Possible worm/virus? Help requested!

Question

carl.chisholm 0 Newbie Poster

11 Years Ago

Hi there everyone, my laptop began behaving strangely last week or so, and I've exhausted my limited knowledge of computers but to no avail. Im hoping someone on here my be able to provide some assistance, as I see you've managed to help a lot of other people.

Right, I'll give as much info as I can about the problem firstly.

It started sometime last week, and I didn't think much of it. A User Account Control notification window popped up, the "do you want to allow the following program to make changes to your computer?" one. The program was Windows Command Processor. I thought this strange, so clicked show more details, and it showed program location:

"C:/Windows/sysWOW64/cmd.exe" /C ""C:/Users/Chiz/AppData/Local/Temp/Kerla Admin

I selected NO, but as I did so, the exact same window almost instantaneosly popped back up.

I then located a file in Temp named kerlamnc. I attempted to delete this, but couldn't.

I booted laptop in safe mode, and was able to delete it. However, upon restarting, I encountered the same problem, and the file had been created again in the same place.

Now, since this, my AV will not update (AVG), I can only run Malwarebytes in safe mode (it detects nothing). Internet explorer seems to be running a lot slower, webpages will often 'encounter errors' and have to close and be restored, I can't access any anti-virus sites or microsoft site, any file I attempt to download will start downloading, but then freeze before its finished.

I have went through your 'read me before posting' thread, and this is what I've got for you.

In safe mode my laptop seems to be running fine, I can access all sites and download, so I managed to download lates version of windows malicious software tool, I could not run this in normal mode, when ran in safe mode it found nothing.

I ran ATF cleaner, it cleared about 300mb of files.

I ran GMER Rootkit Scanner (in normal mode). These are the logs

LOG 1

GMER 2.1.19115 - http://www.gmer.net
Rootkit scan 2013-03-04 17:31:10
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK6475GSX rev.GT001M 596.17GB
Running: zj4bzjuf.exe; Driver: C:\Users\Chiz\AppData\Local\Temp\kwddqpoc.sys


---- Threads - GMER 2.1 ----

Thread  C:\windows\System32\spoolsv.exe [1768:1364]                     000007fef89610c8
Thread  C:\windows\System32\spoolsv.exe [1768:1440]                     000007fef8926144
Thread  C:\windows\System32\spoolsv.exe [1768:1464]                     000007fef8705fd0
Thread  C:\windows\System32\spoolsv.exe [1768:1480]                     000007fef86f3438
Thread  C:\windows\System32\spoolsv.exe [1768:1504]                     000007fef87063ec
Thread  C:\windows\System32\spoolsv.exe [1768:1548]                     000007fef8bc5e5c
Thread  C:\windows\System32\spoolsv.exe [1768:1892]                     000007fef8c75074
Thread  C:\windows\SysWOW64\svchost.exe [2628:2704]                     00000000200173d9
Thread  C:\windows\SysWOW64\svchost.exe [2628:2712]                     00000000200173a0
Thread  C:\windows\SysWOW64\svchost.exe [2628:2716]                     0000000020017b9a
Thread  C:\windows\SysWOW64\svchost.exe [2628:2932]                     0000000020027e52
Thread  C:\windows\SysWOW64\svchost.exe [2628:2936]                     0000000020035933
Thread  C:\windows\SysWOW64\svchost.exe [2628:2956]                     0000000020057140
Thread  C:\windows\SysWOW64\svchost.exe [2628:2960]                     0000000020101e65
Thread  C:\windows\SysWOW64\svchost.exe [2628:2972]                     00000000201275ef
Thread  C:\windows\SysWOW64\svchost.exe [2628:2976]                     00000000201275c2
Thread  C:\windows\SysWOW64\svchost.exe [2628:2984]                     0000000020151c90
Thread  C:\windows\SysWOW64\svchost.exe [2720:2772]                     000000002001d37c
Thread  C:\windows\SysWOW64\svchost.exe [2720:2776]                     0000000020018789
Thread  C:\windows\SysWOW64\svchost.exe [2720:2780]                     000000002001c59c
Thread  C:\windows\SysWOW64\svchost.exe [2720:2784]                     000000002001c72c
Thread  C:\windows\SysWOW64\svchost.exe [2720:2788]                     000000002001d689
Thread  C:\windows\SysWOW64\svchost.exe [2720:2792]                     000000002001d4a2
Thread  C:\windows\SysWOW64\svchost.exe [2720:2796]                     000000002001cd2b
Thread  C:\windows\SysWOW64\svchost.exe [2720:2800]                     000000002001d31d
Thread  C:\windows\SysWOW64\svchost.exe [2720:2804]                     000000002001c81e
Thread  C:\windows\SysWOW64\svchost.exe [2720:2092]                     000000002001d9b1
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2860:6804]  000007fefae72a7c

---- EOF - GMER 2.1 ----

LOG 2

GMER 2.1.19115 - http://www.gmer.net
Rootkit scan 2013-03-04 19:07:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK6475GSX rev.GT001M 596.17GB
Running: zj4bzjuf.exe; Driver: C:\Users\Chiz\AppData\Local\Temp\kwddqpoc.sys


---- Threads - GMER 2.1 ----

Thread  C:\windows\System32\spoolsv.exe [1768:1364]                     000007fef89610c8
Thread  C:\windows\System32\spoolsv.exe [1768:1440]                     000007fef8926144
Thread  C:\windows\System32\spoolsv.exe [1768:1464]                     000007fef8705fd0
Thread  C:\windows\System32\spoolsv.exe [1768:1480]                     000007fef86f3438
Thread  C:\windows\System32\spoolsv.exe [1768:1504]                     000007fef87063ec
Thread  C:\windows\System32\spoolsv.exe [1768:1548]                     000007fef8bc5e5c
Thread  C:\windows\System32\spoolsv.exe [1768:1892]                     000007fef8c75074
Thread  C:\windows\SysWOW64\svchost.exe [2628:2704]                     00000000200173d9
Thread  C:\windows\SysWOW64\svchost.exe [2628:2712]                     00000000200173a0
Thread  C:\windows\SysWOW64\svchost.exe [2628:2716]                     0000000020017b9a
Thread  C:\windows\SysWOW64\svchost.exe [2628:2932]                     0000000020027e52
Thread  C:\windows\SysWOW64\svchost.exe [2628:2936]                     0000000020035933
Thread  C:\windows\SysWOW64\svchost.exe [2628:2956]                     0000000020057140
Thread  C:\windows\SysWOW64\svchost.exe [2628:2960]                     0000000020101e65
Thread  C:\windows\SysWOW64\svchost.exe [2628:2972]                     00000000201275ef
Thread  C:\windows\SysWOW64\svchost.exe [2628:2976]                     00000000201275c2
Thread  C:\windows\SysWOW64\svchost.exe [2628:2984]                     0000000020151c90
Thread  C:\windows\SysWOW64\svchost.exe [2720:2772]                     000000002001d37c
Thread  C:\windows\SysWOW64\svchost.exe [2720:2776]                     0000000020018789
Thread  C:\windows\SysWOW64\svchost.exe [2720:2780]                     000000002001c59c
Thread  C:\windows\SysWOW64\svchost.exe [2720:2784]                     000000002001c72c
Thread  C:\windows\SysWOW64\svchost.exe [2720:2788]                     000000002001d689
Thread  C:\windows\SysWOW64\svchost.exe [2720:2792]                     000000002001d4a2
Thread  C:\windows\SysWOW64\svchost.exe [2720:2796]                     000000002001cd2b
Thread  C:\windows\SysWOW64\svchost.exe [2720:2800]                     000000002001d31d
Thread  C:\windows\SysWOW64\svchost.exe [2720:2804]                     000000002001c81e
Thread  C:\windows\SysWOW64\svchost.exe [2720:2092]                     000000002001d9b1
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2860:6804]  000007fefae72a7c

---- EOF - GMER 2.1 ----

My malwarebytes software is fully up to date as it downloaded updates in safe mode. However I can only run this in safemode, and it comes back with nothing.

I also have the 2 DDS scanlogs

Attach.txt

.
==== Installed Programs ======================
.
AbiWord 2.8.6
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.5) MUI
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Media Foundation Decoders
AMD Steady Video Plug-In 
AMD VISION Engine Control Center
Any Flv Converter 2.8.1
Applian FLV and Media Player 3.1.1.12
µTorrent
AVG 2013
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Facebook Video Calling 1.2.0.287
IsoBuster 3.0
Java Auto Updater
Java(TM) 6 Update 30
Junk Mail filter update
Malwarebytes Anti-Malware version 1.70.0.1100
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
Nero Backup Drivers
NVIDIA PhysX
PlayReady PC Runtime amd64
Premium Sound HD
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Rosetta Stone Version 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Shared C Run-time for x64
Skype™ 6.2
Synaptics Pointing Device Driver
Titan Poker
TOSHIBA Assist
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Manuals
TOSHIBA Media Controller
TOSHIBA Online Product Information
TOSHIBA PC Health Monitor
TOSHIBA Places Icon Utility
TOSHIBA Recovery Media Creator
TOSHIBA Recovery Media Creator Reminder
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA TEMPRO
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
uTorrentControl_v2 Toolbar
VirtualCloneDrive
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.0
William Hill Poker
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalleri
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Meshin etäyhteyksien ActiveX-komponentti
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
WinRAR 4.20 (32-bit)
.
==== End Of File ===========================

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16464
Run by Chiz at 19:12:07 on 2013-03-04
.
============== Running Processes ================
.
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Users\Chiz\AppData\Local\Temp\kerlamnc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - 
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: uTorrentControl_v2 Toolbar: {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
uRun: [Facebook Update] "C:\Users\Chiz\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SytNxobj] C:\Users\Chiz\AppData\Local\kscbnlrs\sytnxobj.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{152A1803-08D2-4904-9F95-F90A2B6C548C} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{79FB1B57-087F-4F6F-B434-0BA79A7526BB} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{79FB1B57-087F-4F6F-B434-0BA79A7526BB}\078696C6022796C65697 : DHCPNameServer = 172.30.139.17 172.31.139.17
TCP: Interfaces\{79FB1B57-087F-4F6F-B434-0BA79A7526BB}\2456C6B696E6F5E4F5144435C4F5544383034313 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{79FB1B57-087F-4F6F-B434-0BA79A7526BB}\25F4340264C414D494E474F4 : DHCPNameServer = 82.159.139.141 80.58.61.250
TCP: Interfaces\{79FB1B57-087F-4F6F-B434-0BA79A7526BB}\D497022427F616462616E646D283631656 : DHCPNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - 
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe"  /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R? avgwd;AVG WatchDog
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
R? SkypeUpdate;Skype Updater
R? TDEIO;TDEIO
R? TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO)
R? TPCHSrv;TPCH Service
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? USBAAPL64;Apple Mobile USB Driver
R? WatAdminSvc;Windows Activation Technologies Service
R? wlcrasvc;Windows Live Mesh remote connections service
S? AMD External Events Utility;AMD External Events Utility
S? amdhub30;AMD USB 3.0 Hub Driver
S? amdxhc;AMD USB 3.0 Host Controller Driver
S? AtiHDAudioService;AMD Function Driver for HD Audio Service
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSHA;AVGIDSHA
S? Avgldx64;AVG AVI Loader Driver
S? Avgloga;AVG Logging Driver
S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx64;AVG Anti-Rootkit Driver
S? Avgtdia;AVG TDI Driver
S? cvhsvc;Client Virtualization Handler
S? GFNEXSrv;GFNEX Service
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? NBVol;Nero Backup Volume Filter Driver
S? NBVolUp;Nero Backup Volume Upper Filter Driver
S? PGEffect;Pangu effect driver
S? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
S? RTL8167;Realtek 8167 NT Driver
S? RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver
S? Sftfs;Sftfs
S? sftlist;Application Virtualization Client
S? Sftplay;Sftplay
S? Sftredir;Sftredir
S? Sftvol;Sftvol
S? sftvsa;Application Virtualization Service Agent
S? TMachInfo;TMachInfo
S? TOSHIBA eco Utility Service;TOSHIBA eco Utility Service
S? TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service
S? TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver
S? usbfilter;AMD USB Filter Driver
.
=============== Created Last 30 ================
.


    2013-02-27 21:30:40 --------    d-----w-    C:\Users\Chiz\AppData\Local\Programs

2013-02-27 21:30:40 --------    d-----w-    C:\Users\Chiz\AppData\Local\Programs
2013-02-27 20:06:21 --------    d-----w-    C:\Users\Chiz\AppData\Roaming\Malwarebytes
2013-02-27 20:06:10 --------    d-----w-    C:\ProgramData\Malwarebytes
2013-02-27 20:06:08 24176   ----a-w-    C:\windows\System32\drivers\mbam.sys
2013-02-27 20:06:08 --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-26 00:49:49 --------    d-----w-    C:\Users\Chiz\AppData\Roaming\AVG2013
2013-02-26 00:47:16 --------    d-----w-    C:\Users\Chiz\AppData\Roaming\TuneUp Software
2013-02-26 00:45:36 --------    d--h--w-    C:\$AVG
2013-02-26 00:45:36 --------    d-----w-    C:\ProgramData\AVG2013
2013-02-26 00:43:24 --------    d-----w-    C:\Program Files (x86)\AVG
2013-02-26 00:35:45 --------    d-----w-    C:\Users\Chiz\AppData\Local\MFAData
2013-02-26 00:35:45 --------    d-----w-    C:\Users\Chiz\AppData\Local\Avg2013
2013-02-26 00:35:45 --------    d-----w-    C:\ProgramData\MFAData
2013-02-22 16:52:42 --------    d-----w-    C:\Users\Chiz\AppData\Local\Apps
2013-02-22 16:52:41 --------    d-----w-    C:\Users\Chiz\AppData\Local\Deployment
2013-02-22 14:09:06 9162192 ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{732B91AF-9D04-4FCD-9B9A-EFFFDE3D445F}\mpengine.dll
2013-02-21 23:59:34 98736   --s---w-    C:\Users\Chiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sytnxobj.exe
2013-02-21 23:59:34 --------    d-----w-    C:\Users\Chiz\AppData\Local\kscbnlrs
2013-02-21 23:52:35 --------    d-----w-    C:\ProgramData\Socusoft
2013-02-21 23:52:22 --------    d-----w-    C:\Users\Chiz\AppData\Roaming\Any Flv Converter
2013-02-21 23:52:04 --------    d-----w-    C:\Program Files (x86)\Any Flv Converter
2013-02-21 20:41:35 348160  ----a-w-    C:\windows\SysWow64\msvcr71.dll
2013-02-21 20:41:35 1700352 ----a-w-    C:\windows\SysWow64\gdiplus.dll
2013-02-21 20:41:35 1060864 ----a-w-    C:\windows\SysWow64\mfc71.dll
2013-02-21 20:40:39 225280  ----a-w-    C:\windows\SysWow64\rewire.dll
2013-02-21 20:40:39 --------    d-----w-    C:\Program Files (x86)\VstPlugins
2013-02-21 20:40:24 1554944 ----a-w-    C:\windows\SysWow64\vorbis.acm
2013-02-21 20:40:10 --------    d-----w-    C:\Program Files (x86)\Outsim
2013-02-21 20:33:55 --------    d-----w-    C:\Program Files (x86)\Image-Line
2013-02-21 20:24:13 --------    d-----w-    C:\Program Files (x86)\Common Files\Propellerhead Software
2013-02-21 20:13:37 --------    d-----w-    C:\Users\Chiz\AppData\Roaming\Ableton
2013-02-21 20:00:28 --------    d-----w-    C:\Program Files\Common Files\Propellerhead Software
2013-02-21 19:59:08 --------    d-----w-    C:\ProgramData\Ableton
2013-02-18 17:06:07 --------    d-----r-    C:\Program Files (x86)\Skype
2013-02-17 13:34:32 --------    d-----w-    C:\Users\Chiz\AppData\Roaming\Applian FLV and Media Player
2013-02-17 13:32:21 --------    d-----w-    C:\Program Files (x86)\Applian Technologies
2013-02-17 13:31:00 --------    d-----w-    C:\ProgramData\APN
2013-02-16 04:13:44 996352  ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-16 04:13:44 768000  ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 15:25:19 5553512 ----a-w-    C:\windows\System32\ntoskrnl.exe
2013-02-14 15:25:17 3967848 ----a-w-    C:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 15:25:15 3913064 ----a-w-    C:\windows\SysWow64\ntoskrnl.exe
2013-02-14 15:24:54 3153408 ----a-w-    C:\windows\System32\win32k.sys
2013-02-14 15:24:49 215040  ----a-w-    C:\windows\System32\winsrv.dll
2013-02-14 15:24:48 7680    ----a-w-    C:\windows\SysWow64\instnm.exe
2013-02-14 15:24:48 5120    ----a-w-    C:\windows\SysWow64\wow32.dll
2013-02-14 15:24:48 25600   ----a-w-    C:\windows\SysWow64\setup16.exe
2013-02-14 15:24:48 14336   ----a-w-    C:\windows\SysWow64\ntvdm64.dll
2013-02-14 15:24:47 2048    ----a-w-    C:\windows\SysWow64\user.exe
2013-02-14 15:24:43 288088  ----a-w-    C:\windows\System32\drivers\FWPKCLNT.SYS
2013-02-14 15:24:43 1913192 ----a-w-    C:\windows\System32\drivers\tcpip.sys
2013-02-06 16:20:49 --------    d-----w-    C:\Users\Chiz\AppData\Local\{74930733-496D-4019-BDBE-A6B9D278F6B6}
2013-02-05 23:24:35 --------    d-----w-    C:\Users\Chiz\AppData\Local\{AFD7B99E-097B-4826-9479-56086871C5D6}
.
==================== Find3M  ====================
.


    2013-02-27 01:39:35 71024   ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-27 01:39:35 71024   ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-27 01:39:35 691568  ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-01-31 16:29:08 69632   ----a-w-    C:\windows\SysWow64\CUUpdateComponent.ocx
2013-01-31 16:29:08 421888  ----a-w-    C:\windows\SysWow64\ComputerUpdaterLM.ocx
2013-01-31 16:29:08 131072  ----a-w-    C:\windows\SysWow64\SafeAppRichList.ocx
2013-01-30 15:50:14 238392  ----a-w-    C:\windows\System32\drivers\avgloga.sys
2013-01-28 00:54:26 116536  ----a-w-    C:\windows\System32\drivers\avgmfx64.sys
2013-01-28 00:54:22 71480   ----a-w-    C:\windows\System32\drivers\avgidsha.sys
2013-01-28 00:54:20 246072  ----a-w-    C:\windows\System32\drivers\avgidsdrivera.sys
2013-01-28 00:54:14 206136  ----a-w-    C:\windows\System32\drivers\avgldx64.sys
2013-01-28 00:54:12 45880   ----a-w-    C:\windows\System32\drivers\avgrkx64.sys
2013-01-17 01:28:58 273840  ------w-    C:\windows\System32\MpSigStub.exe
2013-01-13 21:17:03 9728    ---ha-w-    C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560    ---ha-w-    C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752   ---ha-w-    C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584    ---ha-w-    C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096    ---ha-w-    C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632    ---ha-w-    C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632    ---ha-w-    C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072    ---ha-w-    C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072    ---ha-w-    C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728    ---ha-w-    C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560    ---ha-w-    C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752   ---ha-w-    C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584    ---ha-w-    C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096    ---ha-w-    C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632    ---ha-w-    C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632    ---ha-w-    C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072    ---ha-w-    C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072    ---ha-w-    C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w-    C:\windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w-    C:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376  ----a-w-    C:\windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856  ----a-w-    C:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160  ----a-w-    C:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w-    C:\windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w-    C:\windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w-    C:\windows\System32\FntCache.dll
2013-01-13 19:54:01 604160  ----a-w-    C:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872  ----a-w-    C:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392  ----a-w-    C:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w-    C:\windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008  ----a-w-    C:\windows\System32\dxgi.dll
2013-01-13 19:48:47 161792  ----a-w-    C:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w-    C:\windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w-    C:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312  ----a-w-    C:\windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w-    C:\windows\System32\d3d11.dll
2013-01-13 19:38:21 296960  ----a-w-    C:\windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w-    C:\windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248  ----a-w-    C:\windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192  ----a-w-    C:\windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184  ----a-w-    C:\windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560  ----a-w-    C:\windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w-    C:\windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w-    C:\windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w-    C:\windows\System32\d2d1.dll
2013-01-13 19:02:06 417792  ----a-w-    C:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544  ----a-w-    C:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920  ----a-w-    C:\windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752  ----a-w-    C:\windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w-    C:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w-    C:\windows\System32\XpsPrint.dll
2013-01-09 01:19:09 2312704 ----a-w-    C:\windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w-    C:\windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w-    C:\windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056  ----a-w-    C:\windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040  ----a-w-    C:\windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w-    C:\windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w-    C:\windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w-    C:\windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848  ----a-w-    C:\windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864  ----a-w-    C:\windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w-    C:\windows\SysWow64\mshtml.tlb
2013-01-04 06:11:21 2284544 ----a-w-    C:\windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13 2776576 ----a-w-    C:\windows\System32\msmpeg2vdec.dll
2013-01-04 04:43:21 44032   ----a-w-    C:\windows\apppatch\acwow64.dll
2012-12-16 17:11:22 46080   ----a-w-    C:\windows\System32\atmlib.dll
2012-12-16 14:45:03 367616  ----a-w-    C:\windows\System32\atmfd.dll
2012-12-16 14:13:28 295424  ----a-w-    C:\windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304   ----a-w-    C:\windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856  ----a-w-    C:\windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w-    C:\windows\System32\gameux.dll
2012-12-07 12:26:17 308736  ----a-w-    C:\windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w-    C:\windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720   ----a-w-    C:\windows\System32\usk.rs
2012-12-07 11:20:03 43520   ----a-w-    C:\windows\System32\csrr.rs
2012-12-07 11:20:03 23552   ----a-w-    C:\windows\System32\oflc.rs
2012-12-07 11:20:01 45568   ----a-w-    C:\windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544   ----a-w-    C:\windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480   ----a-w-    C:\windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480   ----a-w-    C:\windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480   ----a-w-    C:\windows\System32\pegi.rs
2012-12-07 11:19:58 46592   ----a-w-    C:\windows\System32\fpb.rs
2012-12-07 11:19:57 40960   ----a-w-    C:\windows\System32\cob-au.rs
2012-12-07 11:19:57 21504   ----a-w-    C:\windows\System32\grb.rs
2012-12-07 11:19:57 15360   ----a-w-    C:\windows\System32\djctq.rs
2012-12-07 11:19:56 55296   ----a-w-    C:\windows\System32\cero.rs
.
============= FINISH: 19:13:35.34 ===============

So thats what I have for you, I really appreciate you taking the time to look at this and helping me out. I dont know if it's just me, but it seems my laptop is running slower with each restart. If I think of anything else that may be useful I'll be sure to let you know.

Thanks
Carl

windows-virus

Edited 11 Years Ago by mike_2000_17 because: Fixed formatting

6 Contributors
14 Replies
571 Views
1 Week Discussion Span
Latest Post 11 Years Ago Latest Post by coroneshotel2

aVar++ 14 Posting Whiz

11 Years Ago

Try this: http://windows.microsoft.com/en-us/windows7/how-do-i-remove-a-computer-virus

aVar++ 14 Posting Whiz

11 Years Ago

It could be a hard drive problem, but it's made me suspisious when you say about the command proccessor popping up, then re-appearing, is it only your internet slow or your whole computer?

aVar++ 14 Posting Whiz

11 Years Ago

A hard drive problem can affect the start up time and slowness of your PC, try defragmenting your hard drive: http://windows.microsoft.com/en-au/windows-vista/improve-performance-by-defragmenting-your-hard-disk Also try using Google chrome and see if you notice a difference, if you don't have chrome heres the link: https://www.google.com/intl/en/chrome/browser/

caperjack 875 I hate 20 Questions

11 Years Ago

hi, download and run rkill ,then see if you can scan with malwarebytes in regulat mode .
Click Here

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

carl.chisholm 0 Newbie Poster · Answer 1 · 2013-03-04T20:13:32+00:00

Yeah, tried everything that it suggests in there, cant run scans in normal mode, in safe mode they come back with nothing. I've tried resetting Internet settings, made no difference. Anyone got any ideas?

carl.chisholm 0 Newbie Poster · Answer 2 · 2013-03-04T20:50:56+00:00

Well, its only really when running Internet Explorer that I notice it, but to be honest, there's nothing else I run on my computer where I could realise if it was going slow. Its taking a bit longer to start up I suppose, but I dont really use any other software where I could tell if it was effecting everything.

Would a hard drive problem really stop AV websites being displayed?

Thanks for the reply by the way, I appreciate you trying to help.

carl.chisholm 0 Newbie Poster · Answer 3 · 2013-03-04T21:33:30+00:00

I downloaded and installed chrome, but it wouldnt run when I had my laptop in normal mode, so got rid of it.

aVar++ 14 Posting Whiz · Answer 4 · 2013-03-04T21:45:05+00:00

IE renders webpages horrifically so it could be problems with that, what messages/errors did chrome throw up? Just to rule out any hard drive issues download this and it will tell you the status of your hard drives: http://crystalmark.info/download/index-e.html and how long have you been having this problem? You could always try restoring your computer if problems persist.

carl.chisholm 0 Newbie Poster · Answer 5 · 2013-03-04T21:59:41+00:00

I shall do that caperjack, and I'll get back to you with results if it allows me to scan. Cheers

mat, I dont think its that, as its only anti virus sites that wont display, and any other site will work with no problems. Then in safe mode the anti virus sites do work. I'll download that to check status though and get back to you also.

Thanks

carl.chisholm 0 Newbie Poster · Answer 6 · 2013-03-04T22:13:59+00:00

I ran Rkill, it terminated one process 'kerlamnc', but malwarebytes still will not run. I click on it, it opens up User control box asking if i want to allow the program to run, I select YES, and the cursor changes as if it is trying to load for 5 seconds, then nothing. I tried running Rkill again, and it found no processes to terminate. :/

carl.chisholm 0 Newbie Poster · Answer 7 · 2013-03-04T23:02:05+00:00

Ive managed to get MBAM working by using Chameleon. I'll get back tomorrow with any results it throws up.
Cheers

gerbil 216 Industrious Poster · Answer 8 · 2013-03-05T01:47:02+00:00

You might copy and save the following as rq2.bat to your desktop, dclick the bat file to run it. Safe or normal mode...

reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SytNxobj /f
del /f /q C:\Users\Chiz\AppData\Local\Temp\kerlamnc.exe
del /f /q C:\Users\Chiz\AppData\Local\kscbnlrs\sytnxobj.exe
del /f /q C:\Users\Chiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sytnxobj.exe
del /f /q C:\Users\Chiz\AppData\Local\kscbnlrs

Wise, though, because your language is not mine, to first check that you don't know any of those objects...

Prasad Thale 0 Newbie Poster · Answer 9 · 2013-03-05T04:34:46+00:00

I assume you use Windows XP. Check startup programms using msconfig. Remove ticks of unwanted programs. Restart & apply tick in msconfig utility do not show option. Restart you PC is safe mode. Try Avg antivirus. If problem persist. Tell some one to take team viewer of ur system.

coroneshotel2 0 Newbie Poster · Answer 10 · 2013-03-12T03:54:21+00:00

If you can download dr web from the internet from another pc use nero our imageburn
and copy it to a disc dvd then if you can load disc and boot laptop from bios to load from cd our dvd
then reboot latop and let live disc load
heres link http://www.freedrweb.com/livecd/?lng=en follow instructions then do a full update and scan it will show what has loaded onto your laptop ie nasties if you have problems find some one was a bit of a pc tech and get them to do removel of what dr web finds then reboot and do a full antivirus scan use microsoft security internet essentails and malware bytes and spybot search and destroy and also rogue killer to get rid of any remnants and get your tech friend etc to check msconfig to look for any and remnants Good luck