Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System keeps freezing/restarting.


  • This topic is locked This topic is locked
5 replies to this topic

#1 hubix

hubix

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 22 July 2014 - 04:11 PM

Hey guys,

 

My computer keeps freezing or restarting every now and then. I don't have a clue what is causing this problem, because neither Avast nor Malwarebytes shows any threats. Although I have one suspicion - I noticed that freezing/restarting always happens when I'm using Chrome browser. I feel like that would be too absurd but is there any chance that maybe some plugin (for instance: Avast Browser Protection) can cause so many interruptions?

 

Other thing which comes to my mind is the heat. Tempreature of my CPU in stress rises to about 56 celcius degrees. But it happend many times before the problem, and the other thing is that now, when I'm using Firefox for trial I haven't experienced any crash. Also when the scanners were working and I kept doing some stuff in MS Office, system was stable.

 

I will be grateful for your help.

 

Here is my dds log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.65.2
Run by Hubert at 22:52:13 on 2014-07-22
Microsoft Windows 7 Professional   6.1.7601.1.1250.48.1045.18.2047.827 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
D:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\brsvc01a.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\brss01a.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
D:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
D:\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Windows\system32\SearchIndexer.exe
D:\Kies\Kies.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Hubert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Hubert\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
D:\Program Files\SpeedFan\speedfan.exe
d:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
d:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = www.yahoo.com
uSearch Bar = www.yahoo.com
uSearch Page = hxxp://yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs_avast_search_bcu&type=avast001&p={searchTerms}
uProxyServer = 71.166.176.159:80
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - d:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\hubert\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [] d:\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [KiesAirMessage] d:\kies\KiesAirMessage.exe -startup
uRun: [KiesPreload] d:\kies\Kies.exe /preload
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Spotify Web Helper] "c:\users\hubert\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [COMODO Internet Security] d:\program files\comodo\comodo internet security\cistray.exe
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Nvtmru] "c:\program files\nvidia corporation\nvidia update core\nvtmru.exe"
mRun: [AvastUI.exe] "d:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\hubert\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\hubert\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&ksportuj do programu Microsoft Excel - d:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 62.21.99.94 62.21.99.95
TCP: Interfaces\{90E7E6D7-57C9-44E6-AC7D-95915D1126DE} : DHCPNameServer = 62.21.99.94 62.21.99.95
TCP: Interfaces\{E8E7F660-6D08-46DF-B21F-4D9D58276930} : DHCPNameServer = 10.10.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\hubert\appdata\roaming\mozilla\firefox\profiles\8g1g7gap.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\hubert\appdata\local\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-4-15 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-4-15 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2012-9-29 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2012-9-29 414520]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2012-3-11 20072]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-3-11 607168]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-3-11 43728]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-4-26 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-9-29 67824]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2014-1-19 71944]
R2 avast! Antivirus;avast! Antivirus;d:\program files\avast software\avast\AvastSvc.exe [2014-7-17 50344]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-3-12 233472]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe [2013-9-22 14573856]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-10-23 414496]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2009-10-13 49152]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-9-29 242240]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2013-3-12 37344]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-9-22 33568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-11-1 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 cmdvirth;COMODO Virtual Service Manager;d:\program files\comodo\comodo internet security\cmdvirth.exe [2014-4-2 1663192]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-2-6 83864]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\futuremark\futuremark systeminfo\FMSISvc.exe [2013-3-9 137488]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-7-9 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-9-13 14848]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-11-1 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-11-1 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-11-1 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2012-11-1 114280]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-2-6 181784]
S3 StorSvc;Usługa magazynu;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-3-18 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-9-13 27136]
S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\wat\WatAdminSvc.exe [2012-9-29 1343400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
S4 RsFx0105;RsFx0105 Driver;c:\windows\system32\drivers\RsFx0105.sys [2011-9-22 238696]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2011-9-22 370024]
.
=============== File Associations ===============
.
ShellExec: mpc-hc.exe: napiprojekt="d:\program files\napiprojekt\napisy.exe" "%1"
ShellExec: mpc-hc.exe: napiprojekt0="d:\program files\napiprojekt\napisy.exe" "%1" -pobierz_ang
ShellExec: mpc-hc.exe: napiprojekt2="d:\program files\napiprojekt\napisy.exe" "%1" -opis
ShellExec: mpc-hc.exe: napiprojekt3="d:\program files\napiprojekt\napisy.exe" "%1" -videoinfo
.
=============== Created Last 30 ================
.
2014-07-22 20:25:27    --------    d-----w-    c:\users\hubert\appdata\local\Macromedia
2014-07-22 20:12:59    --------    d-----w-    c:\users\hubert\appdata\local\Mozilla
2014-07-22 20:12:40    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2014-07-22 09:51:57    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-07-22 08:54:45    8217224    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{60489c4f-45c6-4dac-9b34-2e7a990962f1}\mpengine.dll
2014-07-21 13:20:24    --------    d-----w-    c:\users\hubert\.dia
2014-07-20 14:48:45    --------    d-----w-    c:\users\hubert\appdata\local\Microsoft_Corporation
2014-07-17 07:53:42    43152    ----a-w-    c:\windows\avastSS.scr
2014-07-13 16:18:52    --------    d-----w-    c:\program files\iPod
2014-07-13 16:18:49    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-09 08:54:59    4254720    ----a-w-    c:\windows\system32\jscript9.dll
2014-07-09 08:53:53    404480    ----a-w-    c:\windows\system32\aepdu.dll
2014-07-09 08:53:48    302592    ----a-w-    c:\windows\system32\aeinv.dll
2014-07-09 08:53:40    1059840    ----a-w-    c:\windows\system32\lsasrv.dll
.
==================== Find3M  ====================
.
2014-07-22 20:25:05    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-22 20:25:05    699056    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-07-22 19:46:47    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-17 07:53:43    779536    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-07-17 07:53:43    71944    ----a-w-    c:\windows\system32\drivers\aswstm.sys
2014-07-17 07:53:43    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-07-17 07:53:43    192352    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-07-17 07:53:42    81768    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-07-17 07:53:42    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-07-17 07:53:42    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-06-18 23:56:37    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-06-18 23:56:03    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-06-18 23:38:40    455168    ----a-w-    c:\windows\system32\vbscript.dll
2014-06-18 23:37:23    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-06-18 23:36:35    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-06-18 23:35:55    62464    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-06-18 23:23:27    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-06-18 23:23:24    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-06-18 23:22:40    592896    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-06-18 23:16:33    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 23:06:10    32256    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 22:46:23    1068032    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-06-18 22:45:59    1964544    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-06-18 22:13:59    1791488    ----a-w-    c:\windows\system32\wininet.dll
2014-06-18 01:51:32    646144    ----a-w-    c:\windows\system32\osk.exe
2014-06-18 00:52:00    2350080    ----a-w-    c:\windows\system32\win32k.sys
2014-06-06 09:44:17    509440    ----a-w-    c:\windows\system32\qedit.dll
2014-05-30 07:52:51    172032    ----a-w-    c:\windows\system32\wdigest.dll
2014-05-30 07:52:49    65536    ----a-w-    c:\windows\system32\TSpkg.dll
2014-05-30 07:52:45    247808    ----a-w-    c:\windows\system32\schannel.dll
2014-05-30 07:52:41    220160    ----a-w-    c:\windows\system32\ncrypt.dll
2014-05-30 07:52:40    259584    ----a-w-    c:\windows\system32\msv1_0.dll
2014-05-30 07:52:36    550912    ----a-w-    c:\windows\system32\kerberos.dll
2014-05-30 07:52:30    17408    ----a-w-    c:\windows\system32\credssp.dll
2014-05-30 06:36:07    338944    ----a-w-    c:\windows\system32\drivers\afd.sys
2014-05-12 05:26:08    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-05-12 05:25:58    74456    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 05:25:54    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-05-08 09:06:54    2742784    ----a-w-    c:\windows\system32\rdpcorets.dll
2014-05-08 09:06:54    13824    ----a-w-    c:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-26 07:08:13    776976    ----a-w-    c:\windows\system32\drivers\aswsnx.sys.1400146868989
2014-04-26 07:08:13    411552    ----a-w-    c:\windows\system32\drivers\aswsp.sys.1400146868989
2014-04-25 02:06:17    626688    ----a-w-    c:\windows\system32\usp10.dll
.
============= FINISH: 22:55:14,55 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 PM

Posted 27 July 2014 - 04:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/541923 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 hubix

hubix
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 28 July 2014 - 04:11 PM

I attach new DDS logs. My issue is described above. And FYI I have Windows 7 .iso image from student MSDN AA programme.
Feel free to ask if you need some additional info.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 10.65.2
Run by Hubert at 23:03:48 on 2014-07-28
Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.2047.924 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
D:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\brsvc01a.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\brss01a.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
D:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
D:\Kies\External\FirmwareUpdate\KiesPDLR.exe
D:\Kies\Kies.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Hubert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Users\Hubert\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
D:\Program Files\iTunes\iTunes.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
D:\Program Files\Last.fm\Last.fm Scrobbler.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = www.yahoo.com
uSearch Bar = www.yahoo.com
uSearch Page = hxxp://yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs_avast_search_bcu&type=avast001&p={searchTerms}
uProxyServer = 71.166.176.159:80
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - d:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\hubert\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [] d:\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [KiesAirMessage] d:\kies\KiesAirMessage.exe -startup
uRun: [KiesPreload] d:\kies\Kies.exe /preload
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Spotify Web Helper] "c:\users\hubert\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [COMODO Internet Security] d:\program files\comodo\comodo internet security\cistray.exe
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "d:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\hubert\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\hubert\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&ksportuj do programu Microsoft Excel - d:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 62.21.99.94 62.21.99.95
TCP: Interfaces\{90E7E6D7-57C9-44E6-AC7D-95915D1126DE} : DHCPNameServer = 62.21.99.94 62.21.99.95
TCP: Interfaces\{E8E7F660-6D08-46DF-B21F-4D9D58276930} : DHCPNameServer = 10.10.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\hubert\appdata\roaming\mozilla\firefox\profiles\ulcfk3uf.default-1406070196833\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\hubert\appdata\local\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-4-15 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-4-15 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2012-9-29 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2012-9-29 414520]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2012-3-11 20072]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-3-11 607168]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-3-11 43728]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-4-26 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-9-29 67824]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2014-1-19 71944]
R2 avast! Antivirus;avast! Antivirus;d:\program files\avast software\avast\AvastSvc.exe [2014-7-17 50344]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-3-12 233472]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-3-14 383264]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2009-10-13 49152]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-9-29 242240]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2013-3-12 37344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-11-1 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 cmdvirth;COMODO Virtual Service Manager;d:\program files\comodo\comodo internet security\cmdvirth.exe [2014-4-2 1663192]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-2-6 83864]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\futuremark\futuremark systeminfo\FMSISvc.exe [2013-3-9 137488]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-7-9 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-9-13 14848]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-11-1 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-11-1 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-11-1 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2012-11-1 114280]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-2-6 181784]
S3 StorSvc;Usługa magazynu;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-3-18 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-9-13 27136]
S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\wat\WatAdminSvc.exe [2012-9-29 1343400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
S4 RsFx0105;RsFx0105 Driver;c:\windows\system32\drivers\RsFx0105.sys [2011-9-22 238696]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2011-9-22 370024]
.
=============== File Associations ===============
.
ShellExec: mpc-hc.exe: napiprojekt="d:\program files\napiprojekt\napisy.exe" "%1"
ShellExec: mpc-hc.exe: napiprojekt0="d:\program files\napiprojekt\napisy.exe" "%1" -pobierz_ang
ShellExec: mpc-hc.exe: napiprojekt2="d:\program files\napiprojekt\napisy.exe" "%1" -opis
ShellExec: mpc-hc.exe: napiprojekt3="d:\program files\napiprojekt\napisy.exe" "%1" -videoinfo
.
=============== Created Last 30 ================
.
2014-07-25 10:40:13 8217224 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{650f0643-6891-48f0-83f1-4712f0cec5c4}\mpengine.dll
2014-07-23 08:07:14 634144 ----a-w- c:\windows\system32\nvvsvc.exe
2014-07-23 08:07:14 62752 ----a-w- c:\windows\system32\nvshext.dll
2014-07-23 08:07:14 4119328 ----a-w- c:\windows\system32\nvcpl.dll
2014-07-23 08:07:14 3065455 ----a-w- c:\windows\system32\nvcoproc.bin
2014-07-23 08:07:14 3014432 ----a-w- c:\windows\system32\nvsvc.dll
2014-07-23 08:07:14 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
2014-07-23 08:07:14 223008 ----a-w- c:\windows\system32\nvmctray.dll
2014-07-22 20:25:27 -------- d-----w- c:\users\hubert\appdata\local\Macromedia
2014-07-22 20:12:59 -------- d-----w- c:\users\hubert\appdata\local\Mozilla
2014-07-22 20:12:40 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-07-22 09:51:57 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-21 13:20:24 -------- d-----w- c:\users\hubert\.dia
2014-07-20 14:48:45 -------- d-----w- c:\users\hubert\appdata\local\Microsoft_Corporation
2014-07-17 07:53:42 43152 ----a-w- c:\windows\avastSS.scr
2014-07-13 16:18:52 -------- d-----w- c:\program files\iPod
2014-07-13 16:18:49 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-09 08:54:59 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-07-09 08:53:53 404480 ----a-w- c:\windows\system32\aepdu.dll
2014-07-09 08:53:48 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-07-09 08:53:40 1059840 ----a-w- c:\windows\system32\lsasrv.dll
.
==================== Find3M ====================
.
2014-07-22 20:25:05 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-22 20:25:05 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-22 19:46:47 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-17 07:53:43 779536 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-07-17 07:53:43 71944 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-07-17 07:53:43 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-17 07:53:43 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-17 07:53:42 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-07-17 07:53:42 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-17 07:53:42 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-06-18 23:56:37 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-18 23:56:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-06-18 23:38:40 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-06-18 23:23:27 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-18 23:23:24 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-06-18 23:22:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-06-18 23:16:33 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 23:06:10 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 22:46:23 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- c:\windows\system32\wininet.dll
2014-06-18 01:51:32 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-18 00:52:00 2350080 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 09:44:17 509440 ----a-w- c:\windows\system32\qedit.dll
2014-05-30 07:52:51 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 06:36:07 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-12 05:26:08 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 05:25:58 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 05:25:54 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-08 09:06:54 2742784 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:06:54 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
.
============= FINISH: 23:06:32,12 ===============
 

Attached Files



#4 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:05:06 PM

Posted 29 July 2014 - 04:35 PM

Hello hubix, and  :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Follow this topic. If you click on this, another page will open. Please choose Instantly for notification and then clicking on Follow this topic you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

 

==========
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note
: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Best Regards,
oneof4.


#5 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:05:06 PM

Posted 01 August 2014 - 08:19 PM

Do you still need help?


Best Regards,
oneof4.


#6 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:05:06 PM

Posted 04 August 2014 - 07:40 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best Regards,
oneof4.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users