Computer freezes and mouse cursor disappears

[sreenath830]

Hello, 

 

 I am experiencing a problem in which my computer will freeze after approx 5-10 min after startup.  The mouse cursor also disappears, and the only thing that resolves it is a hard reboot.  I have run AVG anti-virus, which came back clean.  I have also run hijackthis.  I will include the logfile along with a strange error message that was not previously seen.  I set the program to 'run as administrator' but I still get the same strange pop-up box.  The computer does not freeze in safe mode, which is how I was able to run the AVG search.

 

I am not sure if this is malware related or not, but any suggestions/help is greatly appreciated.  I am running Windows 7 home premium 64 bit on a Sony Vaio laptop.  Thanks in advance!

hijackthis.log

[Maniac]

Hello sreenath830 and ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

The best would be generated in regular mode, but in a pinch these tools can be applied in Safe mode with Networking.

[sreenath830]

Hello Borislav, thanks for the reply.  Please see below for my DDS and Attach text files.  Please get back to me at your convenience, take care.

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 8.0.7600.17267

Run by Sudheer at 9:30:36 on 2013-07-20

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3758.2049 [GMT -4:00]

.

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe

C:\Windows\SysWOW64\NLSSRV32.EXE

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\Ad Muncher\AdMunch.exe

C:\Program Files (x86)\Ad Muncher\AdMunch64.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Program Files\Apoint\Apntex.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun: [Ad Muncher] "C:\Program Files (x86)\Ad Muncher\AdMunch.exe" /bt

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{5044057D-BB71-4A9E-B32E-2C40FF4A3451} : DHCPNameServer = 69.78.96.14 66.174.95.44

TCP: Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} : DHCPNameServer = 65.32.5.111 65.32.5.112

TCP: Interfaces\{CCC8C88D-A422-4FA0-ACCA-01CE35144DA7} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{CCC8C88D-A422-4FA0-ACCA-01CE35144DA7}\2656C6B696E6E2330316 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{CCC8C88D-A422-4FA0-ACCA-01CE35144DA7}\2656C6B696E6E2933663 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{CCC8C88D-A422-4FA0-ACCA-01CE35144DA7}\34443484F4D454 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{CCC8C88D-A422-4FA0-ACCA-01CE35144DA7}\455616D62516D625F646 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{CCC8C88D-A422-4FA0-ACCA-01CE35144DA7}\C696E6B6379737 : DHCPNameServer = 65.32.5.111 65.32.5.112

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 

x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe

x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-12 13336]

R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-4-2 204296]

R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-4-2 69640]

R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2010-7-29 14112]

R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2010-7-12 94208]

R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2010-7-12 78848]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-29 2320920]

R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-7-29 575856]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-6-4 56344]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-7-12 158976]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-7-12 271872]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-1 12032]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-7-12 402720]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-20 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

S3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-4-16 39832]

.

=============== Created Last 30 ================

.

2013-07-19 18:17:24 -------- d-----w- C:\Users\Sudheer\AppData\Roaming\AVG

2013-07-19 18:16:45 -------- d-----w- C:\ProgramData\AVG

2013-07-19 18:16:33 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}

2013-07-19 15:33:51 -------- d-----w- C:\Users\Sudheer\AppData\Roaming\AVG2013

2013-07-19 15:33:05 -------- d-----w- C:\Users\Sudheer\AppData\Roaming\TuneUp Software

2013-07-19 15:32:37 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{19BA2A8E-8D1C-41A3-82A6-4455334F6134}\mpengine.dll

2013-07-19 15:32:24 -------- d--h--w- C:\$AVG

2013-07-19 15:32:22 -------- d-----w- C:\ProgramData\AVG2013

2013-07-19 15:31:43 -------- d-----w- C:\Program Files (x86)\AVG

2013-07-19 15:27:29 -------- d--h--w- C:\ProgramData\Common Files

2013-07-19 15:27:29 -------- d-----w- C:\Users\Sudheer\AppData\Local\MFAData

2013-07-19 15:27:29 -------- d-----w- C:\Users\Sudheer\AppData\Local\Avg2013

2013-07-19 15:27:29 -------- d-----w- C:\ProgramData\MFAData

2013-07-19 07:01:43 -------- d-----w- C:\Windows\System32\MRT

.

==================== Find3M  ====================

.

2013-06-11 21:34:23 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-11 21:34:23 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

.

============= FINISH:  9:32:19.78 ===============

 

 

Attach.txt

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume2

Install Date: 12/17/2010 4:33:14 PM

System Uptime: 7/20/2013 9:24:42 AM (0 hours ago)

.

Motherboard: Sony Corporation |  | VAIO

Processor: Intel® Core i3 CPU       M 370  @ 2.40GHz | N/A | 1991/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 455 GiB total, 176.707 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: 

Description: 

Device ID: ROOT\SYSTEM\0001

Manufacturer: 

Name: 

PNP Device ID: ROOT\SYSTEM\0001

Service: 

.

==== System Restore Points ===================

.

RP373: 6/25/2013 6:14:18 AM - Windows Update

RP374: 6/28/2013 9:16:25 AM - Windows Update

RP375: 7/2/2013 6:11:49 AM - Windows Update

RP376: 7/5/2013 1:58:50 PM - Windows Update

RP377: 7/9/2013 3:53:19 PM - Windows Update

RP378: 7/10/2013 6:11:50 AM - Windows Update

RP379: 7/16/2013 6:33:34 AM - Windows Update

RP380: 7/19/2013 3:00:52 AM - Windows Update

RP381: 7/19/2013 11:00:00 AM - Restore Operation

RP382: 7/19/2013 11:15:37 AM - Removed Microsoft Silverlight

RP383: 7/19/2013 11:31:19 AM - Installed AVG 2013

RP384: 7/19/2013 11:31:55 AM - Installed AVG 2013

RP385: 7/19/2013 2:16:55 PM - Installed AVG PC TuneUp

RP386: 7/19/2013 5:36:32 PM - Removed AVG PC TuneUp

RP387: 7/19/2013 5:37:45 PM - Removed AVG PC TuneUp Language Pack (en-US)

RP388: 7/19/2013 5:41:53 PM - Windows Update

.

==== Installed Programs ======================

.

µTorrent

Ad Muncher v4.93.33707

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Alps Pointing-device for VAIO

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft WebCam Companion 3

AVG 2013

Belkin Setup and Router Monitor

Bonjour

CarbonPoker

CCleaner

Citrix Presentation Server Client - Web Only

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

eReg

Foxit Reader

Google Chrome

Google Talk Plugin

Google Update Helper

HiJackThis

HP Deskjet 3050 J610 series Basic Device Software

Intel PROSet Wireless

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® PROSet/Wireless WiFi Software

Intel® Rapid Storage Technology

Intel® Turbo Boost Technology Driver

iTunes

Java Auto Updater

Java 6 Update 33

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft IntelliPoint 8.2

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft SQL Server Compact 3.5 SP1 English

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft_VC80_CRT_x86

Microsoft_VC90_CRT_x86

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

MSXML 4.0 SP3 Parser (KB973685)

Nitro Pro 7

PlayReady PC Runtime amd64

QuickTime

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Skype™ 6.6

SmartWi Connection Utility

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

VAIO Hardware Diagnostics

Visual Studio 2010 x64 Redistributables

VLC media player 1.1.5

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

7/19/2013 3:30:01 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service TuneUp.UtilitiesSvc with arguments "" in order to run the server: {5EF1CF5D-87A9-434B-8786-2A08E1C30F6C}

7/19/2013 2:23:31 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.

7/19/2013 2:23:30 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/19/2013 2:23:30 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

7/19/2013 2:23:30 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

7/19/2013 2:23:30 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

7/19/2013 2:23:29 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/19/2013 2:23:23 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

7/19/2013 2:23:02 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AVGIDSDriver Avgldx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

7/19/2013 2:23:02 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

7/19/2013 2:23:02 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.

7/19/2013 2:23:02 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.

7/19/2013 2:23:02 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.

7/19/2013 2:23:02 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.

7/19/2013 2:23:02 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.

7/19/2013 2:23:02 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

7/19/2013 2:23:02 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

7/19/2013 2:23:02 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.

7/19/2013 2:23:02 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.

7/19/2013 2:23:02 PM, Error: Service Control Manager [7001]  - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:  A device attached to the system is not functioning.

7/19/2013 11:20:20 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

7/19/2013 11:19:24 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

7/19/2013 11:05:30 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10003]  - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

.

==== End Of File ===========================

[Maniac]

Step 1

Please uninstall this application: µTorrent . Also, I recommend you to uninstall Ad Muncher v4.93.33707, because causes conflicts with Outlook, game sites and web-building applications. About your browser adverts, pop-ups and general annoyances is much more better Adblock add-on. Take a look at more details here:

https://adblockplus.org

Step 2

• Launch Malwarebytes' Anti-Malware
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

• Download on the desktop RogueKiller
• Quit all programs
• Start RogueKiller.exe
• Wait until Prescan has finished ...
• Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
• RogueKiller log

[sreenath830]

Hello Borislav, please see below for my MBAM log and RK log.  I deleted uTorrent, but have not yet deleted AdMuncher as I have paid for the service.  If you feel it could be hindering my ability to remove malware, please let me know and I will uninstall that as well.

 

MBAM log

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.07.21.01

 

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Sudheer :: VAIO [administrator]

 

7/20/2013 9:37:37 PM

mbam-log-2013-07-20 (21-37-37).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 239538

Time elapsed: 6 minute(s), 27 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 1

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 1

C:\Users\Sudheer\Downloads\wirelesskeyview.zip (PUP.WirelessKeyView) -> Quarantined and deleted successfully.

 

(end)

 

RogueKiller log

 

RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : Sudheer [Admin rights]

Mode : Scan -- Date : 07/20/2013 21:49:38

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: WDC WD5000BEVT-26A0RT0 +++++

--- User ---

[MBR] bf5246656e16f979776f928b4184e239

[bSP] 8958e865ef95e83f24601c898da4e735 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10743 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 22003712 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 22208512 | Size: 466095 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_07202013_214938.txt >>

[Maniac]

but have not yet deleted AdMuncher as I have paid for the service. If you feel it could be hindering my ability to remove malware, please let me know and I will uninstall that as well.

No, not at all. Sorry about that!

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[sreenath830]

Hello Borislav, here is my Combofix log file.  Thanks again!

 

ComboFix 13-07-20.03 - Sudheer 07/21/2013  12:07:40.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3758.2079 [GMT -4:00]

Running from: c:\users\Sudheer\Downloads\ComboFix.exe

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((   Files Created from 2013-06-21 to 2013-07-21  )))))))))))))))))))))))))))))))

.

.

2013-07-21 16:12 . 2013-07-21 16:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-07-21 16:12 . 2013-07-21 16:12 -------- d-----w- c:\users\boinc_master\AppData\Local\temp

2013-07-21 01:32 . 2013-07-21 01:32 -------- d-----w- c:\users\Sudheer\AppData\Roaming\Malwarebytes

2013-07-21 01:31 . 2013-07-21 01:31 -------- d-----w- c:\programdata\Malwarebytes

2013-07-21 01:31 . 2013-07-21 01:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-07-21 01:31 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-07-19 18:17 . 2013-07-19 18:17 -------- d-----w- c:\users\Sudheer\AppData\Roaming\AVG

2013-07-19 18:16 . 2013-07-19 18:18 -------- d-----w- c:\programdata\AVG

2013-07-19 18:16 . 2013-07-19 18:16 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}

2013-07-19 15:33 . 2013-07-19 15:33 -------- d-----w- c:\users\Sudheer\AppData\Roaming\TuneUp Software

2013-07-19 15:32 . 2013-07-15 07:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{19BA2A8E-8D1C-41A3-82A6-4455334F6134}\mpengine.dll

2013-07-19 15:32 . 2013-07-19 15:32 -------- d-----w- C:\$AVG

2013-07-19 15:31 . 2013-07-19 21:37 -------- d-----w- c:\program files (x86)\AVG

2013-07-19 15:27 . 2013-07-21 01:41 -------- d-----w- c:\programdata\MFAData

2013-07-19 15:27 . 2013-07-19 18:24 -------- d-----w- c:\users\Sudheer\AppData\Local\Avg2013

2013-07-19 15:27 . 2013-07-19 15:27 -------- d--h--w- c:\programdata\Common Files

2013-07-19 15:27 . 2013-07-19 15:27 -------- d-----w- c:\users\Sudheer\AppData\Local\MFAData

2013-07-19 07:01 . 2013-07-19 21:43 -------- d-----w- c:\windows\system32\MRT

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-24 04:57 . 2010-12-20 19:54 78277128 ----a-w- c:\windows\system32\MRT.exe

2013-06-11 21:34 . 2012-07-14 00:08 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-11 21:34 . 2012-07-14 00:08 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-17 20:14 . 2013-05-17 20:14 61440 ----a-r- c:\users\Sudheer\AppData\Roaming\Microsoft\Installer\{E9459BCF-0982-498B-ABA7-26C34323493F}\pncico.exe.C76E2E86_AE54_4AF5_997C_63EBB83C7651.exe

2013-05-17 20:14 . 2013-05-17 20:14 61440 ----a-r- c:\users\Sudheer\AppData\Roaming\Microsoft\Installer\{E9459BCF-0982-498B-ABA7-26C34323493F}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe

2013-05-17 20:14 . 2013-05-17 20:14 61440 ----a-r- c:\users\Sudheer\AppData\Roaming\Microsoft\Installer\{E9459BCF-0982-498B-ABA7-26C34323493F}\ARPICON.exe

2013-05-17 20:14 . 2013-05-17 20:14 49152 ----a-r- c:\users\Sudheer\AppData\Roaming\Microsoft\Installer\{E9459BCF-0982-498B-ABA7-26C34323493F}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe

2013-05-02 06:06 . 2010-12-17 21:52 278800 ------w- c:\windows\system32\MpSigStub.exe

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]

"Ad Muncher"="c:\program files (x86)\Ad Muncher\AdMunch.exe" [2012-07-20 595144]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe"

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

.

3;2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [x]

S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]

S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]

S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]

S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-07-13 00:06 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 21:34]

.

2013-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 02:11]

.

2013-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 02:11]

.

2013-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2016206624-836959785-3345992756-1006Core.job

- c:\users\Sudheer\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-21 19:44]

.

2013-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2016206624-836959785-3345992756-1006UA.job

- c:\users\Sudheer\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-21 19:44]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-24 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-24 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-24 413208]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-07-21  12:15:15

ComboFix-quarantined-files.txt  2013-07-21 16:15

.

Pre-Run: 190,401,347,584 bytes free

Post-Run: 189,903,691,776 bytes free

.

- - End Of File - - 417C10E05B9AB8B3014194ED1EC22388

D41D8CD98F00B204E9800998ECF8427E

[Maniac]

Step 1

Add Malwarebytes' Anti-Malware to the exclusions of AVG.

http://forums.malwarebytes.org/index.php?showtopic=10138&page=1entry167851

Step 2

Please scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.

  ESET OnlineScan

• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

    Save it to your Desktop.

  • Double click on the to download the ESET Smart Installer. icon on your Desktop.
• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Under Scan Settings, check "Scan Archives" and "Remove found threats"
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.

[sreenath830]

Hello Borislav, 

 

 These 2 files did not exist when I attempted to exclude MBAM from AVG.  I excluded all other instructed folders and files.  Please see next post for ESETScan report.  I will download the program and post results shortly.  Thank you.  

 

• C:\Windows\System32\drivers\mbam.sys
   
• C:\Windows\System32\drivers\mbamswissarmy.sys

[sreenath830]

When I try to run ESET online scanner, I get to step 2 of 4 (initialization) and I get an error message stating "Can not get update. Is proxy configured?"

 

Please advise.  Thank you.  The computer is still freezing repeatedly, and seemingly is occuring quicker after startup.  Thanks again Borislav.

[Maniac]

Try this one:

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

[sreenath830]

Borislav,

 

 There were NO THREATS DETECTED using the Kaspersky virus removal tool.  I had to run the program in safe mode since the scan took nearly 3 hours and my comp would freeze in standard mode.

[Maniac]

How are things now?

[sreenath830]

Still freezes every time without fail when I startup in normal mode.  Does not freeze in safe mode.

[Maniac]

Please completely get rid of AVG 2013 at least temporarily.

http://www.avg.com/ww-en/faq.num-5172

Reboot and check how is the situation again. Let me know.

[sreenath830]

Borislav, 

 

 I can say tentatively that the problem is resolved!  The computer has now been on for approx 30 min without freezing, something that has not occurred since this problem started.  I will follow up with you regardless within 24 hours, or earlier if the issue returns.  Not exactly sure what the issue was or if it is permanently resolved, but thanks for all your help.  

[sreenath830]

Unfortunately a new problem (or new appearance to the same problem) has already surfaced.  I now get a blue error screen and windows crash.  I am copying the error report below this message.  Thank you.

 

Problem signature:

  Problem Event Name: BlueScreen

  OS Version: 6.1.7600.2.0.0.768.3

  Locale ID: 1033

 

Additional information about the problem:

  BCCode: d1

  BCP1: 0000000000000000

  BCP2: 0000000000000002

  BCP3: 0000000000000000

  BCP4: FFFFF8800581E075

  OS Version: 6_1_7600

  Service Pack: 0_0

  Product: 768_1

 

Files that help describe the problem:

  C:\Windows\Minidump\072213-43571-01.dmp

  C:\Users\Sudheer\AppData\Local\Temp\WER-67829-0.sysdata.xml

 

Read our privacy statement online:

  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

 

If the online privacy statement is not available, please read our privacy statement offline:

  C:\Windows\system32\en-US\erofflps.txt

[Maniac]

Your first problem was not malware related, your second too. My mission is to clean your system from malware.

About your second problem:

http://answers.microsoft.com/en-us/windows/forum/windows_7-system/blue-screen-error-irqlnotlessorequal-0x000000d1/225d7b5b-d871-4b56-9b7d-30ed768222e3

[sreenath830]

Thank you for your help

[Maniac]

Glad I could help!

Step 1

• Download OTC to your desktop and run it
• Click Yes to beginning the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Step 2

Please uninstall ESET Online Scanner and manually delete Kaspersky AVP

Step 3

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing!

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!