Free Malware Removal Forum

[madmatt2002]

This is the first virus/malware issue i have ever had(I'm no expert, but think malware is the problem)
My PC crashes randomly with blue screen(pops up too fast to read) microsoft office crashes constantly, anti virus is disabled and wont enable(AVG Free) malwarebytes wont run, and it wont even let me clean install!!
My CPU usage is constantly over 50%, being used by SVCHost
Its all greek to me, and I have removed my pc from the net to avoid further issues

HEEEEEEELLLLLLLLLLLLLPPPPPPPPPPPPPPPPPPPPP!!!!

Here is my attachments-hope all are well and you can point me in the right direction,

Matt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Desktop at 20:00:51 on 2012-03-27
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3199.2034 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\dllhost.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz0.dll
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
mURLSearchHooks: H - No File
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz0.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [SRS Audio Sandbox] "c:\program files\srs labs\audio sandbox\SRSSSC.exe" /hideme
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - c:\users\desktop\appdata\local\temp\f5tmp\cachecleaner.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://accesb.easyjetairline.com/vdesk ... ontrol.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/s ... wflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{DC54C029-3568-4DE7-8387-CEEA43AEFAD7} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-11-7 56208]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-11-7 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-11-7 164112]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-3-26 27632]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-8 39272]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-1-14 15872]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2010-3-26 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2010-3-26 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2010-3-26 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2010-3-26 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2010-3-26 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2010-3-26 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2010-3-26 117672]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-1-14 52224]
.
=============== Created Last 30 ================
.
2012-03-27 16:23:17 -------- d-----w- C:\$WINDOWS.~BT
2012-03-26 14:59:47 -------- d-----w- c:\users\desktop\appdata\roaming\PC Tools
2012-03-26 14:59:47 -------- d-----w- c:\program files\Spyware Doctor
2012-03-24 15:03:27 -------- d-----w- c:\users\desktop\appdata\roaming\PC Unleashed Online
2012-03-24 15:03:27 -------- d-----w- c:\users\desktop\appdata\roaming\DriverCure
2012-03-24 15:03:17 -------- d-----w- c:\programdata\PC Unleashed Online
2012-03-24 15:03:17 -------- d-----w- c:\program files\PC Unleashed Online
2012-03-24 15:03:17 -------- d-----w- c:\program files\common files\PC Unleashed Online
2012-03-24 13:25:26 -------- dc----w- c:\users\desktop\appdata\local\MigWiz
2012-03-23 17:36:31 -------- d-----w- c:\programdata\AVAST Software
2012-03-23 17:36:31 -------- d-----w- c:\program files\AVAST Software
2012-03-23 12:19:52 -------- d-----w- c:\windows\system32\Wat
2012-03-23 12:10:53 -------- d-----w- c:\users\desktop\appdata\roaming\IObit
2012-03-23 12:10:48 -------- d-----w- c:\program files\IObit
2012-03-23 10:37:13 -------- d-----w- c:\programdata\Malwarebytes
2012-03-23 10:37:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-21 15:57:43 -------- d-----w- c:\users\desktop\appdata\roaming\AVG
2012-03-20 10:04:36 -------- d-----w- c:\users\desktop\appdata\local\{250461F6-297E-4EE4-94D5-B8C4A9AABE47}
2012-03-20 10:04:26 -------- d-----w- c:\users\desktop\appdata\local\{A1C28916-E743-473C-AB46-5D8682F814AD}
2012-03-19 13:17:11 -------- d-----w- c:\users\desktop\appdata\local\{87811D57-35B2-40AD-9283-04382E1B9B8A}
2012-03-19 13:16:58 -------- d-----w- c:\users\desktop\appdata\local\{7EEDCEAB-5E73-499D-B350-EDF998CFCB03}
2012-03-17 09:41:45 -------- d-----w- c:\users\desktop\appdata\local\{BE996E5B-B830-4F17-B4EB-4231213618A7}
2012-03-17 09:41:34 -------- d-----w- c:\users\desktop\appdata\local\{415A0616-DD0E-4208-9F95-86DB718167D0}
2012-03-16 09:37:31 -------- d-----w- c:\users\desktop\appdata\local\{0CF7601D-A151-4A8F-A4EE-169F901B97BA}
2012-03-16 09:37:21 -------- d-----w- c:\users\desktop\appdata\local\{A8389E04-6DB4-499C-920B-7EBFC7438E5A}
2012-03-14 09:38:52 -------- d-----w- c:\users\desktop\appdata\local\{6D66A2C1-3C86-46F7-80CE-AFF508CB6609}
2012-03-14 09:38:42 -------- d-----w- c:\users\desktop\appdata\local\{77AA351F-77FD-4EFF-A0E2-7F88408FEC9C}
2012-03-08 14:50:08 -------- d-----w- c:\users\desktop\appdata\local\{D498D358-8500-4AB7-AE77-BA27DFEC48E4}
2012-03-08 14:49:57 -------- d-----w- c:\users\desktop\appdata\local\{3B9B543B-0E47-4B25-9380-4F263E5786B4}
2012-03-07 09:27:56 -------- d-----w- c:\users\desktop\appdata\local\{52E86906-9E0C-416E-A254-B72900B1F1CA}
2012-03-07 09:27:45 -------- d-----w- c:\users\desktop\appdata\local\{844183A4-C448-45A0-82C5-7A4CCC6499F7}
2012-03-05 11:01:27 -------- d-----w- c:\users\desktop\appdata\local\{CD63F2A3-7D26-4705-847F-3B686AF6023A}
2012-03-05 11:01:04 -------- d-----w- c:\users\desktop\appdata\local\{590F0C4B-7946-4A6A-AEDE-09B650383AB6}
2012-03-03 15:00:28 -------- d-----w- c:\users\desktop\appdata\local\{EA226100-A3E0-4FDD-86C0-732E60AC5444}
2012-03-03 15:00:13 -------- d-----w- c:\users\desktop\appdata\local\{4D02A396-2097-4003-A580-E78AC9121A08}
2012-03-02 16:13:44 -------- d-----w- c:\users\desktop\appdata\local\{1A1999CC-CB48-4F88-803C-B7A76EDCE70D}
2012-03-02 16:13:34 -------- d-----w- c:\users\desktop\appdata\local\{0C48875E-9172-4AC1-9E26-4120F0BC7270}
2012-03-01 14:42:01 -------- d-----w- c:\users\desktop\appdata\local\{29B6AFA0-B5C4-4A63-9D99-26A794892DC1}
2012-03-01 14:41:51 -------- d-----w- c:\users\desktop\appdata\local\{91F85D63-0F8F-47E4-881F-04A61E02D2C2}
2012-02-28 16:40:54 -------- d-----w- c:\users\desktop\appdata\local\{35B5C6A2-E7F1-4F51-8CF4-110C645667E0}
2012-02-28 16:40:42 -------- d-----w- c:\users\desktop\appdata\local\{BD37B6E4-4284-4AFE-AB79-D0B92EC1F34D}
.
==================== Find3M ====================
.
2012-01-14 16:34:02 152576 ----a-w- c:\windows\system32\msclmd.dll
.
============= FINISH: 20:03:13.86 ===============


Attach:-


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 20/02/2010 12:17:33
System Uptime: 27/03/2012 16:50:41 (4 hours ago)
.
Motherboard: | | ConRoe1333-D667
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | CPUSocket | 2660/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 156.306 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
O: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: AVG AVI Loader Driver
Device ID: ROOT\LEGACY_AVGLDX86\0000
Manufacturer:
Name: AVG AVI Loader Driver
PNP Device ID: ROOT\LEGACY_AVGLDX86\0000
Service: Avgldx86
.
==== System Restore Points ===================
.
RP250: 13/03/2012 13:44:05 - Installed Java(TM) 6 Update 31
RP251: 20/03/2012 20:04:11 - Scheduled Checkpoint
RP252: 21/03/2012 15:01:03 - Installed Java(TM) 6 Update 31
RP253: 21/03/2012 16:17:34 - Restore Operation
RP254: 23/03/2012 12:19:23 - Windows Modules Installer
RP255: 23/03/2012 12:24:55 - Windows Modules Installer
RP256: 23/03/2012 12:28:53 - Windows Modules Installer
RP257: 23/03/2012 17:58:16 - avast! Free Antivirus Setup
RP258: 24/03/2012 14:35:27 - avast! Free Antivirus Setup
RP259: 24/03/2012 15:21:37 - avast! Free Antivirus Setup
RP261: 26/03/2012 16:25:00 - Installed Rapport
.
==== Installed Programs ======================
.
AC3Filter 1.63b
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Photoshop CS5
Adobe Photoshop Lightroom 3.4
Adobe Reader 9.5.0
Advertising Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auto Gordian Knot 2.55
AVG 2012
AviSynth 2.5
AVS Update Manager 1.0
AVS Video Converter 6
AVS Video Converter 7
AVS4YOU Software Navigator 1.3
Bonjour
Canon Camera WIA Driver
Canon EOS Kiss_N REBEL_XT 350D WIA Driver
Canon MP Navigator EX 2.0
Canon MP630 series MP Drivers
Canon MP630 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities EOS Utility
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
CD-LabelPrint
Compatibility Pack for the 2007 Office system
D3DX10
Digital Media Converter 2.78
DolbyFiles
Drive Manager
DTE
Duplicate File Detector v4.7.0 (October-25-2009)
DVD Decrypter (Remove Only)
DVDFab 6.2.0.5 (11/11/2009)
Easy Duplicate Finder v. 3.2
FastImageResizer (remove only)
ffdshow [rev 3154] [2009-12-09]
Freecorder 5
Freecorder Toolbar
HiJackThis
iCloud
ImagXpress
ImgBurn
iTunes
Java Auto Updater
Java Servlet Development Kit 2.0
Java(TM) 6 Update 29
Junk Mail filter update
Karen's Directory Printer
Magic FLAC to MP3 Converter 3.71
Menu Templates - Starter Kit
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 7.1
Microsoft IntelliType Pro 7.0
Microsoft Office File Validation Add-In
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
Movie Templates - Starter Kit
Mozilla Thunderbird (3.0.11)
Mp3tag v2.49b
Mpeg2Decoder 1.3
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero 9
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero Disc Copy Gadget
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
NVIDIA Control Panel 275.33
NVIDIA Graphics Driver 275.33
NVIDIA Install Application
NVIDIA Update 1.3.5
NVIDIA Update Components
PDF Reader
PDF Settings CS5
PerformanceTest v7.0
Picasa 3
Pinnacle Studio 14
Pinnacle Studio Ultimate Collection Plugins
Pinnacle Systems USB-2 Device Drivers
Pinnacle Video Driver
Pixillion Image Converter
Print Artist Gold 21
QuickTime
Rapport
Realtek High Definition Audio Driver
Red Giant ToonIt Studio
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Sentinel System Driver
SoundTrax
SRS Audio Sandbox
TidySongs (remove only)
Trapcode 3DStroke Studio
Trapcode Particular Studio
Trapcode Shine Studio
UnderCoverXP 1.23
Unity Web Player
VLC media player 1.1.10
VobSub v2.23 (Remove Only)
Vuze
Vuze_Remote Toolbar
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
WinZip
XviD MPEG4 Video Codec (remove only)
Yontoo Layers Runtime 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
27/03/2012 20:00:38, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR8.
27/03/2012 19:59:57, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR7.
27/03/2012 17:27:47, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
27/03/2012 17:23:23, Error: Service Control Manager [7031] - The Virtual Disk service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
27/03/2012 17:23:17, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
27/03/2012 17:21:59, Error: Service Control Manager [7031] - The Virtual Disk service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
27/03/2012 17:08:43, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Virtual Disk service, but this action failed with the following error: An instance of the service is already running.
27/03/2012 16:55:24, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
27/03/2012 16:51:13, Error: Service Control Manager [7034] - The SentinelSuperProNet Server service terminated unexpectedly. It has done this 1 time(s).
27/03/2012 16:51:13, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86
27/03/2012 16:51:01, Error: Service Control Manager [7000] - The Sentinel service failed to start due to the following error: The system cannot find the device specified.
27/03/2012 16:50:51, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
27/03/2012 15:38:37, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
27/03/2012 15:04:52, Error: Microsoft-Windows-MemoryDiagnostics-Results [1202] - The Windows Memory Diagnostic tested the computer's memory and detected hardware errors. To identify and repair these problems, contact the computer manufacturer
27/03/2012 11:57:10, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
27/03/2012 11:57:00, Error: Service Control Manager [7034] - The TIS 2000 Apache Web Server service terminated unexpectedly. It has done this 1 time(s).
27/03/2012 11:56:40, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: Access is denied.
27/03/2012 11:49:04, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 23 time(s).
27/03/2012 11:48:59, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 22 time(s).
27/03/2012 11:48:54, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 21 time(s).
27/03/2012 11:48:16, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 20 time(s).
27/03/2012 11:48:03, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 19 time(s).
27/03/2012 11:47:58, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 18 time(s).
27/03/2012 11:47:52, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 17 time(s).
27/03/2012 11:47:20, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 16 time(s).
27/03/2012 11:47:05, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 15 time(s).
27/03/2012 11:46:49, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 14 time(s).
27/03/2012 11:46:44, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 13 time(s).
27/03/2012 11:46:38, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 12 time(s).
27/03/2012 11:46:33, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 11 time(s).
27/03/2012 11:46:28, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 10 time(s).
27/03/2012 11:46:23, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 9 time(s).
27/03/2012 11:46:17, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 8 time(s).
27/03/2012 11:46:12, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 7 time(s).
27/03/2012 11:46:06, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 6 time(s).
27/03/2012 11:46:01, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 5 time(s).
27/03/2012 11:45:56, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 4 time(s).
27/03/2012 11:45:50, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 3 time(s).
27/03/2012 11:45:45, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 2 time(s).
27/03/2012 09:06:19, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
26/03/2012 18:26:31, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
26/03/2012 16:30:11, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR7.
26/03/2012 16:15:18, Error: Service Control Manager [7034] - The PC Tools Auxiliary Service service terminated unexpectedly. It has done this 1 time(s).
24/03/2012 15:22:25, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.
24/03/2012 15:02:28, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR7.
23/03/2012 17:41:10, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
23/03/2012 17:37:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
23/03/2012 17:36:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
23/03/2012 17:30:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
23/03/2012 17:29:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
23/03/2012 17:29:03, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
23/03/2012 17:25:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
23/03/2012 17:25:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
23/03/2012 17:25:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
23/03/2012 17:25:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
23/03/2012 17:24:56, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 discache RapportKELL spldr sptd Wanarpv6
23/03/2012 17:24:22, Error: sptd [4] - Driver detected an internal error in its data structures for .
23/03/2012 12:56:53, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error: An instance of the service is already running.
23/03/2012 12:54:53, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
23/03/2012 12:11:04, Error: Service Control Manager [7030] - The Advanced SystemCare Service 5 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
23/03/2012 10:25:02, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xc9e74890, 0x00000001, 0x83264a34, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032312-34031-01.
23/03/2012 09:32:21, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
21/03/2012 19:19:55, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000014, 0x00000002, 0x00000000, 0x8308a516). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032112-26750-01.
21/03/2012 17:04:02, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/03/2012 16:47:50, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000be (0xa0d0865f, 0x4295a101, 0xad1795f0, 0x0000000a). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032112-36968-01.
21/03/2012 16:04:37, Error: Service Control Manager [7000] - The AVG AVI Loader Driver service failed to start due to the following error: %%-536768764
21/03/2012 15:32:47, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000014, 0x00000002, 0x00000000, 0x83086516). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032112-33781-01.
21/03/2012 15:06:31, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
21/03/2012 15:03:35, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x00000007, 0x000a6a6e, 0x00000001, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032112-38468-01.
20/03/2012 10:15:48, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000014, 0x00000002, 0x00000000, 0x830ae516). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032012-35484-01.
.
==== End Of File ===========================

[pgmigg]

Hello madmatt2002,

Welcome to the forum!

My name is pgmigg and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.

1. The instructions being given are for YOUR computer and system only!
   Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
2. You must have Administrator rights, permissions for this computer.
3. DO NOT run any other fix or removal tools unless instructed to do so!
4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!"
   Absence of symptoms does not mean that everything is clear.

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

[pgmigg]

Hello madmatt2002,

Thank you for your patience...

P2P Advisory!
IMPORTANT: There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.
Vuze
Vuze_Remote Toolbar

As long as you have the P2P program(s) installed, per Forum Policy,
I can offer you no further assistance.
If you choose NOT to remove the program(s), please indicate that in your next reply and this topic will be closed.

Otherwise, we need to discuss some important issues even before you will go to uninstall P2P programs.

Firstly, I would like to mention that doing banking or shopping online on any machine that has P2P programs installed and used is not a good idea completely!
Sometime ago you installed Rapport from Trusteer, Ltd. which is a lightweight security software solution that protects web communication between enterprises, such as banks, and their customers and tries to focus on preventing online fraud. But in your case with P2P programs installed, Rapport WILL NOT protect you and your bank account from that.

My PC crashes randomly with blue screen(pops up too fast to read) microsoft office crashes constantly, anti virus is disabled and wont enable(AVG Free) malwarebytes wont run, and it wont even let me clean install!!

I am not certain whether Rapport is responsible for the system's improper behavior, either, but highly believe that it is so.

My opinion is that the Rapport may need to be Uninstalled for this machine to be fixed, as it may interfere with the tools needed to repair the machine because looking over your logs I see there a lot of different infections.

Also, I highly recommend you to change your bank account(s) password(s) immediately!

Please let me know your decision about Rapport and if you decided to uninstalled it, add it to programs to be removed listed in Step 1 below.

Now, please perform the following steps:

For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before most of my instructions sets...

Step 0.
Create a System Restore Point

1. Right-click on Computer and select Properties.
2. In the left pane under Tasks please click System protection.
   If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
3. Select System Protection, then choose Create.
4. In the System Restore dialog box, type a description for the restore point and then click Create again.
   A window will pop up with "The Restore Point was created successfully" confirmation message.
5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.

Step 1.
Remove Program(s)

1. Click on Start, then click the Start Search box on the Start Menu.
2. Copy and paste the value below without the word Code: into the open text entry box:
   

   Code: Select all

    appwiz.cpl 

   and press Enter - the Unistall or change a program list will be opened.
3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
   Vuze
   Vuze_Remote Toolbar
   Yontoo Layers Runtime 1.10.01
4. Take extra care in answering questions posed by any Uninstaller.
5. When the program(s) have been uninstalled, please close Control Panel.

Note:
If you decided to Uninstall Rapport, you probably will see the following selection screens opened:

1. You may be presented with three options, choose "Continue":
   
2. You must choose "No thanks, Uninstall now" and be sure that you checked the box labeled "Delete all users settings" for:
   
3. You now need to enter the characters and click "Shutdown" for the uninstall sequence to begin:
   

Step 2.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.

1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
2. Under Output, ensure that Standard Output is selected.
3. Check the boxes labeled :
   
   • Scan All Users
   • LOP check
   • Purity check
   • Extra Registry > Use SafeList
4. Click on Run Scan at the top left hand corner.
5. When done, two Notepad files will open.
   
   • OTL.txt <-- Will be opened, maximized
   • Extras.txt <-- Will be minimized on task bar.
6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please include in your next reply:

1. Answer for my question about Rapport.
2. Do you have any problems executing the instructions?
3. Contents of a OTL.txt log file
4. Contents of a Extras.txt log file
5. Do you see any changes in computer behavior?

Thanks,
pgmigg

[askey127]

Due to Lack of Response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.