Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: PC Slpw/Crashing  (Read 14280 times)

0 Members and 1 Guest are viewing this topic.

bluecountry

    Topic Starter


    Apprentice

    Thanked: 1
    PC Slpw/Crashing
    « on: March 06, 2013, 12:13:32 PM »
    My PC is very inconsistent.  Sometimes it runs good, others it can get quite slow and crash.  I have attached logs below.


    Adware
    Quote
    # AdwCleaner v2.004 - Logfile created 03/06/2013 at 14:23:42
    # Updated 06/10/2012 by Xplode
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # User : Johnny Ola - JOHNNYOLA-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Johnny Ola\Desktop\Computer Safety Programs\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Found : C:\Program Files\Common Files\AVG Secure Search

    ***** [Registry] *****

    Key Found : HKLM\Software\Description

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Mozilla Firefox v19.0 (en-US)

    Profile name : default
    File : C:\Users\Johnny Ola\AppData\Roaming\Mozilla\Firefox\Profiles\3yu3mje6.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Johnny Ola\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [3269 octets] - [04/09/2012 21:33:40]
    AdwCleaner[S1].txt - [3838 octets] - [09/09/2012 22:55:56]
    AdwCleaner[R2].txt - [1319 octets] - [13/09/2012 10:07:10]
    AdwCleaner[R3].txt - [35966 octets] - [05/10/2012 14:56:42]
    AdwCleaner[S2].txt - [401 octets] - [05/10/2012 14:57:06]
    AdwCleaner[R4].txt - [35641 octets] - [09/10/2012 21:20:57]
    AdwCleaner[R5].txt - [35727 octets] - [26/10/2012 19:20:32]
    AdwCleaner[S3].txt - [35719 octets] - [26/10/2012 19:20:54]
    AdwCleaner[R6].txt - [1620 octets] - [09/11/2012 11:02:00]
    AdwCleaner[S4].txt - [1687 octets] - [09/11/2012 11:02:28]
    AdwCleaner[R7].txt - [1740 octets] - [22/11/2012 17:54:38]
    AdwCleaner[R8].txt - [1800 octets] - [22/11/2012 17:54:50]
    AdwCleaner[S5].txt - [1867 octets] - [22/11/2012 17:55:01]
    AdwCleaner[R9].txt - [1920 octets] - [01/12/2012 23:40:21]
    AdwCleaner[S6].txt - [1987 octets] - [01/12/2012 23:40:35]
    AdwCleaner[R10].txt - [2042 octets] - [14/12/2012 00:02:55]
    AdwCleaner[S7].txt - [2108 octets] - [14/12/2012 00:03:11]
    AdwCleaner[R11].txt - [2163 octets] - [23/12/2012 19:13:53]
    AdwCleaner[S8].txt - [2229 octets] - [23/12/2012 19:14:06]
    AdwCleaner[R12].txt - [2284 octets] - [26/01/2013 20:25:38]
    AdwCleaner[R13].txt - [2345 octets] - [26/01/2013 20:25:53]
    AdwCleaner[S9].txt - [2411 octets] - [26/01/2013 20:26:02]
    AdwCleaner[R14].txt - [2466 octets] - [20/02/2013 19:29:42]
    AdwCleaner[S10].txt - [2534 octets] - [20/02/2013 19:29:58]
    AdwCleaner[R15].txt - [2588 octets] - [03/03/2013 17:49:40]
    AdwCleaner[S11].txt - [2656 octets] - [03/03/2013 17:49:56]
    AdwCleaner[R16].txt - [2577 octets] - [06/03/2013 14:23:42]

    ########## EOF - C:\AdwCleaner[R16].txt - [2638 octets] ##########


    Quote
    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.03.03.10

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Johnny Ola :: JOHNNYOLA-PC [administrator]

    3/3/2013 5:30:22 PM
    mbam-log-2013-03-03 (17-30-22).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 241758
    Time elapsed: 8 minute(s), 38 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    MBAM


    DDS

    Log 1
    Quote
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 10.15.2
    Run by Johnny Ola at 13:13:19 on 2013-03-06
    .
    ============== Running Processes ================
    .
    C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
    C:\Program Files\AVG\AVG2013\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2013\avgidsagent.exe
    C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\spool\DRIVERS\W32X86\3\dlecserv.exe
    C:\Windows\system32\dleccoms.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\AVG\AVG2013\avgnsx.exe
    C:\Program Files\AVG\AVG2013\avgemcx.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
    C:\Program Files\Sony\VAIO Center Access Bar\VCAB.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    C:\Users\Johnny Ola\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\AVG\AVG2013\avgcfgex.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k SDRSVC
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    BHO: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - c:\program files\dell printable web\toolband.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - c:\program files\dell printable web\toolband.dll
    uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
    uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
    uRun: [Google Update] "c:\users\johnny ola\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [com.apple.dav.bookmarks.daemon] c:\program files\common files\apple\internet services\BookmarkDAV_client.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
    mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
    mRun: [VAIO Center Access Bar] "c:\program files\sony\vaio center access bar\VCAB.exe"
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    TCP: NameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{20DA44BE-98A1-475D-B8AC-88DF3AD26CDD} : NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{20DA44BE-98A1-475D-B8AC-88DF3AD26CDD} : DHCPNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
    TCP: Interfaces\{D83D5627-FB49-437C-B3E7-C61C85550B27} : NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{D83D5627-FB49-437C-B3E7-C61C85550B27} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: VESWinlogon - VESWinlogon.dll
    AppInit_DLLs= c:\windows\system32\guard32.dll  c:\windows\system32\guard32.dll
    SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - <orphaned>
    LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg wsauth
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.152\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\johnny ola\appdata\roaming\mozilla\firefox\profiles\3yu3mje6.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
    FF - plugin: c:\progra~1\meadco~1\npmeadax.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\veetle\player\npvlc.dll
    FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
    FF - plugin: c:\users\johnny ola\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: c:\users\johnny ola\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\johnny ola\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\users\johnny ola\appdata\roaming\mozilla\plugins\npo1d.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_171.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? DIRECTIO;DIRECTIO
    R? ICScsiSV;Image Converter SCSI Service
    R? IcVzMonLauncher;IcVzMonLauncher
    R? SkypeUpdate;Skype Updater
    R? VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection
    R? VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP)
    R? VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP)
    R? WDC_SAM;WD SCSI Pass Thru driver
    R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
    S? AVGIDSAgent;AVGIDSAgent
    S? AVGIDSDriver;AVGIDSDriver
    S? AVGIDSHX;AVGIDSHX
    S? AVGIDSShim;AVGIDSShim
    S? Avgldx86;AVG AVI Loader Driver
    S? Avglogx;AVG Logging Driver
    S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
    S? Avgrkx86;AVG Anti-Rootkit Driver
    S? Avgtdix;AVG TDI Driver
    S? avgtp;avgtp
    S? avgwd;AVG WatchDog
    S? cmdGuard;COMODO Internet Security Sandbox Driver
    S? cmdHlp;COMODO Internet Security Helper Driver
    S? dlec_device;dlec_device
    S? dlecCATSCustConnectService;dlecCATSCustConnectService
    S? FontCache;Windows Font Cache Service
    S? MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB)
    S? R5U870FLx86;R5U870 UVC Lower Filter 
    S? R5U870FUx86;R5U870 UVC Upper Filter 
    S? regi;regi
    S? SonyImgF;Sony Image Conversion Filter Driver
    S? ti21sony;ti21sony
    S? vmwvusb;VMware View Generic USB Driver
    S? vToolbarUpdater12.2.6;vToolbarUpdater12.2.6
    S? wsnm;VMware View Client
    S? wsnm_usbctrl;VMware View USB Control
    .
    =============== File Associations ===============
    .
    ShellExec: VCExporterLaunch.exe: open="c:\program files\sony\vaio vp utilities\VCExporter.exe"" %1"
    .
    =============== Created Last 30 ================
    .
    2013-03-03 22:27:36   --------   d-----w-   c:\programdata\Licenses
    2013-02-21 00:28:52   94112   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
    2013-02-13 03:42:28   2048512   ----a-w-   c:\windows\system32\win32k.sys
    2013-02-13 03:42:26   1314816   ----a-w-   c:\windows\system32\quartz.dll
    2013-02-13 03:42:23   905576   ----a-w-   c:\windows\system32\drivers\tcpip.sys
    2013-02-13 03:42:21   3602808   ----a-w-   c:\windows\system32\ntkrnlpa.exe
    2013-02-13 03:42:21   3550072   ----a-w-   c:\windows\system32\ntoskrnl.exe
    .
    ==================== Find3M  ====================
    .
    2013-03-03 23:00:09   71024   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-03-03 23:00:09   691568   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
    2013-02-21 00:28:29   861088   ----a-w-   c:\windows\system32\npdeployJava1.dll
    2013-02-21 00:28:29   782240   ----a-w-   c:\windows\system32\deployJava1.dll
    2013-01-08 22:11:21   1800704   ----a-w-   c:\windows\system32\jscript9.dll
    2013-01-08 22:03:20   1129472   ----a-w-   c:\windows\system32\wininet.dll
    2013-01-08 22:03:12   1427968   ----a-w-   c:\windows\system32\inetcpl.cpl
    2013-01-08 21:59:02   142848   ----a-w-   c:\windows\system32\ieUnatt.exe
    2013-01-08 21:58:29   420864   ----a-w-   c:\windows\system32\vbscript.dll
    2013-01-08 21:56:23   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
    2012-12-16 13:12:54   34304   ----a-w-   c:\windows\system32\atmlib.dll
    2012-12-16 10:50:29   293376   ----a-w-   c:\windows\system32\atmfd.dll
    2012-12-14 21:49:28   21104   ----a-w-   c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 13:23:05.20 ===============

    Log 2
    NO attach log

    SuperDave

    • Malware Removal Specialist


    • Genius
    • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: PC Slpw/Crashing
    « Reply #1 on: March 07, 2013, 10:44:51 AM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Download Combofix from any of the links below, and save it to your DESKTOP
    If your version of Windows defaults to you download folder you will need to copy it to your desktop.

    Link 1
    Link 2
    Link 3

    To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
    • Close any open windows and double click ComboFix.exe to run it.

      You will see the following image:


    Click I Agree to start the program.

    ComboFix will then extract the necessary files and you will see this:



    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

    It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

    If you did not have it installed, you will see the prompt below. Choose YES.



    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



    Click on Yes, to continue scanning for malware.

    When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

    Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
    Windows 8 and Windows 10 dual boot with two SSD's

    bluecountry

      Topic Starter


      Apprentice

      Thanked: 1
      Re: PC Slpw/Crashing
      « Reply #2 on: March 09, 2013, 09:42:43 AM »
      combofix log

      ComboFix 13-03-07.03 - Johnny Ola 03/09/2013   9:07.2.2 - x86
      Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2038.961 [GMT -5:00]
      Running from: c:\users\Johnny Ola\Desktop\ComboFix.exe
      AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
      FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
      SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
      SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
      .
      .
      (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\users\Johnny Ola\AppData\Local\assembly\tmp
      c:\windows\system32\URTTemp
      c:\windows\system32\URTTemp\regtlib.exe
      .
      .
      (((((((((((((((((((((((((   Files Created from 2013-02-09 to 2013-03-09  )))))))))))))))))))))))))))))))
      .
      .
      2013-03-09 14:19 . 2013-03-09 14:19   --------   d-----w-   c:\users\Public\AppData\Local\temp
      2013-03-09 14:19 . 2013-03-09 14:19   --------   d-----w-   c:\users\Guest\AppData\Local\temp
      2013-03-09 14:19 . 2013-03-09 14:19   --------   d-----w-   c:\users\Default\AppData\Local\temp
      2013-03-03 22:27 . 2013-03-03 22:27   --------   d-----w-   c:\programdata\Licenses
      2013-02-21 00:28 . 2013-02-21 00:28   94112   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
      2013-02-13 03:42 . 2013-01-04 01:38   2048512   ----a-w-   c:\windows\system32\win32k.sys
      2013-02-13 03:42 . 2012-11-08 03:48   1314816   ----a-w-   c:\windows\system32\quartz.dll
      2013-02-13 03:42 . 2013-01-04 11:28   905576   ----a-w-   c:\windows\system32\drivers\tcpip.sys
      2013-02-13 03:42 . 2013-01-05 05:26   3602808   ----a-w-   c:\windows\system32\ntkrnlpa.exe
      2013-02-13 03:42 . 2013-01-05 05:26   3550072   ----a-w-   c:\windows\system32\ntoskrnl.exe
      .
      .
      .
      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2013-03-03 23:00 . 2012-07-24 00:02   691568   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
      2013-03-03 23:00 . 2011-10-11 18:18   71024   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
      2013-02-21 00:28 . 2012-08-01 01:51   861088   ----a-w-   c:\windows\system32\npdeployJava1.dll
      2013-02-21 00:28 . 2011-10-17 04:18   782240   ----a-w-   c:\windows\system32\deployJava1.dll
      2013-01-14 17:45 . 2013-01-14 17:45   53248   ----a-r-   c:\users\Johnny Ola\AppData\Roaming\Microsoft\Installer\{A009A2F5-F89B-430B-9EE6-E71461F3B4EB}\ARPPRODUCTICON.exe
      2012-12-16 13:12 . 2012-12-22 08:01   34304   ----a-w-   c:\windows\system32\atmlib.dll
      2012-12-16 10:50 . 2012-12-22 08:01   293376   ----a-w-   c:\windows\system32\atmfd.dll
      2012-12-14 21:49 . 2011-10-11 20:06   21104   ----a-w-   c:\windows\system32\drivers\mbam.sys
      2013-03-08 11:38 . 2013-03-08 11:38   263064   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
      .
      .
      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
      2012-11-13 23:32   129272   ----a-w-   c:\users\Johnny Ola\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
      2012-11-13 23:32   129272   ----a-w-   c:\users\Johnny Ola\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
      2012-11-13 23:32   129272   ----a-w-   c:\users\Johnny Ola\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
      @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
      2012-11-13 23:32   129272   ----a-w-   c:\users\Johnny Ola\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-11-28 59280]
      "ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-11-28 59280]
      "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
      "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
      "com.apple.dav.bookmarks.daemon"="c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-11-28 59280]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "RtHDVCpl"="RtHDVCpl.exe" [2007-04-06 4423680]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-24 138008]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-24 154392]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-24 133912]
      "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-04-17 321656]
      "VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-04-02 411768]
      "VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-03-06 36864]
      "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
      "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-29 151952]
      "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
      .
      c:\users\Johnny Ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      Dropbox.lnk - c:\users\Johnny Ola\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
      2007-04-24 00:19   98304   ----a-w-   c:\windows\System32\VESWinlogon.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=c:\windows\System32\guard32.dll c:\windows\System32\guard32.dll
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
      BootExecute   REG_MULTI_SZ      autocheck autochk *\0ssiefr.exe
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg wsauth
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
      @="Service"
      .
      [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
      path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
      backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
      backupExtension=.CommonStartup
      .
      [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
      path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
      backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
      backupExtension=.CommonStartup
      .
      [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
      path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
      backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
      backupExtension=.CommonStartup
      .
      [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
      path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
      backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
      backupExtension=.CommonStartup
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
      2011-05-03 15:43   4321112   ----a-w-   c:\program files\AIM\aim.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
      2011-10-11 20:04   136176   ----atw-   c:\users\Johnny Ola\AppData\Local\Google\Update\GoogleUpdate.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      2012-11-29 05:49   151952   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
      2012-12-14 21:49   824232   ----a-w-   c:\program files\Malwarebytes' Anti-Malware\mbam.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickBooks Simple Start]
      2007-01-31 05:59   371712   ----a-w-   c:\program files\Intuit\SimpleStartEntice\entice.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunSpySweeperScheduleAtStartup]
      2011-10-26 06:49   10752   ----a-w-   c:\windows\System32\msfeedssync.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
      2007-04-06 18:18   1822720   ----a-w-   c:\windows\SkyTel.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
      2007-03-08 02:38   835584   ----a-w-   c:\program files\Synaptics\SynTP\SynTPEnh.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSecurity]
      2007-03-14 00:13   2322432   ----a-w-   c:\program files\Sony\VAIO Security Center\VSC.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
      2006-12-07 01:08   577536   ----a-w-   c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
      2008-01-19 07:38   1008184   ----a-w-   c:\program files\Windows Defender\MSASCui.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
      2009-04-11 06:28   2153472   ----a-w-   c:\windows\System32\oobefldr.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
      2013-03-06 04:34   1630672   ----a-w-   c:\program files\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2013-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-11 19:59]
      .
      2013-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-11 19:59]
      .
      2013-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-463125951-12254502-3284758742-1005Core.job
      - c:\users\Johnny Ola\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-11 20:04]
      .
      2013-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-463125951-12254502-3284758742-1005UA.job
      - c:\users\Johnny Ola\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-11 20:04]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.com
      uInternet Settings,ProxyOverride = *.local
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
      TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
      TCP: Interfaces\{20DA44BE-98A1-475D-B8AC-88DF3AD26CDD}: NameServer = 8.26.56.26,156.154.70.22
      TCP: Interfaces\{D83D5627-FB49-437C-B3E7-C61C85550B27}: NameServer = 8.26.56.26,156.154.70.22
      FF - ProfilePath - c:\users\Johnny Ola\AppData\Roaming\Mozilla\Firefox\Profiles\3yu3mje6.default\
      FF - prefs.js: browser.search.selectedEngine - Google
      FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
      .
      - - - - ORPHANS REMOVED - - - -
      .
      ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
      Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
      SafeBoot-WudfPf
      SafeBoot-WudfRd
      AddRemove-TeamSpeak 3 Client - c:\users\Johnny Ola\AppData\Local\TeamSpeak 3 Client\uninstall.exe
      .
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2013-03-09 10:15
      Windows 6.0.6002 Service Pack 2 NTFS
      .
      detected NTDLL code modification:
      ZwClose
      .
      scanning hidden processes ... 
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ... 
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'lsass.exe'(1044)
      c:\windows\system32\guard32.dll
      c:\windows\system32\wsauth.dll
      .
      - - - - - - - > 'Explorer.exe'(5472)
      c:\windows\system32\guard32.dll
      c:\users\Johnny Ola\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\progra~1\AVG\AVG2013\avgrsx.exe
      c:\program files\AVG\AVG2013\avgcsrvx.exe
      c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
      c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
      c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      c:\program files\AVG\AVG2013\avgidsagent.exe
      c:\program files\AVG\AVG2013\avgwdsvc.exe
      c:\program files\Bonjour\mDNSResponder.exe
      c:\windows\system32\spool\DRIVERS\W32X86\3\dlecserv.exe
      c:\windows\system32\dleccoms.exe
      c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
      c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
      c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
      c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
      c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
      c:\program files\Sony\VAIO Event Service\VESMgr.exe
      c:\program files\AVG\AVG2013\avgnsx.exe
      c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
      c:\program files\AVG\AVG2013\avgemcx.exe
      c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
      c:\program files\VMware\VMware View\Client\bin\wsnm.exe
      c:\windows\system32\DRIVERS\xaudio.exe
      c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
      c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
      c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
      c:\windows\System32\WUDFHost.exe
      c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
      c:\windows\system32\igfxext.exe
      c:\windows\system32\igfxsrvc.exe
      c:\program files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
      c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
      c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
      .
      **************************************************************************
      .
      Completion time: 2013-03-09  10:22:54 - machine was rebooted
      ComboFix-quarantined-files.txt  2013-03-09 15:22
      .
      Pre-Run: 169,324,486,656 bytes free
      Post-Run: 169,372,172,288 bytes free
      .
      - - End Of File - - 5570B0A3B0620D5DAECC125562B20544
      « Last Edit: March 09, 2013, 12:31:39 PM by SuperDave »

      SuperDave

      • Malware Removal Specialist


      • Genius
      • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: PC Slpw/Crashing
      « Reply #3 on: March 09, 2013, 12:36:18 PM »
      Double-click on My Computer and right-click on the C drive and select Properties. Please tell me the size of the harddrive and how much free space your have.

      SysProt Antirootkit

      Download
      SysProt Antirootkit from the link below (you will find it at the bottom
      of the page under attachments, or you can get it from one of the
      mirrors).

      http://sites.google.com/site/sysprotantirootkit/

      Unzip it into a folder on your desktop.
      • Double click Sysprot.exe to start the program.
      • Click on the Log tab.
      • In the Write to log box select the following items.
        • Process << Selected
        • Kernel Modules << Selected
        • SSDT << Selected
        • Kernel Hooks << Selected
        • IRP Hooks << NOT Selected
        • Ports << NOT Selected
        • Hidden Files << Selected
      • At the bottom of the page
        • Hidden Objects Only << Selected
      • Click on the Create Log button on the bottom right.
      • After a few seconds a new window should appear.
      • Select Scan Root Drive. Click on the Start button.
      • When it is complete a new window will appear to indicate that the scan is finished.
      • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
      **************************************************
      • Download RogueKiller on the desktop
      • Close all the running programs
      • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
      • Otherwise just double-click on RogueKiller.exe
      • Pre-scan will start. Let it finish.
      • Click on SCAN button.
      • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
      • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
      Windows 8 and Windows 10 dual boot with two SSD's

      bluecountry

        Topic Starter


        Apprentice

        Thanked: 1
        Re: PC Slpw/Crashing
        « Reply #4 on: March 10, 2013, 03:55:39 PM »
        1) Hard Drive:

        290 GB
        158 GB free.

        2) Sysprot log
        SysProt AntiRootkit v1.0.1.0
        by swatkat

        ******************************************************************************************
        ******************************************************************************************

        No Hidden Processes found

        ******************************************************************************************
        ******************************************************************************************
        Kernel Modules:
        Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
        Service Name: ---
        Module Base: 8FA76000
        Module End: 8FA81000
        Hidden: Yes

        Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
        Service Name: ---
        Module Base: 8FA81000
        Module End: 8FA89000
        Hidden: Yes

        Module Name: C:\Windows\system32\DRIVERS\WUDFRd.sys
        Service Name: WUDFRd
        Module Base: B0F09000
        Module End: B0F34000
        Hidden: Yes

        Module Name: \??\C:\ComboFix\catchme.sys
        Service Name: catchme
        Module Base: B0F45000
        Module End: B0F4D000
        Hidden: Yes

        Module Name: \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
        Service Name: ---
        Module Base: B0F4D000
        Module End: B0F4F000
        Hidden: Yes

        ******************************************************************************************
        ******************************************************************************************
        SSDT:
        Function Name: ZwAdjustPrivilegesToken
        Address: 8E8DBFB0
        Driver Base: 8E8CE000
        Driver End: 8E949000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwAlpcConnectPort
        Address: 8E8DC19C
        Driver Base: 8E8CE000
        Driver End: 8E949000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwConnectPort
        Address: 8E8DB310
        Driver Base: 8E8CE000
        Driver End: 8E949000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwCreateFile
        Address: 8E8DBC16
        Driver Base: 8E8CE000
        Driver End: 8E949000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwCreateSection
        Address: 8E8DB9CA
        Driver Base: 8E8CE000
        Driver End: 8E949000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwCreateSymbolicLinkObject
        Address: 8E8DCD14
        Driver Base: 8E8CE000
        Driver End: 8E949000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwCreateThread
        Address: 8E8DACFC
        Driver Base: 8E8CE000
        Driver End: 8E949000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwLoadDriver
        Address: 8E8DC746
        Driver Base: 8E8CE000
        Driver End: 8E949000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwMakeTemporaryObject
        Address: 8E8DB5D8
        Driver Base: 8E8CE000
        Driver End: 8E949000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwNotifyChangeKey
        Address: 8F1FE14A
        Driver Base: 8F1FD000
        Driver End: 8F200000
        Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

        Function Name: ZwNotifyChangeMultipleKeys
        Address: 8F1FE21A
        Driver Base: 8F1FD000
        Driver End: 8F200000
        Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

        Function Name: ZwOpenFile
        Address: 8E8DBDF2
        Driver Base: 8E8CE000
        Driver End: 8E949000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwOpenProcess
        Address: 8F1FDD7C
        Driver Base: 8F1FD000
        Driver End: 8F200000
        Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

        Function Name: ZwOpenSection
        Address: 8E8DB872
        Driver Base: 8E8CE000
        Driver End: 8E949000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwSetSystemInformation
        Address: 8E8DCA32
        Driver Base: 8E8CE000
        Driver End: 8E949000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwShutdownSystem
        Address: 8E8DB542
        Driver Base: 8E8CE000
        Driver End: 8E949000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwSuspendProcess
        Address: 8F1FDF6A
        Driver Base: 8F1FD000
        Driver End: 8F200000
        Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

        Function Name: ZwSuspendThread
        Address: 8F1FE000
        Driver Base: 8F1FD000
        Driver End: 8F200000
        Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

        Function Name: ZwSystemDebugControl
        Address: 8E8DB75E
        Driver Base: 8E8CE000
        Driver End: 8E949000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwTerminateProcess
        Address: 8F1FDE32
        Driver Base: 8F1FD000
        Driver End: 8F200000
        Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

        Function Name: ZwTerminateThread
        Address: 8F1FDECE
        Driver Base: 8F1FD000
        Driver End: 8F200000
        Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

        Function Name: ZwWriteVirtualMemory
        Address: 8F1FE09C
        Driver Base: 8F1FD000
        Driver End: 8F200000
        Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

        Function Name: ZwCreateThreadEx
        Address: 8E8DC3CA
        Driver Base: 8E8CE000
        Driver End: 8E949000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        ******************************************************************************************
        ******************************************************************************************
        No Kernel Hooks found

        ******************************************************************************************
        ******************************************************************************************
        Hidden files/folders:
        Object: C:\Qoobox\BackEnv\AppData.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Cache.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Cookies.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Desktop.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Favorites.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\History.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Music.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\NetHood.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Personal.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Pictures.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Programs.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Recent.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\SendTo.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\SetPath.bat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\StartUp.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\SysPath.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Templates.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\VikPev00
        Status: Access denied

        Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
        Status: Access denied

        Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
        Status: Access denied

        Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
        Status: Access denied

        Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
        Status: Access denied

        « Last Edit: March 10, 2013, 07:26:34 PM by SuperDave »

        bluecountry

          Topic Starter


          Apprentice

          Thanked: 1
          Re: PC Slpw/Crashing
          « Reply #5 on: March 10, 2013, 05:38:33 PM »
          Rogue Killer Report
          RogueKiller V8.5.2 [Mar  9 2013] by Tigzy
          mail : tigzyRK<at>gmail<dot>com
          Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
          Website : http://tigzy.geekstogo.com/roguekiller.php
          Blog : http://tigzyrk.blogspot.com/

          Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
          Started in : Normal mode
          User : Johnny Ola [Admin rights]
          Mode : Scan -- Date : 03/10/2013 19:51:15
          | ARK || FAK || MBR |

          ¤¤¤ Bad processes : 0 ¤¤¤

          ¤¤¤ Registry Entries : 7 ¤¤¤
          [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{20DA44BE-98A1-475D-B8AC-88DF3AD26CDD} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
          [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{D83D5627-FB49-437C-B3E7-C61C85550B27} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
          [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{20DA44BE-98A1-475D-B8AC-88DF3AD26CDD} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
          [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{D83D5627-FB49-437C-B3E7-C61C85550B27} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
          [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
          [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
          [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

          ¤¤¤ Particular Files / Folders: ¤¤¤

          ¤¤¤ Driver : [LOADED] ¤¤¤

          ¤¤¤ HOSTS File: ¤¤¤
          --> C:\Windows\system32\drivers\etc\hosts

          127.0.0.1       localhost


          ¤¤¤ MBR Check: ¤¤¤

          +++++ PhysicalDrive0: TOSHIBA MK3252GSX ATA Device +++++
          --- User ---
          [MBR] 440a09e1bed8156a9860f538040ffaeb
          [BSP] d22058caf6e661c75810f014eb71054c : Windows Vista MBR Code
          Partition table:
          0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 7286 Mo
          1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 14923776 | Size: 297957 Mo
          User = LL1 ... OK!
          User = LL2 ... OK!

          Finished : << RKreport[1]_S_03102013_02d1951.txt >>
          RKreport[1]_S_03102013_02d1951.txt
          « Last Edit: March 10, 2013, 07:27:53 PM by SuperDave »

          SuperDave

          • Malware Removal Specialist


          • Genius
          • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: PC Slpw/Crashing
          « Reply #6 on: March 10, 2013, 07:29:11 PM »
          Please run RogueKiller again and choose "Delete" for anything found.

          I'd like to scan your machine with ESET OnlineScan

          •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
          ESET OnlineScan

          •Click the button.
          •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
          • Click on to download the ESET Smart Installer. Save it to your desktop.
          • Double click on the icon on your desktop.
          •Check
          •Click the button.
          •Accept any security warnings from your browser.
          • Leave the check mark next to Remove found threats.
          •Check
          •Push the Start button.
          •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
          •When the scan completes, push
          •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
          •Push the button.
          •Push
          A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
          Windows 8 and Windows 10 dual boot with two SSD's

          bluecountry

            Topic Starter


            Apprentice

            Thanked: 1
            Re: PC Slpw/Crashing
            « Reply #7 on: March 11, 2013, 08:28:33 AM »
            RogueKiller has crashed all but once when I use it.
            I tried to do what you said this morning but it crashed.

            SuperDave

            • Malware Removal Specialist


            • Genius
            • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            Re: PC Slpw/Crashing
            « Reply #8 on: March 11, 2013, 12:36:45 PM »
            RogueKiller has crashed all but once when I use it.
            I tried to do what you said this morning but it crashed.
            Ok. Please run ESET and see what comes up.
            Windows 8 and Windows 10 dual boot with two SSD's

            bluecountry

              Topic Starter


              Apprentice

              Thanked: 1
              Re: PC Slpw/Crashing
              « Reply #9 on: March 12, 2013, 02:57:09 PM »
              No threats found, see picture.

              [recovering disk space, attachment deleted by admin]

              bluecountry

                Topic Starter


                Apprentice

                Thanked: 1
                Re: PC Slpw/Crashing
                « Reply #10 on: March 12, 2013, 03:03:30 PM »
                I also was able to re-run Rogue Killer and delete.
                It only deleted 1, replaced 2.
                See picture.

                [recovering disk space, attachment deleted by admin]

                SuperDave

                • Malware Removal Specialist


                • Genius
                • Thanked: 1020
                • Certifications: List
                • Experience: Expert
                • OS: Windows 10
                Re: PC Slpw/Crashing
                « Reply #11 on: March 13, 2013, 12:06:18 PM »
                Good, how's your computer running now? Any other issues before we cleanup?
                Windows 8 and Windows 10 dual boot with two SSD's

                bluecountry

                  Topic Starter


                  Apprentice

                  Thanked: 1
                  Re: PC Slpw/Crashing
                  « Reply #12 on: March 14, 2013, 04:29:09 AM »
                  Barely used it, but maybe better.  Hard to say as it has good and bad days.

                  SuperDave

                  • Malware Removal Specialist


                  • Genius
                  • Thanked: 1020
                  • Certifications: List
                  • Experience: Expert
                  • OS: Windows 10
                  Re: PC Slpw/Crashing
                  « Reply #13 on: March 14, 2013, 12:47:11 PM »
                  Ok, let's do some cleanup.

                  To uninstall ComboFix

                  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
                  • In the field, type in ComboFix /uninstall


                  (Note: Make sure there's a space between the word ComboFix and the forward-slash.)

                  • Then, press Enter, or click OK.
                  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
                  ***************************************************
                  Click Start> Computer> right click the C Drive and choose Properties> enter
                  Click Disk Cleanup from there.



                  Click OK on the Disk Cleanup Screen.
                  Click Yes on the Confirmation screen.



                  This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
                  *******************************************************
                  Go to Microsoft Windows Update and get all critical updates.

                  ----------

                  I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

                  SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
                  * Using SpywareBlaster to protect your computer from Spyware and Malware
                  * If you don't know what ActiveX controls are, see here

                  Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

                  Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

                  Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
                  Safe Surfing!
                  Windows 8 and Windows 10 dual boot with two SSD's

                  bluecountry

                    Topic Starter


                    Apprentice

                    Thanked: 1
                    Re: PC Slpw/Crashing
                    « Reply #14 on: March 19, 2013, 08:50:47 PM »
                    OK...well

                    1) PC is still running slow....you say it's NOT malware/spyware...

                    what is it?

                    what can I do?

                    2) Should I delete...

                    -dds
                    -roguekiller
                    -esetmartin
                    -sysprot?

                    3) Already have spyware blaster....and the link posted to "how to use" is broken

                    4) I have commodo...should I un-install and install WOT