1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help laptop keeps on turning itself off.. virus me thinks..

Discussion in 'Virus & Other Malware Removal' started by Nina_S, May 4, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Nina_S

    Nina_S Thread Starter

    Joined:
    May 4, 2013
    Messages:
    1
    had to run this in safe mode, hope that is ok but only way my computer seemed to be ok working

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:35:06 PM, on 5/4/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Safe mode with network support
    Running processes:
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\sam\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKCU\..\RunOnce: [Report] C:\AdwCleaner[S1].txt
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O20 - AppInit_DLLs:
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    --
    End of file - 3189 bytes


    DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
    Internet Explorer: 8.0.7601.17514
    Run by sam at 12:38:23 on 2013-05-04
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.1553 [GMT -7:00]
    .
    AV: AVG Anti-Virus 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Anti-Virus 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\sam\Desktop\HijackThis.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Users\sam\Desktop\tkpq9k9z.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    TCP: NameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{3C8D4372-ED6F-4184-9DD3-7796FEA449BC} : DHCPNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{F0382134-F880-47D9-9EAD-906C73583457} : DHCPNameServer = 194.168.4.100 194.168.8.100
    AppInit_DLLs=
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
    S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
    S2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
    S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-4 418376]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-5-4 701512]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-4 22856]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
    S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    .
    =============== Created Last 30 ================
    .
    2013-05-04 09:56:54 -------- d-----w- C:\bca31fcf6b3ec276fa9f99703f
    2013-05-04 09:56:44 5659096 -c--a-w- c:\program files\common files\windows live\.cache\87d3f06f1ce48ad01\skydrivesetup.exe
    2013-05-04 09:56:44 -------- d-----w- c:\program files\Microsoft SkyDrive
    2013-05-04 09:56:42 -------- d-----r- c:\users\sam\SkyDrive
    2013-05-04 09:56:30 89944 -c--a-w- c:\program files\common files\windows live\.cache\9e7da1d41ce48ad07\DSETUP.dll
    2013-05-04 09:56:30 537432 -c--a-w- c:\program files\common files\windows live\.cache\9e7da1d41ce48ad07\DXSETUP.exe
    2013-05-04 09:56:30 1801048 -c--a-w- c:\program files\common files\windows live\.cache\9e7da1d41ce48ad07\dsetup32.dll
    2013-05-04 09:56:13 -------- d-----w- c:\programdata\Microsoft SkyDrive
    2013-05-04 09:55:59 525656 -c--a-w- c:\program files\common files\windows live\.cache\8d9adee21ce48ad04\DXSETUP.exe
    2013-05-04 09:55:59 1691480 -c--a-w- c:\program files\common files\windows live\.cache\8d9adee21ce48ad04\dsetup32.dll
    2013-05-04 09:55:58 94040 -c--a-w- c:\program files\common files\windows live\.cache\8d9adee21ce48ad04\DSETUP.dll
    2013-05-04 09:55:47 89944 -c--a-w- c:\program files\common files\windows live\.cache\8c4d9e3c1ce48ad03\DSETUP.dll
    2013-05-04 09:55:47 537432 -c--a-w- c:\program files\common files\windows live\.cache\8c4d9e3c1ce48ad03\DXSETUP.exe
    2013-05-04 09:55:47 1801048 -c--a-w- c:\program files\common files\windows live\.cache\8c4d9e3c1ce48ad03\dsetup32.dll
    2013-05-04 09:55:45 889416 -c--a-w- c:\program files\common files\windows live\.cache\8b0084241ce48ad02\dotNetFx40_Full_setup.exe
    2013-05-04 09:55:33 -------- d-----w- c:\users\sam\appdata\local\Windows Live
    2013-05-04 09:55:19 -------- d-----w- c:\program files\common files\Windows Live
    2013-05-04 09:50:09 -------- d-----w- c:\program files\GUM7F4D.tmp
    2013-05-04 09:49:54 -------- d-----w- c:\program files\CCleaner
    2013-05-04 09:47:20 -------- d-----w- c:\users\sam\appdata\local\Google
    2013-05-04 09:45:59 -------- d-----w- c:\windows\system32\Extensions
    2013-05-04 09:45:57 -------- d-----w- c:\windows\system32\searchplugins
    2013-05-04 09:45:47 -------- d-----w- c:\program files\Tuguu SL
    2013-05-04 09:42:23 -------- d-----w- c:\users\sam\appdata\roaming\AVG2013
    2013-05-04 09:40:54 -------- d-----w- c:\users\sam\appdata\roaming\TuneUp Software
    2013-05-04 09:39:55 -------- d--h--w- C:\$AVG
    2013-05-04 09:39:55 -------- d-----w- c:\programdata\AVG2013
    2013-05-04 09:38:41 -------- d-----w- c:\program files\AVG
    2013-05-04 09:37:08 -------- d-sh--w- c:\windows\Installer
    2013-05-04 09:36:32 -------- d--h--w- c:\programdata\Common Files
    2013-05-04 09:36:32 -------- d-----w- c:\users\sam\appdata\local\MFAData
    2013-05-04 09:36:32 -------- d-----w- c:\users\sam\appdata\local\Avg2013
    2013-05-04 09:36:32 -------- d-----w- c:\programdata\MFAData
    2013-05-04 09:31:33 -------- d-----w- c:\users\sam\appdata\roaming\Malwarebytes
    2013-05-04 09:31:15 -------- d-----w- c:\programdata\Malwarebytes
    2013-05-04 09:31:14 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-05-04 09:31:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-05-04 09:31:00 -------- d-----w- c:\users\sam\appdata\local\Programs
    2013-05-04 08:58:58 6906960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{64732e46-16e2-4079-a7f7-7e54488539ce}\mpengine.dll
    2013-05-04 08:58:56 238872 ------w- c:\windows\system32\MpSigStub.exe
    2013-05-04 08:57:58 -------- d-----w- c:\windows\Panther
    2013-05-04 08:55:55 -------- d-----w- c:\users\sam\appdata\local\LogMeIn Rescue Applet
    2013-05-04 08:54:57 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2013-05-04 08:54:51 88576 ----a-w- c:\windows\system32\wudriver.dll
    2013-05-04 08:54:42 33792 ----a-w- c:\windows\system32\wuapp.exe
    2013-05-04 08:54:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2013-05-04 08:44:48 -------- d-----w- C:\Windows.old
    2013-05-04 08:24:42 -------- d-----w- c:\users\sam\appdata\local\Diagnostics
    2013-05-03 22:28:41 -------- d-----w- C:\Malwarebytes
    2013-05-03 02:20:10 -------- d-----w- C:\rei
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 12:39:13.52 ===============

    should also say that I am actually pretty crap when it comes down to computer knowledge but I do think I have somesort of virus.. or am may be dealing with a very old laptop here

    thanks for your help
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1097834

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice