[A] All web browsers refuse to open

Inactive
By nickvonkeller
Jan 20, 2012
Topic Status:
Not open for further replies.
  1. Hello!

    A few weeks ago I posted on this forum after I was infected with a System Check virus. Broni helped me run a whole mess of steps (thanks Broni!) and my system seemed clean. (Here's a link to that thread: http://www.techspot.com/vb/topic175390.html)

    Last night, however, my girlfriend was using my computer and all of a sudden Firefox quit. When she tried to reopen it, it wouldn't. When she tried Internet Explorer and Google Chrome they open for a second, and Windows immediately gives the message that they are not responding and closes them. I ran all my anti-virus programs, uninstalled Java and Flash and any toolbars, restarted, etc - all to no avail. I seem to be connected to the internet, and I can't find any viruses, but none of my web browsers will open. I'm not even sure if it's a virus. Please help!

    Thanks!
  2. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. nickvonkeller

    nickvonkeller Newcomer, in training Topic Starter Posts: 19

    Please find the logs below:

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org
    Database version: v2012.01.20.01
    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    Nick :: MININT-UMRCOCU [administrator]
    1/20/2012 1:50:42 PM
    mbam-log-2012-01-20 (13-50-42).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 178598
    Time elapsed: 1 minute(s), 16 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)

    ----------------------------------------

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-01-20 14:10:23
    Windows 6.1.7600
    Running: 31njvn48.exe

    ---- Files - GMER 1.0.15 ----

    File C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9BU3NU6H\errorPageStrings[1] 0 bytes
    File C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9BU3NU6H\background_gradient[1] 0 bytes
    File C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J03LV8NK\bullet[1] 0 bytes
    File C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J03LV8NK\ErrorPageTemplate[1] 0 bytes
    File C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TSS0DBUN\info_48[1] 0 bytes
    File C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TSS0DBUN\navcancl[1] 0 bytes
    File C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UR4PUWJU\httpErrorPagesScripts[1] 0 bytes

    ---- EOF - GMER 1.0.15 ----

    -------------------------------

    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385
    Run by Nick at 14:10:52 on 2012-01-20
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2620 [GMT -8:00]
    .
    AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Secunia\PSI\sua.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{8F5DE707-D7E7-4944-87C5-641E6909CAE3} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{8F5DE707-D7E7-4944-87C5-641E6909CAE3}\140707C65602E4564777F627B602830346668346 : DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{8F5DE707-D7E7-4944-87C5-641E6909CAE3}\24143554020525F44455344594F4E402C414E4 : DhcpNameServer = 208.77.239.139 64.60.0.17
    TCP: Interfaces\{8F5DE707-D7E7-4944-87C5-641E6909CAE3}\7503244513 : DhcpNameServer = 192.168.1.1 68.237.161.12
    TCP: Interfaces\{8F5DE707-D7E7-4944-87C5-641E6909CAE3}\C696665677F627B6370277962756C6563737 : DhcpNameServer = 10.0.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    BHO-X64: Search Helper - No File
    BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\tzqvhcva.default\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Nick\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-12-29 89600]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-30 86224]
    R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-12-30 110032]
    R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
    R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-13 994360]
    R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-13 399416]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-20 136176]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-30 652872]
    S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
    S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-20 136176]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-01-02 03:39:14 121816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
    2012-01-02 03:39:13 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
    2012-01-02 03:39:13 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
    2012-01-02 03:39:13 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
    2012-01-02 03:39:13 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
    2011-12-31 20:45:49 -------- d-----w- C:\Users\Nick\AppData\Local\Secunia PSI
    2011-12-31 20:45:41 -------- d-----w- C:\Program Files (x86)\Secunia
    2011-12-31 00:51:28 150392 ----a-w- C:\Windows\junction.exe
    2011-12-31 00:48:41 -------- d-----w- C:\Users\Nick\AppData\Roaming\Avira
    2011-12-31 00:48:09 97312 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2011-12-31 00:48:09 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
    2011-12-31 00:48:09 -------- d-----w- C:\ProgramData\Avira
    2011-12-31 00:48:09 -------- d-----w- C:\Program Files (x86)\Avira
    2011-12-30 20:31:31 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-12-30 03:44:00 388096 ----a-r- C:\Users\Nick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-12-30 03:44:00 -------- d-----w- C:\Program Files (x86)\Trend Micro
    .
    ==================== Find3M ====================
    .
    2011-11-10 13:54:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-10-24 22:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 22:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    .
    ============= FINISH: 14:18:22.33 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/13/2011 11:51:47 AM
    System Uptime: 1/20/2012 1:20:49 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0WXY9J
    Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz | CPU 1 | 2528/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 582 GiB total, 484.402 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 8.216 GiB free.
    E: is CDROM ()
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 12/30/2011 1:07:58 PM - OTL Restore Point - 12/30/2011 1:07:58 PM
    RP2: 12/30/2011 6:32:23 PM - Installed Java(TM) 6 Update 30
    RP3: 12/31/2011 12:25:14 PM - OTL Restore Point
    RP4: 12/31/2011 12:40:46 PM - Installed Microsoft Fix it 50123
    RP5: 1/9/2012 12:03:46 PM - Scheduled Checkpoint
    RP6: 1/16/2012 12:18:42 PM - Scheduled Checkpoint
    RP7: 1/19/2012 10:58:00 PM - Removed Adobe Reader X (10.1.1).
    RP8: 1/19/2012 10:58:53 PM - Removed Java(TM) 6 Update 30
    RP9: 1/19/2012 11:12:06 PM - Removed Google Talk Plugin
    .
    ==== Installed Programs ======================
    .
    µTorrent
    ADRIFT
    ADRIFT Version 3.90
    Advanced Audio FX Engine
    Apple Application Support
    Apple Software Update
    Avira Free Antivirus
    CDisplay 1.8
    CyberLink PowerDVD 9.5
    Dell Webcam Central
    Final Draft 7
    Google Chrome
    Google Update Helper
    HiJackThis
    Intel(R) Graphics Media Accelerator Driver
    Junk Mail filter update
    K-Lite Codec Pack 6.8.0 (Full)
    Live! Cam Avatar Creator
    Malwarebytes Anti-Malware version 1.60.0.1800
    Microsoft Choice Guard
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 9.0.1 (x86 en-GB)
    MSVCRT
    OpenOffice.org 3.2
    QuickTime
    Real Alternative 2.0.2
    Roxio Burn
    Secunia PSI (2.0.0.4003)
    Skype Toolbars
    Skypeô 5.3
    Steam
    Three Drinks
    Unreal Tournament 2004
    VLC media player 1.1.8
    VobSub v2.23 (Remove Only)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/20/2012 12:54:29 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
    1/20/2012 12:54:29 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
    1/20/2012 12:46:28 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MACBOOKPRO-296E that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8F5DE707-D7E7-4944-87C5-641E6909CAE3}. The master browser is stopping or an election is being forced.
    1/20/2012 1:53:00 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
    1/19/2012 8:43:12 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
    1/19/2012 11:04:54 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    1/19/2012 11:04:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/19/2012 11:04:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    1/19/2012 11:04:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    1/19/2012 11:04:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    1/19/2012 11:04:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/19/2012 11:03:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    1/19/2012 11:03:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf
    1/19/2012 11:03:49 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/19/2012 11:03:49 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/19/2012 11:03:49 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    1/19/2012 11:03:49 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/19/2012 11:03:49 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/19/2012 11:03:49 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    1/19/2012 11:03:49 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/19/2012 11:03:49 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/19/2012 11:03:49 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/19/2012 11:03:49 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/19/2012 11:03:49 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/19/2012 10:47:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Secunia Update Agent service to connect.
    1/19/2012 10:47:10 PM, Error: Service Control Manager [7000] - The Secunia Update Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/19/2012 10:46:28 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    1/19/2012 10:46:28 PM, Error: Service Control Manager [7034] - The Secunia Update Agent service terminated unexpectedly. It has done this 1 time(s).
    1/19/2012 10:46:27 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The remote procedure call failed. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    1/16/2012 9:19:42 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    .
    ==== End Of File ===========================
  4. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  5. nickvonkeller

    nickvonkeller Newcomer, in training Topic Starter Posts: 19

    I can't get aswMBR to run. I click on it, Windows asks if I want to run the program, I say yes, and then nothing opens.

    Here's the bootkit log:

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000

    Size Device Name MBR Status
    --------------------------------------------
    596 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
  6. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Please download and run ListParts by Farbar (for 32-bit system)

    Please download and run ListParts64 by Farbar (for 64-bit system)

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
  7. nickvonkeller

    nickvonkeller Newcomer, in training Topic Starter Posts: 19

    Here is my ListParts log:

    ListParts by Farbar
    Ran by Nick on 20-01-2012 at 14:48:52
    Windows 7 (X64)
    Running From: C:\Users\Nick\Desktop
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 34%
    Total physical RAM: 3894.68 MB
    Available physical RAM: 2549.09 MB
    Total Pagefile: 7787.51 MB
    Available Pagefile: 6331.43 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: (OSDisk) (Fixed) (Total:582.5 GB) (Free:484.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:8.22 GB) NTFS
    4 Drive g: (SS_FLASH) (Removable) (Total:7.48 GB) (Free:6.8 GB) FAT32

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 596 GB 0 B
    Disk 1 Online 7680 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 582 GB 1024 KB
    Partition 2 Primary 13 GB 582 GB
    Partition 3 Primary 1360 KB 596 GB

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C OSDisk NTFS Partition 582 GB Healthy System (partition with boot components)

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D Recovery NTFS Partition 13 GB Healthy

    Disk: 0
    Partition 3
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: Yes

    There is no volume associated with this partition.

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7679 MB 31 KB

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 G SS_FLASH FAT32 Removable 7679 MB Healthy



    ****** End Of Log ******
  8. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    We have the newest TDL rootkit there.

    Download GETxPUD.exe to the desktop of your clean computer

    • Double click on GETxPUD.exe
    • A new folder will appear on the desktop.
    • Open the GETxPUD folder and click on the get&burn.bat
    • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
    • Insert blank CD into your CD drive.
    • Click on Start and follow the prompts to burn the image to a CD.
    • Boot bad computer from the CD
    • Press Tool at the top
    • Choose Open Terminal
    • Type parted /dev/sda set 1 boot on
    • Press Enter
    • Type parted /dev/sda rm 3
    • Press Enter
    • Remove xPUD CD, reboot, run aswMBR and post the log
  9. nickvonkeller

    nickvonkeller Newcomer, in training Topic Starter Posts: 19

    I'm not sure why, but xPUD doesn't seem to be working either. I burned the image to a disk and booted from it, which brought me to the initial xPUD menu (where you select language), but when I select English it freezes.
  10. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    See if you can boot another working computer from it.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.