Jump to content


Photo

Windows has encountered a critical problem and will restart automatically.


  • This topic is locked This topic is locked
22 replies to this topic

#1 UnicornToots

UnicornToots

    Member

  • Full Member
  • Pip
  • 36 posts

Posted 20 January 2013 - 09:14 AM

Hello, people of the SWI forums. I hope you're well. I'm writing today because I've been having something going on and I don't know if I might have an infection or if my computer is just giving me some random attitude. I've recently gotten the "Windows has encountered a critical problem and will restart automatically" error and a few times my computer has frozen right after boot up. I've searched about this online and it seems a lot of people with this problem had viruses.

 

I have Windows 7. I have done a scan with avast! which turned up no results and I have also run scans with several online scanners that showed no threats. If anyone has the time to look over my logs and tell me if there's anything I should be concerned about, I really would appreciate it. :)

 

Here are the logs:

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.19.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

1/20/2013 9:16:59 AM
mbam-log-2013-01-20 (09-16-59).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 408172
Time elapsed: 43 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

-

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 1.6.0_31
Run by Owner at 10:01:41 on 2013-01-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7935.5191 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\ZoneAlarmBackup\ZABackup Service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\ZoneAlarmBackup\ZABackupTray.exe
C:\ZoneAlarmBackup\ZABackupBackground.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [ZoneAlarm Backup Startup] "C:\ZoneAlarmBackup\ZABackupStartup.exe" Hide
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ZONEAL~1.LNK - C:\ZoneAlarmBackup\ZABackupReg2ini.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{F24659CB-261C-42D2-A8D8-DC7553BA2920} : DHCPNameServer = 192.168.0.1 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe
x64-Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tpx06r2n.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Users\Owner\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tpx06r2n.default\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}\plugins\npqbc.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tpx06r2n.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - ExtSQL: 2013-01-20 08:42; {e001c731-5e37-4538-a5cb-8168736a2360}; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tpx06r2n.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;C:\Windows\System32\drivers\pavboot64.sys [2012-4-12 33800]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-6-16 28504]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-6-29 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-6-29 370288]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-6-29 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-6-29 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-16 44808]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33672]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-11-3 827520]
R2 ZoneAlarmBackup Service;ZoneAlarmBackup Service;C:\ZoneAlarmBackup\ZABackup Service.exe [2012-7-20 143360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-7 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-21 1255736]
.
=============== Created Last 30 ================
.
2013-01-09 08:51:40    750592    ----a-w-    C:\Windows\System32\win32spl.dll
2013-01-09 08:48:34    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2013-01-09 08:47:08    68608    ----a-w-    C:\Windows\System32\taskhost.exe
2013-01-09 08:47:03    3149824    ----a-w-    C:\Windows\System32\win32k.sys
2012-12-29 21:51:32    --------    d-----w-    C:\Users\Owner\AppData\Local\Programs
2012-12-25 18:14:37    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2012-12-25 18:14:37    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2012-12-25 18:14:36    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2012-12-25 18:14:36    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
.
==================== Find3M  ====================
.
2012-12-14 21:49:28    24176    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2012-12-12 15:27:57    73656    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 15:27:57    697272    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-12 14:57:52    15728568    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-12-07 13:20:16    441856    ----a-w-    C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31    2746368    ----a-w-    C:\Windows\System32\gameux.dll
2012-12-07 12:26:17    308736    ----a-w-    C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43    2576384    ----a-w-    C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04    30720    ----a-w-    C:\Windows\System32\usk.rs
2012-12-07 11:20:03    43520    ----a-w-    C:\Windows\System32\csrr.rs
2012-12-07 11:20:03    23552    ----a-w-    C:\Windows\System32\oflc.rs
2012-12-07 11:20:01    45568    ----a-w-    C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01    44544    ----a-w-    C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01    20480    ----a-w-    C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00    20480    ----a-w-    C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59    20480    ----a-w-    C:\Windows\System32\pegi.rs
2012-12-07 11:19:58    46592    ----a-w-    C:\Windows\System32\fpb.rs
2012-12-07 11:19:57    40960    ----a-w-    C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57    21504    ----a-w-    C:\Windows\System32\grb.rs
2012-12-07 11:19:57    15360    ----a-w-    C:\Windows\System32\djctq.rs
2012-12-07 11:19:56    55296    ----a-w-    C:\Windows\System32\cero.rs
2012-12-07 11:19:55    51712    ----a-w-    C:\Windows\System32\esrb.rs
2012-11-30 05:45:35    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35    243200    ----a-w-    C:\Windows\System32\wow64.dll
2012-11-30 05:45:35    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2012-11-30 04:54:00    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48    338432    ----a-w-    C:\Windows\System32\conhost.exe
2012-11-30 02:44:06    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-22 05:44:23    800768    ----a-w-    C:\Windows\System32\usp10.dll
2012-11-22 04:45:03    626688    ----a-w-    C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2012-11-14 06:02:49    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2012-11-09 04:43:04    492032    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2012-11-09 04:42:49    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11    478208    ----a-w-    C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31    376832    ----a-w-    C:\Windows\SysWow64\dpnet.dll
2012-11-01 05:43:42    2002432    ----a-w-    C:\Windows\System32\msxml6.dll
2012-11-01 05:43:42    1882624    ----a-w-    C:\Windows\System32\msxml3.dll
2012-11-01 04:47:54    1389568    ----a-w-    C:\Windows\SysWow64\msxml6.dll
2012-11-01 04:47:54    1236992    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2012-10-30 23:51:55    984144    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2012-10-30 23:51:55    71600    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2012-10-30 23:51:07    41224    ----a-w-    C:\Windows\avastSS.scr
2012-10-25 08:12:26    94208    ----a-w-    C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12:26    69632    ----a-w-    C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 10:02:03.90 ===============
 

-

 

 Results of screen317's Security Check version 0.99.32  
 Windows 7  x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````````````````````
Antivirus/Firewall Check:

 Windows Firewall Disabled!  
 avast! Free Antivirus    
 ESET Online Scanner v3   
 ZoneAlarm Free Firewall    
 ZoneAlarm Firewall     
 ZoneAlarm Backup Powered by IDrive version 1.0.5 March 01, 2011
 ZoneAlarm Security     
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

 SpywareBlaster 4.6    
 Java™ 6 Update 31  
 Adobe Flash Player     11.4.402.287  
 Adobe Reader X (10.1.1)
 Mozilla Firefox (18.0.)
 Mozilla Thunderbird (x86 en-US..)
````````````````````````````````
Process Check:  
objlist.exe by Laurent

 Malwarebytes' Anti-Malware mbam.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
 CheckPoint ZoneAlarm vsmon.exe  
 ZABackup Service.exe    
 CheckPoint ZoneAlarm zatray.exe  
 ZABackupTray.exe    
 ZABackupBackground.exe    
``````````End of Log````````````



#2 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 21 January 2013 - 03:01 PM

Hi UnicornToots.

I would have asked you to run ESET online scanner but it looks as though you already did. It appears you may possibly have a trojan - but Avast or ESET should have found it if so.

Please do this.
Uninstall all the Zone Alarm programs, which often cause problems.
Then be sure to enable the excellent Windows 7 Firewall.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#3 UnicornToots

UnicornToots

    Member

  • Full Member
  • Pip
  • 36 posts

Posted 22 January 2013 - 10:40 AM

Hi, cnm. Thank you for replying.

 

Does this mean that I don't have a trojan? I've been afraid to do anything on this computer since I had those issues. :blush2:

 

I don't think I can uninstall ZA Backup since I'm not the only one utilizing it. Do you know of any good free backup services, by chance?

 

Thank you again for replying.



#4 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 22 January 2013 - 01:32 PM

There is a backup built in to Windows 7.  Start > Backup and Restore

However it doesn't support cloud backup.

 

As for possible trojan:

 

Please delete any copy of TDSSKiller you have (right-click on it => "Delete")
 
Please download  tdsskiller.exe and save it to your Desktop.  
  • Double-click on TDSSKiller.exe to run the application.
  • Choose "Change Parameters". Check "Detect TDLFS file system". Hit OK 
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.   
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file in your next reply.    
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.  Use more than one reply if the log is very long.
Note: Post the log only if something was found.  Look at the end of the log.  If it says:

Detected object count: 0

then I don't need the  log.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#5 UnicornToots

UnicornToots

    Member

  • Full Member
  • Pip
  • 36 posts

Posted 22 January 2013 - 01:53 PM

Hi, cnm. I'm back. :) I did the scan and there were no objects found. Does this mean I won't have to fight my way through Trojan Land?

#6 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 22 January 2013 - 07:15 PM

I'd say your PC is free of malware.  No trip through Trojan Land.

 

Are you still getting the random shutdowns?  If so:

 

Please download MiniToolBox, save it to your desktop and run it.
 
Checkmark the following checkboxes:
  • Flush DNS
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

    Microsoft MVP Windows Security 2005-2006
    How camest thou in this pickle? -- William Shakespeare:(1564-1616)
    The various helper groups here
    UNITE

    #7 UnicornToots

    UnicornToots

      Member

    • Full Member
    • Pip
    • 36 posts

    Posted 22 January 2013 - 08:28 PM

    Hi, cnm. Thank you so much. I really appreciate you taking a look for me. You guys are such a great help.

     

    I haven't had any more random shutdowns, but I also haven't tried to reboot the computer since the last time it happened. I'll see how things go when I try to use the computer as normal and if I experience anything like that I'll come back here.



    #8 cnm

    cnm

      Mother Lion of SWI

    • Retired Staff
    • PipPipPipPipPip
    • 25,317 posts

    Posted 22 January 2013 - 08:38 PM

    In the meantime please clean up our tools: delete the DDS files and Security Check from your Desktop.

     

    If you get any more shutdowns please do post the MiniToolBox log.


    Microsoft MVP Windows Security 2005-2006
    How camest thou in this pickle? -- William Shakespeare:(1564-1616)
    The various helper groups here
    UNITE

    #9 cnm

    cnm

      Mother Lion of SWI

    • Retired Staff
    • PipPipPipPipPip
    • 25,317 posts

    Posted 22 January 2013 - 11:53 PM

    I forgot to say: delete TDSSKiller and MiniiToolBox.


    Microsoft MVP Windows Security 2005-2006
    How camest thou in this pickle? -- William Shakespeare:(1564-1616)
    The various helper groups here
    UNITE

    #10 cnm

    cnm

      Mother Lion of SWI

    • Retired Staff
    • PipPipPipPipPip
    • 25,317 posts

    Posted 27 January 2013 - 04:54 PM

    Advice for malware prevention:
     
    Configure Windows to do automatic updates or get into the habit of checking Windows Update regularly.  They usually have security updates every month.  You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed.   This is a crucial security measure.
     
    Keep MalwareBytes Anti-Malware updated and run it whenever you suspect a problem.
     
    The free FileHippo Update Checker makes it easy to keep all your programs up to date - run it every few weeks.
     
    Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs.  If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately.  It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information.  Ask in a security forum that you trust if you are not sure.  If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:
     
     
    A similar category of programs is now called "scareware."  Scareware programs are active infections that will pop-up on your computer and tell you that you are infected.  If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed.  It tells you to click and install it right away.  If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further.  Keeping protection updated and running resident protection can help prevent these infections.  If it happens anyway, get offline as quickly as you can.  Pull the internet connection cable or shut down the computer if you have to.  Contact someone to help by using another computer if possible.  These programs are also sometimes called 'rogues', but they are different from the rogues mentioned above.
     
    For much more old but still useful information, read Tony Klein's excellent article: How did I get infected in the first place

    Microsoft MVP Windows Security 2005-2006
    How camest thou in this pickle? -- William Shakespeare:(1564-1616)
    The various helper groups here
    UNITE

    #11 UnicornToots

    UnicornToots

      Member

    • Full Member
    • Pip
    • 36 posts

    Posted 31 January 2013 - 12:24 AM

    Hi, cnm.

     

    I've returned with some more information. After going back to using the computer like normal, I experienced a lot of browser crashes and noticed some processes running in the Task Manager that I hadn't seen before. One of them had something to do with find.exe. I ran scans with avast! that didn't turn up any results until today. There was a threat detected, Win32:Malware-gen. I wasn't sure what to do about it, so I moved it to the chest.

     

    If you could help me, I would really appreciate it. Thanks so much in advance. :)



    #12 cnm

    cnm

      Mother Lion of SWI

    • Retired Staff
    • PipPipPipPipPip
    • 25,317 posts

    Posted 31 January 2013 - 11:57 AM

    Please download ComboFix.exe to your Desktop. Visit this webpage for download links, and instructions for running the tool:
    how-to-use-combofix. Be sure to read the whole page and note the graphics so you know what to expect.

    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Please go here to see a list of programs that should be disabled.

    **Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

    Please include the C:\ComboFix.txt in your next reply for further review, and let me know what problems remain.

    If ComboFix caused any error message, reboot again should fix it.


    Microsoft MVP Windows Security 2005-2006
    How camest thou in this pickle? -- William Shakespeare:(1564-1616)
    The various helper groups here
    UNITE

    #13 UnicornToots

    UnicornToots

      Member

    • Full Member
    • Pip
    • 36 posts

    Posted 31 January 2013 - 12:56 PM

    Hi, cnm. Thank you for replying. I hope you're having a good day. I'm back with the log.

     

    avast! said the virus was located in the recycle bin. Does that have any significance? I was also wondering if I should be changing all of my passwords.

     

    ComboFix:

     

    ComboFix 13-01-31.03 - Owner 01/31/2013 13:45:21.6.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.5573 [GMT -5:00] Running from: c:\users\Owner\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-31 ))))))))))))))))))))))))))))))) . . 2013-01-31 18:49 . 2013-01-31 18:49 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-01-31 18:49 . 2013-01-31 18:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-09 08:48 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll 2013-01-09 08:47 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-01-09 08:47 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-16 22:31 . 2010-07-25 18:42 67599240 ----a-w- c:\windows\system32\MRT.exe 2012-12-16 17:11 . 2012-12-25 18:14 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-25 18:14 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-25 18:14 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-25 18:14 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-14 21:49 . 2011-06-21 14:35 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-12 15:27 . 2012-04-12 19:38 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-12 15:27 . 2011-06-22 18:28 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-12 14:57 . 2012-12-12 14:57 15728568 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-11-30 04:45 . 2013-01-09 08:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-14 07:06 . 2012-12-13 08:00 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-13 08:00 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-13 08:00 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-13 08:00 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-13 08:00 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-13 08:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-13 08:00 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-13 08:00 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-13 08:00 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-13 08:00 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-13 08:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-13 08:00 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-13 08:00 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-13 08:01 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-13 08:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-13 08:00 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-13 08:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-13 08:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-13 08:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-13 08:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-13 08:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-13 08:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45 . 2012-12-13 04:35 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-13 04:35 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Backup Startup"="c:\zonealarmbackup\ZABackupStartup.exe" [2010-03-11 177680] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-06-21 73392] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] . c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ZoneAlarm Backup Tray.lnk - c:\zonealarmbackup\ZABackupReg2ini.exe [2012-7-20 280080] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-21 1255736] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [2009-06-30 33800] S1 aswKbd;aswKbd; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216] S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-04-30 33672] S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-04-30 827520] S2 ZoneAlarmBackup Service;ZoneAlarmBackup Service;c:\zonealarmbackup\ZABackup Service.exe [2012-03-27 143360] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 13867712 *NewlyCreated* - 23823863 *NewlyCreated* - 60746661 *NewlyCreated* - 89226040 *Deregistered* - 13867712 *Deregistered* - 23823863 *Deregistered* - 60746661 *Deregistered* - 89226040 . Contents of the 'Scheduled Tasks' folder . 2013-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 15:28] . 2013-01-26 c:\windows\Tasks\HPCeeScheduleForOwner.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22] . 2013-01-31 c:\windows\Tasks\PCDRScheduledMaintenance.job - c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 16334368] "PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.0.1 192.168.0.1 FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tpx06r2n.default\ FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false . - - - - ORPHANS REMOVED - - - - . HKLM-Run-ISW - (no file) AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2013-01-31 13:52:16 ComboFix-quarantined-files.txt 2013-01-31 18:52 ComboFix2.txt 2012-04-20 04:34 . Pre-Run: 926,474,096,640 bytes free Post-Run: 926,311,792,640 bytes free . - - End Of File - - 10A38CF8EFC5CA187EA570353F5AAB9E


    Edited by UnicornToots, 31 January 2013 - 01:00 PM.


    #14 cnm

    cnm

      Mother Lion of SWI

    • Retired Staff
    • PipPipPipPipPip
    • 25,317 posts

    Posted 31 January 2013 - 01:47 PM

    That's a strange hard-to-read log with the lines all run together.  But it appears nothing was found.
     
    If the malware is in the Recycle Bin, please empty the Recycle Bin.
     
    Reset System Restore to remove restore points containing malware. : 

    Right-click on the Computer icon and select Properties.

    Click System protection (on the left).  Click Configure.

    Click 'Delete'.and Continue.

    Wait while restore points are removed.

    Click Close.

    Make sure 'Restore system settings and previous versions of files' is selected, as before.  Click OK.

     
    Run a full scan with Avast (make sure it is updated)
    In the user interface, click SCAN COMPUTER.
    Under 'Full system scan', click 'Settings'.
    Click 'Actions'.

    Check "Automatically apply actions during scan'
    Select 'Move to Chest' for all 3 buttons: Virus, PUP, Suspicious.

    Under 'Full system scan' turn on Scan PUP.


    Click the 'Start' button for 'Full system scan'

    The scan will take a long time but you can do other things while it is running.
    If it asks you to reboot, please do so.


    Microsoft MVP Windows Security 2005-2006
    How camest thou in this pickle? -- William Shakespeare:(1564-1616)
    The various helper groups here
    UNITE

    #15 UnicornToots

    UnicornToots

      Member

    • Full Member
    • Pip
    • 36 posts

    Posted 31 January 2013 - 07:39 PM

    Hi, cnm. Sorry about the log. I'm not sure why it ended up like that. I've followed your instructions. This scan found no threats. Does this mean the virus has been completely removed? Thank you for helping. :)

    #16 cnm

    cnm

      Mother Lion of SWI

    • Retired Staff
    • PipPipPipPipPip
    • 25,317 posts

    Posted 31 January 2013 - 07:55 PM

    Yes, I believe your PC is clean now.
     

    I've recently gotten the "Windows has encountered a critical problem and will restart automatically" error and a few times my computer has frozen right after boot up. I've searched about this online and it seems a lot of people with this problem had viruses.


    Are you having any of those problems ow, or any other problems or questions?


    Microsoft MVP Windows Security 2005-2006
    How camest thou in this pickle? -- William Shakespeare:(1564-1616)
    The various helper groups here
    UNITE

    #17 UnicornToots

    UnicornToots

      Member

    • Full Member
    • Pip
    • 36 posts

    Posted 31 January 2013 - 10:55 PM

    Hi, cnm. Thank you. :)

     

    I haven't run into any more problems just yet, but I've been afraid to use the computer except to scan and post here. Do you know what the purpose of this virus is? I tried to look it up, but I couldn't find what it's supposed to do. Should I change all my passwords?

     

    Thank you again.



    #18 cnm

    cnm

      Mother Lion of SWI

    • Retired Staff
    • PipPipPipPipPip
    • 25,317 posts

    Posted 31 January 2013 - 11:09 PM

    If there was a virus you apparently took care of it earlier with Avast.

    But let's double check. Run a fresh ESET.  Get a new download.

    Please scan your machine with ESET OnlineScan

    • Hold down Control and click on this link to open ESET OnlineScan in a new window.
    • Click the esetonlinebtn.png button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the esetsmartinstaller_enu.png
        icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.
    • Under scan settings, check "Scan Archives" and "Remove found threats"
    • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.

    Microsoft MVP Windows Security 2005-2006
    How camest thou in this pickle? -- William Shakespeare:(1564-1616)
    The various helper groups here
    UNITE

    #19 UnicornToots

    UnicornToots

      Member

    • Full Member
    • Pip
    • 36 posts

    Posted 01 February 2013 - 12:51 AM

    Hi, cnm.

     

    I did the scan and there were no threats found, so it didn't give me the option to export. It's really good that avast! seems to have taken care of the threat. :) I try to be really careful, but the other people who use this computer kind of ignore me about that no matter how many times I try to remind them. I wish there was a way I could control what they're able to do on here.

     

    Thank you lots for your time and help. It means a lot to me.



    #20 cnm

    cnm

      Mother Lion of SWI

    • Retired Staff
    • PipPipPipPipPip
    • 25,317 posts

    Posted 01 February 2013 - 11:06 AM

    There are many articles on the web about restricting user privileges - for instance here.  You may find them hard to follow but the info is there.

     

    Some steps you can take:

     

    Please do Start > Add or remove user accounts

    Select each user in turn, and if their account type is Administrator, change it to Standard user.  Unless people need to use the PC without logging in, remove the Guest account if there is one.

     

    Do Start > UAC

    Set it to the Default (second from top) or to the top setting "Always notify".  UAC can be a big nuisance but it does offer you protection.

    Read about User Account Control.

     

    None of this will help if you leave the PC logged into your own Administrator account.  Always log off if you leave the PC.  And of course use a good strong password for logging in to admin acount.


    Microsoft MVP Windows Security 2005-2006
    How camest thou in this pickle? -- William Shakespeare:(1564-1616)
    The various helper groups here
    UNITE

    #21 UnicornToots

    UnicornToots

      Member

    • Full Member
    • Pip
    • 36 posts

    Posted 01 February 2013 - 12:35 PM

    Thank you for the links and information. I'll follow them. I hope to have no more infections. They make me paranoid. :shok:



    #22 cnm

    cnm

      Mother Lion of SWI

    • Retired Staff
    • PipPipPipPipPip
    • 25,317 posts

    Posted 01 February 2013 - 12:49 PM

    Advice for malware prevention:

    Configure Windows to do automatic updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

    Keep MalwareBytes Anti-Malware updated and run it whenever you suspect a problem.

    The free FileHippo Update Checker makes it easy to keep all your programs up to date - run it every few weeks.

    Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

    http://www.systemloo...p?type=filename

    A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different from the rogues mentioned above.

    For much more old but still useful information, read Tony Klein's excellent article: How did I get infected in the first place


    Microsoft MVP Windows Security 2005-2006
    How camest thou in this pickle? -- William Shakespeare:(1564-1616)
    The various helper groups here
    UNITE

    #23 cnm

    cnm

      Mother Lion of SWI

    • Retired Staff
    • PipPipPipPipPip
    • 25,317 posts

    Posted 03 February 2013 - 05:56 PM

    Glad we could help. :)

    If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
    Microsoft MVP Windows Security 2005-2006
    How camest thou in this pickle? -- William Shakespeare:(1564-1616)
    The various helper groups here
    UNITE




    Member of UNITE
    Support SpywareInfo Forum - click the button