[A] Malicious software uninstalling my programs

Inactive
By combatshadow
Mar 1, 2013
Topic Status:
Not open for further replies.
  1. Hi, there seems to be a malicious software on my laptop which has messed up the whole system. For the last one week, Google Chrome was acting strange as in it wasn't letting me view sites opened in other tabs and was hogging up a lot of memory. I simply ignored it, thinking it was a problem related to it being an outdated version.

    Now since yesterday, I realized that almost all the programs and games have uninstalled itself, leaving most of the shortcuts broken. The application's folder have vanished and the game folders contain few MBs of data. Any application that I try to open gives me an error, saying that it doesn't exist or that I need to reinstall it. I believe some 50GB+ of data (mostly games like CoH, Steam, AoE etc.) got wiped in the process. Personal data, however hasn't been affected.

    Anyway, so I then tried restoring the system to an earlier point (2 weeks) to see if that helped. Most applications (not games) were restored but still there was problem running them in most cases and the laptop felt very buggy/laggy. I then again restored to an older restore point (January) to see if it'd solve it but to no avail. I then restored it back to its original point (basically undo whatever I had done) and I am back to sqaure one.

    Please suggest what could be the problem and the fix for it. Btw, I only have the default Microsoft Security Essential installed which too is effected by this bug (an error "An error has occured in the program during initilization. If this problem continues, please con...") pops ueverytime I open it.

    Thanks
  2. Broni

    Broni Malware Annihilator Posts: 46,327   +252

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. combatshadow

    combatshadow Newcomer, in training Topic Starter

    Btw, I thought I'd let you know. I did a virus scan using AVG before I receieved your reply in which the following Trojan Horses were detected & removed from D drive:
    Trojan horse Exploit_c.VOX
    Trojan horse Exploit_c.VOH
    Trojan horse Exploit_c.VQC
    Trojan horse Exploit_c.VOS
    Trojan horse Exploit_c.VOZ
    Trojan horse Exploit_c.VPK
    Trojan horse Exploit_c.VQD
    Trojan horse Exploit_c.VNZ
    Trojan horse Exploit_c.VOR
    Trojan horse Exploit_c.VPI
    Trojan horse Exploit_c.VOM
    Trojan horse Exploit_c.VPG
    Trojan horse Exploit_c.VOL
    Trojan horse Exploit_c.VPP
    Trojan horse Exploit_c.VPL

    Posting the logs next
  4. combatshadow

    combatshadow Newcomer, in training Topic Starter

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org
    Database version: v2013.03.02.04
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Kailash Gupta :: ANKIT-DELLLAPTO [administrator]
    3/2/2013 4:29:19 PM
    mbam-log-2013-03-02 (16-29-19).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 293433
    Time elapsed: 6 minute(s), 42 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  5. combatshadow

    combatshadow Newcomer, in training Topic Starter

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16450
    Run by Kailash Gupta at 23:59:45 on 2013-03-02
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3959.1391 [GMT 5.5:30]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\NetWorx\networx.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
    C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\SysWOW64\PnkBstrB.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://www.bigseekpro.com/kastorsoft/{FADF913B-9A7A-4647-A9BE-671C91E0D56C}
    uProxyOverride = local;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit = userinit.exe,
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} -
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} -
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
    BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} -
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} -
    uRun: [Google Update] "C:\Users\Kailash Gupta\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRunOnce: [Uninstall C:\Users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416_1] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416_1"
    uRunOnce: [Uninstall C:\Users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525"
    uRunOnce: [Uninstall C:\Users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710"
    uRunOnce: [Uninstall C:\Users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727"
    uRunOnce: [Uninstall C:\Users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [C:\Windows\SysWOW64\V0540Ext.ax] C:\Windows\System32\RegSvr32.exe /s C:\Windows\SysWOW64\V0540Ext.ax
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    dRun: [Reasonable NoClone] "C:\Program Files (x86)\Reasonable\Reasonable NoClone 2011 Free\NoClone.exe" null /startup
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:32
    uPolicies-Explorer: HideSCAHealth = dword:1
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
    IE: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} -
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} -
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    TCP: Interfaces\{404FA70E-26D1-44EE-B726-3509D3E78029} : NameServer = 8.8.8.8
    TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A} : NameServer = 59.185.0.23,59.185.0.50
    TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}\149627C696E6B6 : NameServer = 59.185.0.23,59.185.0.50
    TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}\149627C696E6B6 : DHCPNameServer = 192.168.4.1
    TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}\4616D6C656 : NameServer = 59.185.0.23,59.185.0.50
    TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}\4616D6C656 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}\76564797F65727F677E63656C6C657C61627 : NameServer = 59.185.0.23,59.185.0.50
    TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}\76564797F65727F677E63656C6C657C61627 : DHCPNameServer = 192.168.33.1
    TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}\76564797F65727F677E677966696F53656C6C6 : NameServer = 59.185.0.23,59.185.0.50
    TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}\76564797F65727F677E677966696F53656C6C6 : DHCPNameServer = 192.168.33.1
    TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}\76564797F65727F677E677966696F53656C6C6572716C6 : NameServer = 59.185.0.23,59.185.0.50
    TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}\76564797F65727F677E677966696F53656C6C6572716C6 : DHCPNameServer = 192.168.33.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs=
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} -
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
    x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
    x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
    x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [C:\Windows\System32\V0540Ext.ax] C:\Windows\System32\RegSvr32.exe /s C:\Windows\System32\V0540Ext.ax
    x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-23 55280]
    R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-11-15 42248]
    R1 networx;networx;C:\Windows\System32\drivers\networx.sys [2013-1-9 58360]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-9-23 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-10-13 204288]
    R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1342024]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-12-5 384888]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-9-25 189736]
    R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-11-16 527728]
    R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2012-11-15 389488]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-23 13336]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-23 705856]
    R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-6 2984832]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
    R2 UDisk Monitor;UDisk Monitor;C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe [2013-1-6 405504]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-23 2320920]
    R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2010-9-24 20984]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-9-23 172704]
    R3 DFX11_1;DFX Audio Enhancer 11.1;C:\Windows\System32\drivers\dfx11_1x64.sys [2012-8-29 28008]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-9-24 56344]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
    R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2012-11-15 40712]
    R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S2 BstHdAndroidSvc;BlueStacks Android Service;"C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android --> C:\Program Files (x86)\BlueStacks\HD-Service.exe [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-9-24 53800]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-14 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\System32\drivers\ewusbdev.sys [2010-11-16 114304]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-9-6 31800]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-24 232480]
    S3 SwitchBoard;SwitchBoard;"C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" --> C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-17 59392]
    S3 TurboBoost;TurboBoost;"C:\Program Files\Intel\TurboBoost\TurboBoost.exe" --> C:\Program Files\Intel\TurboBoost\TurboBoost.exe [?]
    S3 V0540Dev;Creative Camera VF0540 Driver;C:\Windows\System32\drivers\V0540Vid.sys [2012-4-26 321376]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-16 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-11 389120]
    S3 ztemtusbser;ZTEMT Legacy Serial Communication;C:\Windows\System32\drivers\CT_ZTEMT_U_USBSER.sys [2013-1-6 120704]
    S4 wlcrasvc;Windows Live Mesh remote connections service;"C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" --> C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2013-03-02 10:56:11 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-03-02 10:56:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-03-02 02:57:23 -------- d-----w- C:\Users\Kailash Gupta\AppData\Roaming\AVG2013
    2013-03-02 02:55:52 -------- d--h--w- C:\$AVG
    2013-03-02 02:55:52 -------- d-----w- C:\ProgramData\AVG2013
    2013-03-02 02:54:48 -------- d-----w- C:\Program Files (x86)\AVG
    2013-03-02 02:34:14 -------- d-----w- C:\Users\Kailash Gupta\AppData\Local\MFAData
    2013-03-02 02:34:14 -------- d-----w- C:\Users\Kailash Gupta\AppData\Local\Avg2013
    2013-03-01 04:40:42 4126720 ----a-w- C:\Program Files (x86)\GUT6623.tmp
    2013-03-01 03:15:47 -------- d-sh--w- C:\$RECYCLE.BIN
    2013-02-25 14:00:06 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{52DF86CC-7A3A-48EA-8A01-7835DF528724}\offreg.dll
    2013-02-24 04:30:38 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{52DF86CC-7A3A-48EA-8A01-7835DF528724}\mpengine.dll
    2013-02-03 05:43:02 -------- d-----w- C:\Users\Kailash Gupta\AppData\Local\{1EB48902-0BC3-4296-BC23-82B741B02CA6}
    2013-02-01 15:49:02 -------- d-----w- C:\Users\Kailash Gupta\AppData\Local\{06A2EBB6-2863-40FF-B1B7-2488C977ECEF}
    .
    ==================== Find3M ====================
    .
    2013-03-01 02:58:02 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-03-01 02:58:02 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    .
    ============= FINISH: 0:00:20.56 ===============
  6. combatshadow

    combatshadow Newcomer, in training Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/3/2010 9:20:21 AM
    System Uptime: 3/2/2013 11:23:51 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0G62V9
    Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz | CPU 1 | 1188/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 301 GiB total, 237.111 GiB free.
    D: is FIXED (NTFS) - 150 GiB total, 32.209 GiB free.
    F: is CDROM ()
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: BlueStacks Hypervisor
    Device ID: ROOT\LEGACY_BSTHDDRV\0000
    Manufacturer:
    Name: BlueStacks Hypervisor
    PNP Device ID: ROOT\LEGACY_BSTHDDRV\0000
    Service: BstHdDrv
    .
    ==== System Restore Points ===================
    .
    RP401: 1/5/2013 5:27:00 PM - Removed Facebook Video Calling 1.2.0.287
    RP402: 1/5/2013 5:28:27 PM - Removed Facebook Messenger 2.1.4651.0
    RP403: 1/5/2013 5:28:59 PM - Removed Notification Center
    RP404: 1/5/2013 5:30:59 PM - Removed PC Remote
    RP405: 1/5/2013 5:31:32 PM - Removed Oracle VM VirtualBox 4.1.18
    RP407: 1/11/2013 10:18:10 AM - Revo Uninstaller Pro's restore point - 2K Sports
    RP408: 1/19/2013 10:35:34 PM - Scheduled Checkpoint
    RP410: 1/22/2013 5:40:07 PM - Revo Uninstaller Pro's restore point - to remove duplicates arpit's laptop (my documents)
    RP411: 2/14/2013 12:24:49 PM - Scheduled Checkpoint
    RP412: 3/1/2013 8:50:51 AM - Restore Operation
    RP413: 3/1/2013 9:37:58 AM - Removed Steam
    RP414: 3/1/2013 9:41:00 AM - Removed Halo 2 for Windows Vista
    RP415: 3/1/2013 9:43:21 AM - Removed WIDCOMM Bluetooth Software
    RP416: 3/1/2013 12:40:11 PM - Restore Operation
    RP417: 3/1/2013 3:55:32 PM - Removed WIDCOMM Bluetooth Software
    RP418: 3/2/2013 8:24:21 AM - Installed AVG 2013
    RP419: 3/2/2013 8:24:59 AM - Installed AVG 2013
    .
    ==== Installed Programs ======================
    .
    µTorrent
    64 Bit HP CIO Components Installer
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Shockwave Player 11.6
    Age of Empires Online
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Media Foundation Decoders
    Apple Application Support
    Apple Mobile Device Support
    ATI AVIVO64 Codecs
    AVG 2013
    BlueStacks App Player
    Bonjour
    Call of Duty(R) 2
    ccc-utility64
    CCleaner
    Company of Heroes
    Compatibility Pack for the 2007 Office system
    Counter-Strike
    Creative Live! Cam Video IM/Video Chat (VF0540) (1.01.03.00)
    D3DX10
    dBpoweramp DSP Effects
    dBpoweramp Music Converter
    Dell Dock
    DFX
    Dropbox
    DW WLAN Card Utility
    Foxit Reader
    GameXN GO
    Google Earth
    Google Talk Plugin
    Google Update Helper
    Grand Theft Auto: Episodes From Liberty City
    GTA San Andreas
    Hotspot Shield 2.78
    HP Customer Participation Program 13.0
    HP Deskjet 1050 J410 series Basic Device Software
    HP Deskjet F2200 All-In-One Driver Software 13.0 Rel. 3
    HP Imaging Device Functions 13.0
    HP Photosmart Essential 3.5
    HP Smart Web Printing 4.51
    HP Solution Center 13.0
    Intel(R) Turbo Boost Technology Monitor
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 18 (64-bit)
    Java(TM) 6 Update 20 (64-bit)
    Java(TM) 6 Update 37
    Junk Mail filter update
    Lyrics Plugin for Windows Media Player
    Malwarebytes Anti-Malware version 1.70.0.1100
    Maryfi - English
    MBlaze UI
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Flight Simulator 2004 A Century of Flight
    Microsoft Office Enterprise 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SkyDrive
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Train Simulator
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86_x64
    MiniLyrics
    MP3 Cutter 1.1.1
    MSVC90_x64
    MSVCRT
    MSVCRT_amd64
    NetWorx 5.2.7
    Notification Center
    Picasa 3
    Portal
    Quickset64
    Railworks 3 Train Simulator 2012 Deluxe
    Revo Uninstaller Pro 2.5.8
    SAMSUNG Mobile Composite Device Software
    SAMSUNG Mobile Modem Driver Set
    Samsung Mobile phone USB driver Drive Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Similarity 1.7.1
    Skype™ 5.10
    Steam
    swMSM
    Synaptics Pointing Device Driver
    Team Fortress 2
    TuneUp 2.4.6.4
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Visual Studio 2010 x64 Redistributables
    Windows 7 Manager
    Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    Windows Mobile Device Updater Component
    YTD Video Downloader 3.9.6
    Zune
    Zune Language Pack (CHS)
    Zune Language Pack (CHT)
    Zune Language Pack (CSY)
    Zune Language Pack (DAN)
    Zune Language Pack (DEU)
    Zune Language Pack (ELL)
    Zune Language Pack (ESP)
    Zune Language Pack (FIN)
    Zune Language Pack (FRA)
    Zune Language Pack (HUN)
    Zune Language Pack (IND)
    Zune Language Pack (ITA)
    Zune Language Pack (JPN)
    Zune Language Pack (KOR)
    Zune Language Pack (MSL)
    Zune Language Pack (NLD)
    Zune Language Pack (NOR)
    Zune Language Pack (PLK)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)
    Zune Language Pack (RUS)
    Zune Language Pack (SVE)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/2/2013 7:56:12 AM, Error: Service Control Manager [7030] - The UDisk Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    3/2/2013 4:15:28 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
    3/2/2013 4:13:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: StarOpen
    3/2/2013 4:13:25 PM, Error: Service Control Manager [7001] - The BlueStacks Android Service service depends on the BlueStacks Hypervisor service which failed to start because of the following error: The system cannot find the file specified.
    3/2/2013 4:12:44 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    3/2/2013 4:12:43 PM, Error: Service Control Manager [7000] - The BlueStacks Hypervisor service failed to start due to the following error: The system cannot find the file specified.
    3/2/2013 4:12:33 PM, Error: Microsoft-Windows-IIS-APPHOSTSVC [9010] - The Application Host Helper Service encountered an error trying to access the root history directory 'C:\inetpub\history'. The directory either doesn't exist or the permissions on it don't allow the history service to access it. The config history feature is disabled for now and will be re-enabled after the issue is resolved. To resolve this issue, please ensure that the directory exists and that the Administrators group have read and write access to it. The data field contains the error number.
    3/2/2013 4:12:28 PM, Error: Service Control Manager [7023] - The Microsoft Antimalware Service service terminated with the following error: %%-2147024894
    3/2/2013 4:11:59 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    3/2/2013 11:05:55 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    3/1/2013 9:49:52 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
    3/1/2013 9:43:53 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {00024500-0000-0000-C000-000000000046}. The error: "2" Happened while starting this command: C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE /automation -Embedding
    3/1/2013 9:43:38 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {91493441-5A91-11CF-8700-00AA0060263B}. The error: "2" Happened while starting this command: C:\PROGRA~2\MIF5BA~1\Office12\POWERPNT.EXE /AUTOMATION -Embedding
    3/1/2013 9:41:59 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR5.
    3/1/2013 1:15:00 PM, Error: Microsoft Antimalware [2001] -
    3/1/2013 1:14:51 PM, Error: Service Control Manager [7023] - The BlueStacks Android Service service terminated with the following error: An exception occurred in the service when handling the control request.
    2/27/2013 7:03:58 PM, Error: Service Control Manager [7043] - The Microsoft Network Inspection service did not shut down properly after receiving a preshutdown control.
    2/25/2013 6:30:17 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
    .
    ==== End Of File ===========================
  7. Broni

    Broni Malware Annihilator Posts: 46,327   +252

    [​IMG] You're running two AV programs, AVG and MSE.
    You must uninstall one of them.
    If AVG use AVG Remover: http://www.avg.com/us-en/utilities

    [​IMG] Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  8. combatshadow

    combatshadow Newcomer, in training Topic Starter

    RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Kailash Gupta [Admin rights]
    Mode : Scan -- Date : 03/03/2013 08:20:28
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 12 ¤¤¤
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A} : NameServer (59.185.0.23,59.185.0.50) -> FOUND
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{D521C780-A06A-40A6-890D-B7175F24FBAC} : NameServer (10.228.65.113 116.202.225.33) -> FOUND
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A} : NameServer (59.185.0.23,59.185.0.50) -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 ereg.adobe.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 wip3.adobe.com
    127.0.0.1 3dns-3.adobe.com
    127.0.0.1 3dns-2.adobe.com
    127.0.0.1 adobe-dns.adobe.com
    127.0.0.1 adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com
    127.0.0.1 ereg.wip3.adobe.com
    127.0.0.1 activate-sea.adobe.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 activate-sjc0.adobe.com
    127.0.0.1 adobe.activate.com
    127.0.0.1 adobeereg.com
    127.0.0.1 www.adobeereg.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 125.252.224.90
    127.0.0.1 125.252.224.91
    [...]

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
    --- User ---
    [MBR] 17bedba583e3b59e01d7637893efedbb
    [BSP] 20d954291f46ce00319886466cb829f2 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 308238 Mo
    3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 662200320 | Size: 153599 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: Apple iPod USB Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[1]_S_03032013_02d0820.txt >>
    RKreport[1]_S_03032013_02d0820.txt
  9. combatshadow

    combatshadow Newcomer, in training Topic Starter

    RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Kailash Gupta [Admin rights]
    Mode : Remove -- Date : 03/03/2013 08:22:45
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 10 ¤¤¤
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A} : NameServer (59.185.0.23,59.185.0.50) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{D521C780-A06A-40A6-890D-B7175F24FBAC} : NameServer (10.228.65.113 116.202.225.33) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A} : NameServer (59.185.0.23,59.185.0.50) -> NOT REMOVED, USE DNSFIX
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 ereg.adobe.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 wip3.adobe.com
    127.0.0.1 3dns-3.adobe.com
    127.0.0.1 3dns-2.adobe.com
    127.0.0.1 adobe-dns.adobe.com
    127.0.0.1 adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com
    127.0.0.1 ereg.wip3.adobe.com
    127.0.0.1 activate-sea.adobe.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 activate-sjc0.adobe.com
    127.0.0.1 adobe.activate.com
    127.0.0.1 adobeereg.com
    127.0.0.1 www.adobeereg.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 125.252.224.90
    127.0.0.1 125.252.224.91
    [...]

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
    --- User ---
    [MBR] 17bedba583e3b59e01d7637893efedbb
    [BSP] 20d954291f46ce00319886466cb829f2 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 308238 Mo
    3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 662200320 | Size: 153599 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: Apple iPod USB Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[2]_D_03032013_02d0822.txt >>
    RKreport[1]_S_03032013_02d0820.txt ; RKreport[2]_D_03032013_02d0822.txt
  10. combatshadow

    combatshadow Newcomer, in training Topic Starter

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org
    Database version: v2013.03.03.01
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Kailash Gupta :: ANKIT-DELLLAPTO [administrator]
    3/3/2013 8:27:27 AM
    mbam-log-2013-03-03 (08-27-27).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 297377
    Time elapsed: 6 minute(s), 4 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  11. Broni

    Broni Malware Annihilator Posts: 46,327   +252

    I apologize for the delay.
    Email notification missed me somehow.

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  12. Broni

    Broni Malware Annihilator Posts: 46,327   +252

    Still with me?
  13. Broni

    Broni Malware Annihilator Posts: 46,327   +252

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.