Laptop freezing

[Parkymo]

Hello,

 

I originally posted my problem on the help forum where they gave me some advice which included posting my problem here. It was also suggested that I download mbam-check.log and DDS and attach the resulting logs here. I have copy/pasted my original post text below.

 

I don't know whether this is malware related or not, but my Dell L501 XPS laptop keeps freezing. It has been doing it for some time now and is getting to the point that it has difficulty booting up at all. Quite often after a freeze and restart, it will run chkdsk before booting, do a lot of deleting files and recovering of orphaned files, and then attempt to reboot, often freezing before completing or shortly afterwards.

 

I had a SSD fitted about three months ago when I kept getting messages that my hard disk was in imminent danger of failure. I noticed it froze a few times before changing disk and thought this was a symptom of the hard disk's malady. The SSD was cloned from the HD. The freezing problem has got progressively worse.

 

I ran Diagnostics and it appeared to pass all tests without any problems. 

 

I don't think it is the SSD, as the freezing issue predates its installation. Could it be related to any other hardware on the computer?

 

I downloaded and ran Malwarebytes Anti Malware short scan and it found four PUPs which I deleted, but the freezing continues.

 

I am running Microsoft Security Essentials and not running Avast, although it still seems to be in my system despite my best efforts to remove it. Any ideas on that?

 

The mbam and DDS reports are attached.

 

Any help will be greatly appreciated.

CheckResults.txt

dds.txt

attach.txt

[Maniac]

Hello Parkymo! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

Please follow the instructions here to take care for the rest of Avast remnants:

http://www.avast.com/uninstall-utility

Step 3

Please uninstall the following applications:

µTorrent

Search Results Toolbar

uTorrentControl Toolbar

ZoneAlarm LTD Toolbar

ZoneAlarm Security Toolbar

Step 4

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 5

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[s1].txt as well.

Step 6

• Launch Malwarebytes' Anti-Malware
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 7

• Download on the desktop RogueKiller
• Quit all programs
• Start RogueKiller.exe
• Wait until Prescan has finished ...
• Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

• Junkware Removal Tool log
• AdwCleaner log
• Malwarebytes' Anti-Malware log
• RogueKiller log

[Parkymo]

Hi Borislav,

 

Thanks for responding so promptly.

 

I have reached step 3, removed µTorrent and Search Results Toolbar but uTorrentControl Toolbar does not respond to uninstall in Programs and Features nor to the uninstall utility in its' Folder in Program Files. Neither ZoneAlarm LTD Toolbar nor ZoneAlarm Security Toolbar are listed in Programs and Features or All Programs in the Start menu. I have found two Folders in Program Files (x86), one called Check Point Software Technologies LTD and the other CheckPoint. I noticed that the first one, which I suspect is the toolbars folder, as it contains a folder named chrome and one named IE. It also has  an uninstall utility. Should I click on this one to uninstall the toolbars.

 

Looking ahead to Step 6, I downloaded, and ran a Quick Scan on, Malwarebytes' Anti Malware which found 4 PUPs which I deleted. Should I still run another scan?

[Maniac]

Step by step, do not scan with Malwarebytes before you take care for the previous steps.

If they couldn't be uninstalled, proceed with next step. They will take care for the rest.

[Parkymo]

OK, I have pasted all the requested logs below. Still experiencing freezing up to just before running Rogue Killer. 

 

Thanks for your help thus far.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.2.8 (07.29.2013:2)

OS: Windows 7 Home Premium x64

Ran by User on 30/07/2013 at 18:29:44.03

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\escorteng.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\esrv.exe

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\secman.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{4d076ab4-7562-427a-b5d2-bd96e19dee56}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{b12e99ed-69bd-437c-86be-c862b9e5444d}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{66eef543-a9ac-4a9d-aa3c-1ed148ac8eee}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{826d7151-8d99-434b-8540-082b8c2ae556}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{66eef543-a9ac-4a9d-aa3c-1ed148ac8eee}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{11549fe4-7c5a-4c17-9fc3-56fc5162a994}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{02478d38-c3f9-4efb-9b51-7695eca05670}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthost.tool

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthost.tool.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2504091

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3072254

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{14C1B971-3C34-426D-9207-F278C3FFBD9D}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"

Successfully deleted: [Registry Key] "hkey_current_user\software\pip"

Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\w3i"

Successfully deleted: [Folder] "C:\Users\User\appdata\local\apn"

Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\pricegong"

Successfully deleted: [Folder] "C:\Program Files (x86)\free offers from freeze.com"

Successfully deleted: [Folder] "C:\Program Files (x86)\w3i"

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

 

 

 

~~~ FireFox

 

Successfully deleted: [File] C:\user.js

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 30/07/2013 at 18:39:34.19

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

# AdwCleaner v2.306 - Logfile created 07/30/2013 at 19:15:54

# Updated 19/07/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : User - STALKYB-PC

# Boot Mode : Normal

# Running from : C:\Users\User\Desktop\AdwCleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\APN DTX

Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{94366E2C-9923-431C-B0D6-747447DD0F2B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E9DF9360-97F8-4690-AFE6-996C80790DA4}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5716B037-6714-4930-8DF2-BFCDFB18A78A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94366E2C-9923-431C-B0D6-747447DD0F2B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9DF9360-97F8-4690-AFE6-996C80790DA4}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5716B037-6714-4930-8DF2-BFCDFB18A78A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi

Key Deleted : HKLM\Software\uTorrentControl

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5716B037-6714-4930-8DF2-BFCDFB18A78A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94366E2C-9923-431C-B0D6-747447DD0F2B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E9DF9360-97F8-4690-AFE6-996C80790DA4}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{39CCBBA3-C911-4BD0-BF54-C1C8FF971450}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E7DFF92-3680-40B2-90C3-27779575BBAE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94366E2C-9923-431C-B0D6-747447DD0F2B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9DF9360-97F8-4690-AFE6-996C80790DA4}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E9DF9360-97F8-4690-AFE6-996C80790DA4}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E9DF9360-97F8-4690-AFE6-996C80790DA4}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{E9DF9360-97F8-4690-AFE6-996C80790DA4}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{E9DF9360-97F8-4690-AFE6-996C80790DA4}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v10.0.9200.16635

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v22.0 (en-US)

 

-\\ Google Chrome v28.0.1500.72

 

*************************

 

AdwCleaner[s1].txt - [7299 octets] - [30/07/2013 18:49:48]

AdwCleaner[s2].txt - [6521 octets] - [30/07/2013 19:15:54]

 

########## EOF - C:\AdwCleaner[s2].txt - [6581 octets] ##########

 

                                                                         

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.07.30.09

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16635

User :: STALKYB-PC [administrator]

 

30/07/2013 22:09:12

mbam-log-2013-07-30 (22-09-12).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 224716

Time elapsed: 3 minute(s), 5 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

                                                                                                                          

 

 

                                                                                                                       

 

RogueKiller V8.6.4 _x64_ [Jul 29 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : User [Admin rights]

Mode : Scan -- Date : 07/30/2013 23:32:19

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 4 ¤¤¤

[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

                                                                                                                        

 

RogueKiller V8.6.4 _x64_ [Jul 29 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : User [Admin rights]

Mode : Remove -- Date : 07/30/2013 23:32:54

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 4 ¤¤¤

[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED

[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

[Maniac]

Why did you fixed those items found by RogueKiller without my instructions?

[Parkymo]

My mistake. Is it a problem?

[Maniac]

Two of them are legitimates, they are not a problem at all. Follow my instructions strictly.

Please scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.

  ESET OnlineScan

• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

    Save it to your Desktop.

  • Double click on the to download the ESET Smart Installer. icon on your Desktop.
• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Under Scan Settings, check "Scan Archives" and "Remove found threats"
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.

[Parkymo]

ESET detected that I am running two anti-virus applications, Avast and Zone Alarm. I have disabled Zone Alarm but Avast should have been removed via Step 2 in your original post which I did download and run.

 

The ESET log file is pasted below.

 

                                                                                                                                                                                                                                                   

 

C:\Program Files (x86)\PDFCreator\message.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined

C:\Users\User\AppData\Local\Temp\AskPIP_FF_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined

C:\Users\User\AppData\Local\Temp\AstroburnLite161-0168.exe Win32/OpenCandy application cleaned by deleting - quarantined

C:\Users\User\AppData\Local\Temp\AstroburnLite170-0175.exe Win32/OpenCandy application cleaned by deleting - quarantined

C:\Users\User\AppData\Local\Temp\DTLite4454-0314.exe Win32/OpenCandy application cleaned by deleting - quarantined

C:\Users\User\AppData\Local\Temp\FFSetup3.0.1.zip multiple threats deleted - quarantined

C:\Users\User\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll a variant of Win32/Bunndle application cleaned by deleting - quarantined

C:\Users\User\AppData\Local\Temp\is1988980107\wajam_download.exe Win32/Wajam.C application cleaned by deleting - quarantined

C:\Users\User\AppData\Local\Temp\Temp1_FFSetup3.0.1.zip\FFSetup3.0.1.exe multiple threats cleaned by deleting - quarantined

C:\Users\User\Downloads\cbsidlm-tr1_7-Fax_Machine-ORG2-10060894.exe Win32/DownloadAdmin.D application cleaned by deleting - quarantined

C:\Users\User\Downloads\DTLite4453-0297.exe Win32/OpenCandy application cleaned by deleting - quarantined

C:\Users\User\Downloads\iLividSetup.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined

C:\Users\User\Downloads\InstallFreeRARExtractFrog.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

C:\Users\User\Downloads\oi_faxfromyourpc_setupmsi (1).exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined

C:\Users\User\Downloads\oi_faxfromyourpc_setupmsi.exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined

C:\Users\User\Downloads\PowerISO.exe MSIL/Solimba application cleaned by deleting - quarantined

C:\Users\User\Recovered Data\Tani\My Documents\Downloads\asc-setup(1).exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined

C:\Users\User\Recovered Data\Tani\My Documents\Downloads\asc-setup(2).exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined

C:\Users\User\Recovered Data\Tani\My Documents\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined

C:\Users\User\Recovered Data\Tani\My Documents\Downloads\avc-free.exe Win32/OpenCandy application cleaned by deleting - quarantined

[Maniac]

Good!

One last scan:

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

[Parkymo]

I downloaded and ran Kaspersky Virus Removal Tool. It detected no threats. I had to run it twice because my laptop froze partway through the first scan. Although it is running better than before we started these processes, the problem with freezing still exists.

[Maniac]

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
• Please copy/paste the contents or attach that log file to your next reply.
• If needed the file can be located here: C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

[Parkymo]

Okay, ComboFix.txt attached.

 

Thanks for your continuing support.

ComboFix.txt

[Maniac]

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

SecCenter::

AV: avast! Antivirus *Disabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[Parkymo]

Okay, CF log attached

ComboFix.txt

[Maniac]

Any progress?

[Parkymo]

Laptop  performs a lot faster. Just had a freeze, but battery got hot due to laptop being on soft surface. Could this make a freeze happen?

[Maniac]

That's strange.

Okay, let's try the following: Please boot into Safe mode and monitor your system for freezing. If the problem here still persist, so the problem is due to malware or any program.

http://windows.microsoft.com/en-US/windows/start-computer-safe-mode#start-computer-safe-mode=windows-7

[Parkymo]

It took me three attempts to boot into Safe mode, as it froze twice after pressing F8. I don't know if this is useful for diagnosis.

 

Is it possible I have been re-infected by visiting sites like You Tube? 

[Maniac]

No, it is not. I don't believe your system is infected and it seems your problem is hardware related.

[Parkymo]

Okay, but the system is faster, more consistent and with far fewer freezes since undertaking the processes you have guided me through, so performance has been improved by removing the PUPs etc that have been found and deleted. 

 

Do you have any thoughts on how I can proceed from this point, bearing in mind that the problem predated installation of the SSD? Which hardware components might be suspect?

[Maniac]

Sorry I couldn't help more than that. My job is to remove malware, I can help with some software, but hardware is completely foreign to me.

[Parkymo]

Well, if you think that is as much as you can do, thank you so much for helping me thus far, the performance of my system is definitely improved.

[Maniac]

Glad I could help!

Step 1

• Download OTC to your desktop and run it
• Click Yes to beginning the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Step 2

• Double click on AdwCleaner.exe to run the tool.
• Click on Uninstall
• Confirm with Yes

Step 3

Please uninstall ESET Online Scanner and manually delete Kaspersky AVP

Step 4

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing!

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!