TechSpot

After malware removal, no browsers will open

By amrosenthal
Jan 20, 2012
  1. Obviously, I didn't get it all clean.

    Previous to finding this site, I ran a scan with Malwarebytes as well as Avast. MB found 7 (I think) issues in a full scan, and Avast found 1. It cleaned up the computer enough that I could actually run the OS again, but not enough to make the browsers work. I uninstalled and reinstalled the browsers in case they had been corrupted, no dice. At this point, if I click on any browser (Firefox, Chrome, or IE) they all hang (spinning circle icon) and then deselect as though I never clicked them. On occasion, they will open for 1-2 seconds and then crash.

    I followed the steps in the 5 step program suggested here.

    Avast was clean. Malwarebytes came back clean. GMER was blank. DDS took about 20 minutes to run, but finally returned the logs.

    Thanks for your help!
    ___________________________________________

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.19.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Launi :: LAUNI-PC [administrator]

    1/20/2012 2:06:07 PM
    mbam-log-2012-01-20 (14-06-07).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 201925
    Time elapsed: 3 hour(s), 11 minute(s), 28 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    ______________________________________________

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Launi at 20:35:59 on 2012-01-20
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1726 [GMT -7:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: avast! antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: avast! antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\HP\QuickPlay\QPService.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
    uRun: [Google Update] "C:\Users\Launi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Akamai NetSession Interface] C:\Users\Launi\AppData\Local\Akamai\netsession_win.exe
    uRun: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /c
    mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
    mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    uPolicies-system: WallpaperStyle = 2
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    dPolicies-system: WallpaperStyle = 2
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{FF2CE3A8-D3E9-4656-9AF5-46380A95953A} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{FF2CE3A8-D3E9-4656-9AF5-46380A95953A}\16474777966696 : DhcpNameServer = 10.128.173.129 64.134.255.2 64.134.255.10
    TCP: Interfaces\{FF2CE3A8-D3E9-4656-9AF5-46380A95953A}\25F637566616D6 : DhcpNameServer = 192.168.2.1 68.87.85.102 68.87.69.150
    TCP: Interfaces\{FF2CE3A8-D3E9-4656-9AF5-46380A95953A}\4586563416E697F6E637 : DhcpNameServer = 192.168.2.20
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
    mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Launi\AppData\Roaming\Mozilla\Firefox\Profiles\b2zb9hca.default\
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
    FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\Launi\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-1-19 44768]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
    R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
    R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-17 227896]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
    S3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw1v64.sys --> C:\Windows\system32\DRIVERS\NETw1v64.sys [?]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-01-21 03:35:34 -------- d-s---w- C:\ComboFix
    2012-01-20 21:05:07 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9D0A95F9-3FA4-4286-A4D9-53D9F1EF3640}\offreg.dll
    2012-01-20 02:53:17 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-01-20 02:52:21 41184 ----a-w- C:\Windows\avastSS.scr
    2012-01-19 06:47:58 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9D0A95F9-3FA4-4286-A4D9-53D9F1EF3640}\mpengine.dll
    2012-01-19 06:46:57 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-01-19 06:46:57 1572864 ----a-w- C:\Windows\System32\quartz.dll
    2012-01-19 06:46:57 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
    2012-01-19 06:46:56 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-01-19 06:46:52 1731920 ----a-w- C:\Windows\System32\ntdll.dll
    2012-01-19 06:46:52 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2012-01-19 06:46:37 77312 ----a-w- C:\Windows\System32\packager.dll
    2012-01-19 06:46:37 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2012-01-03 16:22:01 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2012-01-03 16:22:01 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2011-12-24 19:04:52 11776 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
    2011-12-24 19:04:30 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
    2011-12-24 19:04:20 150696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
    2011-12-24 19:04:10 108544 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
    .
    ==================== Find3M ====================
    .
    2012-01-19 18:00:30 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
    2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
    2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    .
    ============= FINISH: 20:44:33.01 ===============
     
  2. amrosenthal

    amrosenthal TS Rookie Topic Starter Posts: 25

    Part 2: DDS Attach Log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/19/2009 1:44:26 PM
    System Uptime: 1/20/2012 4:25:01 PM (4 hours ago)
    .
    Motherboard: Wistron | | 3612
    Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | CPU | 2100/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 286 GiB total, 139.233 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 2.002 GiB free.
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP349: 1/19/2012 3:00:11 AM - Windows Update
    RP350: 1/19/2012 9:42:13 AM - Installed Java(TM) 6 Update 30
    RP351: 1/19/2012 10:59:03 AM - Removed Java(TM) 6 Update 30
    RP352: 1/19/2012 11:00:10 AM - Installed Java(TM) 6 Update 30
    RP353: 1/19/2012 11:01:13 AM - Removed Cisco NAC Agent .
    RP354: 1/19/2012 7:51:52 PM - avast! Free Antivirus Setup
    RP355: 1/20/2012 7:42:00 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acrobat.com
    Activate Norton Online Backup
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Photoshop Elements 8.0
    Adobe Photoshop.com Inspiration Browser
    Adobe Reader 9.5.0 MUI
    Apple Application Support
    Apple Software Update
    avast! Free Antivirus
    Bing Bar
    Canon IJ Network Scan Utility
    Canon IJ Network Tool
    Canon MP Navigator EX 3.0
    Canon MP560 series User Registration
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite
    CyberLink YouCam
    Google Chrome
    Hewlett-Packard ACLM.NET v1.1.1.0
    HP Advisor
    HP Customer Experience Enhancements
    HP DVD Play 3.7
    HP Quick Launch Buttons
    HP Setup
    HP Support Assistant
    HP Update
    HP User Guides 0156
    HP Wireless Assistant
    Java(TM) 6 Update 30
    Junk Mail filter update
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.60.0.1800
    Microsoft Choice Guard
    Microsoft Live Search Toolbar
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox 9.0.1 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    PowerRecover
    QLBCASL
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek USB 2.0 Card Reader
    RealUpgrade 1.1
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype™ 4.2
    SmartWebPrinting
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Ventrilo Client
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Yahoo! Detect
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/20/2012 7:45:29 AM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 3 time(s).
    1/20/2012 5:29:51 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 74 time(s).
    1/20/2012 5:19:18 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 73 time(s).
    1/20/2012 5:16:49 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 72 time(s).
    1/20/2012 5:14:12 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 71 time(s).
    1/20/2012 5:09:52 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 70 time(s).
    1/20/2012 5:07:16 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 69 time(s).
    1/20/2012 5:04:42 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 68 time(s).
    1/20/2012 5:02:06 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 67 time(s).
    1/20/2012 4:59:26 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 66 time(s).
    1/20/2012 4:56:16 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 65 time(s).
    1/20/2012 4:53:44 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 64 time(s).
    1/20/2012 4:51:08 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 63 time(s).
    1/20/2012 4:48:35 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 62 time(s).
    1/20/2012 4:46:00 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 61 time(s).
    1/20/2012 4:41:44 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 60 time(s).
    1/20/2012 4:39:19 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 59 time(s).
    1/20/2012 4:36:22 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 58 time(s).
    1/20/2012 4:33:48 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 57 time(s).
    1/20/2012 4:31:14 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 56 time(s).
    1/20/2012 4:28:01 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 55 time(s).
    1/20/2012 4:25:27 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 54 time(s).
    1/20/2012 4:22:54 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 53 time(s).
    1/20/2012 4:20:20 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 52 time(s).
    1/20/2012 4:17:46 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 51 time(s).
    1/20/2012 4:12:44 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 50 time(s).
    1/20/2012 4:10:08 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 49 time(s).
    1/20/2012 4:07:33 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 48 time(s).
    1/20/2012 4:05:02 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 47 time(s).
    1/20/2012 4:02:29 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 46 time(s).
    1/20/2012 4:00:04 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 45 time(s).
    1/20/2012 3:57:30 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 44 time(s).
    1/20/2012 3:54:57 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 43 time(s).
    1/20/2012 3:52:00 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 42 time(s).
    1/20/2012 3:49:27 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 41 time(s).
    1/20/2012 3:46:52 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 40 time(s).
    1/20/2012 3:43:37 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 39 time(s).
    1/20/2012 3:41:03 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 38 time(s).
    1/20/2012 3:38:29 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 37 time(s).
    1/20/2012 3:35:46 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 36 time(s).
    1/20/2012 3:33:22 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 35 time(s).
    1/20/2012 3:30:50 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 34 time(s).
    1/20/2012 3:27:54 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 33 time(s).
    1/20/2012 3:25:20 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 32 time(s).
    1/20/2012 3:22:48 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 31 time(s).
    1/20/2012 3:19:50 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 30 time(s).
    1/20/2012 3:17:16 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 29 time(s).
    1/20/2012 3:15:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    1/20/2012 3:14:45 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 28 time(s).
    1/20/2012 3:11:34 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 27 time(s).
    1/20/2012 3:09:22 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 26 time(s).
    1/20/2012 3:06:30 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 25 time(s).
    1/20/2012 3:03:34 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 24 time(s).
    1/20/2012 3:01:02 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 23 time(s).
    1/20/2012 2:58:28 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 22 time(s).
    1/20/2012 2:56:10 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 21 time(s).
    1/20/2012 2:53:40 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 20 time(s).
    1/20/2012 2:51:04 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 19 time(s).
    1/20/2012 2:48:50 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 18 time(s).
    1/20/2012 2:46:16 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 17 time(s).
    1/20/2012 2:43:45 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 16 time(s).
    1/20/2012 2:40:59 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 15 time(s).
    1/20/2012 2:38:32 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 14 time(s).
    1/20/2012 2:35:27 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 13 time(s).
    1/20/2012 2:33:02 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 12 time(s).
    1/20/2012 2:30:28 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 11 time(s).
    1/20/2012 2:27:16 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 10 time(s).
    1/20/2012 2:24:46 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 9 time(s).
    1/20/2012 2:22:12 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 8 time(s).
    1/20/2012 2:19:49 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 7 time(s).
    1/20/2012 2:16:34 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 6 time(s).
    1/20/2012 2:14:08 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 5 time(s).
    1/20/2012 2:11:29 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 4 time(s).
    1/20/2012 2:09:12 PM, Error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 3 time(s).
    1/20/2012 2:09:12 PM, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 3 time(s).
    1/20/2012 2:09:12 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 3 time(s).
    1/20/2012 2:06:42 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 2 time(s).
    1/20/2012 2:06:42 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/20/2012 2:06:42 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    1/20/2012 2:06:42 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    1/20/2012 2:06:01 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
    1/20/2012 2:05:01 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Cryptographic Services service, but this action failed with the following error: An instance of the service is already running.
    1/20/2012 2:04:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.
    1/20/2012 2:04:50 PM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/20/2012 2:04:01 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/20/2012 2:04:01 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    1/20/2012 2:04:01 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/20/2012 2:04:01 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/20/2012 1:59:54 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    1/20/2012 1:44:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/20/2012 1:44:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    1/20/2012 1:44:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    1/20/2012 1:44:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    1/20/2012 1:44:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/20/2012 1:44:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    1/20/2012 1:44:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    1/20/2012 1:44:26 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/20/2012 1:44:26 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/20/2012 1:44:26 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    1/20/2012 1:44:26 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/20/2012 1:44:26 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/20/2012 1:44:26 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    1/20/2012 1:44:26 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/20/2012 1:44:26 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/20/2012 1:44:26 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/20/2012 1:44:26 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/20/2012 1:42:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
    1/19/2012 8:00:32 PM, Error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.
    1/19/2012 2:30:02 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    1/19/2012 12:49:21 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/19/2012 12:49:21 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/19/2012 12:49:21 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/19/2012 12:49:21 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    1/19/2012 12:49:02 AM, Error: Service Control Manager [7031] - The Telephony service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/19/2012 12:48:41 AM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/19/2012 12:48:28 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    1/19/2012 12:47:47 AM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
    1/19/2012 12:47:47 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/19/2012 12:47:47 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/19/2012 12:47:47 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/19/2012 12:47:47 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/19/2012 12:47:47 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/19/2012 12:47:47 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    1/19/2012 12:47:47 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/19/2012 12:47:47 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/19/2012 11:21:30 AM, Error: Service Control Manager [7034] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s).
    1/18/2012 9:17:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    1/18/2012 9:17:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    1/18/2012 9:14:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    1/17/2012 11:31:29 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    .
    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  4. amrosenthal

    amrosenthal TS Rookie Topic Starter Posts: 25

    Thank you for your willingness to help, I sincerely appreciate it.

    aswMBR log:

    aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-20 22:12:38
    -----------------------------
    22:12:38.461 OS Version: Windows x64 6.1.7601 Service Pack 1
    22:12:38.461 Number of processors: 2 586 0x170A
    22:12:38.461 ComputerName: LAUNI-PC UserName: Launi
    22:12:39.881 Initialize success
    22:12:40.723 AVAST engine defs: 12012001
    22:12:54.217 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    22:12:54.233 Disk 0 Vendor: TOSHIBA_MK3263GSX FG020C Size: 305245MB BusType: 11
    22:12:54.280 Disk 0 MBR read successfully
    22:12:54.295 Disk 0 MBR scan
    22:12:54.779 Disk 0 unknown MBR code
    22:12:54.795 Disk 0 MBR hidden
    22:12:54.810 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 199 MB offset 2048
    22:12:55.419 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292890 MB offset 409600
    22:12:55.497 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12154 MB offset 600248320
    22:12:55.543 Disk 0 Partition 4 80 (A) 17 Hidd HPFS/NTFS NTFS 1 MB offset 625139712
    22:12:55.715 Disk 0 Partition 4 **INFECTED** MBR:Alureon-K [Rtk]
    22:12:55.731 Service scanning
    22:12:57.166 Modules scanning
    22:12:57.681 Disk 0 trace - called modules:
    22:12:57.727 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8003390334]<<
    22:12:57.727 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003374060]
    22:12:57.743 3 CLASSPNP.SYS[fffff880011a843f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002dee1f0]
    22:12:57.743 \Driver\atapi[0xfffffa8002dad060] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8003390334
    22:12:58.507 AVAST engine scan C:\Windows
    22:13:03.999 AVAST engine scan C:\Windows\system32
    22:15:00.593 AVAST engine scan C:\Windows\system32\drivers
    22:15:13.027 AVAST engine scan C:\Users\Launi
    23:21:14.061 AVAST engine scan C:\ProgramData
    23:29:11.328 Scan finished successfully
    23:54:30.407 Disk 0 MBR has been saved successfully to "C:\Users\Launi\Desktop\MBR.dat"
    23:54:30.407 The log file has been saved successfully to "C:\Users\Launi\Desktop\aswMBR.txt"

    ____________________________________

    BootKit Log:

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c800000

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
     
  5. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Please download and run ListParts by Farbar (for 32-bit system)

    Please download and run ListParts64 by Farbar (for 64-bit system)

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
     
  6. amrosenthal

    amrosenthal TS Rookie Topic Starter Posts: 25

    Quick question: I am using a jump drive to download the programs you're asking me to, and then installing them on the infected computer, saving the logs to the jump drive and taking them to my "clean" computer to post here. Should I be concerned about making my clean computer sick by doing this? The sick computer is my mom's laptop. Should I check the other computers on her home network, or is this an isolated thing? If I should check them, how do you suggest I go about doing that?

    Here's the Listparts Log:
    ______________________________

    ListParts by Farbar
    Ran by Launi on 21-01-2012 at 12:03:33
    Windows 7 (X64)
    Running From: C:\Users\Launi\Desktop
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 54%
    Total physical RAM: 3003.19 MB
    Available physical RAM: 1365.11 MB
    Total Pagefile: 6004.58 MB
    Available Pagefile: 4296.14 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:286.03 GB) (Free:139.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (RECOVERY) (Fixed) (Total:11.87 GB) (Free:2 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 286 GB 200 MB
    Partition 3 Primary 11 GB 286 GB
    Partition 4 Primary 1360 KB 298 GB

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 SYSTEM NTFS Partition 199 MB Healthy System (partition with boot components)

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 286 GB Healthy Boot

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D RECOVERY NTFS Partition 11 GB Healthy

    Disk: 0
    Partition 4
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: Yes

    There is no volume associated with this partition.



    ****** End Of Log ******
     
  7. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Install Panda USB Vaccine, or BitDefender’s USB Immunizer on your computer to protect it from any infected USB device.

    =============================================================

    We have the newest TDL rootkit there.

    Download GETxPUD.exe to the desktop of your clean computer

    • Double click on GETxPUD.exe
    • A new folder will appear on the desktop.
    • Open the GETxPUD folder and click on the get&burn.bat
    • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
    • Insert blank CD into your CD drive.
    • Click on Start and follow the prompts to burn the image to a CD.
    • Boot bad computer from the CD
    • Press Tool at the top
    • Choose Open Terminal
    • Type parted /dev/sda set 1 boot on
    • Press Enter
    • Type parted /dev/sda rm 4
    • Press Enter
    • Remove xPUD CD, reboot, run aswMBR and post the log
     
  8. amrosenthal

    amrosenthal TS Rookie Topic Starter Posts: 25

    I downloaded, burned to CD and installed as you requested. I booted from CD on the dirty computer, and went to tools>open terminal. Upon typing the commands you specified, both returned with:

    sh: parted/dev/sda: No such file or directory

    Is this correct? Shall I continue as directed?
     
  9. amrosenthal

    amrosenthal TS Rookie Topic Starter Posts: 25

    Nevermind, I figured out that I didn't put the space in. I ran it with the spaces. Windows wouldn't start up without doing a "startup repair". It requested a system restore. I canceled. The "Startup Repair" Module continued to "Attempt repairs" and would not let me cancel the operation.

    [​IMG]

    As of the time of this posting, the computer is still "attempting repairs".
     
  10. amrosenthal

    amrosenthal TS Rookie Topic Starter Posts: 25

    Attempted repair timed out and sent me to the HP recovery manager.
     
  11. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Please Boot to the System Recovery Options
    If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
    It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...
    NOTE. If none of the above apply you can create System Repair Disc (link in "Option two") and boot from it.

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt

    Choose Command Prompt
    You should see X:\SOURCES>...

    Type:
    DISKPART
    Press Enter.

    Type:
    LIST DISK
    Press Enter.

    Let me know what exactly you see there.
     
  12. amrosenthal

    amrosenthal TS Rookie Topic Starter Posts: 25

    Microsoft Windows [Version 6.1.7600]

    X:\windows\system32>DISKPART

    Microsoft DiskPart version 6.1.7600
    Copyright (C) 1999-2008 Microsoft Corporation.
    On computer: MININT-4GU1FRQ

    DISKPART> LIST DISK

    Disk ### Status Size Free Dyn Gpt
    _______ __________ _____ ____ ____ ______
    Disk 0 Online 298 GB 0B

    DISKPART>
     
  13. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Does disk 0 has a "*" next to it?
     
  14. amrosenthal

    amrosenthal TS Rookie Topic Starter Posts: 25

    No it does not.
     
  15. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    OK.
    Type:
    SELECT DISK 0 (<---- that's "zero" not capital O)
    Press Enter.

    Type:
    LIST DISK
    Press Enter.
    Does "Disk 0" have a "*" next to it now?
     
  16. amrosenthal

    amrosenthal TS Rookie Topic Starter Posts: 25

    Why, yes, it does! :) Everything else remains the same.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Very well.

    Type:
    LIST PARTITION
    Press Enter.

    Let me know what exactly is listed and if you see and where a "*" next to any partition.
     
  18. amrosenthal

    amrosenthal TS Rookie Topic Starter Posts: 25

    Partition ### Type Size Offset
    ----------------------------------------------------------------------------------------------------------------------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 286 GB 200 MB
    Partition 3 Primary 11 GB 286 GB
    Partition 4 Primary 1360 KB 298 GB

    DISKPART>
     
  19. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Type:
    SELECT PARTITION 1
    Press Enter.

    Type:
    LIST PARTITION
    Press Enter.

    Do you see a "*" next to "Partition 1"?
     
  20. amrosenthal

    amrosenthal TS Rookie Topic Starter Posts: 25

    Yes, there is now a star next to Partition 1
     
  21. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Type:
    EXIT
    Press Enter.

    Try to start computer normally.
     
  22. amrosenthal

    amrosenthal TS Rookie Topic Starter Posts: 25

    Restarted computer, it began to load windows and then returned to the "Windows Recovery Module" and went immediately to "Startup Repair". I canceled the auto repair startup until I receive further direction from you.
     
  23. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Repeat steps from my reply #11 but this time when you get to...

    X:\SOURCES>...

    Execute the following commands in bold.
    Press Enter after every one of them.

    bootrec /fixmbr (<--- there is a "space" after "bootrec")

    bootrec /fixboot (<--- there is a "space" after "bootrec")

    exit

    Restart computer.
     
  24. amrosenthal

    amrosenthal TS Rookie Topic Starter Posts: 25

    Both commands "completed successfully".

    I restarted the computer, it wanted to do the startup repair again. "Your computer was unable to start. Startup repair is checking your system for problems..."
     
  25. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Did you try to boot to safe mode?

    If same issue....

    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...