290584 ____A C:\Windows\Minidump\012613-75582-01.dmp

2013-01-26 17:40 - 2013-01-26 17:40 - 31473568 ____A (Oracle Corporation) C:\Users\krista\Downloads\jre-7u11-windows-i586.exe

2013-01-26 17:40 - 2013-01-26 17:40 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk

2013-01-26 15:18 - 2013-01-26 15:18 - 00881914 ____A C:\Users\krista\Desktop\SecurityCheck.exe

2013-01-26 15:16 - 2013-01-26 15:16 - 00000263 ____A C:\Users\krista\Desktop\ESET SCAN.txt

2013-01-26 12:42 - 2013-01-26 12:42 - 00000000 ____D C:\Program Files (x86)\ESET

2013-01-26 12:31 - 2013-01-26 12:31 - 00282600 ____A C:\Windows\Minidump\012613-46347-01.dmp

2013-01-26 12:26 - 2013-01-26 12:27 - 00009574 ____A C:\AdwCleaner[s1].txt

2013-01-26 12:24 - 2013-01-26 12:24 - 00020410 ____A C:\ComboFix.txt

2013-01-26 12:04 - 2013-01-26 12:04 - 00005261 ____A C:\Users\krista\Documents\instructions.txt

2013-01-26 07:19 - 2013-01-26 07:19 - 00012777 ____A C:\Users\krista\Downloads\AdwCleanerR1 (1).txt

2013-01-26 07:07 - 2013-01-26 07:07 - 00012777 ____A C:\Users\krista\Downloads\AdwCleanerR1.txt

2013-01-26 06:39 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2013-01-26 06:39 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2013-01-26 06:39 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2013-01-26 06:39 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2013-01-26 06:39 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2013-01-26 06:39 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2013-01-26 06:39 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2013-01-26 06:39 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2013-01-26 06:38 - 2013-01-26 12:24 - 00000000 ____D C:\Qoobox

2013-01-26 06:38 - 2013-01-26 06:58 - 00000000 ____D C:\Windows\erdnt

2013-01-26 06:36 - 2013-01-26 06:36 - 00012777 ____A C:\AdwCleaner[R1].txt

2013-01-26 06:33 - 2013-01-26 06:33 - 05026751 ____R (Swearware) C:\Users\krista\Desktop\ComboFix.exe

2013-01-26 06:32 - 2013-01-26 06:32 - 00578255 ____A C:\Users\krista\Desktop\adwcleaner.exe

2013-01-26 06:10 - 2013-01-26 06:10 - 00002305 ____A C:\Users\krista\Desktop\RKreport[1]_S_01262013_02d0910.txt

2013-01-26 06:10 - 2013-01-26 06:10 - 00000000 ____D C:\Users\krista\Desktop\RK_Quarantine

2013-01-26 06:09 - 2013-01-26 06:09 - 00768512 ____A C:\Users\krista\Desktop\RogueKiller.exe

2013-01-26 06:01 - 2013-01-26 18:00 - 00060973 ____A C:\Users\krista\Desktop\attach.txt

2013-01-26 06:01 - 2013-01-26 18:00 - 00021986 ____A C:\Users\krista\Desktop\dds.txt

2013-01-26 05:56 - 2013-01-26 05:56 - 00688992 ____R (Swearware) C:\Users\krista\Desktop\dds.com

2013-01-26 04:59 - 2013-01-26 04:59 - 00290568 ____A C:\Windows\Minidump\012613-72602-01.dmp

2013-01-24 18:12 - 2013-01-24 18:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-01-24 18:12 - 2013-01-24 18:13 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-01-24 18:12 - 2013-01-24 18:12 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\krista\Downloads\mbam-setup-1.62.0.1300.exe

2013-01-24 18:12 - 2013-01-24 18:12 - 00000000 ____D C:\Users\krista\AppData\Roaming\Malwarebytes

2013-01-24 18:12 - 2013-01-24 18:12 - 00000000 ____D C:\Users\All Users\Malwarebytes

2013-01-24 18:12 - 2012-12-14 13:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-01-24 16:42 - 2013-01-24 16:42 - 00290200 ____A C:\Windows\Minidump\012413-57455-01.dmp

2013-01-23 20:53 - 2013-01-23 20:53 - 00289712 ____A C:\Windows\Minidump\012313-57611-01.dmp

2013-01-23 19:42 - 2013-01-23 19:42 - 00289128 ____A C:\Windows\Minidump\012313-65442-01.dmp

2013-01-23 18:59 - 2013-01-23 18:59 - 00290528 ____A C:\Windows\Minidump\012313-54257-01.dmp

2013-01-23 18:46 - 2013-01-23 18:46 - 00286512 ____A C:\Windows\Minidump\012313-56799-01.dmp

2013-01-23 18:16 - 2013-01-23 18:16 - 00001918 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2013-01-23 18:13 - 2013-01-23 18:13 - 00283720 ____A C:\Windows\Minidump\012313-85270-01.dmp

2013-01-23 18:11 - 2012-10-30 15:51 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys

2013-01-23 18:10 - 2013-01-23 18:15 - 00000000 ____A C:\Windows\SysWOW64\config.nt

2013-01-23 18:10 - 2012-10-30 15:51 - 00984144 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys

2013-01-23 18:10 - 2012-10-30 15:51 - 00370288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys

2013-01-23 18:10 - 2012-10-30 15:51 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys

2013-01-23 18:10 - 2012-10-30 15:51 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys

2013-01-23 18:10 - 2012-10-30 15:50 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe

2013-01-23 18:10 - 2012-10-15 08:59 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys

2013-01-23 18:05 - 2013-01-23 18:05 - 00000000 ____D C:\Users\All Users\AVAST Software

2013-01-23 18:05 - 2013-01-23 18:05 - 00000000 ____D C:\Program Files\AVAST Software

2013-01-23 18:05 - 2012-10-30 15:51 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr

2013-01-23 18:05 - 2012-10-30 15:50 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe

2013-01-23 18:03 - 2013-01-23 18:04 - 97565024 ____A C:\Users\krista\Downloads\avast_free_antivirus_setup.exe

2013-01-23 17:56 - 2013-01-23 17:56 - 00290112 ____A C:\Windows\Minidump\012313-52088-01.dmp

2013-01-23 17:44 - 2013-01-23 17:44 - 00282360 ____A C:\Windows\Minidump\012313-56924-01.dmp

2013-01-23 17:42 - 2013-01-23 17:42 - 00290568 ____A C:\Windows\Minidump\012313-47174-01.dmp

2013-01-23 17:26 - 2013-01-23 17:26 - 00290576 ____A C:\Windows\Minidump\012313-60419-01.dmp

2013-01-23 17:21 - 2013-01-23 17:21 - 00399176 ____A C:\Users\krista\Downloads\429362_intl_x64_zip (2).exe

2013-01-23 17:21 - 2013-01-23 17:21 - 00000000 ____D C:\hotfix

2013-01-23 17:20 - 2013-01-23 17:20 - 00399176 ____A C:\Users\krista\Downloads\429362_intl_x64_zip (1).exe

2013-01-23 17:15 - 2013-01-23 17:15 - 00399176 ____A C:\Users\krista\Downloads\429362_intl_x64_zip.exe

2013-01-23 17:15 - 2011-03-01 23:04 - 00270317 ____A C:\Windows6.1-KB983554-x64.msu

2013-01-23 17:13 - 2013-01-23 17:13 - 00290592 ____A C:\Windows\Minidump\012313-71058-01.dmp

2013-01-23 17:05 - 2013-01-23 17:50 - 00000000 ____D C:\Program Files\WhoCrashed

2013-01-23 17:05 - 2013-01-23 17:05 - 02043928 ____A (Resplendence Software Projects Sp. ) C:\Users\krista\Downloads\whocrashedSetup (2).exe

2013-01-23 16:07 - 2013-01-23 16:07 - 00287392 ____A C:\Windows\Minidump\012313-64771-01.dmp

2013-01-23 15:25 - 2013-01-23 15:25 - 00290624 ____A C:\Windows\Minidump\012313-70855-01.dmp

2013-01-23 15:03 - 2013-01-23 15:03 - 00282144 ____A C:\Windows\Minidump\012313-54475-01.dmp

2013-01-23 14:02 - 2013-01-23 14:02 - 00282112 ____A C:\Windows\Minidump\012313-459703-01.dmp

2013-01-23 13:08 - 2013-01-23 13:08 - 00287440 ____A C:\Windows\Minidump\012313-292065-01.dmp

2013-01-23 12:27 - 2013-01-23 12:27 - 00287760 ____A C:\Windows\Minidump\012313-292657-01.dmp

2013-01-23 11:33 - 2013-01-23 11:33 - 00289184 ____A C:\Windows\Minidump\012313-389425-01.dmp

2013-01-23 10:48 - 2013-01-23 10:48 - 00288464 ____A C:\Windows\Minidump\012313-363388-01.dmp

2013-01-23 04:40 - 2013-01-23 04:40 - 00290240 ____A C:\Windows\Minidump\012313-44725-01.dmp

2013-01-23 02:45 - 2013-01-23 02:45 - 00287392 ____A C:\Windows\Minidump\012313-40607-01.dmp

2013-01-23 02:33 - 2013-01-23 02:33 - 00288400 ____A C:\Windows\Minidump\012313-42759-01.dmp

2013-01-23 02:15 - 2013-01-23 02:16 - 00290232 ____A C:\Windows\Minidump\012313-51792-01.dmp

2013-01-23 01:27 - 2013-01-23 01:27 - 00287392 ____A C:\Windows\Minidump\012313-40435-01.dmp

2013-01-23 01:20 - 2013-01-23 01:20 - 00287952 ____A C:\Windows\Minidump\012313-76175-01.dmp

2013-01-23 00:58 - 2013-01-23 00:58 - 00288944 ____A C:\Windows\Minidump\012313-44366-01.dmp

2013-01-23 00:26 - 2013-01-23 00:26 - 00288096 ____A C:\Windows\Minidump\012313-47751-01.dmp

2013-01-23 00:02 - 2013-01-23 00:02 - 00287776 ____A C:\Windows\Minidump\012313-51636-01.dmp

2013-01-22 23:56 - 2013-01-22 23:56 - 00287472 ____A C:\Windows\Minidump\012313-47845-01.dmp

2013-01-22 23:40 - 2013-01-22 23:40 - 00288032 ____A C:\Windows\Minidump\012313-64990-01.dmp

2013-01-22 23:32 - 2013-01-22 23:32 - 00287952 ____A C:\Windows\Minidump\012313-62103-01.dmp

2013-01-22 23:24 - 2013-01-22 23:24 - 00289528 ____A C:\Windows\Minidump\012313-50887-01.dmp

2013-01-22 22:04 - 2013-01-22 22:04 - 00287552 ____A C:\Windows\Minidump\012313-105394-01.dmp

2013-01-22 20:34 - 2013-01-22 20:34 - 00287472 ____A C:\Windows\Minidump\012213-33867-01.dmp

2013-01-22 19:46 - 2013-01-22 19:46 - 00290560 ____A C:\Windows\Minidump\012213-85379-01.dmp

2013-01-22 18:55 - 2013-01-22 18:55 - 02043928 ____A (Resplendence Software Projects Sp. ) C:\Users\krista\Downloads\whocrashedSetup (1).exe

2013-01-22 18:54 - 2013-01-22 18:54 - 02043928 ____A (Resplendence Software Projects Sp. ) C:\Users\krista\Downloads\whocrashedSetup.exe

2013-01-22 18:51 - 2013-01-22 18:51 - 00290400 ____A C:\Users\krista\Downloads\012213-69420-01.dmp

2013-01-22 18:51 - 2013-01-22 18:51 - 00290400 ____A C:\Users\krista\Downloads\012213-69420-01 (1).dmp

2013-01-19 17:31 - 2013-01-19 17:31 - 00000000 ____D C:\Users\krista\AppData\Roaming\Xilisoft

2013-01-19 17:29 - 2013-01-19 17:29 - 00000912 ____A C:\Users\Public\Desktop\Xilisoft Video Converter Ultimate.lnk

2013-01-19 17:28 - 2013-01-19 17:28 - 00000000 ____D C:\Users\All Users\Xilisoft

2013-01-19 17:20 - 2013-01-19 17:20 - 00000000 ____D C:\Users\Public\Juniper Networks

2013-01-19 17:14 - 2013-01-19 17:26 - 00000000 ____D C:\Users\krista\AppData\Roaming\Juniper Networks

2013-01-19 17:14 - 2013-01-19 17:14 - 00000000 ____D C:\Users\krista\AppData\Local\Juniper Networks

2013-01-19 17:13 - 2013-01-19 17:14 - 01786800 ____A (Juniper Networks, Inc.) C:\Users\krista\Downloads\JuniperSetupClientInstaller.exe

2013-01-15 15:33 - 2013-01-04 07:53 - 09060864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-01-15 15:33 - 2013-01-04 07:32 - 06029824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-01-12 15:46 - 2013-01-12 15:46 - 00003584 ____A C:\Users\Mcx1-KRISTA-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-01-12 15:00 - 2013-01-12 15:00 - 00000000 ____D C:\Users\krista\AppData\Roaming\Win7codecs

2013-01-12 15:00 - 2013-01-12 15:00 - 00000000 ____D C:\Program Files (x86)\Win7codecs

2013-01-12 14:58 - 2013-01-12 15:00 - 00000000 ____D C:\Users\All Users\Win7codecs

2013-01-12 14:56 - 2013-01-12 14:57 - 27997303 ____A C:\Users\krista\Downloads\Win7codecs_v396.exe

2013-01-12 14:46 - 2013-01-12 15:20 - 00000000 ____D C:\Users\krista\AppData\Roaming\ConverterLite

2013-01-12 14:46 - 2013-01-12 14:46 - 00001947 ____A C:\Users\Public\Desktop\ConverterLite.lnk

2013-01-12 14:46 - 2013-01-12 14:46 - 00000000 ____D C:\Program Files (x86)\ConverterLite

2013-01-12 14:44 - 2013-01-12 14:44 - 00000000 ____D C:\Users\krista\AppData\Roaming\AVS4YOU

2013-01-12 14:41 - 2013-01-28 19:04 - 00000000 ____D C:\Program Files (x86)\AVS4YOU

2013-01-12 14:41 - 2013-01-12 14:43 - 00000000 ____D C:\Users\All Users\AVS4YOU

2013-01-12 14:41 - 2012-03-23 16:59 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll

2013-01-12 14:41 - 2012-03-23 16:59 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll

2013-01-12 14:01 - 2013-01-12 14:39 - 00000000 ____D C:\Users\krista\Downloads\Skyfall.DVDSCR.x264-P2P

2013-01-12 13:57 - 2013-01-12 13:57 - 66731496 ____A (Online Media Technologies Ltd. ) C:\Users\krista\Downloads\AVSVideoConverter.exe

2013-01-11 15:43 - 2013-01-23 16:11 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2013-01-11 06:16 - 2013-01-11 06:16 - 04336640 ____A C:\Windows\SysWOW64\x264vfw.dll

2013-01-10 16:32 - 2013-01-19 07:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-01-09 14:06 - 2013-01-09 14:09 - 00018602 ____A C:\Users\krista\Downloads\AskMrRobot-1.0.0.0.zip

2013-01-09 13:13 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs

2013-01-09 13:13 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs

2013-01-09 13:13 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs

2013-01-09 13:13 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs

2013-01-09 13:13 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs

2013-01-09 13:13 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs

2013-01-09 13:13 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs

2013-01-09 13:13 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs

2013-01-09 13:13 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs

2013-01-09 13:13 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs

2013-01-09 13:13 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs

2013-01-09 13:13 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs

2013-01-09 13:13 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll

2013-01-09 13:13 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll

2013-01-09 13:13 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2013-01-09 13:13 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2013-01-09 13:13 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2013-01-09 13:13 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

2013-01-09 13:13 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2013-01-09 13:13 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2013-01-09 13:13 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2013-01-09 13:13 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2013-01-09 13:12 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll

2013-01-09 13:12 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll

2013-01-09 13:12 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll

2013-01-09 13:12 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll

2013-01-09 13:12 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs

2013-01-09 13:12 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs

2013-01-09 13:12 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs

2013-01-09 13:12 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs

2013-01-09 13:12 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs

2013-01-09 13:12 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs

2013-01-09 13:12 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs

2013-01-09 13:12 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs

2013-01-09 13:12 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs

2013-01-09 13:12 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs

2013-01-09 13:12 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs

2013-01-09 13:12 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs

2013-01-09 13:12 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs

2013-01-09 13:12 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs

2013-01-09 13:12 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs

2013-01-09 13:12 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs

2013-01-09 13:11 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2013-01-09 13:11 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll

2013-01-09 13:11 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2013-01-09 13:11 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2013-01-09 13:11 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2013-01-09 13:11 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2013-01-09 13:11 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-01-09 13:11 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2013-01-09 13:11 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2013-01-09 13:11 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2013-01-09 13:11 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-01-09 13:11 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-01-09 13:11 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-01-09 13:11 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-01-09 13:11 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2013-01-09 13:11 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls

2013-01-09 13:11 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls

2013-01-09 13:11 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-01-09 13:11 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe

2013-01-07 07:00 - 2013-01-07 07:00 - 01566720 ____A (xy-VSFilter Team) C:\Windows\SysWOW64\VSFilter.dll

2013-01-05 22:00 - 2013-01-31 17:05 - 00006842 ____A C:\Windows\setupact.log

2013-01-05 22:00 - 2013-01-05 22:00 - 00000000 ____A C:\Windows\setuperr.log

2013-01-01 19:27 - 2013-01-05 05:48 - 00052795 ____A C:\Users\krista\Documents\hotcha-2013.xml

==================== One Month Modified Files and Folders =======

2013-01-31 20:14 - 2013-01-31 20:14 - 00000000 ____D C:\FRST

2013-01-31 17:08 - 2011-04-11 17:11 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-341059148-3802057163-1194676567-1000UA.job

2013-01-31 17:08 - 2011-01-21 18:23 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-01-31 17:07 - 2011-01-21 15:12 - 01494382 ____A C:\Windows\WindowsUpdate.log

2013-01-31 17:06 - 2009-07-13 21:13 - 00729880 ____A C:\Windows\System32\PerfStringBackup.INI

2013-01-31 17:05 - 2013-01-31 17:05 - 01464583 ____A (Farbar) C:\Users\krista\Downloads\FRST64.exe

2013-01-31 17:05 - 2013-01-05 22:00 - 00006842 ____A C:\Windows\setupact.log

2013-01-31 17:02 - 2013-01-31 17:02 - 00018332 ____A C:\FixitRegBackup.reg

2013-01-31 17:00 - 2013-01-31 17:00 - 00899584 ____A C:\Users\krista\Downloads\MicrosoftFixit50535.msi

2013-01-31 16:12 - 2012-11-07 14:23 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-01-31 14:08 - 2011-04-11 17:11 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-341059148-3802057163-1194676567-1000Core.job

2013-01-31 04:27 - 2009-07-13 20:45 - 00017168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-01-31 04:27 - 2009-07-13 20:45 - 00017168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-01-31 04:20 - 2011-01-21 18:23 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-01-31 04:18 - 2013-01-31 04:18 - 00290608 ____A C:\Windows\Minidump\013113-33150-01.dmp

2013-01-31 04:18 - 2012-12-13 00:34 - 00000000 ____D C:\Windows\Minidump

2013-01-31 04:18 - 2011-01-21 13:06 - 00000000 ____D C:\Users\All Users\NVIDIA

2013-01-31 04:18 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-01-30 12:11 - 2011-01-23 11:44 - 00000000 ____D C:\Users\krista\AppData\Roaming\Mozilla

2013-01-28 19:04 - 2013-01-12 14:41 - 00000000 ____D C:\Program Files (x86)\AVS4YOU

2013-01-28 16:59 - 2013-01-28 16:59 - 01883245 ____A C:\Users\krista\Downloads\Jet-Vac.zip

2013-01-28 16:59 - 2013-01-28 16:59 - 01883245 ____A C:\Users\krista\Downloads\Jet-Vac(1).zip

2013-01-26 18:00 - 2013-01-26 06:01 - 00060973 ____A C:\Users\krista\Desktop\attach.txt

2013-01-26 18:00 - 2013-01-26 06:01 - 00021986 ____A C:\Users\krista\Desktop\dds.txt

2013-01-26 17:54 - 2012-01-02 16:25 - 00000000 ____D C:\Program Files (x86)\Java

2013-01-26 17:49 - 2013-01-26 17:53 - 00261024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-01-26 17:49 - 2013-01-26 17:53 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-01-26 17:49 - 2013-01-26 17:53 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-01-26 17:49 - 2013-01-26 17:51 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-01-26 17:49 - 2012-09-15 07:19 - 00859552 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-01-26 17:49 - 2012-01-02 16:25 - 00780192 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2013-01-26 17:46 - 2013-01-26 17:46 - 31473568 ____A (Oracle Corporation) C:\Users\krista\Downloads\jre-7u11-windows-i586 (1).exe

2013-01-26 17:45 - 2013-01-26 17:45 - 00998928 ____A (Solid State Networks) C:\Users\krista\Downloads\install_reader11_en_mssd_aih.exe

2013-01-26 17:43 - 2013-01-26 17:43 - 00290584 ____A C:\Windows\Minidump\012613-75582-01.dmp

2013-01-26 17:42 - 2012-11-07 14:21 - 00017668 ____A C:\Windows\PFRO.log

2013-01-26 17:40 - 2013-01-26 17:40 - 31473568 ____A (Oracle Corporation) C:\Users\krista\Downloads\jre-7u11-windows-i586.exe

2013-01-26 17:40 - 2013-01-26 17:40 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk

2013-01-26 17:39 - 2011-01-21 18:23 - 00000000 ____D C:\Users\All Users\Adobe

2013-01-26 17:39 - 2011-01-21 18:23 - 00000000 ____D C:\Program Files (x86)\Adobe

2013-01-26 15:18 - 2013-01-26 15:18 - 00881914 ____A C:\Users\krista\Desktop\SecurityCheck.exe

2013-01-26 15:16 - 2013-01-26 15:16 - 00000263 ____A C:\Users\krista\Desktop\ESET SCAN.txt

2013-01-26 14:39 - 2011-07-04 04:19 - 00000000 ____D C:\Program Files (x86)\RegTask

2013-01-26 12:42 - 2013-01-26 12:42 - 00000000 ____D C:\Program Files (x86)\ESET

2013-01-26 12:37 - 2011-01-22 05:49 - 00000000 ____D C:\Users\krista\AppData\Local\Apps\2.0

2013-01-26 12:31 - 2013-01-26 12:31 - 00282600 ____A C:\Windows\Minidump\012613-46347-01.dmp

2013-01-26 12:27 - 2013-01-26 12:26 - 00009574 ____A C:\AdwCleaner[s1].txt

2013-01-26 12:24 - 2013-01-26 12:24 - 00020410 ____A C:\ComboFix.txt

2013-01-26 12:24 - 2013-01-26 06:38 - 00000000 ____D C:\Qoobox

2013-01-26 12:19 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini

2013-01-26 12:04 - 2013-01-26 12:04 - 00005261 ____A C:\Users\krista\Documents\instructions.txt

2013-01-26 07:26 - 2011-01-21 14:47 - 00000000 ____D C:\Users\krista\AppData\Roaming\BitTorrent

2013-01-26 07:19 - 2013-01-26 07:19 - 00012777 ____A C:\Users\krista\Downloads\AdwCleanerR1 (1).txt

2013-01-26 07:07 - 2013-01-26 07:07 - 00012777 ____A C:\Users\krista\Downloads\AdwCleanerR1.txt

2013-01-26 07:00 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default

2013-01-26 06:58 - 2013-01-26 06:38 - 00000000 ____D C:\Windows\erdnt

2013-01-26 06:36 - 2013-01-26 06:36 - 00012777 ____A C:\AdwCleaner[R1].txt

2013-01-26 06:33 - 2013-01-26 06:33 - 05026751 ____R (Swearware) C:\Users\krista\Desktop\ComboFix.exe

2013-01-26 06:32 - 2013-01-26 06:32 - 00578255 ____A C:\Users\krista\Desktop\adwcleaner.exe

2013-01-26 06:10 - 2013-01-26 06:10 - 00002305 ____A C:\Users\krista\Desktop\RKreport[1]_S_01262013_02d0910.txt

2013-01-26 06:10 - 2013-01-26 06:10 - 00000000 ____D C:\Users\krista\Desktop\RK_Quarantine

2013-01-26 06:09 - 2013-01-26 06:09 - 00768512 ____A C:\Users\krista\Desktop\RogueKiller.exe

2013-01-26 05:56 - 2013-01-26 05:56 - 00688992 ____R (Swearware) C:\Users\krista\Desktop\dds.com

2013-01-26 04:59 - 2013-01-26 04:59 - 00290568 ____A C:\Windows\Minidump\012613-72602-01.dmp

2013-01-24 18:14 - 2013-01-24 18:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-01-24 18:13 - 2013-01-24 18:12 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-01-24 18:12 - 2013-01-24 18:12 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\krista\Downloads\mbam-setup-1.62.0.1300.exe

2013-01-24 18:12 - 2013-01-24 18:12 - 00000000 ____D C:\Users\krista\AppData\Roaming\Malwarebytes

2013-01-24 18:12 - 2013-01-24 18:12 - 00000000 ____D C:\Users\All Users\Malwarebytes

2013-01-24 16:42 - 2013-01-24 16:42 - 00290200 ____A C:\Windows\Minidump\012413-57455-01.dmp

2013-01-23 20:53 - 2013-01-23 20:53 - 00289712 ____A C:\Windows\Minidump\012313-57611-01.dmp

2013-01-23 19:42 - 2013-01-23 19:42 - 00289128 ____A C:\Windows\Minidump\012313-65442-01.dmp

2013-01-23 18:59 - 2013-01-23 18:59 - 00290528 ____A C:\Windows\Minidump\012313-54257-01.dmp

2013-01-23 18:46 - 2013-01-23 18:46 - 00286512 ____A C:\Windows\Minidump\012313-56799-01.dmp

2013-01-23 18:16 - 2013-01-23 18:16 - 00001918 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2013-01-23 18:15 - 2013-01-23 18:10 - 00000000 ____A C:\Windows\SysWOW64\config.nt

2013-01-23 18:13 - 2013-01-23 18:13 - 00283720 ____A C:\Windows\Minidump\012313-85270-01.dmp

2013-01-23 18:05 - 2013-01-23 18:05 - 00000000 ____D C:\Users\All Users\AVAST Software

2013-01-23 18:05 - 2013-01-23 18:05 - 00000000 ____D C:\Program Files\AVAST Software

2013-01-23 18:05 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar

2013-01-23 18:04 - 2013-01-23 18:03 - 97565024 ____A C:\Users\krista\Downloads\avast_free_antivirus_setup.exe

2013-01-23 17:56 - 2013-01-23 17:56 - 00290112 ____A C:\Windows\Minidump\012313-52088-01.dmp

2013-01-23 17:50 - 2013-01-23 17:05 - 00000000 ____D C:\Program Files\WhoCrashed

2013-01-23 17:44 - 2013-01-23 17:44 - 00282360 ____A C:\Windows\Minidump\012313-56924-01.dmp

2013-01-23 17:42 - 2013-01-23 17:42 - 00290568 ____A C:\Windows\Minidump\012313-47174-01.dmp

2013-01-23 17:26 - 2013-01-23 17:26 - 00290576 ____A C:\Windows\Minidump\012313-60419-01.dmp

2013-01-23 17:21 - 2013-01-23 17:21 - 00399176 ____A C:\Users\krista\Downloads\429362_intl_x64_zip (2).exe

2013-01-23 17:21 - 2013-01-23 17:21 - 00000000 ____D C:\hotfix

2013-01-23 17:20 - 2013-01-23 17:20 - 00399176 ____A C:\Users\krista\Downloads\429362_intl_x64_zip (1).exe

2013-01-23 17:15 - 2013-01-23 17:15 - 00399176 ____A C:\Users\krista\Downloads\429362_intl_x64_zip.exe

2013-01-23 17:13 - 2013-01-23 17:13 - 00290592 ____A C:\Windows\Minidump\012313-71058-01.dmp

2013-01-23 17:05 - 2013-01-23 17:05 - 02043928 ____A (Resplendence Software Projects Sp. ) C:\Users\krista\Downloads\whocrashedSetup (2).exe

2013-01-23 16:11 - 2013-01-11 15:43 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2013-01-23 16:07 - 2013-01-23 16:07 - 00287392 ____A C:\Windows\Minidump\012313-64771-01.dmp

2013-01-23 16:07 - 2011-01-21 12:30 - 00000000 ____D C:\users\krista

2013-01-23 15:25 - 2013-01-23 15:25 - 00290624 ____A C:\Windows\Minidump\012313-70855-01.dmp

2013-01-23 15:03 - 2013-01-23 15:03 - 00282144 ____A C:\Windows\Minidump\012313-54475-01.dmp

2013-01-23 14:02 - 2013-01-23 14:02 - 00282112 ____A C:\Windows\Minidump\012313-459703-01.dmp

2013-01-23 13:08 - 2013-01-23 13:08 - 00287440 ____A C:\Windows\Minidump\012313-292065-01.dmp

2013-01-23 12:27 - 2013-01-23 12:27 - 00287760 ____A C:\Windows\Minidump\012313-292657-01.dmp

2013-01-23 11:33 - 2013-01-23 11:33 - 00289184 ____A C:\Windows\Minidump\012313-389425-01.dmp

2013-01-23 10:48 - 2013-01-23 10:48 - 00288464 ____A C:\Windows\Minidump\012313-363388-01.dmp

2013-01-23 04:40 - 2013-01-23 04:40 - 00290240 ____A C:\Windows\Minidump\012313-44725-01.dmp

2013-01-23 02:45 - 2013-01-23 02:45 - 00287392 ____A C:\Windows\Minidump\012313-40607-01.dmp

2013-01-23 02:33 - 2013-01-23 02:33 - 00288400 ____A C:\Windows\Minidump\012313-42759-01.dmp

2013-01-23 02:16 - 2013-01-23 02:15 - 00290232 ____A C:\Windows\Minidump\012313-51792-01.dmp

2013-01-23 01:27 - 2013-01-23 01:27 - 00287392 ____A C:\Windows\Minidump\012313-40435-01.dmp

2013-01-23 01:20 - 2013-01-23 01:20 - 00287952 ____A C:\Windows\Minidump\012313-76175-01.dmp

2013-01-23 00:58 - 2013-01-23 00:58 - 00288944 ____A C:\Windows\Minidump\012313-44366-01.dmp

2013-01-23 00:26 - 2013-01-23 00:26 - 00288096 ____A C:\Windows\Minidump\012313-47751-01.dmp

2013-01-23 00:26 - 2009-07-13 21:08 - 00032544 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2013-01-23 00:02 - 2013-01-23 00:02 - 00287776 ____A C:\Windows\Minidump\012313-51636-01.dmp

2013-01-22 23:56 - 2013-01-22 23:56 - 00287472 ____A C:\Windows\Minidump\012313-47845-01.dmp

2013-01-22 23:40 - 2013-01-22 23:40 - 00288032 ____A C:\Windows\Minidump\012313-64990-01.dmp

2013-01-22 23:32 - 2013-01-22 23:32 - 00287952 ____A C:\Windows\Minidump\012313-62103-01.dmp

2013-01-22 23:24 - 2013-01-22 23:24 - 00289528 ____A C:\Windows\Minidump\012313-50887-01.dmp

2013-01-22 22:04 - 2013-01-22 22:04 - 00287552 ____A C:\Windows\Minidump\012313-105394-01.dmp

2013-01-22 20:34 - 2013-01-22 20:34 - 00287472 ____A C:\Windows\Minidump\012213-33867-01.dmp

2013-01-22 19:46 - 2013-01-22 19:46 - 00290560 ____A C:\Windows\Minidump\012213-85379-01.dmp

2013-01-22 18:59 - 2011-04-03 08:51 - 00000000 ___RD C:\Users\krista\Dropbox

2013-01-22 18:59 - 2011-04-03 08:47 - 00000000 ____D C:\Users\krista\AppData\Roaming\Dropbox

2013-01-22 18:55 - 2013-01-22 18:55 - 02043928 ____A (Resplendence Software Projects Sp. ) C:\Users\krista\Downloads\whocrashedSetup (1).exe

2013-01-22 18:54 - 2013-01-22 18:54 - 02043928 ____A (Resplendence Software Projects Sp. ) C:\Users\krista\Downloads\whocrashedSetup.exe

2013-01-22 18:51 - 2013-01-22 18:51 - 00290400 ____A C:\Users\krista\Downloads\012213-69420-01.dmp

2013-01-22 18:51 - 2013-01-22 18:51 - 00290400 ____A C:\Users\krista\Downloads\012213-69420-01 (1).dmp

2013-01-22 18:50 - 2011-01-22 05:49 - 00000000 ____D C:\Users\krista\AppData\Local\Deployment

2013-01-22 00:39 - 2011-01-21 18:23 - 00000000 ____D C:\Users\krista\AppData\Local\Google

2013-01-20 00:01 - 2012-04-26 17:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-01-19 17:31 - 2013-01-19 17:31 - 00000000 ____D C:\Users\krista\AppData\Roaming\Xilisoft

2013-01-19 17:29 - 2013-01-19 17:29 - 00000912 ____A C:\Users\Public\Desktop\Xilisoft Video Converter Ultimate.lnk

2013-01-19 17:28 - 2013-01-19 17:28 - 00000000 ____D C:\Users\All Users\Xilisoft

2013-01-19 17:26 - 2013-01-19 17:14 - 00000000 ____D C:\Users\krista\AppData\Roaming\Juniper Networks

2013-01-19 17:20 - 2013-01-19 17:20 - 00000000 ____D C:\Users\Public\Juniper Networks

2013-01-19 17:14 - 2013-01-19 17:14 - 00000000 ____D C:\Users\krista\AppData\Local\Juniper Networks

2013-01-19 17:14 - 2013-01-19 17:13 - 01786800 ____A (Juniper Networks, Inc.) C:\Users\krista\Downloads\JuniperSetupClientInstaller.exe

2013-01-19 07:33 - 2013-01-10 16:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-01-12 15:46 - 2013-01-12 15:46 - 00003584 ____A C:\Users\Mcx1-KRISTA-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-01-12 15:20 - 2013-01-12 14:46 - 00000000 ____D C:\Users\krista\AppData\Roaming\ConverterLite

2013-01-12 15:00 - 2013-01-12 15:00 - 00000000 ____D C:\Users\krista\AppData\Roaming\Win7codecs

2013-01-12 15:00 - 2013-01-12 15:00 - 00000000 ____D C:\Program Files (x86)\Win7codecs

2013-01-12 15:00 - 2013-01-12 14:58 - 00000000 ____D C:\Users\All Users\Win7codecs

2013-01-12 14:57 - 2013-01-12 14:56 - 27997303 ____A C:\Users\krista\Downloads\Win7codecs_v396.exe

2013-01-12 14:46 - 2013-01-12 14:46 - 00001947 ____A C:\Users\Public\Desktop\ConverterLite.lnk

2013-01-12 14:46 - 2013-01-12 14:46 - 00000000 ____D C:\Program Files (x86)\ConverterLite

2013-01-12 14:44 - 2013-01-12 14:44 - 00000000 ____D C:\Users\krista\AppData\Roaming\AVS4YOU

2013-01-12 14:43 - 2013-01-12 14:41 - 00000000 ____D C:\Users\All Users\AVS4YOU

2013-01-12 14:39 - 2013-01-12 14:01 - 00000000 ____D C:\Users\krista\Downloads\Skyfall.DVDSCR.x264-P2P

2013-01-12 14:11 - 2011-01-23 17:19 - 00000000 ____D C:\Users\krista\eBook

2013-01-12 13:57 - 2013-01-12 13:57 - 66731496 ____A (Online Media Technologies Ltd. ) C:\Users\krista\Downloads\AVSVideoConverter.exe

2013-01-11 06:16 - 2013-01-11 06:16 - 04336640 ____A C:\Windows\SysWOW64\x264vfw.dll

2013-01-10 02:48 - 2011-01-21 19:29 - 00000000 ____D C:\Windows\rescache

2013-01-10 00:42 - 2009-07-13 20:45 - 00275712 ____A C:\Windows\System32\FNTCACHE.DAT

2013-01-10 00:16 - 2012-12-13 00:07 - 00000129 ____A C:\Windows\System32\MRT.INI

2013-01-10 00:07 - 2011-01-21 15:38 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-01-09 14:09 - 2013-01-09 14:06 - 00018602 ____A C:\Users\krista\Downloads\AskMrRobot-1.0.0.0.zip

2013-01-09 11:12 - 2012-09-03 04:33 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-01-09 11:12 - 2011-06-08 01:41 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-01-07 07:00 - 2013-01-07 07:00 - 01566720 ____A (xy-VSFilter Team) C:\Windows\SysWOW64\VSFilter.dll

2013-01-05 22:00 - 2013-01-05 22:00 - 00000000 ____A C:\Windows\setuperr.log

2013-01-05 05:48 - 2013-01-01 19:27 - 00052795 ____A C:\Users\krista\Documents\hotcha-2013.xml

2013-01-04 07:53 - 2013-01-15 15:33 - 09060864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-01-04 07:32 - 2013-01-15 15:33 - 06029824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-31 17:01:22

==================== Memory info ===========================

Percentage of memory in use: 17%

Total physical RAM: 3070.54 MB

Available physical RAM: 2518.93 MB

Total Pagefile: 3068.69 MB

Available Pagefile: 2520.96 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:74.52 GB) (Free:3.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive e: (AD-STICK) (Removable) (Total:0.94 GB) (Free:0.91 GB) FAT

3 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

4 Drive y: () (Fixed) (Total:153.38 GB) (Free:48.14 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 153 GB 7168 KB

Disk 1 Online 74 GB 9 MB

Disk 2 Online 962 MB 0 B

Partitions of Disk 0:

===============

Disk ID: 022C022C

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 153 GB 31 KB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 0 Y NTFS Partition 153 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Disk ID: 6E756E75

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 74 GB 31 KB

==================================================================================

Disk: 1

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C NTFS Partition 74 GB Healthy

=========================================================

Partitions of Disk 2:

===============

Disk ID: 026C6EEE

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 961 MB 636 KB

==================================================================================

Disk: 2

Partition 1

Type : 06

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 E AD-STICK FAT Removable 961 MB Healthy

=========================================================

Last Boot: 2013-01-23 21:40

==================== End Of Log =============================

Link to post
Share on other sites

Nothing obvious showing up in FRST log, OK we continue, regarding Chrome it maybe beneficial to check some settings etc to make sure added unwanted extras are not present.

Coupon Dropdown may also be named 1Click Downloader. Best to check in Chrome Extensions and Plugins to see if any sign of unwanted extras, any that you do not recognize or use either delete or disable:

Open Chrome, open a new tab, Type the following into the address box and hit Enter:

chrome://extensions

Do the same for:

chrome://plugins

Next:

Click the wrench or stack of plates (Top righthand corner), In the box that opens:-

Go to Settings > Show advanced settings........ (at the bottom)

Under "Privacy" open "Clear browsing data" put check mark in the following :-

  • Clear browsing history
  • Clear download history
  • Empty the cache
  • Delete Cookies and other site plug-in data
  • Set the delete time to maximum by using the dropdown in "Obliterate the following items from:"
  • Then Click "Clear Browsing Data"

Next:

Click the wrench or stack of plates (Top righthand corner), In the box that opens Click on "About Google Chrome"

If an update is available it will be downloaded and installed....

Let me know if that helps with Chrome,

Next,

As you are still receiveing alerts to trojans run Combofix again as follows:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*

  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please, also let me know if Chrome improved...

Kevin

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.