Inactive [A] "Windows has encountered a critical problem and will restart in one minute."

[abcchoier]

Hi,
I have a computer with this problem, please show me how to resolve this issue.

I pasted FRST and SEARCH txt file here

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 22 days old)
Ran by SYSTEM at 04-04-2013 20:51:13
Running from E:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet003

==================== Registry (Whitelisted) ===================

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1091432 2012-12-14] (Malwarebytes Corporation)

==================== Services (Whitelisted) ===================

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [45056 2013-01-16] ()
2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [572928 2013-02-10] ()
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-03-04] ()
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]
2 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) =====================

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-18] (AVG Technologies)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 X6va005; \??\C:\Users\User\AppData\Local\Temp\0051842.tmp [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-04-04 20:51 - 2013-04-04 20:51 - 00000000 ____D C:\FRST
2013-04-04 17:05 - 2013-04-04 17:05 - 00000000 ____D C:\Windows\pss
2013-04-02 15:27 - 2013-04-02 15:28 - 00298208 ____A C:\Windows\Minidump\040213-42089-01.dmp
2013-03-31 12:05 - 2013-03-27 16:30 - 2145880023 ____A C:\Users\User\Desktop\The Dark Knight Rises[2012]BRRip 720p H264-ETRG.mp4
2013-03-31 12:03 - 2013-03-27 16:07 - 1473212416 ____A C:\Users\User\Desktop\psig-tasm.2012.retail.dvdrip.xvid.avi
2013-03-31 11:44 - 2013-03-31 11:54 - 00000000 ____D C:\Users\User\Downloads\The Hobbit An Unexpected Journey [2012] BRRip XviD-ETRG
2013-03-30 09:30 - 2013-03-30 09:30 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-03-30 09:29 - 2013-03-30 09:30 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-03-30 09:29 - 2013-03-30 09:29 - 00000000 ____D C:\Users\Public\Sony Online Entertainment
2013-03-30 09:28 - 2013-03-30 09:28 - 20804736 ____A C:\Users\User\Downloads\WIZ_setup.exe
2013-03-26 15:41 - 2013-03-27 04:26 - 00000000 ____D C:\Users\User\Downloads\BioShock Infinite PC full game + DLC ^^nosTEAM^^
2013-03-26 15:32 - 2013-03-26 15:38 - 55131811 ____A C:\Users\User\Downloads\BioShock-Infinite_nosTEAM.zip
2013-03-24 15:45 - 2013-03-24 15:45 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2013-03-24 15:33 - 2013-03-24 15:33 - 00000222 ____A C:\Users\User\Desktop\Terraria.url
2013-03-24 11:00 - 2013-03-24 11:00 - 00000000 ____D C:\Users\User\Downloads\Terraria v1.1.2 Final
2013-03-24 11:00 - 2013-03-24 11:00 - 00000000 ____D C:\Program Files (x86)\Terraria
2013-03-24 10:21 - 2013-03-24 10:30 - 60553693 ____A C:\Users\User\Downloads\grant-admin-full-rights.zip
2013-03-24 09:33 - 2013-03-24 09:34 - 00000000 ____D C:\Users\User\Downloads\Net.Framework_pack-for-games
2013-03-24 08:58 - 2013-03-24 09:30 - 287279694 ____A C:\Users\User\Downloads\Net.Framework_pack-for-games.zip
2013-03-23 15:08 - 2013-03-23 19:39 - 00000000 ____D C:\Users\User\Downloads\The Elder Scrolls V Skyrim PC full game + DLC ^^nosTEAM^^
2013-03-23 14:47 - 2013-03-23 14:53 - 55110910 ____A C:\Users\User\Downloads\Skyrim_nosTEAM.zip
2013-03-22 18:21 - 2013-03-22 18:21 - 00000000 ____D C:\Users\User\AppData\Local\FlvtoYoutubeDownloader
2013-03-22 18:20 - 2013-03-22 18:20 - 00002166 ____A C:\Users\User\Desktop\Flvto Youtube Downloader.lnk
2013-03-22 18:20 - 2013-03-22 18:20 - 00000000 ____D C:\Users\User\AppData\Local\Flvto Youtube Downloader
2013-03-21 19:32 - 2013-03-22 04:26 - 00000000 ____D C:\Users\User\Downloads\Sniper Ghost Warrior 2 PC full game ^^nosTEAM^^
2013-03-20 18:18 - 2013-03-20 18:25 - 00000000 ____D C:\Users\User\AppData\Local\SniperV2
2013-03-20 18:17 - 2013-03-20 18:17 - 00000000 ____D C:\Users\User\Documents\ALI213
2013-03-20 18:03 - 2012-06-30 17:13 - 00003153 ____A C:\Users\User\Desktop\visit-nosteam-forum.html
2013-03-20 16:24 - 2013-03-20 17:46 - 00000000 ____D C:\Users\User\Downloads\Sniper Elite V2 full game singleplayer ^^nosTEAM^^
2013-03-20 16:15 - 2013-03-20 16:22 - 55067517 ____A C:\Users\User\Downloads\SniperElite-V2_nosTEAM.zip
2013-03-17 10:07 - 2013-03-17 10:16 - 1164334672 ____A C:\Users\User\Downloads\Dissidia_Final_Fantasy_USA_PSP-iND.rar
2013-03-17 09:56 - 2013-03-17 09:56 - 07612586 ____A C:\Users\User\Downloads\pcsp_v0.5.4.zip
2013-03-12 04:34 - 2013-03-12 04:35 - 25597240 ____A C:\Users\User\Downloads\surgeonsimulator2013_win.zip
2013-03-06 16:00 - 2013-03-06 16:00 - 00000192 ____A C:\Users\User\Desktop\MapleStory.url

==================== One Month Modified Files and Folders =======

2013-04-04 17:41 - 2011-11-12 13:34 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-04 17:40 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-04 17:40 - 2009-07-13 20:51 - 00101502 ____A C:\Windows\setupact.log
2013-04-04 17:21 - 2011-11-12 13:34 - 00000000 ____D C:\Program Files (x86)\Google
2013-04-04 17:21 - 2011-11-06 08:40 - 00372224 ____A C:\Windows\PFRO.log
2013-04-04 17:10 - 2011-11-12 13:34 - 00000000 ____D C:\Users\User\AppData\Local\Google
2013-04-04 17:10 - 2009-07-13 21:13 - 00739616 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-04 17:05 - 2013-04-04 17:05 - 00000000 ____D C:\Windows\pss
2013-04-04 17:05 - 2012-06-11 19:52 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-04 17:05 - 2012-06-11 19:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-04 17:05 - 2011-11-04 20:38 - 01306428 ____A C:\Windows\WindowsUpdate.log
2013-04-04 16:45 - 2012-01-06 16:17 - 00000000 ____D C:\Users\User\AppData\Local\LogMeIn Hamachi
2013-04-04 16:43 - 2012-12-15 12:04 - 00000000 ____D C:\Program Files (x86)\Steam
2013-04-04 16:43 - 2012-04-02 19:30 - 00000000 ____D C:\Users\User\AppData\Roaming\BitTorrent
2013-04-04 16:31 - 2012-06-24 11:18 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2013-04-04 02:18 - 2009-07-13 21:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-04-04 02:15 - 2012-07-13 13:03 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-04 01:06 - 2012-07-25 20:35 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-228111375-4128026426-3849060961-1000UA.job
2013-04-04 01:06 - 2011-11-12 13:34 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-03 15:13 - 2012-06-11 19:58 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2013-04-02 15:28 - 2013-04-02 15:27 - 00298208 ____A C:\Windows\Minidump\040213-42089-01.dmp
2013-04-02 15:27 - 2012-05-31 19:36 - 00000000 ____D C:\Windows\Minidump
2013-04-02 15:27 - 2012-05-31 19:35 - 312272221 ____A C:\Windows\MEMORY.DMP
2013-04-02 13:05 - 2011-12-25 10:12 - 00000000 ___RD C:\Users\User\Dropbox
2013-04-01 15:58 - 2012-07-25 20:35 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-228111375-4128026426-3849060961-1000Core.job
2013-03-31 11:54 - 2013-03-31 11:44 - 00000000 ____D C:\Users\User\Downloads\The Hobbit An Unexpected Journey [2012] BRRip XviD-ETRG
2013-03-30 09:30 - 2013-03-30 09:30 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-03-30 09:30 - 2013-03-30 09:29 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-03-30 09:30 - 2011-12-28 17:27 - 00000000 ____D C:\Users\User\AppData\Local\SCE
2013-03-30 09:29 - 2013-03-30 09:29 - 00000000 ____D C:\Users\Public\Sony Online Entertainment
2013-03-30 09:28 - 2013-03-30 09:28 - 20804736 ____A C:\Users\User\Downloads\WIZ_setup.exe
2013-03-30 09:18 - 2012-11-15 05:55 - 00000000 ____D C:\Games
2013-03-29 12:23 - 2009-07-13 20:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-29 12:23 - 2009-07-13 20:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-27 16:30 - 2013-03-31 12:05 - 2145880023 ____A C:\Users\User\Desktop\The Dark Knight Rises[2012]BRRip 720p H264-ETRG.mp4
2013-03-27 16:07 - 2013-03-31 12:03 - 1473212416 ____A C:\Users\User\Desktop\psig-tasm.2012.retail.dvdrip.xvid.avi
2013-03-27 14:30 - 2012-09-03 16:08 - 00000000 ____D C:\Users\User\AppData\Local\SKIDROW
2013-03-27 14:30 - 2011-12-28 23:52 - 00000000 ____D C:\Users\User\Documents\My Games
2013-03-27 04:26 - 2013-03-26 15:41 - 00000000 ____D C:\Users\User\Downloads\BioShock Infinite PC full game + DLC ^^nosTEAM^^
2013-03-26 15:38 - 2013-03-26 15:32 - 55131811 ____A C:\Users\User\Downloads\BioShock-Infinite_nosTEAM.zip
2013-03-24 15:45 - 2013-03-24 15:45 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2013-03-24 15:33 - 2013-03-24 15:33 - 00000222 ____A C:\Users\User\Desktop\Terraria.url
2013-03-24 11:00 - 2013-03-24 11:00 - 00000000 ____D C:\Users\User\Downloads\Terraria v1.1.2 Final
2013-03-24 11:00 - 2013-03-24 11:00 - 00000000 ____D C:\Program Files (x86)\Terraria
2013-03-24 10:30 - 2013-03-24 10:21 - 60553693 ____A C:\Users\User\Downloads\grant-admin-full-rights.zip
2013-03-24 09:34 - 2013-03-24 09:33 - 00000000 ____D C:\Users\User\Downloads\Net.Framework_pack-for-games
2013-03-24 09:30 - 2013-03-24 08:58 - 287279694 ____A C:\Users\User\Downloads\Net.Framework_pack-for-games.zip
2013-03-23 19:39 - 2013-03-23 15:08 - 00000000 ____D C:\Users\User\Downloads\The Elder Scrolls V Skyrim PC full game + DLC ^^nosTEAM^^
2013-03-23 14:53 - 2013-03-23 14:47 - 55110910 ____A C:\Users\User\Downloads\Skyrim_nosTEAM.zip
2013-03-22 18:21 - 2013-03-22 18:21 - 00000000 ____D C:\Users\User\AppData\Local\FlvtoYoutubeDownloader
2013-03-22 18:20 - 2013-03-22 18:20 - 00002166 ____A C:\Users\User\Desktop\Flvto Youtube Downloader.lnk
2013-03-22 18:20 - 2013-03-22 18:20 - 00000000 ____D C:\Users\User\AppData\Local\Flvto Youtube Downloader
2013-03-22 18:20 - 2012-12-04 15:43 - 00000000 ____D C:\Users\User\AppData\Local\Flvto Converter
2013-03-22 04:26 - 2013-03-21 19:32 - 00000000 ____D C:\Users\User\Downloads\Sniper Ghost Warrior 2 PC full game ^^nosTEAM^^
2013-03-20 18:25 - 2013-03-20 18:18 - 00000000 ____D C:\Users\User\AppData\Local\SniperV2
2013-03-20 18:17 - 2013-03-20 18:17 - 00000000 ____D C:\Users\User\Documents\ALI213
2013-03-20 18:12 - 2012-06-01 06:53 - 00000000 ____D C:\Users\User\AppData\Local\Facebook
2013-03-20 17:46 - 2013-03-20 16:24 - 00000000 ____D C:\Users\User\Downloads\Sniper Elite V2 full game singleplayer ^^nosTEAM^^
2013-03-20 16:26 - 2012-04-23 19:37 - 00000000 ____D C:\Users\User\AppData\Local\Deployment
2013-03-20 16:25 - 2013-03-03 21:32 - 00000000 ____D C:\Ubisoft
2013-03-20 16:22 - 2013-03-20 16:15 - 55067517 ____A C:\Users\User\Downloads\SniperElite-V2_nosTEAM.zip
2013-03-18 15:16 - 2012-03-17 15:10 - 00000000 ____D C:\Users\User\AppData\Local\Akamai
2013-03-17 10:16 - 2013-03-17 10:07 - 1164334672 ____A C:\Users\User\Downloads\Dissidia_Final_Fantasy_USA_PSP-iND.rar
2013-03-17 09:56 - 2013-03-17 09:56 - 07612586 ____A C:\Users\User\Downloads\pcsp_v0.5.4.zip
2013-03-12 18:14 - 2012-07-13 13:03 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-03-12 18:14 - 2011-11-12 13:35 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-03-12 04:35 - 2013-03-12 04:34 - 25597240 ____A C:\Users\User\Downloads\surgeonsimulator2013_win.zip
2013-03-08 17:56 - 2012-06-28 13:16 - 00000000 ____D C:\Users\User\AppData\Local\ArmA 2 OA
2013-03-06 16:00 - 2013-03-06 16:00 - 00000192 ____A C:\Users\User\Desktop\MapleStory.url
2013-03-06 14:14 - 2013-03-04 05:29 - 00281120 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-03-06 14:14 - 2012-10-07 16:57 - 00281120 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2013-03-06 14:05 - 2012-06-11 19:54 - 00000000 ____D C:\ProgramData\MFAData
2013-03-06 14:04 - 2012-06-11 20:00 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2013-03-05 21:04 - 2013-03-04 05:29 - 00281120 ____A C:\Windows\SysWOW64\PnkBstrB.ex0


ZeroAccess:
C:\Windows\Installer\{902e054a-8785-7869-ec94-c7353ca98b18}
C:\Windows\Installer\{902e054a-8785-7869-ec94-c7353ca98b18}\@
C:\Windows\Installer\{902e054a-8785-7869-ec94-c7353ca98b18}\L
C:\Windows\Installer\{902e054a-8785-7869-ec94-c7353ca98b18}\U
C:\Windows\Installer\{902e054a-8785-7869-ec94-c7353ca98b18}\U\00000001.@
C:\Windows\Installer\{902e054a-8785-7869-ec94-c7353ca98b18}\U\80000000.@
C:\Windows\Installer\{902e054a-8785-7869-ec94-c7353ca98b18}\U\800000cb.@

ZeroAccess:
C:\Users\User\AppData\Local\{902e054a-8785-7869-ec94-c7353ca98b18}
C:\Users\User\AppData\Local\{902e054a-8785-7869-ec94-c7353ca98b18}\@
C:\Users\User\AppData\Local\{902e054a-8785-7869-ec94-c7353ca98b18}\L
C:\Users\User\AppData\Local\{902e054a-8785-7869-ec94-c7353ca98b18}\U

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-03-31 17:54:02

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3957.85 MB
Available physical RAM: 3367.87 MB
Total Pagefile: 3956 MB
Available Pagefile: 3361.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:149.05 GB) (Free:42.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (PENDRIVE) (Removable) (Total:1.82 GB) (Free:1.64 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 1876 MB 0 B

Partitions of Disk 0:
===============

Disk ID: 7DA83F58

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 149 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 149 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: 00000000

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1875 MB 68 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E PENDRIVE FAT32 Removable 1875 MB Healthy

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 7DA83F58

Partition 1:
=========
Hex: 8020210007FEFFFF000800000088A112
Active: YES
Type: 07 (NTFS)
Size: 149 GB

==============================
Partitions of Disk 1:
===============
Disk ID: 00000000

Partition 1:
=========
Hex: 80020C000C38F8B889000000779F3A00
Active: YES
Type: 0C
Size: 2 GB


Last Boot: 2013-03-26 16:33

==================== End Of Log =============================

Farbar Recovery Scan Tool (x64) Version: 13-03-2013
Ran by SYSTEM at 2013-04-04 21:48:23
Running from E:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can start your computer normally.

If so...

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

 

[abcchoier]

Computer started normally after the fix
Here is the fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013
Ran by SYSTEM at 2013-04-05 11:37:57 Run:1
Running from E:\

==============================================

C:\Windows\Installer\{902e054a-8785-7869-ec94-c7353ca98b18} moved successfully.
C:\Users\User\AppData\Local\{902e054a-8785-7869-ec94-c7353ca98b18} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

 

[Broni]

Good

Go on....

 

[abcchoier]

MBAM didn't detect anything so no log
I attached the log from DDS here

 

[Broni]

Please observe forum rules.
All logs have to be pasted not attached.

 

[abcchoier]

My bad

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/4/2011 11:38:33 PM
System Uptime: 4/5/2013 11:38:47 AM (3 hours ago)
.
Motherboard: Dell Inc. | | 0K42JR
Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz | CPU 1 | 1176/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 42.785 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\SMO8800\1
Manufacturer:
Name:
PNP Device ID: ACPI\SMO8800\1
Service:
.
Class GUID:
Description: Broadcom USH
Device ID: USB\VID_0A5C&PID_5800&MI_00\7&66DE6C9&0&0000
Manufacturer:
Name: Broadcom USH
PNP Device ID: USB\VID_0A5C&PID_5800&MI_00\7&66DE6C9&0&0000
Service:
.
==== System Restore Points ===================
.
RP111: 3/31/2013 8:53:13 PM - Scheduled Checkpoint
.
==== Hosts File Hijack ======================
.
Hosts: 69.10.57.36 www.google-analytics.com.
Hosts: 69.10.57.36 ad-emea.doubleclick.net.
Hosts: 69.10.57.36 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Reader X (10.1.2)
Akamai NetSession Interface
AVG 2012
BattlEye for OA Uninstall
BattlEye Uninstall
BitTorrent
DayZ Commander
DefaultTab Chrome
Dell Touchpad
Flvto Youtube Downloader
Google Chrome
Google Toolbar for Internet Explorer
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software
Java Auto Updater
Java(TM) 6 Update 30
Java(TM) 7 Update 5
JavaFX 2.1.1
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.70.0.1100
MapleStory
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Nexon Game Manager
NVIDIA Drivers
NVIDIA nView Desktop Manager
Pando Media Booster
PunkBuster Services
PVSonyDll
Skype™ 6.1
Steam
Terraria
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
VirtualCloneDrive
Visual Studio 2008 x64 Redistributables
WinRAR 4.01 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
4/5/2013 11:42:02 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
4/5/2013 11:42:02 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
4/5/2013 11:40:08 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
4/5/2013 11:40:07 AM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).
4/5/2013 11:39:32 AM, Error: Service Control Manager [7000] - The vToolbarUpdater14.2.0 service failed to start due to the following error: The system cannot find the file specified.
4/4/2013 8:34:54 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
4/4/2013 8:34:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache ElbyCDIO spldr Wanarpv6
4/4/2013 8:34:46 PM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/4/2013 8:04:15 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/4/2013 8:04:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/4/2013 8:04:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/4/2013 8:04:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/4/2013 8:04:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/4/2013 8:04:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/4/2013 8:03:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/4/2013 8:03:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia CSC DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
4/4/2013 8:03:34 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/4/2013 8:03:34 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/4/2013 8:03:34 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/4/2013 8:03:34 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/4/2013 8:03:34 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/4/2013 8:03:34 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
4/4/2013 8:03:34 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/4/2013 8:03:34 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/4/2013 8:03:34 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/4/2013 7:35:51 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
4/4/2013 7:35:42 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.17006 BrowserJavaVersion: 10.5.1
Run by User at 11:54:55 on 2013-04-05
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3958.1845 [GMT -5:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Program Files (x86)\AVG\AVG2012\avgscana.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
uRun: [Akamai NetSession Interface] "C:\Users\User\AppData\Local\Akamai\netsession_win.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: Interfaces\{68ACABDA-872D-45E1-B116-09EA145E2DB8} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F71E71C6-C81B-4FEC-8C95-B43BA47D36EE} : DHCPNameServer = 10.97.240.125
TCP: Interfaces\{F71E71C6-C81B-4FEC-8C95-B43BA47D36EE}\C435242414 : DHCPNameServer = 192.168.0.1 68.94.156.1
TCP: Interfaces\{F71E71C6-C81B-4FEC-8C95-B43BA47D36EE}\E474559554E4 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
x64-Run: [nwiz] nwiz.exe /installquiet
x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 69.10.57.36 www.google-analytics.com.
Hosts: 69.10.57.36 ad-emea.doubleclick.net.
Hosts: 69.10.57.36 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 39768]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2009-11-6 293552]
.
=============== Created Last 30 ================
.
2013-04-05 04:51:07--------d-----w-C:\FRST
2013-04-05 01:05:32--------d-----w-C:\Users\User\AppData\Local\Programs
2013-04-05 01:05:05--------d-----w-C:\Windows\pss
2013-03-30 17:30:15--------d--h--w-C:\Windows\msdownld.tmp
2013-03-30 17:29:57--------d-----w-C:\Windows\SysWow64\directx
2013-03-24 23:45:46--------d-----w-C:\Program Files (x86)\Microsoft XNA
2013-03-24 19:00:53--------d-----w-C:\Program Files (x86)\Terraria
2013-03-23 02:21:00--------d-----w-C:\Users\User\AppData\Local\FlvtoYoutubeDownloader
2013-03-23 02:20:13--------d-----w-C:\Users\User\AppData\Local\Flvto Youtube Downloader
2013-03-21 02:18:46--------d-----w-C:\Users\User\AppData\Local\SniperV2
.
==================== Find3M ====================
.
2013-03-13 02:14:3873432----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 02:14:38693976----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-06 22:14:38281120----a-w-C:\Windows\SysWow64\PnkBstrB.xtr
2013-03-06 22:14:38281120----a-w-C:\Windows\SysWow64\PnkBstrB.exe
2013-03-06 05:04:02281120----a-w-C:\Windows\SysWow64\PnkBstrB.ex0
2013-03-04 13:29:1676888----a-w-C:\Windows\SysWow64\PnkBstrA.exe
2013-02-19 06:02:3339768----a-w-C:\Windows\System32\drivers\avgtpx64.sys
.
============= FINISH: 14:18:17.44 ===============

 

[Broni]

Download RogueKiller on the desktop

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[Broni]

Still with me?

 

[Broni]

This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.