Page 1 of 3 123 LastLast
Results 1 to 10 of 30

Thread: Possible Malware problem

  1. #1
    Member
    Join Date
    Aug 2008
    Posts
    56

    Default Possible Malware problem

    Hi,

    Recently the performance of my computer has been getting worse - hard drive whirls so much that it sounds like it's going to take off - then it just shuts down. The last couple of days, it's shutting off every 20 mins or so. When I boot it back, firstly I get the windows didn't shut down properly page, then it comes up with windows configuration, updates then boots up. Twice I've had a completely difference desktop, then it's crashed again and the process starts again. I can get onto internet, but again for only a short time - had to type this in word then copy & paste.

    Even when sitting idle - when not in use, the hard drive is in overdrive. Every morning I have to start it up again where it's crashed overnight.

    I've backed up system.

    Many thanks

    Here's logs:

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:26-08-2014
    Ran by WIN7 (administrator) on ASPIRE-T180 on 26-08-2014 12:47:37
    Running from C:\Users\WIN7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9PIJRMAD
    Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
    (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
    () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    () C:\Program Files\AVG Secure Search\vprot.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    (Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.183.428.0.exe
    (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2640408 2014-08-25] ()
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
    HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
    HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM\...\Run: [] => [X]
    HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5717272 2013-11-30] (SUPERAntiSpyware)
    HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [1804648 2011-09-16] (Hewlett-Packard Co.)
    HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {a1b16639-8515-11e3-87ab-001921549e00} - L:\AutoRun.exe
    HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {a1b16678-8515-11e3-87ab-001921549e00} - L:\AutoRun.exe
    HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {a1b16685-8515-11e3-87ab-001921549e00} - L:\AutoRun.exe
    HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {a1b16689-8515-11e3-87ab-001921549e00} - L:\AutoRun.exe
    HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {cef466f4-433d-11e3-9193-001921549e00} - L:\setup_vmb_lite.exe /checkApplicationPresence
    HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {cef466fd-433d-11e3-9193-001921549e00} - L:\setup_vmb_lite.exe /checkApplicationPresence
    HKU\S-1-5-21-1839434062-3037775892-936306819-1003\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
    BootExecute: autocheck autochk * /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB0B8D479E7A6CC01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
    URLSearchHook: HKCU - (No Name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No File
    SearchScopes: HKCU - DefaultScope {33D9335B-0A5E-4AA2-8CA5-5A230AE6292E} URL = https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
    SearchScopes: HKCU - {32FB7BCD-AF25-4514-AC58-EA10CAB0BCA5} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
    SearchScopes: HKCU - {33D9335B-0A5E-4AA2-8CA5-5A230AE6292E} URL = https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
    SearchScopes: HKCU - {5CEB2165-DBB5-4245-A5A3-136ABF4173C3} URL = http://searchou.com/?q={searchTerms}&id=4cf6e604000000000000001921549e00&affilt=5&r=206
    SearchScopes: HKCU - {7E836C53-B5E8-4BAB-AA74-B2B391F4F74A} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U4&apn_dtid=OSJ000YYUK&apn_uid=788F3C5F-27F0-433B-B6BA-75BC738E0533&apn_sauid=92785532-7819-4B55-B68B-33B6E518991B
    SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={83978C62-A6B3-4419-9CF6-D0709F874B06}&mid=0277e6c006b947d195f6d15067b077f3-6f1354d46f12568e560b096cf8b39c7863202901&lang=en&ds=AVG&pr=fr&d=2013-09-25 20:07:09&v=15.4.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
    SearchScopes: HKCU - {A67C8099-78A4-4BF8-869D-42FE0F75BCE9} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
    SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=NUYHiWDFMm
    BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
    Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
    Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKCU - No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File
    Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{5704168A-B32C-447A-B678-72C32D94FB6F}: [NameServer] 88.82.13.12 88.82.13.12

    FireFox:
    ========
    FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
    FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2
    FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
    FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2012-09-26]
    FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
    FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2012-09-26]

    Chrome:
    =======
    CHR HomePage: Default -> https://uk.search.yahoo.com/?type=38...=spigot-yhp-ch
    CHR StartupUrls: Default -> "https://uk.search.yahoo.com/?type=386496&fr=spigot-yhp-ch"
    CHR CustomProfile: C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\default
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-12]
    CHR Extension: (Google Wallet) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-22]
    CHR HKLM\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\WIN7\AppData\Local\Temp\ccex.crx []
    CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx []
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-12] (SUPERAntiSpyware.com) [File not signed]
    R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)
    R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
    R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-24] (AVG Secure Search)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [199960 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-24] (AVG Technologies)
    R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [20744 2009-06-17] (IVT Corporation.)
    S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [29192 2009-06-17] ()
    R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-01-30] (GFI Software)
    S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [85760 2011-03-24] (Huawei Technologies Co., Ltd.)
    S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26496 2011-03-24] (Huawei Technologies Co., Ltd.)
    S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [168448 2011-03-24] (Huawei Technologies Co., Ltd.)
    S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [25480 2009-06-17] (IVT Corporation.)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-07-24] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
    R1 MpKsl5d7c23cd; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0FBE9A67-90DF-4175-BCD6-10280EEB2CE4}\MpKsl5d7c23cd.sys [39464 2014-08-26] (Microsoft Corporation)
    R1 RapportCerberus_69108; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_69108.sys [358040 2014-07-04] ()
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [12984 2011-11-23] ()
    S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44544 2012-09-28] (Apple, Inc.) [File not signed]
    R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
    S3 BT; system32\DRIVERS\btnetdrv.sys [X]
    S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
    S3 VComm; system32\DRIVERS\VComm.sys [X]
    S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-26 12:46 - 2014-08-26 12:47 - 00000000 ____D () C:\FRST
    2014-08-26 12:38 - 2014-08-26 12:38 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ASPIRE-T180-Microsoft-Windows-7-Professional-(32-bit).dat
    2014-08-26 12:33 - 2014-08-26 12:33 - 00000000 ____D () C:\RegBackup
    2014-08-26 12:32 - 2014-08-26 12:32 - 00002161 _____ () C:\Users\WIN7\Desktop\Tweaking.com - Registry Backup.lnk
    2014-08-26 12:32 - 2014-08-26 12:32 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-08-26 12:30 - 2014-08-26 12:30 - 00000000 ____D () C:\Program Files\Tweaking.com
    2014-08-26 11:13 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
    2014-08-26 11:10 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
    2014-08-26 11:06 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
    2014-08-26 11:04 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
    2014-08-23 11:21 - 2014-07-14 02:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2014-08-23 11:21 - 2014-06-16 02:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2014-08-23 11:21 - 2014-06-16 02:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2014-08-23 11:21 - 2014-06-16 02:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2014-08-23 11:20 - 2014-08-01 00:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-08-23 11:20 - 2014-07-25 14:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-08-23 11:20 - 2014-07-25 14:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-08-23 11:20 - 2014-07-25 13:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-08-23 11:20 - 2014-07-25 13:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-08-23 11:20 - 2014-07-25 13:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-08-23 11:20 - 2014-07-25 13:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-08-23 11:20 - 2014-07-25 13:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-08-23 11:20 - 2014-07-25 13:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-08-23 11:20 - 2014-07-25 13:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-08-23 11:20 - 2014-07-25 13:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-08-23 11:20 - 2014-07-25 13:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-08-23 11:20 - 2014-07-25 13:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-08-23 11:20 - 2014-07-25 13:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-08-23 11:20 - 2014-07-25 13:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-08-23 11:20 - 2014-07-25 12:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-08-23 11:20 - 2014-07-25 12:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-08-23 11:20 - 2014-07-25 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-08-23 11:20 - 2014-07-25 12:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-08-23 11:20 - 2014-07-25 12:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-08-23 11:20 - 2014-07-25 12:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-08-23 11:20 - 2014-07-25 12:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-08-23 11:20 - 2014-07-25 12:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-08-23 11:20 - 2014-07-25 12:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-08-23 11:20 - 2014-07-25 12:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-08-23 11:20 - 2014-07-25 12:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-08-23 11:20 - 2014-07-25 11:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-08-23 11:20 - 2014-07-25 11:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-08-23 11:20 - 2014-07-25 11:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-08-23 11:19 - 2014-07-25 14:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-08-23 11:16 - 2014-07-16 03:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-08-23 11:16 - 2014-06-03 10:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2014-08-23 11:16 - 2014-06-03 10:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-08-23 11:16 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2014-08-23 11:16 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2014-08-23 11:15 - 2014-08-07 02:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-08-23 11:15 - 2014-08-07 02:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-08-23 11:15 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-08-06 21:00 - 2014-08-26 12:14 - 00001242 _____ () C:\Windows\setupact.log
    2014-08-06 21:00 - 2014-08-06 21:00 - 00000000 _____ () C:\Windows\setuperr.log
    2014-08-06 20:59 - 2014-08-06 21:00 - 00412008 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-08-06 18:58 - 2014-08-06 18:58 - 00109280 _____ () C:\Users\WIN7\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-08-06 18:31 - 2014-08-06 18:31 - 00000000 ____D () C:\Program Files\Common Files\Java
    2014-08-06 18:31 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2014-08-06 18:30 - 2014-08-06 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-08-06 18:30 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
    2014-08-06 18:30 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2014-08-06 18:30 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2014-08-06 18:29 - 2014-08-06 18:30 - 00004477 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
    2014-08-01 20:15 - 2014-05-14 17:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2014-08-01 20:15 - 2014-05-14 17:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2014-08-01 20:15 - 2014-05-14 17:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2014-08-01 20:15 - 2014-05-14 17:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2014-08-01 20:14 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2014-08-01 20:14 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2014-08-01 20:14 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2014-08-01 20:13 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2014-08-01 20:13 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-26 12:47 - 2014-08-26 12:46 - 00000000 ____D () C:\FRST
    2014-08-26 12:43 - 2011-11-16 18:59 - 01672666 _____ () C:\Windows\WindowsUpdate.log
    2014-08-26 12:39 - 2009-07-14 05:34 - 00022224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-08-26 12:39 - 2009-07-14 05:34 - 00022224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-08-26 12:38 - 2014-08-26 12:38 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ASPIRE-T180-Microsoft-Windows-7-Professional-(32-bit).dat
    2014-08-26 12:37 - 2012-04-19 08:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-08-26 12:33 - 2014-08-26 12:33 - 00000000 ____D () C:\RegBackup
    2014-08-26 12:33 - 2011-11-22 22:24 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-08-26 12:32 - 2014-08-26 12:32 - 00002161 _____ () C:\Users\WIN7\Desktop\Tweaking.com - Registry Backup.lnk
    2014-08-26 12:32 - 2014-08-26 12:32 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-08-26 12:30 - 2014-08-26 12:30 - 00000000 ____D () C:\Program Files\Tweaking.com
    2014-08-26 12:17 - 2013-06-03 06:45 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
    2014-08-26 12:15 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-08-26 12:14 - 2014-08-06 21:00 - 00001242 _____ () C:\Windows\setupact.log
    2014-08-26 11:41 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-08-26 11:33 - 2011-11-16 23:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-08-26 11:32 - 2013-08-09 21:31 - 00000000 ____D () C:\Windows\system32\MRT
    2014-08-26 11:26 - 2011-11-16 19:18 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-08-26 11:01 - 2011-11-22 22:24 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-08-26 10:57 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-08-26 10:56 - 2011-11-17 00:25 - 00000000 ____D () C:\ProgramData\MFAData
    2014-08-26 10:54 - 2011-11-19 18:50 - 00000000 ____D () C:\Users\WIN7
    2014-08-26 10:54 - 2011-11-16 19:06 - 00000000 ____D () C:\Users\Administrator
    2014-08-25 14:23 - 2012-01-03 10:15 - 00068955 _____ () C:\Users\WIN7\Desktop\My Bits.xlsx
    2014-08-25 13:15 - 2013-09-25 20:06 - 00000000 ____D () C:\Program Files\AVG Secure Search
    2014-08-24 11:22 - 2012-08-29 15:55 - 00042784 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
    2014-08-24 10:18 - 2011-11-23 15:59 - 00000000 ____D () C:\Users\WIN7\AppData\Local\Adobe
    2014-08-23 15:12 - 2010-11-20 22:01 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-08-23 14:02 - 2014-04-01 08:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2014-08-23 14:02 - 2013-09-25 20:07 - 00000915 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
    2014-08-23 11:46 - 2013-12-05 14:58 - 00002109 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-08-23 11:31 - 2012-09-26 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2014-08-23 11:29 - 2012-09-26 16:34 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\HpUpdate
    2014-08-07 02:43 - 2014-08-23 11:15 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-08-07 02:39 - 2014-08-23 11:15 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-08-06 21:00 - 2014-08-06 21:00 - 00000000 _____ () C:\Windows\setuperr.log
    2014-08-06 21:00 - 2014-08-06 20:59 - 00412008 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-08-06 18:59 - 2011-11-25 19:19 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
    2014-08-06 18:58 - 2014-08-06 18:58 - 00109280 _____ () C:\Users\WIN7\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-08-06 18:58 - 2014-06-12 14:24 - 00000000 ____D () C:\Program Files\FreeRIP
    2014-08-06 18:47 - 2012-08-24 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2014-08-06 18:47 - 2011-11-22 22:25 - 00000945 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-08-06 18:45 - 2011-11-22 22:25 - 00000000 ____D () C:\Program Files\CCleaner
    2014-08-06 18:38 - 2013-10-22 16:31 - 00000000 ____D () C:\ProgramData\Oracle
    2014-08-06 18:31 - 2014-08-06 18:31 - 00000000 ____D () C:\Program Files\Common Files\Java
    2014-08-06 18:30 - 2014-08-06 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-08-06 18:30 - 2014-08-06 18:29 - 00004477 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
    2014-08-06 18:30 - 2013-07-23 13:45 - 00000000 ____D () C:\Program Files\Java
    2014-08-02 20:12 - 2012-05-19 18:36 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\vlc
    2014-08-01 00:16 - 2014-08-23 11:20 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

    Some content of TEMP:
    ====================
    C:\Users\Administrator\AppData\Local\Temp\avguidx.dll
    C:\Users\Administrator\AppData\Local\Temp\iGearedHelper.dll
    C:\Users\Administrator\AppData\Local\Temp\MachineIdCreator.exe
    C:\Users\Administrator\AppData\Local\Temp\ose00000.exe
    C:\Users\WIN7\AppData\Local\Temp\install_flashplayer14x32axau_gtbd_chrd_dn_aaa_aih.exe
    C:\Users\WIN7\AppData\Local\Temp\_is5164.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-08-23 10:45

    ==================== End Of Log ============================


    aswMBR

    aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
    Run date: 2014-08-26 18:40:39
    -----------------------------
    18:40:39.987 OS Version: Windows 6.1.7601 Service Pack 1
    18:40:39.987 Number of processors: 2 586 0x4B02
    18:40:39.987 ComputerName: ASPIRE-T180 UserName: WIN7
    18:41:02.795 Initialize success
    18:41:03.138 VM: initialized successfully
    18:41:03.621 VM: Amd CPU virtualization not supported
    18:41:34.692 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
    18:41:34.692 Disk 0 Vendor: HDT72251 V43O Size: 157066MB BusType: 3
    18:41:34.817 Disk 0 MBR read successfully
    18:41:34.832 Disk 0 MBR scan
    18:41:34.832 Disk 0 Windows 7 default MBR code
    18:41:34.863 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    18:41:34.863 Disk 0 default boot code
    18:41:34.879 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 41000 MB offset 206848
    18:41:34.895 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 51963 MB offset 84174848
    18:41:34.910 Disk 0 Partition - 00 0F Extended LBA 64001 MB offset 190595072
    18:41:34.926 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 64000 MB offset 190597120
    18:41:34.941 Disk 0 scanning sectors +321669120
    18:41:35.207 Disk 0 scanning C:\Windows\system32\drivers
    18:41:43.475 Service scanning
    18:41:52.819 Service MpKsl7ca17318 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8FB68CD5-CCEB-4B92-AD97-B362FE575BC1}\MpKsl7ca17318.sys **LOCKED** 32
    18:42:05.673 Modules scanning
    18:42:14.097 Disk 0 trace - called modules:
    18:42:14.113 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
    18:42:14.129 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x852a8580]
    18:42:14.129 3 CLASSPNP.SYS[871a259e] -> nt!IofCallDriver -> [0x84cf1408]
    18:42:14.144 5 ACPI.sys[86c483d4] -> nt!IofCallDriver -> \Device\00000068[0x84cf1828]
    18:42:14.160 Scan finished successfully
    18:42:43.004 Disk 0 MBR has been saved successfully to "C:\Users\WIN7\Desktop\MBR.dat"
    18:42:43.145 The log file has been saved successfully to "C:\Users\WIN7\Desktop\aswMBR.txt"

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    You have a lot going on here. I do infection and I also see 2 active running antivirus on the machine.
    AVG
    Microsoft security essentials. We need to remove 1, your decision which but 1 needs to go.

    As for the computer rebooting randomly on it's own, I don't know why but what we can do is to continue to search for infections to see if thats the cause.


    Also, when you downloaded FRST (Farbar's Recovery Scan Tool) you ran it from a temp directory which we can't use. We will need to download to desktop and run the tool again, this time in a slightly different way.


    Let's set your browsers to download to desktop.

    For the latest version of Firefox
    Look at the top of the web page, clcik on the 3 bar icon tool.(Don't know what you really call it looks like 3 skinny lines)
    At the top click on the General tab
    scroll to the Downloads indicator, then check the box for "Save files to", here you can choose where to save. I use Desktop because it's the easiest to find things later.

    For older versions of Firefox
    Firefox
    you press the orange Firefox button in the top left corner >> Options
    Beneath where it shows homepage, click on save files to desktop

    Chrome --
    Press the Customize and Control Google button (three horizontal lines in top right corner of screen) >> Settings >> Show Advanced Settings >> Downloads, Download location, click on save to desktop


    NEXT**

    Please download Farbar Recovery Scan Tool
    http://www.bleepingcomputer.com/down...an-tool/dl/81/
    (use correct version for your system.....Which system am I using?)

    When you have the tool on desktop proceed

    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

    start
    C:\Users\Administrator\AppData\Local\Temp\avguidx.dll
    C:\Users\Administrator\AppData\Local\Temp\iGearedHelper.dll
    C:\Users\Administrator\AppData\Local\Temp\MachineIdCreator.exe
    C:\Users\Administrator\AppData\Local\Temp\ose00000.exe
    C:\Users\WIN7\AppData\Local\Temp\install_flashplayer14x32axau_gtbd_chrd_dn_aaa_aih.exe
    HKLM\...\Run: [] => [X]
    HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {a1b16639-8515-11e3-87ab-001921549e00} - L:\AutoRun.exe
    HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {a1b16678-8515-11e3-87ab-001921549e00} - L:\AutoRun.exe
    HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {a1b16685-8515-11e3-87ab-001921549e00} - L:\AutoRun.exe
    HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {a1b16689-8515-11e3-87ab-001921549e00} - L:\AutoRun.exe
    HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {cef466f4-433d-11e3-9193-001921549e00} - L:\setup_vmb_lite.exe /checkApplicationPresence
    HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {cef466fd-433d-11e3-9193-001921549e00} - L:\setup_vmb_lite.exe /checkApplicationPresence
    URLSearchHook: HKCU - (No Name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No File
    SearchScopes: HKCU - {32FB7BCD-AF25-4514-AC58-EA10CAB0BCA5} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
    SearchScopes: HKCU - {5CEB2165-DBB5-4245-A5A3-136ABF4173C3} URL = http://searchou.com/?q={searchTerms}&id=4cf6e604000000000000001921549e00&affilt=5&r=206
    SearchScopes: HKCU - {7E836C53-B5E8-4BAB-AA74-B2B391F4F74A} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U4&apn_dtid=OSJ000YYUK&apn_uid=788F3C5F-27F0-433B-B6BA-75BC738E0533&apn_sauid=92785532-7819-4B55-B68B-33B6E518991B
    SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=NUYHiWDFMm
    Toolbar: HKCU - No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
    Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKCU - No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File
    Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
    CHR StartupUrls: Default -> "https://uk.search.yahoo.com/?type=386496&fr=spigot-yhp-ch"
    CHR HKLM\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\WIN7\AppData\Local\Temp\ccex.crx []
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    EmptyTemp:
    End
    Open FRST/FRST64 and press the--> Fix <-- button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    ***************

    Please download RogueKiller and save it to your desktop.

    You can check here if you're not sure if your computer is 32-bit or 64-bit
    • Download RogueKiller to your desktop.

    • Quit all running programs.
    • For Windows XP, double-click to start.
    • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
    • Read and accept the EULA (End User Licene Agreement)
    • Click Scan to scan the system.
    • When the scan completes Close the program > Don't Fix anything!
    • Don't run any other options, they're not all bad!!
    • Post back the report which should be located on your desktop.



    Please post
    Fixlog.txt
    RogueKiller.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Member
    Join Date
    Aug 2008
    Posts
    56

    Default

    Here's fix log.

    Rougekill without the comp not shutting down. I've tried at least 5 times.

    I've uninstalled AVG (left link scanner) and superantispyware ( as I don't use that) thinking that it may help with the hard drive not going so fast, but no difference.

    Didn't update chrome or firefox as I don't use them.

    Trying to type as fast as I can before comp shuts of again....

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:26-08-2014
    Ran by WIN7 at 2014-08-28 12:23:50 Run:2
    Running from C:\Users\WIN7\Desktop
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    start
    C:\Users\Administrator\AppData\Local\Temp\avguidx.dll
    C:\Users\Administrator\AppData\Local\Temp\iGearedHelper.dll
    C:\Users\Administrator\AppData\Local\Temp\MachineIdCreator.exe
    C:\Users\Administrator\AppData\Local\Temp\ose00000.exe
    C:\Users\WIN7\AppData\Local\Temp\install_flashplayer14x32axau_gtbd_chrd_dn_aaa_aih.exe
    HKLM\...\Run: [] => [X]
    HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {a1b16639-8515-11e3-87ab-001921549e00} - L:\AutoRun.exe
    HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {a1b16678-8515-11e3-87ab-001921549e00} - L:\AutoRun.exe
    HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {a1b16685-8515-11e3-87ab-001921549e00} - L:\AutoRun.exe
    HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {a1b16689-8515-11e3-87ab-001921549e00} - L:\AutoRun.exe
    HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {cef466f4-433d-11e3-9193-001921549e00} - L:\setup_vmb_lite.exe /checkApplicationPresence
    HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {cef466fd-433d-11e3-9193-001921549e00} - L:\setup_vmb_lite.exe /checkApplicationPresence
    URLSearchHook: HKCU - (No Name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No File
    SearchScopes: HKCU - {32FB7BCD-AF25-4514-AC58-EA10CAB0BCA5} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
    SearchScopes: HKCU - {5CEB2165-DBB5-4245-A5A3-136ABF4173C3} URL = http://searchou.com/?q={searchTerms}&id=4cf6e604000000000000001921549e00&affilt=5&r=206
    SearchScopes: HKCU - {7E836C53-B5E8-4BAB-AA74-B2B391F4F74A} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U4&apn_dtid=OSJ000YYUK&apn_uid=788F3C5F-27F0-433B-B6BA-75BC738E0533&apn_sauid=92785532-7819-4B55-B68B-33B6E518991B
    SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=NUYHiWDFMm
    Toolbar: HKCU - No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
    Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKCU - No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File
    Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
    CHR StartupUrls: Default -> "https://uk.search.yahoo.com/?type=386496&fr=spigot-yhp-ch"
    CHR HKLM\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\WIN7\AppData\Local\Temp\ccex.crx []
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    EmptyTemp:
    End
    *****************

    "C:\Users\Administrator\AppData\Local\Temp\avguidx.dll" => File/Directory not found.
    "C:\Users\Administrator\AppData\Local\Temp\iGearedHelper.dll" => File/Directory not found.
    "C:\Users\Administrator\AppData\Local\Temp\MachineIdCreator.exe" => File/Directory not found.
    "C:\Users\Administrator\AppData\Local\Temp\ose00000.exe" => File/Directory not found.
    "C:\Users\WIN7\AppData\Local\Temp\install_flashplayer14x32axau_gtbd_chrd_dn_aaa_aih.exe" => File/Directory not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
    "HKU\S-1-5-21-1839434062-3037775892-936306819-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1b16639-8515-11e3-87ab-001921549e00}" => Key not found.
    "HKCR\CLSID\{a1b16639-8515-11e3-87ab-001921549e00}" => Key not found.
    "HKU\S-1-5-21-1839434062-3037775892-936306819-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1b16678-8515-11e3-87ab-001921549e00}" => Key not found.
    "HKCR\CLSID\{a1b16678-8515-11e3-87ab-001921549e00}" => Key not found.
    "HKU\S-1-5-21-1839434062-3037775892-936306819-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1b16685-8515-11e3-87ab-001921549e00}" => Key not found.
    "HKCR\CLSID\{a1b16685-8515-11e3-87ab-001921549e00}" => Key not found.
    "HKU\S-1-5-21-1839434062-3037775892-936306819-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1b16689-8515-11e3-87ab-001921549e00}" => Key not found.
    "HKCR\CLSID\{a1b16689-8515-11e3-87ab-001921549e00}" => Key not found.
    "HKU\S-1-5-21-1839434062-3037775892-936306819-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cef466f4-433d-11e3-9193-001921549e00}" => Key not found.
    "HKCR\CLSID\{cef466f4-433d-11e3-9193-001921549e00}" => Key not found.
    "HKU\S-1-5-21-1839434062-3037775892-936306819-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cef466fd-433d-11e3-9193-001921549e00}" => Key not found.
    "HKCR\CLSID\{cef466fd-433d-11e3-9193-001921549e00}" => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} => Value not found.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{32FB7BCD-AF25-4514-AC58-EA10CAB0BCA5}" => Key not found.
    "HKCR\CLSID\{32FB7BCD-AF25-4514-AC58-EA10CAB0BCA5}" => Key not found.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5CEB2165-DBB5-4245-A5A3-136ABF4173C3}" => Key not found.
    "HKCR\CLSID\{5CEB2165-DBB5-4245-A5A3-136ABF4173C3}" => Key not found.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7E836C53-B5E8-4BAB-AA74-B2B391F4F74A}" => Key not found.
    "HKCR\CLSID\{7E836C53-B5E8-4BAB-AA74-B2B391F4F74A}" => Key not found.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}" => Key not found.
    "HKCR\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}" => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} => Value not found.
    "HKCR\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found.
    "HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} => Value not found.
    "HKCR\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}" => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found.
    "HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key not found.
    "HKCR\PROTOCOLS\Handler\linkscanner" => Key not found.
    "HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key not found.
    Chrome StartupUrls deleted successfully.
    "HKLM\SOFTWARE\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj" => Key deleted successfully.
    "C:\Users\WIN7\AppData\Local\Temp\ccex.crx" => File/Directory not found.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    EmptyTemp: => Removed 252 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ====

  4. #4
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    For fear of the computer shutting down, after you have these tools/scanners on your desktop try booting into safe mode and run from there. This is to see if something is loading thats causing this problem.
    http://www.bleepingcomputer.com/tuto...-in-windows-8/

    *****************
    -AdwCleaner-by Xplode

    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

    Do not click on any links in the top Advertisment.



    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    • NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    *********

    Download Malwarebytes' Anti-Malware to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"







    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Dections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished and the log pops up...select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes


    ***************************************
    Please post
    C:\AdwCleaner.txt
    JRT.txt
    Malwarebytes
    Last edited by Juliet; 2014-08-28 at 23:08. Reason: typo
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Member
    Join Date
    Aug 2008
    Posts
    56

    Default

    Hi,

    Ran Adware & Malware in safe mode - comp crashed twice trying to run Malware. Ran JRT in normal mode (forgot to go into safe mode on boot up). Here's logs:

    Adware:

    # AdwCleaner v3.308 - Report created 28/08/2014 at 22:39:07
    # Updated 20/08/2014 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (32 bits)
    # Username : WIN7 - ASPIRE-T180
    # Running from : C:\Users\WIN7\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\Program Files\AVG Secure Search
    Folder Deleted : C:\Program Files\AVG Security Toolbar
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
    Folder Deleted : C:\Users\WIN7\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\WIN7\AppData\Local\Conduit
    Folder Deleted : C:\Users\WIN7\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\WIN7\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\WIN7\AppData\LocalLow\iac
    Folder Deleted : C:\Users\WIN7\AppData\LocalLow\Industriya
    Folder Deleted : C:\Users\WIN7\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\WIN7\AppData\Roaming\Browser Extensions
    Folder Deleted : C:\Users\WIN7\AppData\Roaming\Search Protection
    File Deleted : C:\END

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3244149
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\IGearSettings
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\iWon
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKLM\SOFTWARE\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\ImInstaller
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17239


    -\\ Google Chrome v36.0.1985.143

    [ File : C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Homepage] : hxxps://uk.search.yahoo.com/?type=386496&fr=spigot-yhp-ch

    *************************

    AdwCleaner[R0].txt - [9130 octets] - [28/08/2014 22:37:35]
    AdwCleaner[S0].txt - [9265 octets] - [28/08/2014 22:39:07]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9325 octets] ##########

    JRT:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Professional x86
    Ran by WIN7 on 28/08/2014 at 22:59:30.36
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4623A8C4-150D-4983-8982-68C01E7D6541}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\WIN7\AppData\Roaming\getrighttogo"
    Successfully deleted: [Folder] "C:\Users\WIN7\Local Settings\Application Data\hosts"
    Successfully deleted: [Folder] "C:\Program Files\freerip"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 28/08/2014 at 23:04:49.12
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  6. #6
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Wish I knew what was causing all the crashes.

    lets see if we can catch a glimpse at a stop code if one is created .


    Download BlueScreenView
    No installation required.
    Double click on BlueScreenView.exe file to run the program.
    When scanning is done, go Edit>Select All.
    Go File>Save Selected Items, and save the report as BSOD.txt.
    Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.


    If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.
    Emergency Backup Procedure - Tech Support Forum

    Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

    How to use ComboFix

    Download ComboFix from here:
    Link 1
    Link 2
    Link 3

    Place ComboFix.exe on your Desktop *<--Important
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
      * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.



      You can get help on disabling your protection programs here
    • Double click on ComboFix.exe & follow the prompts.
    • You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
    • Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
    • When finished, it shall produce a log for you. Post that log in your next reply

      Note:
      Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


      Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

      ---------------------------------------------------------------------------------------------
    • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

      Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
      Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
      ---------------------------------------------------------------------------------------------
    • If there are Internet issues after running ComboFix:
      Internet Explorer:
      Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
      Firefox:
      Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
      Chrome:
      Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
      Safari
      Launch Safari
      Go to general settings menu
      Then in Preferences/ Advanced
      Then on line click Proxies change settings ...
      Click Internet Options, then click the Connections tab, click Network Settings.
      Disable option (uncheck) for the use of proxy server ...
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Member
    Join Date
    Aug 2008
    Posts
    56

    Default

    Hi,

    Couldn't see an .exe for blue screen so installed & ran, but nothing came up. I also ran malwarebytes again over night to see if it would run & it scanned this time with no shut downs. Log is at bottom.

    Here's ComboFix log:

    ComboFix 14-08-29.03 - WIN7 29/08/2014 9:53.1.2 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.768.140 [GMT 1:00]
    Running from: c:\users\WIN7\Desktop\ComboFix.exe
    AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    /wow section - STAGE 4
    Access is denied.
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\prefs.js
    c:\programdata\db5d816da20d2ea09bb29607205e6dd5_c
    c:\users\WIN7\AppData\Local\Adobe\gccheck.exe
    c:\users\WIN7\AppData\Local\Adobe\gtbcheck.exe
    c:\users\WIN7\AppData\Local\Adobe\install_flash_player_ax.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-07-28 to 2014-08-29 )))))))))))))))))))))))))))))))
    .
    .
    2014-08-29 09:09 . 2014-08-29 09:10 -------- d-----w- c:\users\WIN7\AppData\Local\temp
    2014-08-29 09:09 . 2014-08-29 09:09 -------- d-----w- c:\users\User\AppData\Local\temp
    2014-08-29 09:09 . 2014-08-29 09:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2014-08-29 09:09 . 2014-08-29 09:09 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-08-29 09:09 . 2014-08-29 09:09 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2014-08-29 08:37 . 2014-08-29 08:37 -------- d-----w- c:\program files\NirSoft
    2014-08-28 22:42 . 2014-08-28 22:42 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54D34096-AD68-4DE7-95B7-D0828EF22C4B}\MpKsl0ea6a48a.sys
    2014-08-28 22:05 . 2014-08-28 23:07 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-08-28 21:59 . 2014-08-28 21:59 -------- d-----w- c:\windows\ERUNT
    2014-08-28 21:57 . 2014-08-28 21:57 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54D34096-AD68-4DE7-95B7-D0828EF22C4B}\MpKsla6de6166.sys
    2014-08-28 21:37 . 2014-08-28 21:39 -------- d-----w- C:\AdwCleaner
    2014-08-28 21:20 . 2014-05-12 06:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-08-28 21:20 . 2014-05-12 06:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-08-28 21:20 . 2014-08-28 21:21 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-08-28 19:05 . 2014-08-20 18:44 8581864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54D34096-AD68-4DE7-95B7-D0828EF22C4B}\mpengine.dll
    2014-08-28 18:56 . 2014-08-23 00:42 2352640 ----a-w- c:\windows\system32\win32k.sys
    2014-08-28 18:56 . 2014-08-23 01:46 305152 ----a-w- c:\windows\system32\gdi32.dll
    2014-08-28 11:36 . 2014-08-28 18:04 33512 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-08-28 11:36 . 2014-08-28 11:36 -------- d-----w- c:\programdata\RogueKiller
    2014-08-27 16:13 . 2014-08-20 18:44 8581864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-08-26 14:16 . 2014-08-26 14:16 -------- d-----w- c:\programdata\Avg_Update_0814tb
    2014-08-26 11:46 . 2014-08-28 11:25 -------- d-----w- C:\FRST
    2014-08-26 11:33 . 2014-08-26 11:33 -------- d-----w- C:\RegBackup
    2014-08-26 11:30 . 2014-08-26 11:30 -------- d-----w- c:\program files\Tweaking.com
    2014-08-26 10:13 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll
    2014-08-26 10:10 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll
    2014-08-26 10:06 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe
    2014-08-26 10:04 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
    2014-08-23 10:50 . 2014-08-23 10:47 893248 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C520D24-4249-432B-A5B4-0A72A5F73F2A}\gapaengine.dll
    2014-08-23 10:21 . 2014-07-14 01:42 654336 ----a-w- c:\windows\system32\rpcrt4.dll
    2014-08-23 10:21 . 2014-06-16 01:44 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2014-08-23 10:21 . 2014-06-16 01:44 219072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2014-08-23 10:21 . 2014-06-16 01:40 107520 ----a-w- c:\windows\system32\cdd.dll
    2014-08-23 10:19 . 2014-07-25 12:53 10747392 ----a-w- c:\program files\Internet Explorer\F12Resources.dll
    2014-08-23 10:16 . 2014-07-16 02:46 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-08-23 10:16 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\system32\msi.dll
    2014-08-23 10:16 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\system32\authui.dll
    2014-08-23 10:16 . 2014-06-03 09:30 101824 ----a-w- c:\windows\system32\consent.exe
    2014-08-23 10:16 . 2014-06-03 09:29 337408 ----a-w- c:\windows\system32\msihnd.dll
    2014-08-23 10:15 . 2014-08-07 01:43 412160 ----a-w- c:\windows\system32\aepdu.dll
    2014-08-23 10:15 . 2014-08-07 01:39 302592 ----a-w- c:\windows\system32\aeinv.dll
    2014-08-06 17:31 . 2014-08-06 17:31 -------- d-----w- c:\program files\Common Files\Java
    2014-08-06 17:30 . 2014-07-25 11:55 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2014-08-01 19:15 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
    2014-08-01 19:15 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
    2014-08-01 19:15 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
    2014-08-01 19:15 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
    2014-08-01 19:14 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
    2014-08-01 19:14 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
    2014-08-01 19:14 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
    2014-08-01 19:13 . 2014-05-14 08:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
    2014-08-01 19:13 . 2014-05-14 08:17 33792 ----a-w- c:\windows\system32\wuapp.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-08-28 20:32 . 2014-07-25 00:28 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
    2014-08-24 10:22 . 2012-08-29 14:55 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2014-07-09 10:37 . 2012-04-19 07:23 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-07-09 10:37 . 2011-11-20 21:11 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-06-23 11:15 . 2014-06-23 11:15 123544 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2014-06-18 01:51 . 2014-07-09 16:39 646144 ----a-w- c:\windows\system32\osk.exe
    2014-06-17 15:21 . 2014-06-17 15:21 197400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2014-06-17 15:18 . 2014-06-17 15:18 241944 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2014-06-17 15:17 . 2014-06-17 15:17 147736 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2014-06-06 09:44 . 2014-07-09 16:38 509440 ----a-w- c:\windows\system32\qedit.dll
    2014-06-05 14:26 . 2014-07-09 16:37 1059840 ----a-w- c:\windows\system32\lsasrv.dll
    2012-05-19 16:36 . 2008-08-10 12:09 1083904 ----a-w- c:\program files\MPEG_Streamclip.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 1804648]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
    "AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-08-11 5187088]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2014-07-25 11:29 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [x]
    R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2009-06-17 29192]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-03-24 102784]
    R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-03-24 11136]
    R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-03-24 85760]
    R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-03-24 26496]
    R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2011-03-24 168448]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-07-25 108032]
    R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2009-06-17 25480]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
    R3 RapportKELL;RapportKELL;c:\windows\system32\Drivers\RapportKELL.sys [2014-06-23 123544]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
    R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2011-11-23 12984]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-16 1343400]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
    S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-06-17 147736]
    S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-06-17 241944]
    S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-06-17 20744]
    S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-01-30 13560]
    S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-06-17 197400]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-08-24 42784]
    S1 MpKsl0ea6a48a;MpKsl0ea6a48a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54D34096-AD68-4DE7-95B7-D0828EF22C4B}\MpKsl0ea6a48a.sys [2014-08-28 39464]
    S1 MpKsla6de6166;MpKsla6de6166;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54D34096-AD68-4DE7-95B7-D0828EF22C4B}\MpKsla6de6166.sys [2014-08-28 39464]
    S1 RapportCerberus_69108;RapportCerberus_69108;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_69108.sys [2014-07-04 358040]
    S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2014-06-23 171000]
    S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [2014-08-11 289328]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
    S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2014-06-23 1886488]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-03-24 72832]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MPKSL0EA6A48A
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-08-23 10:00 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 10:37]
    .
    2014-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-22 21:24]
    .
    2014-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-22 21:24]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.virginmedia.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{5704168A-B32C-447A-B678-72C32D94FB6F}: NameServer = 88.82.13.12 88.82.13.12
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-MobileBroadband - c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-08-29 10:15:25
    ComboFix-quarantined-files.txt 2014-08-29 09:15
    .
    Pre-Run: 13,017,665,536 bytes free
    Post-Run: 12,919,267,328 bytes free
    .
    - - End Of File - - 34DCFEE3D78E5A2C0F64B8D7A0C271B4
    A36C5E4F47E84449FF07ED3517B43A31



    Malwarebytes Log:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 29/08/2014
    Scan Time: 00:07:51
    Logfile:
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.08.28.06
    Rootkit Database: v2014.08.21.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x86
    File System: NTFS
    User: WIN7

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 409886
    Time Elapsed: 17 min, 10 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 2
    PUP.Optional.MindSpark.A, HKU\S-1-5-21-1839434062-3037775892-936306819-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CouponAlert_2p, Quarantined, [11e58b40344789ad91861fe1fb08a25e],
    PUP.Optional.PriceGong.A, HKU\S-1-5-21-1839434062-3037775892-936306819-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [fdf921aa8dee95a1eda03ed7ca39cd33],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  8. #8
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    I've uninstalled AVG
    AVG is still on the computer and active.

    AVG uninstall tool, scroll down the page to find your version.
    http://www.avg.com/us-en/utilities


    It looks like these are OK, am I right??
    NameServer = 88.82.13.12 88.82.13.12
    United Kingdom.....VodoFone ISP?

    Is the computer still crashing?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #9
    Member
    Join Date
    Aug 2008
    Posts
    56

    Default

    Hi,

    VodaPhone is ok - I did thought I'd uninstalled that though. Not sure what the other one is.

    Computer is quieter, but I can't get into some webpages - facebook, google, yahoo mail, co-op banking, just a few randoms I tried.

    I've got Windows 7 pro, internet explorer 8. I checked the options for i.e after ComboFix, but still having problems.

    Many thanks

  10. #10
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Have you rebooted your computer since using ComboFix?

    If you haven't tried that now.

    Are you using a DSL router?

    Let's try this:
    Behind your modem will be a switch to turn it off, turn it off and wait a good 3 to 5 minutes.
    Turn it back on. Lights will flash on and off till it's completely functional again.
    Check for internet connection now.

    Also,
    Click the Microsoft Pearl button at the bottom left of your tool bar
    then type in cmd on the Search bar.

    On the command prompt, enter “ipconfig/release” then press [Enter] then enter “ipconfig/renew” and press [Enter] again.

    check to see if you connect now.


    What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
    Most reliable and thorough.
    The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
    This scanner can take quite a bit of time to run, depending of course how full your computer is.


    Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
    • Note:
      For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
    • Click the blue Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
    • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
    • Click on Advanced Settings
    • Make sure that the option Remove found threats is unticked.
    • Ensure these options are ticked
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

    • Click Start
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file...
    • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
    • Close the ESET online scan.


    *************************************
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •