PDA

View Full Version : Possible Malware problem



sunshine&flowerpots
2014-08-27, 21:40
Hi,

Recently the performance of my computer has been getting worse - hard drive whirls so much that it sounds like it's going to take off - then it just shuts down. The last couple of days, it's shutting off every 20 mins or so. When I boot it back, firstly I get the windows didn't shut down properly page, then it comes up with windows configuration, updates then boots up. Twice I've had a completely difference desktop, then it's crashed again and the process starts again. I can get onto internet, but again for only a short time - had to type this in word then copy & paste.

Even when sitting idle - when not in use, the hard drive is in overdrive. Every morning I have to start it up again where it's crashed overnight.

I've backed up system.

Many thanks

Here's logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:26-08-2014
Ran by WIN7 (administrator) on ASPIRE-T180 on 26-08-2014 12:47:37
Running from C:\Users\WIN7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9PIJRMAD
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.183.428.0.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2640408 2014-08-25] ()
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5717272 2013-11-30] (SUPERAntiSpyware)
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [1804648 2011-09-16] (Hewlett-Packard Co.)
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {a1b16639-8515-11e3-87ab-001921549e00} - L:\AutoRun.exe
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {a1b16678-8515-11e3-87ab-001921549e00} - L:\AutoRun.exe
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {a1b16685-8515-11e3-87ab-001921549e00} - L:\AutoRun.exe
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {a1b16689-8515-11e3-87ab-001921549e00} - L:\AutoRun.exe
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {cef466f4-433d-11e3-9193-001921549e00} - L:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {cef466fd-433d-11e3-9193-001921549e00} - L:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1839434062-3037775892-936306819-1003\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
BootExecute: autocheck autochk * /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB0B8D479E7A6CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
URLSearchHook: HKCU - (No Name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No File
SearchScopes: HKCU - DefaultScope {33D9335B-0A5E-4AA2-8CA5-5A230AE6292E} URL = https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
SearchScopes: HKCU - {32FB7BCD-AF25-4514-AC58-EA10CAB0BCA5} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
SearchScopes: HKCU - {33D9335B-0A5E-4AA2-8CA5-5A230AE6292E} URL = https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
SearchScopes: HKCU - {5CEB2165-DBB5-4245-A5A3-136ABF4173C3} URL = http://searchou.com/?q={searchTerms}&id=4cf6e604000000000000001921549e00&affilt=5&r=206
SearchScopes: HKCU - {7E836C53-B5E8-4BAB-AA74-B2B391F4F74A} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U4&apn_dtid=OSJ000YYUK&apn_uid=788F3C5F-27F0-433B-B6BA-75BC738E0533&apn_sauid=92785532-7819-4B55-B68B-33B6E518991B
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={83978C62-A6B3-4419-9CF6-D0709F874B06}&mid=0277e6c006b947d195f6d15067b077f3-6f1354d46f12568e560b096cf8b39c7863202901&lang=en&ds=AVG&pr=fr&d=2013-09-25 20:07:09&v=15.4.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {A67C8099-78A4-4BF8-869D-42FE0F75BCE9} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=NUYHiWDFMm
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5704168A-B32C-447A-B678-72C32D94FB6F}: [NameServer] 88.82.13.12 88.82.13.12

FireFox:
========
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2012-09-26]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2012-09-26]

Chrome:
=======
CHR HomePage: Default -> https://uk.search.yahoo.com/?type=386496&fr=spigot-yhp-ch
CHR StartupUrls: Default -> "https://uk.search.yahoo.com/?type=386496&fr=spigot-yhp-ch"
CHR CustomProfile: C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-12]
CHR Extension: (Google Wallet) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-22]
CHR HKLM\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\WIN7\AppData\Local\Temp\ccex.crx []
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-12] (SUPERAntiSpyware.com) [File not signed]
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-24] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [199960 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-24] (AVG Technologies)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [20744 2009-06-17] (IVT Corporation.)
S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [29192 2009-06-17] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-01-30] (GFI Software)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [85760 2011-03-24] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26496 2011-03-24] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [168448 2011-03-24] (Huawei Technologies Co., Ltd.)
S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [25480 2009-06-17] (IVT Corporation.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-07-24] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl5d7c23cd; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0FBE9A67-90DF-4175-BCD6-10280EEB2CE4}\MpKsl5d7c23cd.sys [39464 2014-08-26] (Microsoft Corporation)
R1 RapportCerberus_69108; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_69108.sys [358040 2014-07-04] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [12984 2011-11-23] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44544 2012-09-28] (Apple, Inc.) [File not signed]
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-26 12:46 - 2014-08-26 12:47 - 00000000 ____D () C:\FRST
2014-08-26 12:38 - 2014-08-26 12:38 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ASPIRE-T180-Microsoft-Windows-7-Professional-(32-bit).dat
2014-08-26 12:33 - 2014-08-26 12:33 - 00000000 ____D () C:\RegBackup
2014-08-26 12:32 - 2014-08-26 12:32 - 00002161 _____ () C:\Users\WIN7\Desktop\Tweaking.com - Registry Backup.lnk
2014-08-26 12:32 - 2014-08-26 12:32 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-08-26 12:30 - 2014-08-26 12:30 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-08-26 11:13 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-26 11:10 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-26 11:06 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-26 11:04 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-23 11:21 - 2014-07-14 02:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-23 11:21 - 2014-06-16 02:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-23 11:21 - 2014-06-16 02:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-23 11:21 - 2014-06-16 02:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-23 11:20 - 2014-08-01 00:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-23 11:20 - 2014-07-25 14:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-23 11:20 - 2014-07-25 14:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-23 11:20 - 2014-07-25 13:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-23 11:20 - 2014-07-25 13:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-23 11:20 - 2014-07-25 13:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-23 11:20 - 2014-07-25 13:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-23 11:20 - 2014-07-25 13:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-23 11:20 - 2014-07-25 13:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-23 11:20 - 2014-07-25 13:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-23 11:20 - 2014-07-25 13:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-23 11:20 - 2014-07-25 13:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-23 11:20 - 2014-07-25 13:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-23 11:20 - 2014-07-25 13:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-23 11:20 - 2014-07-25 13:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-23 11:20 - 2014-07-25 12:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-23 11:20 - 2014-07-25 12:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-23 11:20 - 2014-07-25 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-23 11:20 - 2014-07-25 12:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-23 11:20 - 2014-07-25 12:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-23 11:20 - 2014-07-25 12:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-23 11:20 - 2014-07-25 12:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-23 11:20 - 2014-07-25 12:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-23 11:20 - 2014-07-25 12:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-23 11:20 - 2014-07-25 12:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-23 11:20 - 2014-07-25 12:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-23 11:20 - 2014-07-25 11:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-23 11:20 - 2014-07-25 11:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-23 11:20 - 2014-07-25 11:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-23 11:19 - 2014-07-25 14:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-23 11:16 - 2014-07-16 03:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-23 11:16 - 2014-06-03 10:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-23 11:16 - 2014-06-03 10:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-23 11:16 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-23 11:16 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-23 11:15 - 2014-08-07 02:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-23 11:15 - 2014-08-07 02:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-23 11:15 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-06 21:00 - 2014-08-26 12:14 - 00001242 _____ () C:\Windows\setupact.log
2014-08-06 21:00 - 2014-08-06 21:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-06 20:59 - 2014-08-06 21:00 - 00412008 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-06 18:58 - 2014-08-06 18:58 - 00109280 _____ () C:\Users\WIN7\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-06 18:31 - 2014-08-06 18:31 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-06 18:31 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-06 18:30 - 2014-08-06 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-06 18:30 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-06 18:30 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-06 18:30 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-06 18:29 - 2014-08-06 18:30 - 00004477 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-08-01 20:15 - 2014-05-14 17:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 20:15 - 2014-05-14 17:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 20:15 - 2014-05-14 17:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 20:15 - 2014-05-14 17:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 20:14 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 20:14 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 20:14 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 20:13 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 20:13 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-26 12:47 - 2014-08-26 12:46 - 00000000 ____D () C:\FRST
2014-08-26 12:43 - 2011-11-16 18:59 - 01672666 _____ () C:\Windows\WindowsUpdate.log
2014-08-26 12:39 - 2009-07-14 05:34 - 00022224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-26 12:39 - 2009-07-14 05:34 - 00022224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-26 12:38 - 2014-08-26 12:38 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ASPIRE-T180-Microsoft-Windows-7-Professional-(32-bit).dat
2014-08-26 12:37 - 2012-04-19 08:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-26 12:33 - 2014-08-26 12:33 - 00000000 ____D () C:\RegBackup
2014-08-26 12:33 - 2011-11-22 22:24 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-26 12:32 - 2014-08-26 12:32 - 00002161 _____ () C:\Users\WIN7\Desktop\Tweaking.com - Registry Backup.lnk
2014-08-26 12:32 - 2014-08-26 12:32 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-08-26 12:30 - 2014-08-26 12:30 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-08-26 12:17 - 2013-06-03 06:45 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-08-26 12:15 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-26 12:14 - 2014-08-06 21:00 - 00001242 _____ () C:\Windows\setupact.log
2014-08-26 11:41 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-26 11:33 - 2011-11-16 23:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-26 11:32 - 2013-08-09 21:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-26 11:26 - 2011-11-16 19:18 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-26 11:01 - 2011-11-22 22:24 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-26 10:57 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-26 10:56 - 2011-11-17 00:25 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-26 10:54 - 2011-11-19 18:50 - 00000000 ____D () C:\Users\WIN7
2014-08-26 10:54 - 2011-11-16 19:06 - 00000000 ____D () C:\Users\Administrator
2014-08-25 14:23 - 2012-01-03 10:15 - 00068955 _____ () C:\Users\WIN7\Desktop\My Bits.xlsx
2014-08-25 13:15 - 2013-09-25 20:06 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-08-24 11:22 - 2012-08-29 15:55 - 00042784 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-08-24 10:18 - 2011-11-23 15:59 - 00000000 ____D () C:\Users\WIN7\AppData\Local\Adobe
2014-08-23 15:12 - 2010-11-20 22:01 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-23 14:02 - 2014-04-01 08:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-23 14:02 - 2013-09-25 20:07 - 00000915 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-23 11:46 - 2013-12-05 14:58 - 00002109 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-23 11:31 - 2012-09-26 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-23 11:29 - 2012-09-26 16:34 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\HpUpdate
2014-08-07 02:43 - 2014-08-23 11:15 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 02:39 - 2014-08-23 11:15 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 21:00 - 2014-08-06 21:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-06 21:00 - 2014-08-06 20:59 - 00412008 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-06 18:59 - 2011-11-25 19:19 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-08-06 18:58 - 2014-08-06 18:58 - 00109280 _____ () C:\Users\WIN7\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-06 18:58 - 2014-06-12 14:24 - 00000000 ____D () C:\Program Files\FreeRIP
2014-08-06 18:47 - 2012-08-24 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-06 18:47 - 2011-11-22 22:25 - 00000945 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-06 18:45 - 2011-11-22 22:25 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-06 18:38 - 2013-10-22 16:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-06 18:31 - 2014-08-06 18:31 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-06 18:30 - 2014-08-06 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-06 18:30 - 2014-08-06 18:29 - 00004477 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-08-06 18:30 - 2013-07-23 13:45 - 00000000 ____D () C:\Program Files\Java
2014-08-02 20:12 - 2012-05-19 18:36 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\vlc
2014-08-01 00:16 - 2014-08-23 11:20 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avguidx.dll
C:\Users\Administrator\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Administrator\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Administrator\AppData\Local\Temp\ose00000.exe
C:\Users\WIN7\AppData\Local\Temp\install_flashplayer14x32axau_gtbd_chrd_dn_aaa_aih.exe
C:\Users\WIN7\AppData\Local\Temp\_is5164.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-23 10:45

==================== End Of Log ============================


aswMBR

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-08-26 18:40:39
-----------------------------
18:40:39.987 OS Version: Windows 6.1.7601 Service Pack 1
18:40:39.987 Number of processors: 2 586 0x4B02
18:40:39.987 ComputerName: ASPIRE-T180 UserName: WIN7
18:41:02.795 Initialize success
18:41:03.138 VM: initialized successfully
18:41:03.621 VM: Amd CPU virtualization not supported
18:41:34.692 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
18:41:34.692 Disk 0 Vendor: HDT72251 V43O Size: 157066MB BusType: 3
18:41:34.817 Disk 0 MBR read successfully
18:41:34.832 Disk 0 MBR scan
18:41:34.832 Disk 0 Windows 7 default MBR code
18:41:34.863 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:41:34.863 Disk 0 default boot code
18:41:34.879 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 41000 MB offset 206848
18:41:34.895 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 51963 MB offset 84174848
18:41:34.910 Disk 0 Partition - 00 0F Extended LBA 64001 MB offset 190595072
18:41:34.926 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 64000 MB offset 190597120
18:41:34.941 Disk 0 scanning sectors +321669120
18:41:35.207 Disk 0 scanning C:\Windows\system32\drivers
18:41:43.475 Service scanning
18:41:52.819 Service MpKsl7ca17318 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8FB68CD5-CCEB-4B92-AD97-B362FE575BC1}\MpKsl7ca17318.sys **LOCKED** 32
18:42:05.673 Modules scanning
18:42:14.097 Disk 0 trace - called modules:
18:42:14.113 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
18:42:14.129 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x852a8580]
18:42:14.129 3 CLASSPNP.SYS[871a259e] -> nt!IofCallDriver -> [0x84cf1408]
18:42:14.144 5 ACPI.sys[86c483d4] -> nt!IofCallDriver -> \Device\00000068[0x84cf1828]
18:42:14.160 Scan finished successfully
18:42:43.004 Disk 0 MBR has been saved successfully to "C:\Users\WIN7\Desktop\MBR.dat"
18:42:43.145 The log file has been saved successfully to "C:\Users\WIN7\Desktop\aswMBR.txt"

Juliet
2014-08-27, 23:47
You have a lot going on here. I do infection and I also see 2 active running antivirus on the machine.
AVG
Microsoft security essentials. We need to remove 1, your decision which but 1 needs to go.

As for the computer rebooting randomly on it's own, I don't know why but what we can do is to continue to search for infections to see if thats the cause.


Also, when you downloaded FRST (Farbar's Recovery Scan Tool) you ran it from a temp directory which we can't use. We will need to download to desktop and run the tool again, this time in a slightly different way.


Let's set your browsers to download to desktop.

For the latest version of Firefox
Look at the top of the web page, clcik on the 3 bar icon tool.(Don't know what you really call it looks like 3 skinny lines)
At the top click on the General tab
scroll to the Downloads indicator, then check the box for "Save files to", here you can choose where to save. I use Desktop because it's the easiest to find things later.

For older versions of Firefox
Firefox
you press the orange Firefox button in the top left corner >> Options
Beneath where it shows homepage, click on save files to desktop

Chrome --
Press the Customize and Control Google button (three horizontal lines in top right corner of screen) >> Settings >> Show Advanced Settings >> Downloads, Download location, click on save to desktop


NEXT**

Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/)
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
(use correct version for your system.....Which system am I using? (http://support.microsoft.com/kb/827218))

When you have the tool on desktop proceed

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)



start
C:\Users\Administrator\AppData\Local\Temp\avguidx.dll
C:\Users\Administrator\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Administrator\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Administrator\AppData\Local\Temp\ose00000.exe
C:\Users\WIN7\AppData\Local\Temp\install_flashplayer14x32axau_gtbd_chrd_dn_aaa_aih.exe
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {a1b16639-8515-11e3-87ab-001921549e00} - L:\AutoRun.exe
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {a1b16678-8515-11e3-87ab-001921549e00} - L:\AutoRun.exe
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {a1b16685-8515-11e3-87ab-001921549e00} - L:\AutoRun.exe
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {a1b16689-8515-11e3-87ab-001921549e00} - L:\AutoRun.exe
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {cef466f4-433d-11e3-9193-001921549e00} - L:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {cef466fd-433d-11e3-9193-001921549e00} - L:\setup_vmb_lite.exe /checkApplicationPresence
URLSearchHook: HKCU - (No Name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No File
SearchScopes: HKCU - {32FB7BCD-AF25-4514-AC58-EA10CAB0BCA5} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
SearchScopes: HKCU - {5CEB2165-DBB5-4245-A5A3-136ABF4173C3} URL = http://searchou.com/?q={searchTerms}&id=4cf6e604000000000000001921549e00&affilt=5&r=206
SearchScopes: HKCU - {7E836C53-B5E8-4BAB-AA74-B2B391F4F74A} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U4&apn_dtid=OSJ000YYUK&apn_uid=788F3C5F-27F0-433B-B6BA-75BC738E0533&apn_sauid=92785532-7819-4B55-B68B-33B6E518991B
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=NUYHiWDFMm
Toolbar: HKCU - No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
CHR StartupUrls: Default -> "https://uk.search.yahoo.com/?type=386496&fr=spigot-yhp-ch"
CHR HKLM\...\Chrome\Extension: - C:\Users\WIN7\AppData\Local\Temp\ccex.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
EmptyTemp:
End


Open FRST/FRST64 and press the--> Fix <-- button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

***************

Please download RogueKiller and save it to your desktop.

You can check here (http://support.microsoft.com/kb/827218) if you're not sure if your computer is 32-bit or 64-bit

Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) to your desktop.


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes Close the program > Don't Fix anything!
[b]Don't run any other options, they're not all bad!!
Post back the report which should be located on your desktop.



Please post
Fixlog.txt
RogueKiller.txt

sunshine&flowerpots
2014-08-28, 21:23
Here's fix log.

Rougekill without the comp not shutting down. I've tried at least 5 times.

I've uninstalled AVG (left link scanner) and superantispyware ( as I don't use that) thinking that it may help with the hard drive not going so fast, but no difference.

Didn't update chrome or firefox as I don't use them.

Trying to type as fast as I can before comp shuts of again....

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:26-08-2014
Ran by WIN7 at 2014-08-28 12:23:50 Run:2
Running from C:\Users\WIN7\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
C:\Users\Administrator\AppData\Local\Temp\avguidx.dll
C:\Users\Administrator\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Administrator\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Administrator\AppData\Local\Temp\ose00000.exe
C:\Users\WIN7\AppData\Local\Temp\install_flashplayer14x32axau_gtbd_chrd_dn_aaa_aih.exe
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {a1b16639-8515-11e3-87ab-001921549e00} - L:\AutoRun.exe
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {a1b16678-8515-11e3-87ab-001921549e00} - L:\AutoRun.exe
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {a1b16685-8515-11e3-87ab-001921549e00} - L:\AutoRun.exe
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {a1b16689-8515-11e3-87ab-001921549e00} - L:\AutoRun.exe
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {cef466f4-433d-11e3-9193-001921549e00} - L:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\MountPoints2: {cef466fd-433d-11e3-9193-001921549e00} - L:\setup_vmb_lite.exe /checkApplicationPresence
URLSearchHook: HKCU - (No Name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No File
SearchScopes: HKCU - {32FB7BCD-AF25-4514-AC58-EA10CAB0BCA5} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
SearchScopes: HKCU - {5CEB2165-DBB5-4245-A5A3-136ABF4173C3} URL = http://searchou.com/?q={searchTerms}&id=4cf6e604000000000000001921549e00&affilt=5&r=206
SearchScopes: HKCU - {7E836C53-B5E8-4BAB-AA74-B2B391F4F74A} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U4&apn_dtid=OSJ000YYUK&apn_uid=788F3C5F-27F0-433B-B6BA-75BC738E0533&apn_sauid=92785532-7819-4B55-B68B-33B6E518991B
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=NUYHiWDFMm
Toolbar: HKCU - No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
CHR StartupUrls: Default -> "https://uk.search.yahoo.com/?type=386496&fr=spigot-yhp-ch"
CHR HKLM\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\WIN7\AppData\Local\Temp\ccex.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
EmptyTemp:
End
*****************

"C:\Users\Administrator\AppData\Local\Temp\avguidx.dll" => File/Directory not found.
"C:\Users\Administrator\AppData\Local\Temp\iGearedHelper.dll" => File/Directory not found.
"C:\Users\Administrator\AppData\Local\Temp\MachineIdCreator.exe" => File/Directory not found.
"C:\Users\Administrator\AppData\Local\Temp\ose00000.exe" => File/Directory not found.
"C:\Users\WIN7\AppData\Local\Temp\install_flashplayer14x32axau_gtbd_chrd_dn_aaa_aih.exe" => File/Directory not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
"HKU\S-1-5-21-1839434062-3037775892-936306819-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1b16639-8515-11e3-87ab-001921549e00}" => Key not found.
"HKCR\CLSID\{a1b16639-8515-11e3-87ab-001921549e00}" => Key not found.
"HKU\S-1-5-21-1839434062-3037775892-936306819-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1b16678-8515-11e3-87ab-001921549e00}" => Key not found.
"HKCR\CLSID\{a1b16678-8515-11e3-87ab-001921549e00}" => Key not found.
"HKU\S-1-5-21-1839434062-3037775892-936306819-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1b16685-8515-11e3-87ab-001921549e00}" => Key not found.
"HKCR\CLSID\{a1b16685-8515-11e3-87ab-001921549e00}" => Key not found.
"HKU\S-1-5-21-1839434062-3037775892-936306819-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1b16689-8515-11e3-87ab-001921549e00}" => Key not found.
"HKCR\CLSID\{a1b16689-8515-11e3-87ab-001921549e00}" => Key not found.
"HKU\S-1-5-21-1839434062-3037775892-936306819-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cef466f4-433d-11e3-9193-001921549e00}" => Key not found.
"HKCR\CLSID\{cef466f4-433d-11e3-9193-001921549e00}" => Key not found.
"HKU\S-1-5-21-1839434062-3037775892-936306819-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cef466fd-433d-11e3-9193-001921549e00}" => Key not found.
"HKCR\CLSID\{cef466fd-433d-11e3-9193-001921549e00}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} => Value not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{32FB7BCD-AF25-4514-AC58-EA10CAB0BCA5}" => Key not found.
"HKCR\CLSID\{32FB7BCD-AF25-4514-AC58-EA10CAB0BCA5}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5CEB2165-DBB5-4245-A5A3-136ABF4173C3}" => Key not found.
"HKCR\CLSID\{5CEB2165-DBB5-4245-A5A3-136ABF4173C3}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7E836C53-B5E8-4BAB-AA74-B2B391F4F74A}" => Key not found.
"HKCR\CLSID\{7E836C53-B5E8-4BAB-AA74-B2B391F4F74A}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}" => Key not found.
"HKCR\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} => Value not found.
"HKCR\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found.
"HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} => Value not found.
"HKCR\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found.
"HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => Key not found.
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key not found.
Chrome StartupUrls deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj" => Key deleted successfully.
"C:\Users\WIN7\AppData\Local\Temp\ccex.crx" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
EmptyTemp: => Removed 252 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Juliet
2014-08-28, 23:08
For fear of the computer shutting down, after you have these tools/scanners on your desktop try booting into safe mode and run from there. This is to see if something is loading thats causing this problem.
http://www.bleepingcomputer.com/tutorials/enable-the-f8-key-in-windows-8/

*****************
-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.




Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.


NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why (http://www.im-infected.com/hijacker/isearch-avg-comsearch-hijacker.html) and Here (http://nojesusnopeas.blogspot.com/2012/08/sorry-but-avg-secure-search-is-malware.html). You can always Reinstall (http://www.avg.com/us-en/secure-search) it.




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.

*********

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)



On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Dections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes


***************************************
Please post
C:\AdwCleaner.txt
JRT.txt
Malwarebytes

sunshine&flowerpots
2014-08-29, 01:57
Hi,

Ran Adware & Malware in safe mode - comp crashed twice trying to run Malware. Ran JRT in normal mode (forgot to go into safe mode on boot up). Here's logs:

Adware:

# AdwCleaner v3.308 - Report created 28/08/2014 at 22:39:07
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : WIN7 - ASPIRE-T180
# Running from : C:\Users\WIN7\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Security Toolbar
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\WIN7\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\WIN7\AppData\Local\Conduit
Folder Deleted : C:\Users\WIN7\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\WIN7\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\WIN7\AppData\LocalLow\iac
Folder Deleted : C:\Users\WIN7\AppData\LocalLow\Industriya
Folder Deleted : C:\Users\WIN7\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\WIN7\AppData\Roaming\Browser Extensions
Folder Deleted : C:\Users\WIN7\AppData\Roaming\Search Protection
File Deleted : C:\END

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3244149
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\iWon
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Google Chrome v36.0.1985.143

[ File : C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Homepage] : hxxps://uk.search.yahoo.com/?type=386496&fr=spigot-yhp-ch

*************************

AdwCleaner[R0].txt - [9130 octets] - [28/08/2014 22:37:35]
AdwCleaner[S0].txt - [9265 octets] - [28/08/2014 22:39:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9325 octets] ##########

JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by WIN7 on 28/08/2014 at 22:59:30.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4623A8C4-150D-4983-8982-68C01E7D6541}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\WIN7\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\WIN7\Local Settings\Application Data\hosts"
Successfully deleted: [Folder] "C:\Program Files\freerip"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/08/2014 at 23:04:49.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Juliet
2014-08-29, 02:55
Wish I knew what was causing all the crashes.

lets see if we can catch a glimpse at a stop code if one is created .


Download BlueScreenView (http://www.nirsoft.net/utils/blue_screen_view.html)
No installation required.
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.


If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.
Emergency Backup Procedure - Tech Support Forum (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/306529-emergency-backup-procedure.html)

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Download ComboFix from here:
Link 1 (http://www.bleepingcomputer.com/download/combofix/)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

Place ComboFix.exe on your Desktop *<--Important

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.



You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
You may be asked to install or update the Recovery Console (http://en.wikipedia.org/wiki/Recovery_Console) (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
---------------------------------------------------------------------------------------------
If there are Internet issues after running ComboFix:
Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
Safari
Launch Safari
Go to general settings menu
Then in Preferences/ Advanced
Then on line click Proxies change settings ...
Click Internet Options, then click the Connections tab, click Network Settings.
Disable option (uncheck) for the use of proxy server ...

sunshine&flowerpots
2014-08-29, 12:26
Hi,

Couldn't see an .exe for blue screen so installed & ran, but nothing came up. I also ran malwarebytes again over night to see if it would run & it scanned this time with no shut downs. Log is at bottom.

Here's ComboFix log:

ComboFix 14-08-29.03 - WIN7 29/08/2014 9:53.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.768.140 [GMT 1:00]
Running from: c:\users\WIN7\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section - STAGE 4
Access is denied.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\programdata\db5d816da20d2ea09bb29607205e6dd5_c
c:\users\WIN7\AppData\Local\Adobe\gccheck.exe
c:\users\WIN7\AppData\Local\Adobe\gtbcheck.exe
c:\users\WIN7\AppData\Local\Adobe\install_flash_player_ax.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-07-28 to 2014-08-29 )))))))))))))))))))))))))))))))
.
.
2014-08-29 09:09 . 2014-08-29 09:10 -------- d-----w- c:\users\WIN7\AppData\Local\temp
2014-08-29 09:09 . 2014-08-29 09:09 -------- d-----w- c:\users\User\AppData\Local\temp
2014-08-29 09:09 . 2014-08-29 09:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-08-29 09:09 . 2014-08-29 09:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-29 09:09 . 2014-08-29 09:09 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-08-29 08:37 . 2014-08-29 08:37 -------- d-----w- c:\program files\NirSoft
2014-08-28 22:42 . 2014-08-28 22:42 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54D34096-AD68-4DE7-95B7-D0828EF22C4B}\MpKsl0ea6a48a.sys
2014-08-28 22:05 . 2014-08-28 23:07 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-28 21:59 . 2014-08-28 21:59 -------- d-----w- c:\windows\ERUNT
2014-08-28 21:57 . 2014-08-28 21:57 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54D34096-AD68-4DE7-95B7-D0828EF22C4B}\MpKsla6de6166.sys
2014-08-28 21:37 . 2014-08-28 21:39 -------- d-----w- C:\AdwCleaner
2014-08-28 21:20 . 2014-05-12 06:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-28 21:20 . 2014-05-12 06:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-28 21:20 . 2014-08-28 21:21 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-28 19:05 . 2014-08-20 18:44 8581864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54D34096-AD68-4DE7-95B7-D0828EF22C4B}\mpengine.dll
2014-08-28 18:56 . 2014-08-23 00:42 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-08-28 18:56 . 2014-08-23 01:46 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 11:36 . 2014-08-28 18:04 33512 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-08-28 11:36 . 2014-08-28 11:36 -------- d-----w- c:\programdata\RogueKiller
2014-08-27 16:13 . 2014-08-20 18:44 8581864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-26 14:16 . 2014-08-26 14:16 -------- d-----w- c:\programdata\Avg_Update_0814tb
2014-08-26 11:46 . 2014-08-28 11:25 -------- d-----w- C:\FRST
2014-08-26 11:33 . 2014-08-26 11:33 -------- d-----w- C:\RegBackup
2014-08-26 11:30 . 2014-08-26 11:30 -------- d-----w- c:\program files\Tweaking.com
2014-08-26 10:13 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-26 10:10 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-26 10:06 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-08-26 10:04 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-23 10:50 . 2014-08-23 10:47 893248 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C520D24-4249-432B-A5B4-0A72A5F73F2A}\gapaengine.dll
2014-08-23 10:21 . 2014-07-14 01:42 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-23 10:21 . 2014-06-16 01:44 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-23 10:21 . 2014-06-16 01:44 219072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-08-23 10:21 . 2014-06-16 01:40 107520 ----a-w- c:\windows\system32\cdd.dll
2014-08-23 10:19 . 2014-07-25 12:53 10747392 ----a-w- c:\program files\Internet Explorer\F12Resources.dll
2014-08-23 10:16 . 2014-07-16 02:46 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-23 10:16 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\system32\msi.dll
2014-08-23 10:16 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\system32\authui.dll
2014-08-23 10:16 . 2014-06-03 09:30 101824 ----a-w- c:\windows\system32\consent.exe
2014-08-23 10:16 . 2014-06-03 09:29 337408 ----a-w- c:\windows\system32\msihnd.dll
2014-08-23 10:15 . 2014-08-07 01:43 412160 ----a-w- c:\windows\system32\aepdu.dll
2014-08-23 10:15 . 2014-08-07 01:39 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-08-06 17:31 . 2014-08-06 17:31 -------- d-----w- c:\program files\Common Files\Java
2014-08-06 17:30 . 2014-07-25 11:55 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-01 19:15 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
2014-08-01 19:15 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-01 19:15 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-08-01 19:15 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-01 19:14 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
2014-08-01 19:14 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-08-01 19:14 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
2014-08-01 19:13 . 2014-05-14 08:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-01 19:13 . 2014-05-14 08:17 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-28 20:32 . 2014-07-25 00:28 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-08-24 10:22 . 2012-08-29 14:55 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-07-09 10:37 . 2012-04-19 07:23 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 10:37 . 2011-11-20 21:11 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-23 11:15 . 2014-06-23 11:15 123544 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2014-06-18 01:51 . 2014-07-09 16:39 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-17 15:21 . 2014-06-17 15:21 197400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-06-17 15:18 . 2014-06-17 15:18 241944 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-06-17 15:17 . 2014-06-17 15:17 147736 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-06-06 09:44 . 2014-07-09 16:38 509440 ----a-w- c:\windows\system32\qedit.dll
2014-06-05 14:26 . 2014-07-09 16:37 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2012-05-19 16:36 . 2008-08-10 12:09 1083904 ----a-w- c:\program files\MPEG_Streamclip.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 1804648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-08-11 5187088]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-07-25 11:29 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2009-06-17 29192]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-03-24 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-03-24 11136]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-03-24 85760]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-03-24 26496]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2011-03-24 168448]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-07-25 108032]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2009-06-17 25480]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
R3 RapportKELL;RapportKELL;c:\windows\system32\Drivers\RapportKELL.sys [2014-06-23 123544]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2011-11-23 12984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-16 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-06-17 147736]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-06-17 241944]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-06-17 20744]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-01-30 13560]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-06-17 197400]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-08-24 42784]
S1 MpKsl0ea6a48a;MpKsl0ea6a48a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54D34096-AD68-4DE7-95B7-D0828EF22C4B}\MpKsl0ea6a48a.sys [2014-08-28 39464]
S1 MpKsla6de6166;MpKsla6de6166;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54D34096-AD68-4DE7-95B7-D0828EF22C4B}\MpKsla6de6166.sys [2014-08-28 39464]
S1 RapportCerberus_69108;RapportCerberus_69108;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_69108.sys [2014-07-04 358040]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2014-06-23 171000]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [2014-08-11 289328]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2014-06-23 1886488]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-03-24 72832]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL0EA6A48A
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-23 10:00 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 10:37]
.
2014-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-22 21:24]
.
2014-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-22 21:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5704168A-B32C-447A-B678-72C32D94FB6F}: NameServer = 88.82.13.12 88.82.13.12
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-MobileBroadband - c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-29 10:15:25
ComboFix-quarantined-files.txt 2014-08-29 09:15
.
Pre-Run: 13,017,665,536 bytes free
Post-Run: 12,919,267,328 bytes free
.
- - End Of File - - 34DCFEE3D78E5A2C0F64B8D7A0C271B4
A36C5E4F47E84449FF07ED3517B43A31



Malwarebytes Log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 29/08/2014
Scan Time: 00:07:51
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.28.06
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: WIN7

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 409886
Time Elapsed: 17 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1839434062-3037775892-936306819-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CouponAlert_2p, Quarantined, [11e58b40344789ad91861fe1fb08a25e],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-1839434062-3037775892-936306819-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [fdf921aa8dee95a1eda03ed7ca39cd33],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Juliet
2014-08-29, 16:53
I've uninstalled AVG

AVG is still on the computer and active.

AVG uninstall tool, scroll down the page to find your version.
http://www.avg.com/us-en/utilities


It looks like these are OK, am I right??
NameServer = 88.82.13.12 88.82.13.12
United Kingdom.....VodoFone ISP?

Is the computer still crashing?

sunshine&flowerpots
2014-08-29, 19:21
Hi,

VodaPhone is ok - I did thought I'd uninstalled that though. Not sure what the other one is.

Computer is quieter, but I can't get into some webpages - facebook, google, yahoo mail, co-op banking, just a few randoms I tried.

I've got Windows 7 pro, internet explorer 8. I checked the options for i.e after ComboFix, but still having problems.

Many thanks

Juliet
2014-08-29, 20:09
Have you rebooted your computer since using ComboFix?

If you haven't tried that now.

Are you using a DSL router?

Let's try this:
Behind your modem will be a switch to turn it off, turn it off and wait a good 3 to 5 minutes.
Turn it back on. Lights will flash on and off till it's completely functional again.
Check for internet connection now.

Also,
Click the Microsoft Pearl button at the bottom left of your tool bar
then type in cmd on the Search bar.

On the command prompt, enter “ipconfig/release” then press [Enter] then enter “ipconfig/renew” and press [Enter] again.

check to see if you connect now.


What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


Go here (http://www.eset.com/us/online-scanner/) to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note:
For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html).
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file...
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan.


*************************************

sunshine&flowerpots
2014-08-30, 00:47
Hi,

I did reboot computer after combofix, but did it again. Rebooted my modem. I can get an interconnection connection, just can't access some sites, I can't get onto pages like Hotmail, face book, but can access my favourite's like BBC weather, viovet, 3 out of 4 banks.

Tried to run ESET scan three times & comp crashes each time.

Juliet
2014-08-30, 01:19
Can you experiment and see if these sites can connect while in safe mode?


Do you have Java blocked?
https://support.mozilla.org/en-US/kb/javascript-settings-for-interactive-web-pages?redirectlocale=en-US&redirectslug=JavaScript


Many site issues can be caused by corrupt cookies or cache. In order to try to fix these problems, the first step is to clear both cookies and the cache. Note: This will temporarily log you out of all sites you're logged in to. To clear cache and cookies do the following:

Go to Firefox > History > Clear recent history or (if no Firefox button is shown) go to Tools > Clear recent history.
Under "Time range to clear", select "Everything".
Now, click the arrow next to Details to toggle the Details list active.
From the details list, check Cache and Cookies and uncheck everything else.
Now click the Clear now button.
*************************************

To delete cookies for IE

On the Start screen, tap or click Internet Explorer to open Internet Explorer.

Swipe in from the right edge of the screen, and then tap Settings.
(If you're using a mouse, point to the lower-right corner of the screen, move the mouse pointer up, and then click Settings.)

Tap or click Options, and then, under History, tap or click Select.

Select the Cookies check box, and then tap or click Delete.

Clearing the cache for IE

Open Internet Explorer.
IE 8: From the Tools menu choose Internet Options. ...
On the General tab, under Browsing history, click Delete.
Un-check the Preserve Favorites website data box.
Check the Temporary Internet files, Cookies, and History boxes.


Reset the IP/DNS settings of your interent connection:

Go to Start -> Control Panel -> Double click on Network Connections.
Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.

Select the General tab.
Double click on Internet Protocol (TCP/IP).
Under General tab:
Select "Obtain an IP address automatically".
Select "Obtain DNS server address automatically".

Click OK twice to save the settings.
Reboot if you had to change any setting.

4. Flush the DNS cache:

Click the Start logo in the bottom left corner of the screen
Type in cmd.exe
In the command window copy/paste the following (one at a time):


ipconfig /flushdns

netsh winsock reset
Then hit enter.
Exit the command window.


I would like to see a new FRST log.

Please Run FRST (Farbar's Recovery Scan Tool)
(It may ask you to update the program, please do)


Don´t change the checkboxes just click on Scan.
Logfiles are created on your desktop.
Post the FRST.txt
Please ensure the check box for Addition.txt is ticked.- Please also paste that along with the FRST.txt into your reply.

sunshine&flowerpots
2014-08-30, 12:20
Hi,

Tried the link for java and I just get a blank page.

Rebooted into safe mode & I have no internet connection at all - "no network available in safe mode"

Deleted cookies from I.E

When flushing dns "netsh winsock reset" message came up "The requested operation requires elevation. Run as Adminstrator". (I am in admin mode anyway).

Here's FRST & Add logs

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-08-2014
Ran by WIN7 (administrator) on ASPIRE-T180 on 30-08-2014 09:48:21
Running from C:\Users\WIN7\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [1804648 2011-09-16] (Hewlett-Packard Co.)
HKU\S-1-5-21-1839434062-3037775892-936306819-1003\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
BootExecute: autocheck autochk * /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB0B8D479E7A6CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
SearchScopes: HKCU - DefaultScope {33D9335B-0A5E-4AA2-8CA5-5A230AE6292E} URL = https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
SearchScopes: HKCU - {33D9335B-0A5E-4AA2-8CA5-5A230AE6292E} URL = https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
SearchScopes: HKCU - {A67C8099-78A4-4BF8-869D-42FE0F75BCE9} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5704168A-B32C-447A-B678-72C32D94FB6F}: [NameServer] 88.82.13.12 88.82.13.12

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR CustomProfile: C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-12]
CHR Extension: (Google Wallet) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-22]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-24] (AVG Technologies)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [20744 2009-06-17] (IVT Corporation.)
S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [29192 2009-06-17] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-01-30] (GFI Software)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [85760 2011-03-24] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26496 2011-03-24] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [168448 2011-03-24] (Huawei Technologies Co., Ltd.)
S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [25480 2009-06-17] (IVT Corporation.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl48dd0433; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9A431A6-9B75-41C9-9626-8BF610BEF622}\MpKsl48dd0433.sys [39464 2014-08-29] (Microsoft Corporation)
R1 RapportCerberus_69108; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_69108.sys [358040 2014-07-04] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [12984 2011-11-23] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [33512 2014-08-28] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44544 2012-09-28] (Apple, Inc.) [File not signed]
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S3 catchme; \??\C:\Users\WIN7\AppData\Local\Temp\catchme.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-30 09:47 - 2014-08-30 09:47 - 00000000 ____D () C:\Users\WIN7\Desktop\FRST-OlderVersion
2014-08-29 21:39 - 2014-08-29 21:39 - 00000000 ____D () C:\Program Files\ESET
2014-08-29 10:15 - 2014-08-29 10:15 - 00016084 _____ () C:\ComboFix.txt
2014-08-29 09:48 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-29 09:48 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-29 09:48 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-29 09:48 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-29 09:48 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-29 09:48 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-29 09:48 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-29 09:48 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-29 09:47 - 2014-08-29 10:15 - 00000000 ____D () C:\Qoobox
2014-08-29 09:46 - 2014-08-29 10:11 - 00000000 ____D () C:\Windows\erdnt
2014-08-29 09:40 - 2014-08-29 09:40 - 05576760 ____R (Swearware) C:\Users\WIN7\Desktop\ComboFix.exe
2014-08-29 09:37 - 2014-08-29 09:37 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2014-08-29 09:37 - 2014-08-29 09:37 - 00000000 ____D () C:\Program Files\NirSoft
2014-08-28 23:05 - 2014-08-29 10:23 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-28 23:04 - 2014-08-28 23:04 - 00001004 _____ () C:\Users\WIN7\Desktop\JRT.txt
2014-08-28 22:59 - 2014-08-28 22:59 - 00000000 ____D () C:\Windows\ERUNT
2014-08-28 22:46 - 2014-08-28 22:46 - 00009405 _____ () C:\Users\WIN7\Desktop\AdwCleaner[S0].txt
2014-08-28 22:37 - 2014-08-28 22:39 - 00000000 ____D () C:\AdwCleaner
2014-08-28 22:21 - 2014-08-28 22:21 - 00001040 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-28 22:21 - 2014-08-28 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-28 22:20 - 2014-08-28 22:21 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-28 22:20 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-28 22:20 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-28 22:13 - 2014-08-28 22:13 - 01016261 _____ (Thisisu) C:\Users\WIN7\Desktop\JRT.exe
2014-08-28 22:11 - 2014-08-28 22:11 - 01364531 _____ () C:\Users\WIN7\Desktop\AdwCleaner.exe
2014-08-28 19:56 - 2014-08-23 02:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 19:56 - 2014-08-23 01:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 12:36 - 2014-08-28 19:04 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-28 12:36 - 2014-08-28 12:36 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-28 12:34 - 2014-08-28 12:35 - 04851288 _____ () C:\Users\WIN7\Desktop\RogueKiller.exe
2014-08-28 12:29 - 2014-08-29 16:37 - 00020328 _____ () C:\Windows\PFRO.log
2014-08-28 11:57 - 2014-08-30 09:49 - 00010570 _____ () C:\Users\WIN7\Desktop\FRST.txt
2014-08-28 11:50 - 2014-08-30 09:47 - 01095680 _____ (Farbar) C:\Users\WIN7\Desktop\FRST.exe
2014-08-27 09:47 - 2014-08-29 22:38 - 00001680 _____ () C:\Windows\setupact.log
2014-08-27 09:47 - 2014-08-27 09:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-27 09:46 - 2014-08-28 22:34 - 00405992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-26 20:18 - 2014-08-26 20:18 - 00109280 _____ () C:\Users\WIN7\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-26 18:42 - 2014-08-26 18:42 - 00002207 _____ () C:\Users\WIN7\Desktop\aswMBR.txt
2014-08-26 18:42 - 2014-08-26 18:42 - 00000512 _____ () C:\Users\WIN7\Desktop\MBR.dat
2014-08-26 15:16 - 2014-08-26 15:16 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-26 12:46 - 2014-08-30 09:48 - 00000000 ____D () C:\FRST
2014-08-26 12:38 - 2014-08-26 12:38 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ASPIRE-T180-Microsoft-Windows-7-Professional-(32-bit).dat
2014-08-26 12:33 - 2014-08-26 12:33 - 00000000 ____D () C:\RegBackup
2014-08-26 12:32 - 2014-08-26 12:32 - 00002161 _____ () C:\Users\WIN7\Desktop\Tweaking.com - Registry Backup.lnk
2014-08-26 12:32 - 2014-08-26 12:32 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-08-26 12:30 - 2014-08-26 12:30 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-08-26 11:13 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-26 11:10 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-26 11:06 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-26 11:04 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-23 11:21 - 2014-07-14 02:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-23 11:21 - 2014-06-16 02:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-23 11:21 - 2014-06-16 02:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-23 11:21 - 2014-06-16 02:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-23 11:20 - 2014-08-01 00:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-23 11:20 - 2014-07-25 14:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-23 11:20 - 2014-07-25 14:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-23 11:20 - 2014-07-25 13:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-23 11:20 - 2014-07-25 13:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-23 11:20 - 2014-07-25 13:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-23 11:20 - 2014-07-25 13:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-23 11:20 - 2014-07-25 13:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-23 11:20 - 2014-07-25 13:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-23 11:20 - 2014-07-25 13:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-23 11:20 - 2014-07-25 13:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-23 11:20 - 2014-07-25 13:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-23 11:20 - 2014-07-25 13:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-23 11:20 - 2014-07-25 13:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-23 11:20 - 2014-07-25 13:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-23 11:20 - 2014-07-25 12:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-23 11:20 - 2014-07-25 12:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-23 11:20 - 2014-07-25 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-23 11:20 - 2014-07-25 12:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-23 11:20 - 2014-07-25 12:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-23 11:20 - 2014-07-25 12:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-23 11:20 - 2014-07-25 12:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-23 11:20 - 2014-07-25 12:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-23 11:20 - 2014-07-25 12:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-23 11:20 - 2014-07-25 12:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-23 11:20 - 2014-07-25 12:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-23 11:20 - 2014-07-25 11:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-23 11:20 - 2014-07-25 11:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-23 11:20 - 2014-07-25 11:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-23 11:19 - 2014-07-25 14:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-23 11:16 - 2014-07-16 03:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-23 11:16 - 2014-06-03 10:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-23 11:16 - 2014-06-03 10:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-23 11:16 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-23 11:16 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-23 11:15 - 2014-08-07 02:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-23 11:15 - 2014-08-07 02:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-23 11:15 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-06 18:31 - 2014-08-06 18:31 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-06 18:31 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-06 18:30 - 2014-08-06 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-06 18:30 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-06 18:30 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-06 18:30 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-06 18:29 - 2014-08-06 18:30 - 00004477 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-08-01 20:15 - 2014-05-14 17:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 20:15 - 2014-05-14 17:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 20:15 - 2014-05-14 17:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 20:15 - 2014-05-14 17:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 20:14 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 20:14 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 20:14 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 20:13 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 20:13 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-30 09:49 - 2014-08-28 11:57 - 00010570 _____ () C:\Users\WIN7\Desktop\FRST.txt
2014-08-30 09:48 - 2014-08-26 12:46 - 00000000 ____D () C:\FRST
2014-08-30 09:47 - 2014-08-30 09:47 - 00000000 ____D () C:\Users\WIN7\Desktop\FRST-OlderVersion
2014-08-30 09:47 - 2014-08-28 11:50 - 01095680 _____ (Farbar) C:\Users\WIN7\Desktop\FRST.exe
2014-08-30 09:36 - 2012-04-19 08:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-30 08:59 - 2011-11-22 22:24 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-30 03:00 - 2011-11-16 18:59 - 01050393 _____ () C:\Windows\WindowsUpdate.log
2014-08-30 01:59 - 2011-11-22 22:24 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-29 22:46 - 2009-07-14 05:34 - 00032208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-29 22:46 - 2009-07-14 05:34 - 00032208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-29 22:38 - 2014-08-27 09:47 - 00001680 _____ () C:\Windows\setupact.log
2014-08-29 22:38 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-29 21:39 - 2014-08-29 21:39 - 00000000 ____D () C:\Program Files\ESET
2014-08-29 16:37 - 2014-08-28 12:29 - 00020328 _____ () C:\Windows\PFRO.log
2014-08-29 10:23 - 2014-08-28 23:05 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-29 10:15 - 2014-08-29 10:15 - 00016084 _____ () C:\ComboFix.txt
2014-08-29 10:15 - 2014-08-29 09:47 - 00000000 ____D () C:\Qoobox
2014-08-29 10:15 - 2013-05-10 14:13 - 00000000 ____D () C:\Users\TEMP
2014-08-29 10:15 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-08-29 10:15 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-08-29 10:11 - 2014-08-29 09:46 - 00000000 ____D () C:\Windows\erdnt
2014-08-29 10:10 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-08-29 10:08 - 2011-11-23 15:59 - 00000000 ____D () C:\Users\WIN7\AppData\Local\Adobe
2014-08-29 09:40 - 2014-08-29 09:40 - 05576760 ____R (Swearware) C:\Users\WIN7\Desktop\ComboFix.exe
2014-08-29 09:37 - 2014-08-29 09:37 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2014-08-29 09:37 - 2014-08-29 09:37 - 00000000 ____D () C:\Program Files\NirSoft
2014-08-29 00:20 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-28 23:04 - 2014-08-28 23:04 - 00001004 _____ () C:\Users\WIN7\Desktop\JRT.txt
2014-08-28 22:59 - 2014-08-28 22:59 - 00000000 ____D () C:\Windows\ERUNT
2014-08-28 22:46 - 2014-08-28 22:46 - 00009405 _____ () C:\Users\WIN7\Desktop\AdwCleaner[S0].txt
2014-08-28 22:39 - 2014-08-28 22:37 - 00000000 ____D () C:\AdwCleaner
2014-08-28 22:34 - 2014-08-27 09:46 - 00405992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 22:21 - 2014-08-28 22:21 - 00001040 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-28 22:21 - 2014-08-28 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-28 22:21 - 2014-08-28 22:20 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-28 22:21 - 2011-11-19 19:38 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\Malwarebytes
2014-08-28 22:20 - 2011-11-19 19:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-28 22:20 - 2011-11-19 19:37 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-08-28 22:13 - 2014-08-28 22:13 - 01016261 _____ (Thisisu) C:\Users\WIN7\Desktop\JRT.exe
2014-08-28 22:11 - 2014-08-28 22:11 - 01364531 _____ () C:\Users\WIN7\Desktop\AdwCleaner.exe
2014-08-28 19:04 - 2014-08-28 12:36 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-28 18:22 - 2011-11-19 19:42 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-28 12:36 - 2014-08-28 12:36 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-28 12:35 - 2014-08-28 12:34 - 04851288 _____ () C:\Users\WIN7\Desktop\RogueKiller.exe
2014-08-28 11:34 - 2009-07-14 05:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-27 16:16 - 2011-11-16 19:06 - 00000000 ____D () C:\Users\Administrator
2014-08-27 09:48 - 2011-11-19 18:50 - 00000000 ____D () C:\Users\WIN7
2014-08-27 09:47 - 2014-08-27 09:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-27 02:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-08-26 20:18 - 2014-08-26 20:18 - 00109280 _____ () C:\Users\WIN7\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-26 20:17 - 2010-11-20 22:01 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-26 18:42 - 2014-08-26 18:42 - 00002207 _____ () C:\Users\WIN7\Desktop\aswMBR.txt
2014-08-26 18:42 - 2014-08-26 18:42 - 00000512 _____ () C:\Users\WIN7\Desktop\MBR.dat
2014-08-26 15:16 - 2014-08-26 15:16 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-26 12:38 - 2014-08-26 12:38 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ASPIRE-T180-Microsoft-Windows-7-Professional-(32-bit).dat
2014-08-26 12:33 - 2014-08-26 12:33 - 00000000 ____D () C:\RegBackup
2014-08-26 12:32 - 2014-08-26 12:32 - 00002161 _____ () C:\Users\WIN7\Desktop\Tweaking.com - Registry Backup.lnk
2014-08-26 12:32 - 2014-08-26 12:32 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-08-26 12:30 - 2014-08-26 12:30 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-08-26 11:33 - 2011-11-16 23:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-26 11:32 - 2013-08-09 21:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-26 11:26 - 2011-11-16 19:18 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-26 10:57 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-25 14:23 - 2012-01-03 10:15 - 00068955 _____ () C:\Users\WIN7\Desktop\My Bits.xlsx
2014-08-24 11:22 - 2012-08-29 15:55 - 00042784 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-08-23 11:46 - 2013-12-05 14:58 - 00002109 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-23 11:31 - 2012-09-26 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-23 11:29 - 2012-09-26 16:34 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\HpUpdate
2014-08-23 02:46 - 2014-08-28 19:56 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 01:42 - 2014-08-28 19:56 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-07 02:43 - 2014-08-23 11:15 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 02:39 - 2014-08-23 11:15 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 18:59 - 2011-11-25 19:19 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-08-06 18:47 - 2012-08-24 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-06 18:47 - 2011-11-22 22:25 - 00000945 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-06 18:45 - 2011-11-22 22:25 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-06 18:38 - 2013-10-22 16:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-06 18:31 - 2014-08-06 18:31 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-06 18:30 - 2014-08-06 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-06 18:30 - 2014-08-06 18:29 - 00004477 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-08-06 18:30 - 2013-07-23 13:45 - 00000000 ____D () C:\Program Files\Java
2014-08-02 20:12 - 2012-05-19 18:36 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\vlc
2014-08-01 00:16 - 2014-08-23 11:20 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 00:46

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-08-2014
Ran by WIN7 at 2014-08-30 09:50:21
Running from C:\Users\WIN7\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
CPUID CPU-Z 1.58 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photosmart 5510 series Basic Device Software (HKLM\...\{CDB1080E-BF0A-4A61-9E77-D1BBA68582C7}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Photosmart 5510 series Help (HKLM\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 5510 series Product Improvement Study (HKLM\...\{C2F3460B-0C14-4A85-A330-5D1D5028C496}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version: - )
NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Rapport (Version: 3.5.1307.93 - Trusteer) Hidden
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1307.93 - Trusteer)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1839434062-3037775892-936306819-1002_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)

==================== Restore Points =========================

29-08-2014 16:15:53 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2014-08-29 10:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {027FA0F9-CB3C-454B-8F69-0550F794775B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-22] (Google Inc.)
Task: {2735ACBF-FC7C-4D90-9FF2-4CA3017C9515} - System32\Tasks\RunAsStdUser Task => C:\Users\WIN7\AppData\Local\vidshakeSA\bin\1.0.8.0\VidShakeSA.exe
Task: {3B1E717E-CA20-4A72-AB2A-017D73973D74} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {42DD3EAE-7014-477F-A384-C298EDD3621C} - System32\Tasks\HPCustParticipation HP Photosmart 5510 series => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2011-09-16] (Hewlett-Packard Co.)
Task: {636A8754-9CC9-4A09-9495-161A3C9318E5} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: {8500E2CD-2768-4F21-818D-586F22548EEB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {A754BB9B-B383-4264-8B2E-A6864EF23E7A} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {D4D142C7-4336-4CDE-9A9D-812E25103649} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-22] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-03-11 13:50 - 2014-07-04 13:03 - 01404120 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2013-04-13 03:05 - 2013-01-31 10:00 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/29/2014 10:40:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/29/2014 09:58:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/29/2014 09:10:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/29/2014 04:39:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/29/2014 03:49:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2014 11:39:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2014 11:29:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2014 11:23:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/29/2014 10:38:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.1.9 service failed to start due to the following error:
%%2

Error: (08/29/2014 10:38:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 22:17:51 on ‎29/‎08/‎2014 was unexpected.

Error: (08/29/2014 09:56:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.1.9 service failed to start due to the following error:
%%2

Error: (08/29/2014 09:56:51 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 21:30:08 on ‎29/‎08/‎2014 was unexpected.

Error: (08/29/2014 09:37:02 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (08/29/2014 09:37:02 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (08/29/2014 09:37:02 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (08/29/2014 09:37:02 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (08/29/2014 09:37:02 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (08/29/2014 09:37:02 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.


Microsoft Office Sessions:
=========================
Error: (12/19/2012 11:11:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash.

Error: (12/19/2012 11:10:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3548 seconds with 1080 seconds of active time. This session ended with a crash.

Error: (09/27/2012 04:41:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 12 seconds with 0 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
Percentage of memory in use: 67%
Total physical RAM: 767.54 MB
Available physical RAM: 249.65 MB
Total Pagefile: 1791.54 MB
Available Pagefile: 1069.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.96 MB

==================== Drives ================================

Drive c: (Windows & Prog Files) (Fixed) (Total:40.04 GB) (Free:13.04 GB) NTFS
Drive d: (Data) (Fixed) (Total:50.75 GB) (Free:50.07 GB) NTFS
Drive e: (Backup) (Fixed) (Total:62.5 GB) (Free:49.73 GB) NTFS
Drive k: (Classic SL) (Fixed) (Total:74.53 GB) (Free:33.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 153.4 GB) (Disk ID: CF815C69)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=62.5 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 45290D0F)
Partition 1: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Juliet
2014-08-30, 16:46
The java page may have no reference to whats going on, what it was to tell us was if you were running Java No Script.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)



start
HKU\S-1-5-21-1839434062-3037775892-936306819-1003\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
S2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-24] (AVG Technologies)
C:\Windows\system32\drivers\avgtpx86.sys
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-01-30] (GFI Software)
C:\Windows\System32\drivers\gfibto.sys
S3 catchme; \??\C:\Users\WIN7\AppData\Local\Temp\catchme.sys [X]
Task: {2735ACBF-FC7C-4D90-9FF2-4CA3017C9515} - System32\Tasks\RunAsStdUser Task => C:\Users\WIN7\AppData\Local\vidshakeSA\bin\1.0.8.0\VidShakeSA.exe
ask: {636A8754-9CC9-4A09-9495-161A3C9318E5} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: {A754BB9B-B383-4264-8B2E-A6864EF23E7A} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
Hosts:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

******************

Download Windows Repair (all in one) from this site (http://www.tweaking.com/content/page/windows_repair_all_in_one.html)

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Then
Go to Step 4 and under "System Restore" click on Create button:

Then
Go to Start Repairs tab and click Start button.


On the start repairs tab click start


Select the following items and tick restart system when finished

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair Hosts File
Remove Policies Set By Infections
Repair Missing Start menu Icons
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Set windows Services To Default
Repair MSI (windows Installer)
Repair File Associations
Repair windows Safe mode

Click on box next to the Restart System when Finished. Then click on Start.

*******************

Go to here (http://www.kaspersky.com/virusscanner/)
Click the download button under Kaspersky Security Scan
Download and run the file
It will start to download the Kaspersky Security Scan program data
Once downloaded the installer will begin
Click Next
Accept the License Agreement
Click Install
The program will now install
Click Finish
Kaspersky Security Scan will now start

https://dl.dropbox.com/s/u9e0j7ucl1w1c8f/KSS.JPG

Click the Full Scan button

https://dl.dropbox.com/s/s8n1yf9klg4kb8t/KSS%20full%20scan.JPG

The scan will take about an hour or two depending on the amount of data on your hard drive
If the scan detects problems it will open a Problems found window
Click Details to generate a scan results report

https://dl.dropbox.com/s/z18lnrqnlpapjhq/KSS%20infected.JPG

Once the scan is complete do the following:
For XP: Navigate to C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot
For Vista/7: Navigate to C:\ProgramData\Kaspersky Lab\KSS2\DataRoot
Right-click on the HtmlReport folder --> Click Send to --> Click Compressed (zipped) folder
Attach the HtmlReport zipped folder to your next post
https://dl.dropbox.com/s/ru15gsuc35igpo0/htmlreportzipxp.jpg
https://dl.dropbox.com/s/sqtsbesnxnktt9q/htmlreportzip7.jpg
https://dl.dropbox.com/s/pyrhqs6dgpwt5q4/htmlreportzipvista.jpg
You can now close Kaspersky Security Scan

***
Please post:
Fixlog.txt
Kaspersky Security Scan log
**
Also update on how the computer is at the moment.

sunshine&flowerpots
2014-08-31, 18:19
Hi,

Computer still crashing - couldn't run Kaspersky.

What I did try was to see if I could open the websites in Chrome, which I can. I also run the Eset scan through Chrome & it completed no prob so I have posted that log. Poss I.E problem? Chrome loads quickly, I.E take a minute to load.

Completed all the other steps above.

Fix Log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:30-08-2014
Ran by WIN7 at 2014-08-30 18:22:28 Run:4
Running from C:\Users\WIN7\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-1839434062-3037775892-936306819-1003\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
S2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-24] (AVG Technologies)
C:\Windows\system32\drivers\avgtpx86.sys
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-01-30] (GFI Software)
C:\Windows\System32\drivers\gfibto.sys
S3 catchme; \??\C:\Users\WIN7\AppData\Local\Temp\catchme.sys [X]
Task: {2735ACBF-FC7C-4D90-9FF2-4CA3017C9515} - System32\Tasks\RunAsStdUser Task => C:\Users\WIN7\AppData\Local\vidshakeSA\bin\1.0.8.0\VidShakeSA.exe
ask: {636A8754-9CC9-4A09-9495-161A3C9318E5} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: {A754BB9B-B383-4264-8B2E-A6864EF23E7A} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
Hosts:
End
*****************

HKU\S-1-5-21-1839434062-3037775892-936306819-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_JUNE2013_TB => Value not found.
vToolbarUpdater18.1.9 => Service not found.
avgtp => Service stopped successfully.
avgtp => Service deleted successfully.
C:\Windows\system32\drivers\avgtpx86.sys => Moved successfully.
gfibto => Service stopped successfully.
gfibto => Service deleted successfully.
C:\Windows\System32\drivers\gfibto.sys => Moved successfully.
catchme => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2735ACBF-FC7C-4D90-9FF2-4CA3017C9515}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2735ACBF-FC7C-4D90-9FF2-4CA3017C9515}" => Key deleted successfully.
C:\Windows\System32\Tasks\RunAsStdUser Task => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task" => Key deleted successfully.
ask: {636A8754-9CC9-4A09-9495-161A3C9318E5} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A754BB9B-B383-4264-8B2E-A6864EF23E7A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A754BB9B-B383-4264-8B2E-A6864EF23E7A}" => Key deleted successfully.
C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Weekly)" => Key deleted successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog ====



Eset Scan Log:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=68305a102eb0474ca2e09e0517377c87
# engine=19918
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-30 12:57:58
# local_time=2014-08-30 01:57:58 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 13362739 103577482 0 0
# scanned=124126
# found=1
# cleaned=1
# scan_time=2198
sh=B5A959465A82776804C7CBBDCE7C3C7158B1F5FE ft=1 fh=3a9864896d9bd40a vn="a variant of Win32/Toolbar.Widgi.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\WIN7\AppData\Roaming\Search Protection\Uninstall.exe.vir"

Juliet
2014-08-31, 19:42
What Eset found is a file held in a quarantine folder so thats not an issue.

What it sounds like so far is hardware related to the computer.

I know that Blue screen wouldn't work earlier, but, since we have removed an amount of malicious files and processes let's try again using another tool first to see if we can produce a log.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
rkill.pif (http://download.bleepingcomputer.com/grinler/rkill.pif)
WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)

*******************

Download blue screen viewer from the link below and install and run it to read the dump files created by windows.
http://www.nirsoft.net/utils/blue_screen_view.html
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

***********
Try this tool in the event Blue screen wont run.

Please download the Event Viewer Tool by Vino Rosso and save it to your Desktop:
http://images.malwareremoval.com/vino/VEW.exe

2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

sunshine&flowerpots
2014-08-31, 23:03
Hi,

Still couldn't run blue screen, it won't install properly, and now I can't uninstall it. Managed to do the others ok.

rkill log:

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/31/2014 08:05:14 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 08/31/2014 08:07:15 PM
Execution time: 0 hours(s), 2 minute(s), and 1 seconds(s)


VEW system log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 31/08/2014 20:57:13

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/08/2014 15:06:53
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 31/08/2014 11:51:47
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 30/08/2014 17:19:27
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 29/08/2014 21:38:08
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 29/08/2014 20:56:35
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 28/08/2014 22:37:31
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 28/08/2014 22:35:32
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 28/08/2014 22:27:12
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 28/08/2014 22:21:34
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/08/2014 19:27:24
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Microsoft Network Inspection service failed to start due to the following error: The service did not start due to a logon failure.

Log: 'System' Date/Time: 31/08/2014 19:27:24
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The NisSrv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Log: 'System' Date/Time: 31/08/2014 19:27:24
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.

Log: 'System' Date/Time: 31/08/2014 19:27:24
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Log: 'System' Date/Time: 31/08/2014 19:27:24
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The SSDP Discovery service failed to start due to the following error: The service did not start due to a logon failure.

Log: 'System' Date/Time: 31/08/2014 19:27:24
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The SSDPSRV service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Log: 'System' Date/Time: 31/08/2014 19:27:24
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service did not start due to a logon failure.

Log: 'System' Date/Time: 31/08/2014 19:27:24
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The SSDP Discovery service failed to start due to the following error: The service did not start due to a logon failure.

Log: 'System' Date/Time: 31/08/2014 19:27:24
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The SSDPSRV service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Log: 'System' Date/Time: 31/08/2014 19:27:24
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.

Log: 'System' Date/Time: 31/08/2014 19:27:24
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Log: 'System' Date/Time: 31/08/2014 19:27:24
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Server service failed to start due to the following error: A system shutdown is in progress.

Log: 'System' Date/Time: 31/08/2014 19:27:23
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The Group Policy Client service did not shut down properly after receiving a preshutdown control.

Log: 'System' Date/Time: 31/08/2014 19:27:24
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

Log: 'System' Date/Time: 31/08/2014 19:24:22
Type: Error Category: 0
Event: 36888 Source: Schannel
The following fatal alert was generated: 10. The internal error state is 10.

Log: 'System' Date/Time: 31/08/2014 19:07:47
Type: Error Category: 0
Event: 36888 Source: Schannel
The following fatal alert was generated: 10. The internal error state is 10.

Log: 'System' Date/Time: 31/08/2014 19:07:47
Type: Error Category: 0
Event: 36888 Source: Schannel
The following fatal alert was generated: 10. The internal error state is 10.

Log: 'System' Date/Time: 31/08/2014 19:07:47
Type: Error Category: 0
Event: 36888 Source: Schannel
The following fatal alert was generated: 10. The internal error state is 10.

Log: 'System' Date/Time: 31/08/2014 19:07:47
Type: Error Category: 0
Event: 36888 Source: Schannel
The following fatal alert was generated: 10. The internal error state is 10.

Log: 'System' Date/Time: 31/08/2014 19:07:47
Type: Error Category: 0
Event: 36888 Source: Schannel
The following fatal alert was generated: 10. The internal error state is 10.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/08/2014 19:37:34
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.

Log: 'System' Date/Time: 31/08/2014 19:27:27
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 31/08/2014 19:25:37
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 31/08/2014 19:21:34
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.

Log: 'System' Date/Time: 31/08/2014 19:19:52
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 31/08/2014 15:07:30
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.

Log: 'System' Date/Time: 31/08/2014 11:30:09
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.

Log: 'System' Date/Time: 30/08/2014 17:32:28
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.

Log: 'System' Date/Time: 30/08/2014 17:20:05
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.

Log: 'System' Date/Time: 30/08/2014 08:58:44
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.

Log: 'System' Date/Time: 29/08/2014 21:39:34
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.

Log: 'System' Date/Time: 29/08/2014 20:57:17
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.

Log: 'System' Date/Time: 29/08/2014 20:14:24
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 29/08/2014 20:09:15
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.

Log: 'System' Date/Time: 29/08/2014 15:38:10
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.

Log: 'System' Date/Time: 29/08/2014 14:47:45
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.

Log: 'System' Date/Time: 28/08/2014 22:38:03
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.

Log: 'System' Date/Time: 28/08/2014 22:36:07
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.

VEW App log:
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 31/08/2014 20:59:00

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 31/08/2014 11:30:07
Type: Error Category: 0
Event: 1103 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown


Log: 'Application' Date/Time: 31/08/2014 05:25:54
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-CEIP
A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 90080108).

Log: 'Application' Date/Time: 30/08/2014 17:33:45
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 30/08/2014 17:21:18
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 30/08/2014 10:54:43
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-CEIP
A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 90080108).

Log: 'Application' Date/Time: 30/08/2014 09:00:14
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 30/08/2014 08:57:17
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 29/08/2014 21:40:00
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 29/08/2014 20:58:26
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 29/08/2014 20:10:46
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 29/08/2014 15:39:40
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 29/08/2014 14:49:07
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 28/08/2014 22:39:18
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 28/08/2014 22:29:07
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 28/08/2014 22:23:29
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 31/08/2014 11:12:57
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 31/08/2014 11:12:57
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 31/08/2014 11:12:53
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 31/08/2014 11:12:53
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 31/08/2014 11:12:48
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 31/08/2014 11:12:48
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 31/08/2014 11:12:48
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 31/08/2014 11:12:48
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 31/08/2014 11:12:45
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 31/08/2014 11:12:45
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 31/08/2014 11:12:45
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 31/08/2014 11:12:45
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 31/08/2014 11:12:45
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 31/08/2014 11:12:45
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 31/08/2014 11:12:42
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 31/08/2014 11:12:42
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 31/08/2014 11:12:35
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, MS_NT_EVENTLOG_EVENT_PROVIDER, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 31/08/2014 11:12:35
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, MS_NT_EVENTLOG_EVENT_PROVIDER, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 31/08/2014 11:12:21
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, SystemConfigurationChangeEvents, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 31/08/2014 11:12:21
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, SystemConfigurationChangeEvents, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Juliet
2014-08-31, 23:52
You can use Revo Uninstaller

Please download and install Revo Uninstaller Free (http://www.revouninstaller.com/)

Double click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove (BlueScreen)
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.


***************
A lot of the errors seem to be pointed to USB
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.
by chance is there an external device connected during all this?

A couple of suggestions because, this does not look to be malware but rather issues pointed to Windows Drivers.

Perform a clean startup
http://support.microsoft.com/kb/331796

Please read over the below topic of other users having the same difficulties
Driver\WUDFRd failed to load for the device
http://www.sevenforums.com/drivers/268212-driver-driver-wudfrd-failed-load-device-error.html

sunshine&flowerpots
2014-09-01, 00:14
Hi,

Thank you for the uninstaller - Blue Screen has gone.

I have an external hard drive (Classic SL 80gb), which has been connected at all times. I can access everything on that and all the scans we have done have included that drive.

What I have noticed is that AppleSyncInfo tab had appeared on my favourites bar. About a year ago, my cousin used my computer to set up his new iphone. When he sync'd it, he managed to clear all my contacts in my MS Outlook program & I ended up with all his numbers. He didn't realise this, but I let him know so that he could delete all my contacts from his phone. I had problems with outlook after that - my talktalk emails stopped going to some accounts, so I stopped using it & now log on via the webpage. Not sure if this may be the problem. I though I'd uninstalled the I program that was downloaded (I don't use Iphones so I'm not sure of what the app associated with it are) I know there was iTunes downloaded.

I'll do the other stuff now.

Thanks

Juliet
2014-09-01, 02:13
Go on and finish the above task, then we can look for and remove files and subfolders for AppleSync and iTunes.
When we do this, remove all USB devices.

I'll wait to hear back after you complete the other task. I would also like for you soon to try Last known good configuration, it's worth a try.

sunshine&flowerpots
2014-09-01, 11:54
Hi,

I read through the sevenforums link & changed my settings as per posts - I can get into chrome now - still can't access pages with i.e

I have done a last know configuration.

I also used the revo uninstaller, but bluescreen is still there...

Juliet
2014-09-01, 16:30
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:folderfind
BlueScreenView
:filefind
BlueScreenView
:regfind
BlueScreenView

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
*******************

If you would, please check for Windows updates and see if there are any updates the refer to IE.
If that is still unsuccessful, please try

After the above
http://support.microsoft.com/kb/956196
Scroll down to and click on Windows 7, to reset Internet Explorer
Then click on delete browser history

sunshine&flowerpots
2014-09-03, 00:01
Hi ya,

Checked windows updates, the only one that updated was for win 7 - KB2830477.

Reset I.E, and all seems fine now.

Here's log from Systemlook:

SystemLook 30.07.11 by jpshortstuff
Log created at 14:14 on 02/09/2014 by WIN7
Administrator - Elevation successful

========== folderfind ==========

Searching for "BlueScreenView"
C:\$RECYCLE.BIN\S-1-5-21-1839434062-3037775892-936306819-1002\$RJ8PZZL\BlueScreenView d------ [19:52 31/08/2014]

========== filefind ==========

Searching for "BlueScreenView"
No files found.

========== regfind ==========

Searching for "BlueScreenView"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Debug]
"StoreLocation"="C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_bluescreenview_s_ea3c53e14b8e84f6505a2dae6da83c32024_0c9f74c6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Users\WIN7\Desktop\bluescreenview_setup.exe"="VISTARTM"
[HKEY_USERS\S-1-5-21-1839434062-3037775892-936306819-1002\Software\Microsoft\Windows\Windows Error Reporting\Debug]
"StoreLocation"="C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_bluescreenview_s_ea3c53e14b8e84f6505a2dae6da83c32024_0c9f74c6"

-= EOF =-

Many thanks.

Juliet
2014-09-03, 00:30
Reset I.E, and all seems fine now.
Good deal!


Let's try this:
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)



start
C:\Users\WIN7\Desktop\bluescreenview_setup.exe
C:\$RECYCLE.BIN\S-1-5-21-1839434062-3037775892-936306819-1002\$RJ8PZZL\BlueScreenView
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

sunshine&flowerpots
2014-09-03, 00:37
Hi,

Here's fixlist log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:02-09-2014
Ran by WIN7 at 2014-09-02 22:35:47 Run:5
Running from C:\Users\WIN7\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
C:\Users\WIN7\Desktop\bluescreenview_setup.exe
C:\$RECYCLE.BIN\S-1-5-21-1839434062-3037775892-936306819-1002\$RJ8PZZL\BlueScreenView
End
*****************

C:\Users\WIN7\Desktop\bluescreenview_setup.exe => Moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-1839434062-3037775892-936306819-1002\$RJ8PZZL\BlueScreenView => Moved successfully.

==== End of Fixlog ====

Juliet
2014-09-03, 00:50
How's the computer now?

I think we're ready to remove tools and quarantine folders.

sunshine&flowerpots
2014-09-03, 00:59
Hi,

Seems a lot better, still has moments when it speeds up, but I think that could be related to the fact that it's an old machine as you mentioned before. Def better though.

Blue screen has gone!

Juliet
2014-09-03, 01:53
Download Delfix from here (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
Ensure Remove disinfection tools is ticked
Also tick:
Create registry backup
Purge system restore
http://www.hdrcgb.org.uk/g2g/delfix.jpg

Click Run




Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.

*****************************************

Your good to go, good job!

Please take the time to read over a few of my preventive tips.

Computer Security
http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)

CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)

to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates (http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us) and download all the "Critical Updates" for Windows.


Firefox 3 (http://www.mozilla.com/en-US/firefox/)
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript (http://www.noscript.net) - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

AdblockPlus

AdblockPlus, Surf the web without annoying ads!
Blocks banners, pop-ups and video ads - even on Facebook and YouTube
Protects your online privacy
Two-click installation, It's free!
click the icon that corresponds to your browser and download.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

Green should be good to go
Yellow for caution
Red to stop



~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to prevent Malware: Created by Miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)


WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/
and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/ (null)))


Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter (http://www.fbi.gov/cyberinvest/cyberedletter.htm)
USAToday (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
infoworld (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)

*********************************************
Please read the following safe computing articles..

Secure My Computer: A Layered Approach (http://www.dslreports.com/faq/8463)


Free Antivirus-AntiSpyware-Firewall Software (http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html)

Keep a backup of your important files (http://www.geekstogo.com/2008/06/19/options-for-home-computer-data-backup-part-1/) - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.



It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
You can check these by visiting Secunia Software Inspector (http://secunia.com/software_inspector) or you can use the following application for this purpose PatchMyPC (http://www.patchmypc.net/)

sunshine&flowerpots
2014-09-03, 22:36
Hi Juliet,

Many thanks for all you help.x

Juliet
2014-09-03, 23:34
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.