Jump to content

Mbytes freezes while processing removal


belindaj
 Share

Recommended Posts

Have exactly the same problem as this thread: https://forums.malwarebytes.org/index.php?showtopic=138412&hl=%2Bscorpion+%2Bsaver#entry765860 - My Malwarebytes is current and does find the scorpion saver, conduit, and worse - a zero access rootkit - but when I try to finish the process to do the removals - malwarebytes hangs when it gets to "Level Quality Watcher" (see attached screenshot).

 

I have gone ahead and scanned using RogueKiller as directed in the referenced thread above, and the log is attached.

 

Thanks in advance for your assistance.

post-152975-0-59377400-1387553371_thumb.

RKreport0_S_12202013_091726.txt

Link to post
Share on other sites

  • Replies 74
  • Created
  • Last Reply

Top Posters In This Topic

Hello belindaj and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
One or more of the identified infections is related to a nasty rootkit component which is difficult to remove. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, delete the partition, reformat and reinstall the Operating System.

Please read:

Should you decide not to follow this advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, disinfection will require more time and more advanced tools.

Please let us know how you would like to proceed.

Link to post
Share on other sites

Here is attach.txt

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 6/4/2012 4:11:34 AM
System Uptime: 12/20/2013 9:06:53 AM (25 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | Z77-DS3H
Processor: Intel® Core i5-3570K CPU @ 3.40GHz | Intel® Core i5-3570K CPU @ 3.40GHz | 3801/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 932 GiB total, 314.324 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 298 GiB total, 151.518 GiB free.
F: is Removable
G: is FIXED (NTFS) - 932 GiB total, 395.239 GiB free.
H: is FIXED (NTFS) - 932 GiB total, 339.701 GiB free.
I: is CDROM ()
J: is FIXED (NTFS) - 1863 GiB total, 820.208 GiB free.
K: is FIXED (NTFS) - 1863 GiB total, 211.565 GiB free.
N: is CDROM ()
O: is Removable
P: is Removable
Z: is FIXED (NTFS) - 1863 GiB total, 1562.417 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_50071458&REV_04\3&11583659&0&A0
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_50071458&REV_04\3&11583659&0&A0
Service:
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_1E22&SUBSYS_50011458&REV_04\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_1E22&SUBSYS_50011458&REV_04\3&11583659&0&FB
Service:
.
==== System Restore Points ===================
.
RP559: 11/30/2013 9:49:03 AM - Scheduled Checkpoint
RP560: 12/1/2013 10:12:09 AM - Scheduled Checkpoint
RP561: 12/2/2013 2:33:37 PM - Scheduled Checkpoint
RP562: 12/2/2013 8:23:29 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP563: 12/2/2013 8:24:29 PM - Installed Microsoft Visual C++ 2005 Redistributable (x64)
RP564: 12/2/2013 8:26:02 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
RP565: 12/2/2013 8:28:44 PM - Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048
RP566: 12/2/2013 8:41:14 PM - Installed Nuance PaperPort 14.
RP567: 12/2/2013 8:44:32 PM - Installed Nuance PDF Viewer Plus.
RP568: 12/2/2013 8:47:54 PM - Installed PaperPort Image Printer 64-bit.
RP569: 12/2/2013 8:51:53 PM - Installed Adobe Photoshop Elements 11.
RP570: 12/3/2013 3:00:24 AM - Windows Update
RP571: 12/3/2013 1:27:40 PM - Device Driver Package Install: HP Printers
RP572: 12/3/2013 1:27:54 PM - Device Driver Package Install: Hewlett-Packard Imaging devices
RP573: 12/3/2013 1:29:05 PM - Device Driver Package Install: Hewlett-Packard Universal Serial Bus controllers
RP574: 12/3/2013 1:50:45 PM - Installed HPDiagnosticCoreDll
RP575: 12/3/2013 2:44:29 PM - Windows Update
RP576: 12/4/2013 9:05:11 AM - Scheduled Checkpoint
RP577: 12/5/2013 2:26:38 AM - Scheduled Checkpoint
RP578: 12/6/2013 9:42:52 AM - Scheduled Checkpoint
RP579: 12/7/2013 10:36:06 AM - Scheduled Checkpoint
RP580: 12/8/2013 9:07:09 AM - Scheduled Checkpoint
RP581: 12/9/2013 9:02:44 AM - Scheduled Checkpoint
RP582: 12/9/2013 10:59:09 PM - Scheduled Checkpoint
RP583: 12/10/2013 3:16:47 AM - Windows Update
RP585: 12/10/2013 2:22:03 PM - HP Installation Restore Point
RP586: 12/11/2013 2:19:54 PM - Scheduled Checkpoint
RP587: 12/12/2013 3:00:12 AM - Windows Update
RP588: 12/13/2013 - Scheduled Checkpoint
RP589: 12/14/2013 - Scheduled Checkpoint
RP590: 12/15/2013 - Scheduled Checkpoint
RP591: 12/15/2013 1:54:43 PM - Scheduled Checkpoint
RP592: 12/17/2013 - Scheduled Checkpoint
RP593: 12/17/2013 2:48:54 PM - Windows Update
RP594: 12/18/2013 2:54:25 PM - Restore Operation
RP595: 12/20/2013 10:45:05 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
50 Free Elegant Fonts
7-Zip 4.65
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Photoshop Elements 11
Adobe Photoshop Lightroom 3.6 64-bit
Adobe Photoshop Lightroom 4.1 64-bit
Adobe Reader X (10.1.8)
Amazon Kindle
Apple Application Support
Apple Software Update
Art Explosion Scrapbook Factory Deluxe
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Aura Software Manager 1.0.3
Aura Video Converter Professional 1.6.1
AVG 2013
Bamboo
Bamboo Dock
Canon Easy-PhotoPrint EX
Canon MP Navigator EX 1.0
CCleaner
Coupon Printer for Windows
CyberLink InstantBurn
CyberLink Power2Go 8
CyberLink WaveEditor 2
Dropbox
EasyRotator Wizard
Elements 11 Organizer
FileZilla Client 3.7.3
Google Chrome
Google Drive
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.5.0.1132
Hi-Def Suite
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Photo Creations
HP Photosmart 6520 series Basic Device Software
HP Photosmart 6520 series Help
HP Update
HPDiagnosticCoreDll
Indeo® software
Ipswitch WS_FTP Pro
iSEEK AnswerWorks English Runtime
J-Bots Plus 2004
Jalbum
Java 7 Update 5
Java 7 Update 5 (64-bit)
JavaFX 2.1.1
LabelPrint
LG CyberLink LabelPrint
LG CyberLink PowerDVD
LG CyberLink PowerProducer
LG CyberLink YouCam
LG Power Tools
LightScribe System Software
LightScribe Template Designs - Life Events Pack 1
LightScribe Template Labeler
Malwarebytes Anti-Malware version 1.75.0.1300
Media Lab SiteGrinder 3
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office FrontPage 2003
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works 6-9 Converter
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nitro Pro 8
Nuance PaperPort 14
Nuance PDF Viewer Plus
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA Install Application
NVIDIA PhysX v8.07.18
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
PaperPort Image Printer 64-bit
PDF Settings CS5
PDFlite 0.8
Pinnacle Instant DVD Recorder
Power2Go 5.0
PowerBackup
PowerDVD
PowerProducer
PSE11 STI Installer
Quicken 2013
QuickTime
RedMon - Redirection Port Monitor
Roxio Easy Media Creator 7
Scansoft PDF Professional
ScorpionSaver
ScorpionSaver Services
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Shape Collage
SmartSound Quicktracks Plugin
Sparkle
Spotify
Studio 11
The Big Box of Art Holidays & Events
TomTom HOME 2.8.3.2499
TomTom HOME Visual Studio Merge Modules
Topaz Adjust 5
Topaz Adjust 5 (64-bit)
Topaz B&W Effects
Topaz B&W Effects (64-bit)
Topaz Clean 3
Topaz Clean 3 (64-bit)
Topaz DeJpeg 4
Topaz DeJpeg 4 (64-bit)
Topaz DeNoise 5
Topaz DeNoise 5 (64-bit)
Topaz Detail 2
Topaz Detail 2 (64-bit)
Topaz Fusion Express 2
Topaz Fusion Express 2 (64-bit)
Topaz InFocus
Topaz InFocus (64-bit)
Topaz Lens Effects
Topaz Lens Effects (64-bit)
Topaz ReMask 3
Topaz ReMask 3 (64-bit)
Topaz Simplify 3
Topaz Simplify 3 (64-bit)
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wmoiper
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wmoiper
TurboTax 2012 wrapper
Uninstall PGE Platinum
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
WebTablet FB Plugin
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows 7 Upgrade Advisor
WinSCP 4.3.9
Yahoo! Desktop Login
YTD Video Downloader 3.9.1
.
==== Event Viewer Messages From Past Week ========
.
12/20/2013 9:08:58 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Cdr4_xp DVDVRRdr_xp UDFReadr
12/20/2013 9:08:58 AM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
12/20/2013 9:08:58 AM, Error: Service Control Manager [7003]  - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
12/20/2013 9:08:58 AM, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
12/20/2013 9:07:16 AM, Error: Application Popup [1060]  - \SystemRoot\SysWow64\Drivers\UDFReadr.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/20/2013 9:07:16 AM, Error: Application Popup [1060]  - \SystemRoot\SysWow64\Drivers\DVDVRRdr_xp.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/19/2013 6:06:00 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
12/19/2013 5:07:21 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
12/18/2013 4:37:06 PM, Error: Service Control Manager [7022]  - The NVIDIA Update Service Daemon service hung on starting.
12/18/2013 3:19:43 PM, Error: Service Control Manager [7022]  - The Background Intelligent Transfer Service service hung on starting.
12/18/2013 3:19:43 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Adobe Active File Monitor V11 service to connect.
12/17/2013 6:24:38 PM, Error: Service Control Manager [7034]  - The AVGIDSAgent service terminated unexpectedly.  It has done this 1 time(s).
12/17/2013 6:24:37 PM, Error: Service Control Manager [7043]  - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
12/17/2013 6:22:21 PM, Error: Service Control Manager [7034]  - The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).
12/17/2013 6:22:19 PM, Error: Service Control Manager [7034]  - The Intuit Update Service v4 service terminated unexpectedly.  It has done this 1 time(s).
12/17/2013 6:22:19 PM, Error: Service Control Manager [7031]  - The AVG WatchDog service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
12/15/2013 12:18:24 PM, Error: EventLog [6008]  - The previous system shutdown at 12:04:52 PM on 12/15/2013 was unexpected.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Here is dds.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16526  BrowserJavaVersion: 10.5.0
Run by Belinda at 10:38:37 on 2013-12-21
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.1.1033.18.16342.12113 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe
C:\Users\Belinda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Belinda\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\QuickTime\QTTask.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\splwow64.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\PROGRA~2\MICROS~1\Office12\OUTLOOK.EXE
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\ProgramData\HP Photo Creations\Communicator.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe" -stealth
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [Power2GoExpress8] NA
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [LaunchList] C:\Program Files (x86)\Pinnacle\Studio 11\LaunchList2.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Power2GoExpress] "C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
uRun: [spotify Web Helper] "C:\Users\Belinda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [switchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [bambooCore] "C:\Program Files (x86)\Bamboo Dock\BambooCore.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [bDRegion] "C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe"
mRun: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
mRun: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
mRun: [instantBurn] C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
mRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [PPort14reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\14\Config\Ereg\Ereg.ini"
mRun: [PDFProHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\Users\Belinda\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Belinda\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Open with PDF Viewer 7 - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-00105-0001-0005-ABCDEFFEDCBC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{94756FC9-AA59-4AC6-83A6-DA04EF0C7D8C} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - C:\Windows\SysWOW64\eztoolslib2.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Belinda\AppData\Roaming\Mozilla\Firefox\Profiles\wa3hsfdb.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\npplg10N.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-10-23 45880]
R0 CLBStor;CLBStor;C:\Windows\System32\drivers\CLBStor.sys [2013-3-1 24824]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-12-2 56336]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\drivers\CLVirtualDrive.sys [2012-6-13 89584]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-17 171600]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-11-20 283136]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\System32\drivers\CLBUDF.sys [2013-3-1 369912]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2012-10-30 230408]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-10-30 69640]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2012-4-20 219496]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-7-13 6583160]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-1-22 92592]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-7-13 528760]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C60x64.sys [2012-6-3 99440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2012-7-13 13312]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-7-20 1022632]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2012-6-3 89920]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-12-17 20:49:59 90708896 ----a-w- C:\Windows\System32\mrt.exe
2013-12-15 17:46:36 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-15 17:46:36 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-25 07:48:36 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-11-15 02:09:03 17847296 ----a-w- C:\Windows\System32\mshtml.dll
2013-11-15 01:42:57 10926080 ----a-w- C:\Windows\System32\ieframe.dll
2013-11-15 01:37:29 2334720 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-15 01:29:33 1347072 ----a-w- C:\Windows\System32\urlmon.dll
2013-11-15 01:29:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-11-15 01:28:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-15 01:28:00 237056 ----a-w- C:\Windows\System32\url.dll
2013-11-15 01:25:24 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2013-11-15 01:22:21 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-15 01:20:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-11-15 01:20:45 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-11-15 01:19:54 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-11-15 01:19:47 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-11-15 01:18:24 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-11-15 01:18:03 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-15 01:12:57 248320 ----a-w- C:\Windows\System32\ieui.dll
2013-11-14 23:13:33 12344320 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-11-14 22:50:50 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-14 22:50:06 9739264 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-11-14 22:43:24 1105408 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-11-14 22:42:41 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-14 22:42:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-14 22:41:18 231936 ----a-w- C:\Windows\SysWow64\url.dll
2013-11-14 22:40:04 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-11-14 22:38:54 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-11-14 22:38:35 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-11-14 22:38:16 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-11-14 22:37:32 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-11-14 22:36:16 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-11-14 22:36:08 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-11-14 22:35:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-14 22:32:56 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-10-30 04:34:52 1386496 ----a-w- C:\Windows\System32\WMALFXGFXDSP.dll
2013-10-30 04:34:21 374784 ----a-w- C:\Windows\System32\SysFxUI.dll
2013-10-30 03:55:25 122368 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-10-30 02:33:31 218112 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-10-30 02:10:03 2776064 ----a-w- C:\Windows\System32\win32k.sys
2013-10-23 07:05:08 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-10-22 09:31:05 79360 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-22 07:19:59 158208 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-11 04:27:20 144384 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-11 04:26:04 198656 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-11 04:23:42 462848 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-11 04:23:21 781824 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-11 02:19:13 166912 ----a-w- C:\Windows\System32\wscript.exe
2013-10-11 02:19:11 147968 ----a-w- C:\Windows\System32\cscript.exe
2013-10-11 02:08:55 36864 ----a-w- C:\Windows\SysWow64\wshcon.dll
2013-10-11 02:08:55 131072 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-11 02:08:35 172032 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-11 02:07:57 596480 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-11 00:35:42 135168 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-11 00:35:41 155648 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-03 15:03:41 389632 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 15:02:58 1278976 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-03 12:46:36 304128 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-10-03 12:45:45 993792 ----a-w- C:\Windows\SysWow64\crypt32.dll
2008-12-15 21:35:33 1242624 ------w- C:\Program Files (x86)\PGE7_PlugIn.8bf
.
============= FINISH: 10:40:19.51 ===============
 

Link to post
Share on other sites

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 3
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista Ultimate x64
Ran by Belinda on Sun 12/22/2013 at  9:38:32.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ctTOOLBAR.ctToolBarCtrl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\pip"

 

~~~ Files

Successfully deleted: [File] "C:\Users\Belinda\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Belinda\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage-journal"
Successfully deleted: [File] "C:\end"

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\conduit"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Belinda\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\Belinda\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Belinda\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Belinda\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Belinda\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/22/2013 at  9:42:57.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

# AdwCleaner v3.015 - Report created 22/12/2013 at 09:47:16
# Updated 10/12/2013 by Xplode
# Operating System : Windows Vista Ultimate Service Pack 2 (64 bits)
# Username : Belinda - BELINDA-I5
# Running from : C:\Users\Belinda\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Program Files\Level Quality Watcher
[!] Folder Deleted : C:\Users\Belinda\AppData\Local\PackageAware
[!] Folder Deleted : C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg
File Deleted : C:\Windows\System32\AdpeakProxy.ini
File Deleted : C:\Windows\System32\AdpeakProxyOff.ini
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WS_FTP Pro
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Adpeak, Inc.
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6E810AB6-F34E-49A3-A93F-9E503660F718}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : [x64] HKLM\SOFTWARE\Adpeak, Inc.
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Belinda\AppData\Roaming\Mozilla\Firefox\Profiles\wa3hsfdb.default\prefs.js ]

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [4972 octets] - [22/12/2013 09:46:10]
AdwCleaner[s0].txt - [3771 octets] - [22/12/2013 09:47:16]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3831 octets] ##########

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.22.03

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Belinda :: BELINDA-I5 [administrator]

12/22/2013 9:55:48 AM
mbam-log-2013-12-22 (09-55-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 257104
Time elapsed: 16 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

Please don't rush.

Step 1

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    2012081517h0349.png

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • Step 2

    Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

    Please visit this webpage and read the ComboFix User's Guide:

    • Once you've read the article and are ready to use the program you can download it directly from the link below.
    • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
    • Direct download link for: ComboFix.exe
    • Please make sure you disable your security applications before running ComboFix.
    • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
    • Please copy/paste the contents or attach that log file to your next reply.
    • If needed the file can be located here: C:\combofix.txt
    • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
    In your next reply, post the following log files:
    • TDSSKiller log
    • ComboFix log
Link to post
Share on other sites

Skip ComboFix for now. Please boot into Regular mode:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system.  You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Just updating - FRST is running but taking a lot of time. Currently it is in "Getting Restore Points" - would it be normal for that process to be slowing down the entire system significantly? (I'm only able to update this thread right now using my laptop for example - because trying to post from the desktop just stalled).

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.