Jump to content

Recommended Posts

Honestly, I'm not entirely sure if it IS some degree of malware or not, but in the past week I've had three full system freezes and a bluescreen, and my web access has been slowing down considerably on even simple sites, or sites that I frequently visit, not to mention that there's an odd loading to Windows start-up (desktop icons appear, then are blanked out and slowly load back in over the course of a minute or so.) It could be a failing piece of hardware, I guess, which would be infinitely more depressing, but a short while ago Malwarebytes did catch a pair of trojan files, so I'd like to cover my proverbial bases and make sure they didn't leave behind some dirty surprise.

Malwarebytes and Avast! isn't catching anything, though.. so. Anyway, here's the forthcoming requested logs and files. Thanks in advance to anyone taking a peek at this!

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7692

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

9/10/2011 11:17:36 PM

mbam-log-2011-09-10 (23-17-36).txt

Scan type: Quick scan

Objects scanned: 182780

Time elapsed: 2 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26

Run by Rando at 23:30:15 on 2011-09-10

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4091.1958 [GMT -4:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe

C:\Program Files\Logitech\SetPointG\SetPointII.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\dcmsvc\dcmsvc.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Windows\system32\lxdwcoms.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\WMPSideShowGadget.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Pidgin\pidgin.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork

uRun: [Google Update] "C:\Users\Rando\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [MarbleStation]

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\Users\Rando\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WARNER~1.LNK - C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{E30DB94D-287F-401D-8526-89BBDB1B4512} : DhcpNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun-x64: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Rando\AppData\Roaming\Mozilla\Firefox\Profiles\mdjr2kky.default\

FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com

FF - plugin: C:\NetmarbleGlobal\GlbNMNPAPIPlugins\npGlbNMNetmarbleDownload.dll

FF - plugin: C:\NetmarbleGlobal\GlbNMNPAPIPlugins\npGlbNMNPAPIUpdater.dll

FF - plugin: C:\NetmarbleGlobal\GlbNMNPAPIPlugins\npNMSystemIDInfo.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll

FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.67\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Rando\AppData\Local\Google\Update\1.3.21.71\npGoogleUpdate3.dll

FF - plugin: C:\Users\Rando\AppData\Roaming\Mozilla\Firefox\Profiles\mdjr2kky.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-9-9 44768]

R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-3-31 219360]

R2 lxdw_device;lxdw_device;C:\Windows\system32\lxdwcoms.exe -service --> C:\Windows\system32\lxdwcoms.exe -service [?]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-6 136176]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-6 136176]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SaiK0728;SaiK0728;C:\Windows\system32\DRIVERS\SaiK0728.sys --> C:\Windows\system32\DRIVERS\SaiK0728.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-09-10 06:14:59 -------- d-----w- C:\Users\Rando\AppData\Roaming\circlelolipop

2011-09-08 20:49:49 -------- d-----w- C:\Program Files\CCleaner

2011-08-24 14:25:50 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-08-24 14:25:50 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-08-24 00:23:57 -------- d-----w- C:\Users\Rando\AppData\Local\THQ

2011-08-22 17:59:10 -------- d-----w- C:\Program Files (x86)\LucasArts

2011-08-20 07:53:15 -------- d-----w- C:\Users\Rando\riotsGamesLogs

2011-08-20 07:41:22 -------- d-----w- C:\Users\Rando\AppData\Roaming\LolClient

2011-08-20 06:27:24 -------- d-----w- C:\Riot Games

2011-08-15 04:33:23 -------- d-----w- C:\Users\Rando\AppData\Local\DFH

2011-08-12 07:12:57 -------- d-----w- C:\Users\Rando\AppData\Local\Kerberos_Productions

2011-08-12 06:57:15 -------- d-----w- C:\Program Files (x86)\Fort Zombie

2011-08-12 06:56:02 -------- d-----w- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP

2011-08-12 04:18:36 -------- d-----w- C:\Users\Rando\AppData\Roaming\WildhollowInstall

2011-08-12 04:08:23 -------- d-----w- C:\Users\Rando\AppData\Roaming\Wildhollow

.

==================== Find3M ====================

.

2011-09-07 06:17:42 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-06 20:45:29 41184 ----a-w- C:\Windows\avastSS.scr

2011-09-06 20:38:18 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-09-06 20:36:30 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-08-03 07:31:54 311912 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2011-07-22 05:22:26 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-07-22 04:54:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-07-06 23:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe

2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-06-21 06:20:53 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-06-21 05:28:33 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-06-21 02:33:02 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2011-06-16 06:21:43 81920 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2011-06-16 06:21:43 221184 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll

2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll

2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll

2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll

2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll

2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll

2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll

2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll

2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll

.

============= FINISH: 23:31:57.46 ===============

ark.txt

Attach.txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Sounds like your hard drive is failing.

Click Start --> Run, enter cmd.exe, and press Enter

In the black box that appears, enter this command exactly as shown:

chkdsk>"%userprofile%\desktop\chkdsk.txt"

Press Enter.

When it finishes, open chkdsk.txt on your Desktop and post its contents here.

-screen317

Link to post
Share on other sites

Augh, well, aside from transferring files over, that wouldn't be too bad I suppose. D: But here ya go.

The type of the file system is NTFS.

WARNING! F parameter not specified.

Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...

0 percent complete. (0 of 490752 file records processed)

0 percent complete. (16478 of 490752 file records processed)

0 percent complete. (24914 of 490752 file records processed)

0 percent complete. (40554 of 490752 file records processed)

1 percent complete. (49076 of 490752 file records processed)

1 percent complete. (87396 of 490752 file records processed)

2 percent complete. (98151 of 490752 file records processed)

3 percent complete. (147226 of 490752 file records processed)

3 percent complete. (191745 of 490752 file records processed)

4 percent complete. (196301 of 490752 file records processed)

5 percent complete. (245376 of 490752 file records processed)

6 percent complete. (294452 of 490752 file records processed)

7 percent complete. (343527 of 490752 file records processed)

8 percent complete. (392602 of 490752 file records processed)

9 percent complete. (441677 of 490752 file records processed)

490752 file records processed.

File verification completed.

1048 large file records processed.

0 bad file records processed.

0 EA records processed.

60 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...

11 percent complete. (11299 of 570120 index entries processed)

12 percent complete. (22966 of 570120 index entries processed)

13 percent complete. (34634 of 570120 index entries processed)

14 percent complete. (46302 of 570120 index entries processed)

15 percent complete. (57969 of 570120 index entries processed)

16 percent complete. (69637 of 570120 index entries processed)

17 percent complete. (81304 of 570120 index entries processed)

18 percent complete. (92972 of 570120 index entries processed)

19 percent complete. (104640 of 570120 index entries processed)

20 percent complete. (116307 of 570120 index entries processed)

21 percent complete. (127975 of 570120 index entries processed)

22 percent complete. (139643 of 570120 index entries processed)

23 percent complete. (151310 of 570120 index entries processed)

24 percent complete. (162978 of 570120 index entries processed)

25 percent complete. (174645 of 570120 index entries processed)

26 percent complete. (186313 of 570120 index entries processed)

27 percent complete. (197981 of 570120 index entries processed)

28 percent complete. (209648 of 570120 index entries processed)

29 percent complete. (221316 of 570120 index entries processed)

30 percent complete. (232984 of 570120 index entries processed)

31 percent complete. (244651 of 570120 index entries processed)

32 percent complete. (256319 of 570120 index entries processed)

33 percent complete. (267986 of 570120 index entries processed)

34 percent complete. (279654 of 570120 index entries processed)

35 percent complete. (291322 of 570120 index entries processed)

36 percent complete. (302989 of 570120 index entries processed)

37 percent complete. (314657 of 570120 index entries processed)

38 percent complete. (326324 of 570120 index entries processed)

39 percent complete. (337992 of 570120 index entries processed)

40 percent complete. (349660 of 570120 index entries processed)

41 percent complete. (361327 of 570120 index entries processed)

42 percent complete. (372995 of 570120 index entries processed)

43 percent complete. (384663 of 570120 index entries processed)

44 percent complete. (396330 of 570120 index entries processed)

45 percent complete. (407998 of 570120 index entries processed)

46 percent complete. (419665 of 570120 index entries processed)

47 percent complete. (431333 of 570120 index entries processed)

48 percent complete. (443001 of 570120 index entries processed)

49 percent complete. (454668 of 570120 index entries processed)

50 percent complete. (466336 of 570120 index entries processed)

51 percent complete. (478004 of 570120 index entries processed)

52 percent complete. (489671 of 570120 index entries processed)

52 percent complete. (491166 of 570120 index entries processed)

52 percent complete. (492178 of 570120 index entries processed)

52 percent complete. (492632 of 570120 index entries processed)

52 percent complete. (493409 of 570120 index entries processed)

52 percent complete. (493924 of 570120 index entries processed)

52 percent complete. (495535 of 570120 index entries processed)

52 percent complete. (496671 of 570120 index entries processed)

52 percent complete. (497706 of 570120 index entries processed)

52 percent complete. (498575 of 570120 index entries processed)

52 percent complete. (499595 of 570120 index entries processed)

52 percent complete. (500111 of 570120 index entries processed)

52 percent complete. (500742 of 570120 index entries processed)

52 percent complete. (501113 of 570120 index entries processed)

53 percent complete. (501339 of 570120 index entries processed)

53 percent complete. (502958 of 570120 index entries processed)

53 percent complete. (503970 of 570120 index entries processed)

53 percent complete. (504261 of 570120 index entries processed)

53 percent complete. (504694 of 570120 index entries processed)

53 percent complete. (504996 of 570120 index entries processed)

53 percent complete. (505272 of 570120 index entries processed)

53 percent complete. (505561 of 570120 index entries processed)

53 percent complete. (505948 of 570120 index entries processed)

53 percent complete. (506392 of 570120 index entries processed)

53 percent complete. (506851 of 570120 index entries processed)

53 percent complete. (507488 of 570120 index entries processed)

53 percent complete. (507793 of 570120 index entries processed)

53 percent complete. (507928 of 570120 index entries processed)

53 percent complete. (508072 of 570120 index entries processed)

53 percent complete. (508365 of 570120 index entries processed)

53 percent complete. (508976 of 570120 index entries processed)

53 percent complete. (509413 of 570120 index entries processed)

53 percent complete. (510083 of 570120 index entries processed)

53 percent complete. (510546 of 570120 index entries processed)

53 percent complete. (511000 of 570120 index entries processed)

53 percent complete. (511729 of 570120 index entries processed)

53 percent complete. (511856 of 570120 index entries processed)

53 percent complete. (511958 of 570120 index entries processed)

53 percent complete. (512071 of 570120 index entries processed)

53 percent complete. (512500 of 570120 index entries processed)

54 percent complete. (513006 of 570120 index entries processed)

54 percent complete. (513415 of 570120 index entries processed)

54 percent complete. (513607 of 570120 index entries processed)

54 percent complete. (513989 of 570120 index entries processed)

54 percent complete. (514231 of 570120 index entries processed)

54 percent complete. (514552 of 570120 index entries processed)

54 percent complete. (514910 of 570120 index entries processed)

54 percent complete. (515347 of 570120 index entries processed)

54 percent complete. (515460 of 570120 index entries processed)

54 percent complete. (515762 of 570120 index entries processed)

54 percent complete. (516065 of 570120 index entries processed)

54 percent complete. (516213 of 570120 index entries processed)

54 percent complete. (516688 of 570120 index entries processed)

54 percent complete. (516913 of 570120 index entries processed)

54 percent complete. (517075 of 570120 index entries processed)

54 percent complete. (517200 of 570120 index entries processed)

54 percent complete. (517387 of 570120 index entries processed)

54 percent complete. (517737 of 570120 index entries processed)

54 percent complete. (518496 of 570120 index entries processed)

54 percent complete. (519017 of 570120 index entries processed)

54 percent complete. (519480 of 570120 index entries processed)

54 percent complete. (520258 of 570120 index entries processed)

54 percent complete. (520514 of 570120 index entries processed)

54 percent complete. (520843 of 570120 index entries processed)

54 percent complete. (521144 of 570120 index entries processed)

54 percent complete. (521484 of 570120 index entries processed)

54 percent complete. (521642 of 570120 index entries processed)

54 percent complete. (521758 of 570120 index entries processed)

54 percent complete. (522093 of 570120 index entries processed)

54 percent complete. (522443 of 570120 index entries processed)

54 percent complete. (522721 of 570120 index entries processed)

54 percent complete. (522805 of 570120 index entries processed)

54 percent complete. (522998 of 570120 index entries processed)

54 percent complete. (523299 of 570120 index entries processed)

54 percent complete. (524382 of 570120 index entries processed)

55 percent complete. (524674 of 570120 index entries processed)

55 percent complete. (525516 of 570120 index entries processed)

55 percent complete. (525641 of 570120 index entries processed)

55 percent complete. (525707 of 570120 index entries processed)

55 percent complete. (525911 of 570120 index entries processed)

55 percent complete. (526157 of 570120 index entries processed)

55 percent complete. (526288 of 570120 index entries processed)

55 percent complete. (526532 of 570120 index entries processed)

55 percent complete. (526771 of 570120 index entries processed)

55 percent complete. (526929 of 570120 index entries processed)

55 percent complete. (526959 of 570120 index entries processed)

55 percent complete. (527065 of 570120 index entries processed)

55 percent complete. (527119 of 570120 index entries processed)

55 percent complete. (527277 of 570120 index entries processed)

55 percent complete. (527396 of 570120 index entries processed)

55 percent complete. (527510 of 570120 index entries processed)

55 percent complete. (529042 of 570120 index entries processed)

55 percent complete. (529615 of 570120 index entries processed)

55 percent complete. (529692 of 570120 index entries processed)

55 percent complete. (529801 of 570120 index entries processed)

55 percent complete. (529960 of 570120 index entries processed)

55 percent complete. (530151 of 570120 index entries processed)

55 percent complete. (530387 of 570120 index entries processed)

570120 index entries processed.

Index verification completed.

0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...

59 percent complete. (3672 of 490752 file SDs/SIDs processed)

60 percent complete. (38675 of 490752 file SDs/SIDs processed)

61 percent complete. (73678 of 490752 file SDs/SIDs processed)

62 percent complete. (108681 of 490752 file SDs/SIDs processed)

63 percent complete. (143684 of 490752 file SDs/SIDs processed)

64 percent complete. (178687 of 490752 file SDs/SIDs processed)

65 percent complete. (213690 of 490752 file SDs/SIDs processed)

66 percent complete. (248692 of 490752 file SDs/SIDs processed)

67 percent complete. (283695 of 490752 file SDs/SIDs processed)

68 percent complete. (318698 of 490752 file SDs/SIDs processed)

69 percent complete. (353701 of 490752 file SDs/SIDs processed)

70 percent complete. (388704 of 490752 file SDs/SIDs processed)

71 percent complete. (423707 of 490752 file SDs/SIDs processed)

72 percent complete. (458710 of 490752 file SDs/SIDs processed)

490752 file SDs/SIDs processed.

Security descriptor verification completed.

39685 data files processed.

CHKDSK is verifying Usn Journal...

99 percent complete. (0 of 34606472 USN bytes processed)

100 percent complete. (34603008 of 34606472 USN bytes processed)

34606472 USN bytes processed.

Usn Journal verification completed.

Windows has checked the file system and found no problems.

976657407 KB total disk space.

333521412 KB in 293811 files.

137292 KB in 39686 indexes.

0 KB in bad sectors.

622047 KB in use by the system.

65536 KB occupied by the log file.

642376656 KB available on disk.

4096 bytes in each allocation unit.

244164351 total allocation units on disk.

160594164 allocation units available on disk.

Link to post
Share on other sites

Done and done, although I thought it might have been heat-related myself and I had RealTemp going with it only showing up in the higher 30s to lower 40s. It looks like SpeedFan is suggesting about the same! Image is attached.

Had another system freeze late last night, which admittedly hasn't happened since the last time I mentioned it, barring that PC reset.

Link to post
Share on other sites

Hmm, out of curiosity - Because these freezes and what-not only seem to happen after the PCs been on a while - I ran SpeedFan again. It looks like two of the temps have gone up (and their icons changed from checkmarks to lil' flames.) Image included. Mayhaps a fan isn't working as it should, or the processor needs fresh thermal compound or something and this is all heat related. :o

post-93878-0-90967200-1316309179.png

Link to post
Share on other sites

So I realized after I ran it again a lil' later and they were back to normal - Alas!

One of the first things I did was pop the case and clean out the fans and the rest of the interior, no dice there. However, I ran combofix the other night, which deleted, among other things...

c:\users\Public\invokesi.exe

c:\windows\SysWow64\mfc100deu.dll

c:\users\Rando\AppData\Local\ApplicationHistory\ngen.exe.2c05686e.ini

None of which a glance through google suggests is something one wants on a PC! Don't know if these specifically were any sort of malware, or if they are if they would freeze a PC or cause a bluescreen, however?

Link to post
Share on other sites

Alrighty, DLed the ISO version and ran it off a DVD... Let it do three passes, and it gave no errors. Stopped it there since it seemed like it would have just kept going (If I should have let it keep running let me know, I'll re-run it.)

I... can't recall if I popped into Safe Mode since this started, actually, but I may have just to try running Malwarebtes and Avast! to see if that helped. If I did, it didn't stall then. I DID just have a blue screen a bit earlier - The PC reset before I could write down the error code, but Memory Management is what was listed as causing the crash, I believe.

Link to post
Share on other sites

  • Staff

Hi,

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu). See if the issue persists there.

Back in Normal Mode, download BlueScreenView and save it to your Desktop.

  • Double click on BlueScreenView.exe file to run the program.
  • When it finishes scanning, click Edit --> Select All.
  • Click File --> Save Selected Items
  • Save the report as BSOD.txt to your Desktop.
  • Post the contents of BSOD.txtin your next reply.

Link to post
Share on other sites

Safe Mode seems to work. Wwhen my PC freezes, it usually happens after its been on for a long while - It actually hasn't done so in the past week or so, aside from this recent blue screen (which DID happen once, as I mentioned before, when the first crop of freezing came up) - so it's not too easy to see whether or not it would happen in Safe Mode as well.

BSOD.txt is attached, though it only listed the one BSOD from the other day and not that first one.

BSOD.txt

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.