TechSpot

[A] "Windows has encountered a critical problem and will restart in one minute."

Inactive
By abcchoier
Apr 5, 2013
Topic Status:
Not open for further replies.
  1. Hi,
    I have a computer with this problem, please show me how to resolve this issue.

    I pasted FRST and SEARCH txt file here

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 22 days old)
    Ran by SYSTEM at 04-04-2013 20:51:13
    Running from E:\
    Windows 7 Ultimate (X64) OS Language: English(US)
    The current controlset is ControlSet003

    ==================== Registry (Whitelisted) ===================

    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1091432 2012-12-14] (Malwarebytes Corporation)

    ==================== Services (Whitelisted) ===================

    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
    3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [45056 2013-01-16] ()
    2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [572928 2013-02-10] ()
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-03-04] ()
    3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
    3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]
    2 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]

    ==================== Drivers (Whitelisted) =====================

    3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
    1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-18] (AVG Technologies)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
    3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
    3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
    3 X6va005; \??\C:\Users\User\AppData\Local\Temp\0051842.tmp [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2013-04-04 20:51 - 2013-04-04 20:51 - 00000000 ____D C:\FRST
    2013-04-04 17:05 - 2013-04-04 17:05 - 00000000 ____D C:\Windows\pss
    2013-04-02 15:27 - 2013-04-02 15:28 - 00298208 ____A C:\Windows\Minidump\040213-42089-01.dmp
    2013-03-31 12:05 - 2013-03-27 16:30 - 2145880023 ____A C:\Users\User\Desktop\The Dark Knight Rises[2012]BRRip 720p H264-ETRG.mp4
    2013-03-31 12:03 - 2013-03-27 16:07 - 1473212416 ____A C:\Users\User\Desktop\psig-tasm.2012.retail.dvdrip.xvid.avi
    2013-03-31 11:44 - 2013-03-31 11:54 - 00000000 ____D C:\Users\User\Downloads\The Hobbit An Unexpected Journey [2012] BRRip XviD-ETRG
    2013-03-30 09:30 - 2013-03-30 09:30 - 00000000 ___HD C:\Windows\msdownld.tmp
    2013-03-30 09:29 - 2013-03-30 09:30 - 00000000 ____D C:\Windows\SysWOW64\directx
    2013-03-30 09:29 - 2013-03-30 09:29 - 00000000 ____D C:\Users\Public\Sony Online Entertainment
    2013-03-30 09:28 - 2013-03-30 09:28 - 20804736 ____A C:\Users\User\Downloads\WIZ_setup.exe
    2013-03-26 15:41 - 2013-03-27 04:26 - 00000000 ____D C:\Users\User\Downloads\BioShock Infinite PC full game + DLC ^^nosTEAM^^
    2013-03-26 15:32 - 2013-03-26 15:38 - 55131811 ____A C:\Users\User\Downloads\BioShock-Infinite_nosTEAM.zip
    2013-03-24 15:45 - 2013-03-24 15:45 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
    2013-03-24 15:33 - 2013-03-24 15:33 - 00000222 ____A C:\Users\User\Desktop\Terraria.url
    2013-03-24 11:00 - 2013-03-24 11:00 - 00000000 ____D C:\Users\User\Downloads\Terraria v1.1.2 Final
    2013-03-24 11:00 - 2013-03-24 11:00 - 00000000 ____D C:\Program Files (x86)\Terraria
    2013-03-24 10:21 - 2013-03-24 10:30 - 60553693 ____A C:\Users\User\Downloads\grant-admin-full-rights.zip
    2013-03-24 09:33 - 2013-03-24 09:34 - 00000000 ____D C:\Users\User\Downloads\Net.Framework_pack-for-games
    2013-03-24 08:58 - 2013-03-24 09:30 - 287279694 ____A C:\Users\User\Downloads\Net.Framework_pack-for-games.zip
    2013-03-23 15:08 - 2013-03-23 19:39 - 00000000 ____D C:\Users\User\Downloads\The Elder Scrolls V Skyrim PC full game + DLC ^^nosTEAM^^
    2013-03-23 14:47 - 2013-03-23 14:53 - 55110910 ____A C:\Users\User\Downloads\Skyrim_nosTEAM.zip
    2013-03-22 18:21 - 2013-03-22 18:21 - 00000000 ____D C:\Users\User\AppData\Local\FlvtoYoutubeDownloader
    2013-03-22 18:20 - 2013-03-22 18:20 - 00002166 ____A C:\Users\User\Desktop\Flvto Youtube Downloader.lnk
    2013-03-22 18:20 - 2013-03-22 18:20 - 00000000 ____D C:\Users\User\AppData\Local\Flvto Youtube Downloader
    2013-03-21 19:32 - 2013-03-22 04:26 - 00000000 ____D C:\Users\User\Downloads\Sniper Ghost Warrior 2 PC full game ^^nosTEAM^^
    2013-03-20 18:18 - 2013-03-20 18:25 - 00000000 ____D C:\Users\User\AppData\Local\SniperV2
    2013-03-20 18:17 - 2013-03-20 18:17 - 00000000 ____D C:\Users\User\Documents\ALI213
    2013-03-20 18:03 - 2012-06-30 17:13 - 00003153 ____A C:\Users\User\Desktop\visit-nosteam-forum.html
    2013-03-20 16:24 - 2013-03-20 17:46 - 00000000 ____D C:\Users\User\Downloads\Sniper Elite V2 full game singleplayer ^^nosTEAM^^
    2013-03-20 16:15 - 2013-03-20 16:22 - 55067517 ____A C:\Users\User\Downloads\SniperElite-V2_nosTEAM.zip
    2013-03-17 10:07 - 2013-03-17 10:16 - 1164334672 ____A C:\Users\User\Downloads\Dissidia_Final_Fantasy_USA_PSP-iND.rar
    2013-03-17 09:56 - 2013-03-17 09:56 - 07612586 ____A C:\Users\User\Downloads\pcsp_v0.5.4.zip
    2013-03-12 04:34 - 2013-03-12 04:35 - 25597240 ____A C:\Users\User\Downloads\surgeonsimulator2013_win.zip
    2013-03-06 16:00 - 2013-03-06 16:00 - 00000192 ____A C:\Users\User\Desktop\MapleStory.url

    ==================== One Month Modified Files and Folders =======

    2013-04-04 17:41 - 2011-11-12 13:34 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-04-04 17:40 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-04-04 17:40 - 2009-07-13 20:51 - 00101502 ____A C:\Windows\setupact.log
    2013-04-04 17:21 - 2011-11-12 13:34 - 00000000 ____D C:\Program Files (x86)\Google
    2013-04-04 17:21 - 2011-11-06 08:40 - 00372224 ____A C:\Windows\PFRO.log
    2013-04-04 17:10 - 2011-11-12 13:34 - 00000000 ____D C:\Users\User\AppData\Local\Google
    2013-04-04 17:10 - 2009-07-13 21:13 - 00739616 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-04-04 17:05 - 2013-04-04 17:05 - 00000000 ____D C:\Windows\pss
    2013-04-04 17:05 - 2012-06-11 19:52 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-04-04 17:05 - 2012-06-11 19:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-04-04 17:05 - 2011-11-04 20:38 - 01306428 ____A C:\Windows\WindowsUpdate.log
    2013-04-04 16:45 - 2012-01-06 16:17 - 00000000 ____D C:\Users\User\AppData\Local\LogMeIn Hamachi
    2013-04-04 16:43 - 2012-12-15 12:04 - 00000000 ____D C:\Program Files (x86)\Steam
    2013-04-04 16:43 - 2012-04-02 19:30 - 00000000 ____D C:\Users\User\AppData\Roaming\BitTorrent
    2013-04-04 16:31 - 2012-06-24 11:18 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
    2013-04-04 02:18 - 2009-07-13 21:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2013-04-04 02:15 - 2012-07-13 13:03 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-04-04 01:06 - 2012-07-25 20:35 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-228111375-4128026426-3849060961-1000UA.job
    2013-04-04 01:06 - 2011-11-12 13:34 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-04-03 15:13 - 2012-06-11 19:58 - 00000000 ____D C:\Windows\System32\Drivers\AVG
    2013-04-02 15:28 - 2013-04-02 15:27 - 00298208 ____A C:\Windows\Minidump\040213-42089-01.dmp
    2013-04-02 15:27 - 2012-05-31 19:36 - 00000000 ____D C:\Windows\Minidump
    2013-04-02 15:27 - 2012-05-31 19:35 - 312272221 ____A C:\Windows\MEMORY.DMP
    2013-04-02 13:05 - 2011-12-25 10:12 - 00000000 ___RD C:\Users\User\Dropbox
    2013-04-01 15:58 - 2012-07-25 20:35 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-228111375-4128026426-3849060961-1000Core.job
    2013-03-31 11:54 - 2013-03-31 11:44 - 00000000 ____D C:\Users\User\Downloads\The Hobbit An Unexpected Journey [2012] BRRip XviD-ETRG
    2013-03-30 09:30 - 2013-03-30 09:30 - 00000000 ___HD C:\Windows\msdownld.tmp
    2013-03-30 09:30 - 2013-03-30 09:29 - 00000000 ____D C:\Windows\SysWOW64\directx
    2013-03-30 09:30 - 2011-12-28 17:27 - 00000000 ____D C:\Users\User\AppData\Local\SCE
    2013-03-30 09:29 - 2013-03-30 09:29 - 00000000 ____D C:\Users\Public\Sony Online Entertainment
    2013-03-30 09:28 - 2013-03-30 09:28 - 20804736 ____A C:\Users\User\Downloads\WIZ_setup.exe
    2013-03-30 09:18 - 2012-11-15 05:55 - 00000000 ____D C:\Games
    2013-03-29 12:23 - 2009-07-13 20:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-03-29 12:23 - 2009-07-13 20:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-03-27 16:30 - 2013-03-31 12:05 - 2145880023 ____A C:\Users\User\Desktop\The Dark Knight Rises[2012]BRRip 720p H264-ETRG.mp4
    2013-03-27 16:07 - 2013-03-31 12:03 - 1473212416 ____A C:\Users\User\Desktop\psig-tasm.2012.retail.dvdrip.xvid.avi
    2013-03-27 14:30 - 2012-09-03 16:08 - 00000000 ____D C:\Users\User\AppData\Local\SKIDROW
    2013-03-27 14:30 - 2011-12-28 23:52 - 00000000 ____D C:\Users\User\Documents\My Games
    2013-03-27 04:26 - 2013-03-26 15:41 - 00000000 ____D C:\Users\User\Downloads\BioShock Infinite PC full game + DLC ^^nosTEAM^^
    2013-03-26 15:38 - 2013-03-26 15:32 - 55131811 ____A C:\Users\User\Downloads\BioShock-Infinite_nosTEAM.zip
    2013-03-24 15:45 - 2013-03-24 15:45 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
    2013-03-24 15:33 - 2013-03-24 15:33 - 00000222 ____A C:\Users\User\Desktop\Terraria.url
    2013-03-24 11:00 - 2013-03-24 11:00 - 00000000 ____D C:\Users\User\Downloads\Terraria v1.1.2 Final
    2013-03-24 11:00 - 2013-03-24 11:00 - 00000000 ____D C:\Program Files (x86)\Terraria
    2013-03-24 10:30 - 2013-03-24 10:21 - 60553693 ____A C:\Users\User\Downloads\grant-admin-full-rights.zip
    2013-03-24 09:34 - 2013-03-24 09:33 - 00000000 ____D C:\Users\User\Downloads\Net.Framework_pack-for-games
    2013-03-24 09:30 - 2013-03-24 08:58 - 287279694 ____A C:\Users\User\Downloads\Net.Framework_pack-for-games.zip
    2013-03-23 19:39 - 2013-03-23 15:08 - 00000000 ____D C:\Users\User\Downloads\The Elder Scrolls V Skyrim PC full game + DLC ^^nosTEAM^^
    2013-03-23 14:53 - 2013-03-23 14:47 - 55110910 ____A C:\Users\User\Downloads\Skyrim_nosTEAM.zip
    2013-03-22 18:21 - 2013-03-22 18:21 - 00000000 ____D C:\Users\User\AppData\Local\FlvtoYoutubeDownloader
    2013-03-22 18:20 - 2013-03-22 18:20 - 00002166 ____A C:\Users\User\Desktop\Flvto Youtube Downloader.lnk
    2013-03-22 18:20 - 2013-03-22 18:20 - 00000000 ____D C:\Users\User\AppData\Local\Flvto Youtube Downloader
    2013-03-22 18:20 - 2012-12-04 15:43 - 00000000 ____D C:\Users\User\AppData\Local\Flvto Converter
    2013-03-22 04:26 - 2013-03-21 19:32 - 00000000 ____D C:\Users\User\Downloads\Sniper Ghost Warrior 2 PC full game ^^nosTEAM^^
    2013-03-20 18:25 - 2013-03-20 18:18 - 00000000 ____D C:\Users\User\AppData\Local\SniperV2
    2013-03-20 18:17 - 2013-03-20 18:17 - 00000000 ____D C:\Users\User\Documents\ALI213
    2013-03-20 18:12 - 2012-06-01 06:53 - 00000000 ____D C:\Users\User\AppData\Local\Facebook
    2013-03-20 17:46 - 2013-03-20 16:24 - 00000000 ____D C:\Users\User\Downloads\Sniper Elite V2 full game singleplayer ^^nosTEAM^^
    2013-03-20 16:26 - 2012-04-23 19:37 - 00000000 ____D C:\Users\User\AppData\Local\Deployment
    2013-03-20 16:25 - 2013-03-03 21:32 - 00000000 ____D C:\Ubisoft
    2013-03-20 16:22 - 2013-03-20 16:15 - 55067517 ____A C:\Users\User\Downloads\SniperElite-V2_nosTEAM.zip
    2013-03-18 15:16 - 2012-03-17 15:10 - 00000000 ____D C:\Users\User\AppData\Local\Akamai
    2013-03-17 10:16 - 2013-03-17 10:07 - 1164334672 ____A C:\Users\User\Downloads\Dissidia_Final_Fantasy_USA_PSP-iND.rar
    2013-03-17 09:56 - 2013-03-17 09:56 - 07612586 ____A C:\Users\User\Downloads\pcsp_v0.5.4.zip
    2013-03-12 18:14 - 2012-07-13 13:03 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-03-12 18:14 - 2011-11-12 13:35 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-03-12 04:35 - 2013-03-12 04:34 - 25597240 ____A C:\Users\User\Downloads\surgeonsimulator2013_win.zip
    2013-03-08 17:56 - 2012-06-28 13:16 - 00000000 ____D C:\Users\User\AppData\Local\ArmA 2 OA
    2013-03-06 16:00 - 2013-03-06 16:00 - 00000192 ____A C:\Users\User\Desktop\MapleStory.url
    2013-03-06 14:14 - 2013-03-04 05:29 - 00281120 ____A C:\Windows\SysWOW64\PnkBstrB.exe
    2013-03-06 14:14 - 2012-10-07 16:57 - 00281120 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
    2013-03-06 14:05 - 2012-06-11 19:54 - 00000000 ____D C:\ProgramData\MFAData
    2013-03-06 14:04 - 2012-06-11 20:00 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
    2013-03-05 21:04 - 2013-03-04 05:29 - 00281120 ____A C:\Windows\SysWOW64\PnkBstrB.ex0


    ZeroAccess:
    C:\Windows\Installer\{902e054a-8785-7869-ec94-c7353ca98b18}
    C:\Windows\Installer\{902e054a-8785-7869-ec94-c7353ca98b18}\@
    C:\Windows\Installer\{902e054a-8785-7869-ec94-c7353ca98b18}\L
    C:\Windows\Installer\{902e054a-8785-7869-ec94-c7353ca98b18}\U
    C:\Windows\Installer\{902e054a-8785-7869-ec94-c7353ca98b18}\U\00000001.@
    C:\Windows\Installer\{902e054a-8785-7869-ec94-c7353ca98b18}\U\80000000.@
    C:\Windows\Installer\{902e054a-8785-7869-ec94-c7353ca98b18}\U\800000cb.@

    ZeroAccess:
    C:\Users\User\AppData\Local\{902e054a-8785-7869-ec94-c7353ca98b18}
    C:\Users\User\AppData\Local\{902e054a-8785-7869-ec94-c7353ca98b18}\@
    C:\Users\User\AppData\Local\{902e054a-8785-7869-ec94-c7353ca98b18}\L
    C:\Users\User\AppData\Local\{902e054a-8785-7869-ec94-c7353ca98b18}\U

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2013-03-31 17:54:02

    ==================== Memory info ===========================

    Percentage of memory in use: 14%
    Total physical RAM: 3957.85 MB
    Available physical RAM: 3367.87 MB
    Total Pagefile: 3956 MB
    Available Pagefile: 3361.79 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:149.05 GB) (Free:42.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    3 Drive e: (PENDRIVE) (Removable) (Total:1.82 GB) (Free:1.64 GB) FAT32
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 149 GB 0 B
    Disk 1 Online 1876 MB 0 B

    Partitions of Disk 0:
    ===============

    Disk ID: 7DA83F58

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 149 GB 1024 KB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 149 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Disk ID: 00000000

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1875 MB 68 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 E PENDRIVE FAT32 Removable 1875 MB Healthy

    =========================================================
    ============================== MBR Partition Table ==================

    ==============================
    Partitions of Disk 0:
    ===============
    Disk ID: 7DA83F58

    Partition 1:
    =========
    Hex: 8020210007FEFFFF000800000088A112
    Active: YES
    Type: 07 (NTFS)
    Size: 149 GB

    ==============================
    Partitions of Disk 1:
    ===============
    Disk ID: 00000000

    Partition 1:
    =========
    Hex: 80020C000C38F8B889000000779F3A00
    Active: YES
    Type: 0C
    Size: 2 GB


    Last Boot: 2013-03-26 16:33

    ==================== End Of Log =============================

    Farbar Recovery Scan Tool (x64) Version: 13-03-2013
    Ran by SYSTEM at 2013-04-04 21:48:23
    Running from E:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
     
  2. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    See if you can start your computer normally.

    If so...

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
     

    Attached Files:

  3. abcchoier

    abcchoier TS Rookie Topic Starter

    Computer started normally after the fix
    Here is the fixlog

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013
    Ran by SYSTEM at 2013-04-05 11:37:57 Run:1
    Running from E:\

    ==============================================

    C:\Windows\Installer\{902e054a-8785-7869-ec94-c7353ca98b18} moved successfully.
    C:\Users\User\AppData\Local\{902e054a-8785-7869-ec94-c7353ca98b18} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  4. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Good :)

    Go on....
     
  5. abcchoier

    abcchoier TS Rookie Topic Starter

    MBAM didn't detect anything so no log
    I attached the log from DDS here
     

    Attached Files:

  6. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Please observe forum rules.
    All logs have to be pasted not attached.
     
  7. abcchoier

    abcchoier TS Rookie Topic Starter

    My bad

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/4/2011 11:38:33 PM
    System Uptime: 4/5/2013 11:38:47 AM (3 hours ago)
    .
    Motherboard: Dell Inc. | | 0K42JR
    Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz | CPU 1 | 1176/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 42.785 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: ACPI\SMO8800\1
    Manufacturer:
    Name:
    PNP Device ID: ACPI\SMO8800\1
    Service:
    .
    Class GUID:
    Description: Broadcom USH
    Device ID: USB\VID_0A5C&PID_5800&MI_00\7&66DE6C9&0&0000
    Manufacturer:
    Name: Broadcom USH
    PNP Device ID: USB\VID_0A5C&PID_5800&MI_00\7&66DE6C9&0&0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP111: 3/31/2013 8:53:13 PM - Scheduled Checkpoint
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 69.10.57.36 www.google-analytics.com.
    Hosts: 69.10.57.36 ad-emea.doubleclick.net.
    Hosts: 69.10.57.36 www.statcounter.com.
    Hosts: 108.163.215.51 www.google-analytics.com.
    Hosts: 108.163.215.51 ad-emea.doubleclick.net.
    Hosts: 108.163.215.51 www.statcounter.com.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Help Manager
    Adobe Reader X (10.1.2)
    Akamai NetSession Interface
    AVG 2012
    BattlEye for OA Uninstall
    BattlEye Uninstall
    BitTorrent
    DayZ Commander
    DefaultTab Chrome
    Dell Touchpad
    Flvto Youtube Downloader
    Google Chrome
    Google Toolbar for Internet Explorer
    Intel PROSet Wireless
    Intel(R) PROSet/Wireless WiFi Software
    Java Auto Updater
    Java(TM) 6 Update 30
    Java(TM) 7 Update 5
    JavaFX 2.1.1
    LogMeIn Hamachi
    Malwarebytes Anti-Malware version 1.70.0.1100
    MapleStory
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Chart Controls for Microsoft .NET Framework 3.5
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XNA Framework Redistributable 4.0
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Nexon Game Manager
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    Pando Media Booster
    PunkBuster Services
    PVSonyDll
    Skype™ 6.1
    Steam
    Terraria
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
    VirtualCloneDrive
    Visual Studio 2008 x64 Redistributables
    WinRAR 4.01 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/5/2013 11:42:02 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    4/5/2013 11:42:02 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    4/5/2013 11:40:08 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    4/5/2013 11:40:07 AM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).
    4/5/2013 11:39:32 AM, Error: Service Control Manager [7000] - The vToolbarUpdater14.2.0 service failed to start due to the following error: The system cannot find the file specified.
    4/4/2013 8:34:54 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
    4/4/2013 8:34:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache ElbyCDIO spldr Wanarpv6
    4/4/2013 8:34:46 PM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    4/4/2013 8:04:15 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    4/4/2013 8:04:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    4/4/2013 8:04:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    4/4/2013 8:04:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    4/4/2013 8:04:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    4/4/2013 8:04:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    4/4/2013 8:03:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    4/4/2013 8:03:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia CSC DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    4/4/2013 8:03:34 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    4/4/2013 8:03:34 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    4/4/2013 8:03:34 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    4/4/2013 8:03:34 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    4/4/2013 8:03:34 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    4/4/2013 8:03:34 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    4/4/2013 8:03:34 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    4/4/2013 8:03:34 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    4/4/2013 8:03:34 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    4/4/2013 7:35:51 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
    4/4/2013 7:35:42 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    .
    ==== End Of File ===========================

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7600.17006 BrowserJavaVersion: 10.5.1
    Run by User at 11:54:55 on 2013-04-05
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3958.1845 [GMT -5:00]
    .
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Program Files (x86)\AVG\AVG2012\avgui.exe
    C:\Program Files (x86)\AVG\AVG2012\avgscana.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uProxyOverride = <local>
    uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
    uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
    uRun: [Akamai NetSession Interface] "C:\Users\User\AppData\Local\Akamai\netsession_win.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: Interfaces\{68ACABDA-872D-45E1-B116-09EA145E2DB8} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{F71E71C6-C81B-4FEC-8C95-B43BA47D36EE} : DHCPNameServer = 10.97.240.125
    TCP: Interfaces\{F71E71C6-C81B-4FEC-8C95-B43BA47D36EE}\C435242414 : DHCPNameServer = 192.168.0.1 68.94.156.1
    TCP: Interfaces\{F71E71C6-C81B-4FEC-8C95-B43BA47D36EE}\E474559554E4 : DHCPNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
    x64-Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
    x64-Run: [nwiz] nwiz.exe /installquiet
    x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start
    x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
    x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 69.10.57.36 www.google-analytics.com.
    Hosts: 69.10.57.36 ad-emea.doubleclick.net.
    Hosts: 69.10.57.36 www.statcounter.com.
    Hosts: 108.163.215.51 www.google-analytics.com.
    Hosts: 108.163.215.51 ad-emea.doubleclick.net.
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 39768]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2009-11-6 293552]
    .
    =============== Created Last 30 ================
    .
    2013-04-05 04:51:07--------d-----w-C:\FRST
    2013-04-05 01:05:32--------d-----w-C:\Users\User\AppData\Local\Programs
    2013-04-05 01:05:05--------d-----w-C:\Windows\pss
    2013-03-30 17:30:15--------d--h--w-C:\Windows\msdownld.tmp
    2013-03-30 17:29:57--------d-----w-C:\Windows\SysWow64\directx
    2013-03-24 23:45:46--------d-----w-C:\Program Files (x86)\Microsoft XNA
    2013-03-24 19:00:53--------d-----w-C:\Program Files (x86)\Terraria
    2013-03-23 02:21:00--------d-----w-C:\Users\User\AppData\Local\FlvtoYoutubeDownloader
    2013-03-23 02:20:13--------d-----w-C:\Users\User\AppData\Local\Flvto Youtube Downloader
    2013-03-21 02:18:46--------d-----w-C:\Users\User\AppData\Local\SniperV2
    .
    ==================== Find3M ====================
    .
    2013-03-13 02:14:3873432----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-03-13 02:14:38693976----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-03-06 22:14:38281120----a-w-C:\Windows\SysWow64\PnkBstrB.xtr
    2013-03-06 22:14:38281120----a-w-C:\Windows\SysWow64\PnkBstrB.exe
    2013-03-06 05:04:02281120----a-w-C:\Windows\SysWow64\PnkBstrB.ex0
    2013-03-04 13:29:1676888----a-w-C:\Windows\SysWow64\PnkBstrA.exe
    2013-02-19 06:02:3339768----a-w-C:\Windows\System32\drivers\avgtpx64.sys
    .
    ============= FINISH: 14:18:17.44 ===============
     
  8. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    [​IMG] Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  9. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Still with me?
     
  10. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.