TechSpot

(new TDL4) Keylogged & IE with a mind of its own

Inactive
By Brutal Black
Nov 23, 2011
  1. Hello! New here, but I've been doing a lot of research since an incident corrupted my computers soul a few nights ago, and this is the best place to be from my understanding, so hopefully you guys can help me.

    I managed to pick up a keylogger at some point a few nights back, I made the mistake of falling asleep watching Hulu and had the horror of awakening to see a kyelogger attempting to send private information across servers. it was posing as an anti virus program and was completely in control of the PC. I had lost complete access to my C drive. It literally shut down on me a few times when I would try to do simple actions to combat it. Then I found that it would instantly shut down task manager, forcing me to rename the TM and close as much of it as I could just to perform a restore. After much deliberation I decided it was best to just restore to an early point.

    This did me justice but of course left traces of the virus throughout my computer. I ran AVG 2012 free edition and cleaned up quite a bit, I didn't have this log saved because I hadn't discovered you guys yet, every scan I run at this point in that program comes up clean (I've ran several others return clean results as well). However I'm 100% certain my computer is infected. I'm often redirected at google links, even to this page. My homepage changes itself. Internet explorer opens itself trying to get me to download things every 10-20mins. Sometimes its an itunes file, other times its a torrent, but almost always I'm offered random software that appears malicious. This didn't happen before the keylogging incident.

    I've taken the liberty of reading some of your guide lines and took the steps to get the logs you guys require to give me a hand. It's greatly appreciated in advance. You guys are life savers, no ocean involved.

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8211

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    11/22/2011 8:10:32 PM
    mbam-log-2011-11-22 (20-10-32).txt

    Scan type: Full scan (C:\|Q:\|)
    Objects scanned: 585752
    Time elapsed: 1 hour(s), 34 minute(s), 13 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ------------------------------------------------------

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-23 13:21:10
    Windows 6.1.7600
    Running: u6gx0ld6.exe; Driver: C:\Users\gamers\AppData\Local\Temp\uftiraob.sys


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAA 0x57 0xCF 0x1A ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x03 0x9E 0xA5 0x4D ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x75 0x0E 0x83 0x86 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x49 0x1A 0xC1 0xC4 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x03 0x9E 0xA5 0x4D ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x75 0x0E 0x83 0x86 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{909FCFE5-19B5-D007-74EB-19EE542DABFF}\mdbc@ boPD
    Reg HKLM\SOFTWARE\Classes\CLSID\{909FCFE5-19B5-D007-74EB-19EE542DABFF}\TkCHktsPaogS@ LiMujQd`GzRQ\x[qnmj}FZAAhiuqgRf
    Reg HKLM\SOFTWARE\Classes\CLSID\{909FCFE5-19B5-D007-74EB-19EE542DABFF}\TvaOBoztEgaf@ EziuyyUF?|fceslI]DXVPvzLIAaMMt

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\$NtUninstallKB49674$\1756167456 0 bytes
    File C:\Windows\$NtUninstallKB49674$\1896461059 0 bytes
    File C:\Windows\$NtUninstallKB49674$\1896461059\L 0 bytes
    File C:\Windows\$NtUninstallKB49674$\1896461059\U 0 bytes

    ---- EOF - GMER 1.0.15 ----

    --------------------------------------------------
     
  2. Brutal Black

    Brutal Black TS Rookie Topic Starter Posts: 75

    Continuation in order to add both DDS logs

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
    Run by gamers at 13:24:03 on 2011-11-23
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3072.1480 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
    C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\MediaMall\PlayOn.exe
    C:\Windows\system32\UI0Detect.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\AVG\AVG PC Tuneup 2011\boostspeed.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\AVG\AVG2012\avgui.exe
    C:\Program Files\AVG\AVG2012\avgcfgex.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    mURLSearchHooks: H - No File
    BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - MediaBar
    BHO: Updater For Comcast Toolbar 3.5: {164d3751-cac6-4a6d-becd-ea67df61d232} - c:\program files\comcasttb\auxi\comcastAu.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program files\somototoolbar\vmntemplateX.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - UrlHelper Class
    BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} -
    TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
    TB: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program files\somototoolbar\vmntemplateX.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [Steam] "c:\program files\steam\steam.exe" -silent
    uRun: [EADM] "c:\program files\electronic arts\eadm\EADMUI.exe"
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [PlayOn] c:\program files\mediamall\PlayOn.exe
    mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0401.0\mswinext.exe"
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Recordpad] "c:\program files\nch swift sound\recordpad\recordpad.exe" -logon
    mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA"&"inst=NwA3AC0AMQAwADYANwA5ADUANQA2ADUANAAtAEQARABUACsAMAAtAFgATwA5ACsAMQAtAEYATAArADkALQBTAFQAOQAwAEYAQQBQAFAAKwAxAA"&"prod=90"&"ver=9.0.914
    StartupFolder: c:\users\gamers\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{4D2B2A96-6A10-48DA-8ED6-BD39C7B2FA12} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{8FA21C40-577B-4FC9-AE95-8CA970995B71} : DhcpNameServer = 192.168.1.1 68.87.74.166 68.87.68.166
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    Hosts: 74.208.10.249 gs.apple.com
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\gamers\appdata\roaming\mozilla\firefox\profiles\jxpiwbqm.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z133&install_date=20111123
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z133&form=ZGAADF&install_date=20111123&q=
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components\WCFirefoxExtn.dll
    FF - component: c:\users\gamers\appdata\roaming\mozilla\firefox\profiles\jxpiwbqm.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
    FF - component: c:\users\gamers\appdata\roaming\mozilla\firefox\profiles\jxpiwbqm.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\users\gamers\appdata\roaming\mozilla\firefox\profiles\jxpiwbqm.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
    FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\users\gamers\appdata\roaming\mozilla\firefox\profiles\jxpiwbqm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2009-7-13 4608]
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-15 1361288]
    R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-12-2 483688]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2009-12-2 550760]
    R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2009-12-2 195944]
    R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-12-2 21864]
    R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2009-12-2 19304]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-12-2 209768]
    R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [2011-3-30 49240]
    R3 uftiraob;uftiraob;c:\users\gamers\appdata\local\temp\uftiraob.sys [2011-11-23 100864]
    R3 WRfiltv;WRfiltv;c:\windows\system32\drivers\WRfiltv.sys [2009-7-31 17920]
    RUnknown 0478876drv;0478876drv; [x]
    RUnknown 62528263;62528263; [x]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-9 135664]
    S2 MediaMall Server;MediaMall Server;c:\program files\mediamall\MediaMallServer.exe [2011-4-21 4208496]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\bitcomet\tools\bitcometservice.exe -service --> c:\program files\bitcomet\tools\BitCometService.exe -service [?]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2011-3-29 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-3-29 79360]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-9 135664]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347136]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-1 1343400]
    .
    =============== Created Last 30 ================
    .
    2011-11-23 18:22:40 -------- d-----w- c:\windows\system32\wbem\Logs
    2011-11-23 17:11:23 -------- d-----w- c:\program files\somototoolbar
    2011-11-23 17:10:39 -------- d-----w- c:\program files\DealBulldog Toolbar
    2011-11-23 17:10:34 -------- d-----w- c:\program files\Temp File Cleaner
    2011-11-23 12:29:12 -------- d-----w- c:\users\gamers\appdata\roaming\AVG
    2011-11-23 11:45:53 -------- d-----w- c:\programdata\Kaspersky Lab
    2011-11-23 11:42:50 -------- d-----w- c:\users\gamers\appdata\roaming\QuickScan
    2011-11-23 11:39:35 -------- d-----w- c:\programdata\boost_interprocess
    2011-11-23 11:02:49 388096 ----a-r- c:\users\gamers\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-11-23 11:02:48 -------- d-----w- c:\program files\Trend Micro
    2011-11-21 22:57:13 -------- d-----w- c:\users\gamers\appdata\roaming\Malwarebytes
    2011-11-21 22:56:58 -------- d-----w- c:\programdata\Malwarebytes
    2011-11-21 22:56:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-20 14:17:40 -------- d--h--w- C:\$AVG
    2011-11-20 13:42:19 -------- d-----w- c:\users\gamers\appdata\roaming\AVG2012
    2011-11-20 13:40:54 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-11-20 13:40:54 -------- d-----w- c:\programdata\AVG2012
    2011-11-20 13:37:55 -------- d-----w- c:\programdata\MFAData
    2011-11-20 13:18:05 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
    2011-11-19 11:16:58 -------- d--h--w- c:\programdata\Common Files
    2011-11-19 11:13:01 -------- d-----w- c:\program files\AVG
    2011-11-19 10:33:25 -------- d-----w- c:\programdata\AVAST Software
    2011-11-19 10:33:25 -------- d-----w- c:\program files\AVAST Software
    2011-11-19 09:17:48 -------- d-----w- c:\users\gamers\appdata\roaming\jFF44pmG5sQJdE8
    2011-11-19 08:59:30 -------- d-----w- c:\users\gamers\appdata\roaming\tppmmG55aJ6KfLh
    2011-11-19 08:10:43 -------- d-----w- c:\users\gamers\appdata\roaming\B424F
    2011-11-19 08:10:42 -------- d-----w- c:\program files\LP
    2011-11-19 08:10:41 -------- d-----w- c:\users\gamers\appdata\roaming\FiiibFF3pnGa
    2011-11-19 08:10:38 -------- d-----w- c:\users\gamers\appdata\roaming\wcccS11ivD
    2011-11-19 08:10:37 -------- d-----w- c:\users\gamers\appdata\roaming\kttxxP0uuS1
    2011-11-16 18:20:35 -------- d-----w- c:\users\gamers\appdata\local\Black_Tree_Gaming
    2011-11-16 18:20:33 -------- d-----w- c:\program files\Nexus Mod Manager
    2011-11-10 21:16:23 -------- d--h--w- c:\users\gamers\appdata\local\Skyrim
    2011-11-10 20:50:21 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim
    2011-11-10 20:45:43 -------- d-----w- C:\Elder Scrolls
    .
    ==================== Find3M ====================
    .
    2011-10-07 11:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2011-10-04 11:21:28 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
    2011-09-13 11:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2011-03-28 16:21:54 1187840 ----a-w- c:\program files\Hook.dll
    2008-09-06 21:00:38 224256 ----a-w- c:\program files\launcher_gui.exe
    2008-01-29 14:29:22 385536 ----a-w- c:\program files\launcher.exe
    .
    ============= FINISH: 13:30:54.04 ===============
     
  3. Brutal Black

    Brutal Black TS Rookie Topic Starter Posts: 75

    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/3/2010 5:07:20 PM
    System Uptime: 11/23/2011 6:28:03 AM (7 hours ago)
    .
    Motherboard: alienware | | alienware
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ | Socket M2 | 2400/201mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 78.209 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Null
    Device ID: ROOT\LEGACY_NULL\0000
    Manufacturer:
    Name: Null
    PNP Device ID: ROOT\LEGACY_NULL\0000
    Service: Null
    .
    ==== System Restore Points ===================
    .
    RP214: 11/23/2011 9:32:30 AM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    "Nero SoundTrax Help
    7-Zip 9.20
    Activation (Nero 9)
    Adobe Acrobat X Pro - English, Français, Deutsch
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Advertising Center
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Astroburn Lite
    AVG 2012
    AVG PC Tuneup 2011
    BitComet 1.29
    Blood Omen 2
    Blu-ray Disc Authoring Plug-in
    Bonjour
    CA Pest Patrol Realtime Protection
    Cisco Connect
    CloneDVD2
    Comcast Desktop Software (v1.2.0.9)
    Comcast Toolbar 3.5
    Creative System Information
    Crysis® 2
    Curse Client
    DAEMON Tools Toolbar
    Dead Island
    DealBulldog Toolbar
    Desktop Doctor
    Deus Ex - Human Revolution version 1.0
    DolbyFiles
    Dragon Age II
    Dragon Age Redesigned©
    Dragon Age: Origins
    DTS Plug-in
    EA Download Manager
    Eusing Free Registry Cleaner
    Fallout 3 - The Garden of Eden Creation Kit
    Fallout Mod Manager 0.13.21
    FINAL FANTASY XI
    FINAL FANTASY XI: Chains of Promathia
    FINAL FANTASY XI: Rise of the Zilart
    FINAL FANTASY XI: Treasures of Aht Urhgan
    FINAL FANTASY XI: Wings of the Goddess
    FINAL FANTASY XIV
    FrostWire 5.0.8
    FXAA Post-Process Injector
    Gears of War
    Google Toolbar for Internet Explorer
    Google Update Helper
    Gracenote Plug-in
    HiJackThis
    ImagXpress
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 24
    LightScribe System Software 1.14.17.1
    LogMeIn Hamachi
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Menu Templates - Starter Kit
    Microsoft Default Manager
    Microsoft DirectX SDK (June 2010)
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft UI Engine
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Midnight Club 2
    Movie Templates - Starter Kit
    Mozilla Firefox 8.0 (x86 en-US)
    MSN Toolbar
    MSN Toolbar Platform
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 9
    Nero BackItUp 4
    Nero BurningROM
    Nero BurnRights
    Nero ControlCenter
    Nero CoverDesigner
    Nero CoverDesigner Help
    Nero Disc Copy Gadget
    Nero Disc Copy Gadget Help
    Nero DiscSpeed
    Nero DriveSpeed
    Nero Express
    Nero InfoTool
    Nero Installer
    Nero Live
    Nero Live Help
    Nero MediaHome 4
    Nero Move it
    Nero PhotoSnap
    Nero PhotoSnap Help
    Nero Recode
    Nero Recode Help
    Nero Rescue Agent
    Nero RescueAgent Help
    Nero ShowTime
    Nero StartSmart
    Nero StartSmart Help
    Nero Vision
    Nero WaveEditor
    Nero WaveEditor Help
    NeroBurningROM
    NeroExpress
    neroxml
    Nexus Mod Manager
    NVIDIA PhysX
    One-click FLAC to MP3 Converter
    PlayOn
    PlayOnline Viewer & Tetra Master
    QuickTime
    RecordPad Sound Recorder
    RIFT
    SHIFT 2 UNLEASHED™
    Sound Blaster World of Warcraft Wireless Headset
    SoundTap Streaming Audio Recorder
    SoundTrax
    Steam
    Switch Sound File Converter
    Temp File Cleaner
    The Witcher 2
    The Witcher 2 Assassins of Kings version 1.0
    Ventrilo Client
    VLC media player 1.1.5
    WavePad Sound Editor
    Windows Live ID Sign-in Assistant
    WinZip 15.0
    World of Warcraft
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/23/2011 8:06:20 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    11/23/2011 7:25:37 AM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
    11/23/2011 6:40:28 AM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "0" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
    11/23/2011 6:34:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    11/23/2011 6:34:34 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/23/2011 6:34:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    11/23/2011 6:34:03 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    11/23/2011 6:34:03 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    11/23/2011 6:33:50 AM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
    11/23/2011 6:28:53 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASPI32 Null
    11/23/2011 6:10:51 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    11/23/2011 6:10:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    11/23/2011 6:10:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    11/23/2011 6:10:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    11/23/2011 6:10:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    11/23/2011 6:10:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/23/2011 6:10:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    11/23/2011 6:10:31 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ASPI32 Avgldx86 Avgmfx86 Avgtdix CSC DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Null Psched rdbss spldr sptd Tcpip tdx Wanarpv6 WfpLwf
    11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
    11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/23/2011 6:10:28 AM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
    11/23/2011 6:09:56 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    11/19/2011 9:20:55 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    11/19/2011 9:20:55 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/19/2011 6:02:49 AM, Error: Service Control Manager [7000] - The MPFP service failed to start due to the following error: This driver has been blocked from loading
    11/19/2011 6:02:18 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Network Agent service, but this action failed with the following error: An instance of the service is already running.
    11/19/2011 6:02:14 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Services service, but this action failed with the following error: An instance of the service is already running.
    11/19/2011 6:01:46 AM, Error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 4 time(s).
    11/19/2011 6:01:45 AM, Error: Service Control Manager [7030] - The Windows Update service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    11/19/2011 6:01:18 AM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/19/2011 6:01:14 AM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/19/2011 5:59:30 AM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
    11/19/2011 5:59:18 AM, Error: Service Control Manager [7034] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s).
    11/19/2011 5:59:00 AM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/19/2011 5:58:56 AM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/19/2011 5:54:34 AM, Error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 3 time(s).
    11/19/2011 5:53:33 AM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/19/2011 5:52:32 AM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/19/2011 5:50:17 AM, Error: Application Popup [875] - Driver Mpfp.sys has been blocked from loading.
    11/19/2011 5:05:26 AM, Error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 4 time(s).
    11/19/2011 5:05:26 AM, Error: Service Control Manager [7034] - The avast! Mail Scanner service terminated unexpectedly. It has done this 4 time(s).
    11/19/2011 5:05:26 AM, Error: Service Control Manager [7034] - The avast! Antivirus service terminated unexpectedly. It has done this 4 time(s).
    11/19/2011 5:01:43 AM, Error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 3 time(s).
    11/19/2011 5:01:43 AM, Error: Service Control Manager [7034] - The avast! Mail Scanner service terminated unexpectedly. It has done this 3 time(s).
    11/19/2011 5:01:43 AM, Error: Service Control Manager [7034] - The avast! Antivirus service terminated unexpectedly. It has done this 3 time(s).
    11/19/2011 5:01:32 AM, Error: Service Control Manager [7031] - The avast! Web Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    11/19/2011 5:01:32 AM, Error: Service Control Manager [7031] - The avast! Mail Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    11/19/2011 5:01:32 AM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    11/19/2011 5:01:21 AM, Error: Service Control Manager [7031] - The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    11/19/2011 5:01:21 AM, Error: Service Control Manager [7031] - The avast! Mail Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    11/19/2011 5:01:21 AM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    11/19/2011 4:46:59 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the avast! Antivirus service, but this action failed with the following error: An instance of the service is already running.
    11/19/2011 4:37:25 AM, Error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.
    11/19/2011 4:19:41 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    11/19/2011 4:18:37 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    11/19/2011 4:17:45 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
    11/19/2011 4:17:45 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
    11/19/2011 4:16:23 AM, Error: Service Control Manager [7038] - The Winmgmt service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    11/19/2011 4:16:23 AM, Error: Service Control Manager [7038] - The Themes service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    11/19/2011 4:16:23 AM, Error: Service Control Manager [7038] - The SENS service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    11/19/2011 4:16:23 AM, Error: Service Control Manager [7038] - The ProfSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    11/19/2011 4:16:23 AM, Error: Service Control Manager [7038] - The MMCSS service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    11/19/2011 4:16:23 AM, Error: Service Control Manager [7038] - The gpsvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    11/19/2011 4:16:23 AM, Error: Service Control Manager [7038] - The EapHost service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    11/19/2011 4:16:23 AM, Error: Service Control Manager [7001] - The TuneUp Theme Extension service depends on the Themes service which failed to start because of the following error: The service did not start due to a logon failure.
    11/19/2011 4:16:23 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not start due to a logon failure.
    11/19/2011 4:16:23 AM, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: The service did not start due to a logon failure.
    11/19/2011 4:16:23 AM, Error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not start due to a logon failure.
    11/19/2011 4:16:23 AM, Error: Service Control Manager [7000] - The System Event Notification Service service failed to start due to the following error: The service did not start due to a logon failure.
    11/19/2011 4:16:23 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not start due to a logon failure.
    11/19/2011 4:16:23 AM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The service did not start due to a logon failure.
    11/19/2011 4:16:23 AM, Error: Service Control Manager [7000] - The Extensible Authentication Protocol service failed to start due to the following error: The service did not start due to a logon failure.
    11/19/2011 4:16:01 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/19/2011 4:16:01 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/19/2011 4:16:01 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    11/19/2011 4:16:01 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/19/2011 4:15:58 AM, Error: Service Control Manager [7034] - The UPnP Device Host service terminated unexpectedly. It has done this 3 time(s).
    11/19/2011 4:15:58 AM, Error: Service Control Manager [7034] - The SSDP Discovery service terminated unexpectedly. It has done this 3 time(s).
    11/19/2011 4:15:58 AM, Error: Service Control Manager [7031] - The Windows Font Cache Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/19/2011 4:15:30 AM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147467243.
    11/19/2011 4:15:30 AM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80004015.
    11/19/2011 4:15:28 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
    11/19/2011 4:15:26 AM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
    11/19/2011 4:14:47 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: A system shutdown has already been scheduled.
    11/19/2011 4:14:47 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled.
    11/19/2011 4:14:47 AM, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    11/19/2011 4:14:47 AM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    11/19/2011 4:14:47 AM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The TuneUp Theme Extension service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/19/2011 4:14:18 AM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/19/2011 4:14:18 AM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    11/19/2011 4:14:18 AM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/19/2011 4:14:18 AM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/19/2011 4:14:14 AM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/19/2011 4:14:14 AM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/19/2011 4:14:09 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the SSDP Discovery service, but this action failed with the following error: An instance of the service is already running.
    11/19/2011 4:14:08 AM, Error: Service Control Manager [7031] - The UPnP Device Host service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    11/19/2011 4:14:08 AM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    11/19/2011 4:14:05 AM, Error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
    11/19/2011 4:14:03 AM, Error: Service Control Manager [7031] - The Windows Font Cache Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/19/2011 4:14:03 AM, Error: Service Control Manager [7031] - The UPnP Device Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    11/19/2011 4:14:03 AM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    11/19/2011 4:14:03 AM, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/19/2011 4:13:51 AM, Error: Service Control Manager [7031] - The Peer Networking Identity Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    11/19/2011 4:13:51 AM, Error: Service Control Manager [7031] - The Peer Networking Grouping service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    11/19/2011 4:13:51 AM, Error: Service Control Manager [7031] - The Peer Name Resolution Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    11/19/2011 12:31:59 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
    11/18/2011 4:08:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASPI32 aswSnx Null
    11/18/2011 3:53:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    11/18/2011 3:51:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ASPI32 aswRdr aswSnx aswSP aswTdi CSC DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Null Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
    11/18/2011 3:51:42 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    .
    ==== End Of File ===========================
     
  4. Brutal Black

    Brutal Black TS Rookie Topic Starter Posts: 75

    I apologize if I don't respond to your helping posts right away, my connection has been dropping all day, please, bear with me.
     
  5. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  6. Brutal Black

    Brutal Black TS Rookie Topic Starter Posts: 75

    Hi, thanks for the quick reply, and apologies for my late one.

    I've uninstalled AVG because it seemed to be a road block according to your post. I can't say I feel safer with the system completely unprotected. haha

    I can't seem to get aswMRB to run no matter what I do. I've uninstalled AVG as I said, I've tried to run it in safe mode to no avail. Running it as administrator does nothing. Combofix doesn't give me issues when opened, but I haven't run it because it's step 2, and I've yet to take step 1.

    Any suggesstions?
     
  7. Brutal Black

    Brutal Black TS Rookie Topic Starter Posts: 75

    I ran Rkill to see if it would enable me to run aswMBR (not in safemode) here was the log.

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 11/24/2011 at 14:44:56.
    Operating System: Windows 7 Ultimate


    Processes terminated by Rkill or while it was running:

    C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
    C:\Program Files\Java\jre6\bin\java.exe


    Rkill completed on 11/24/2011 at 14:46:21.

    However it still will not launch using administrator or otherwise.
     
  8. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    Instead of aswMBR....

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  9. Brutal Black

    Brutal Black TS Rookie Topic Starter Posts: 75

    Posting to ensure my topic stays open. I'm currently in the process of moving and won't have home internet until tomorrow. But I managed to get to a computer in order to post this for Broni.

    Thanks again for the help, I'll definitely try that new program tomorrow and keep you updated. Happy Thanksgiving!
     
  10. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    Same to you :)
     
  11. Brutal Black

    Brutal Black TS Rookie Topic Starter Posts: 75

    I got an error while running boot cleaner.

    ATA_PASS_THROUGH_DIRECT is not supported by your disk controller
    SCSI_PASS_THROUGH_DIRECT will be use for disk I/O

    Then asked me to press any key to quit.

    Any idea?
     
     
  12. Brutal Black

    Brutal Black TS Rookie Topic Starter Posts: 75

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Ultimate Edition (build 7600), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    ATA_Read(): DeviceIoControl() ERROR 1
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
  13. Brutal Black

    Brutal Black TS Rookie Topic Starter Posts: 75

    Last post was 12hrs ago, just bumping to make sure this is seen...

    Bump. :)

    Thanks again Broni & Co. you guys save lives, machine or otherwise!
     
  14. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    Looks good :)

    Go ahead with Combofix.
     
  15. Brutal Black

    Brutal Black TS Rookie Topic Starter Posts: 75

    I ran combofix, I tried first in safemode, it ran for a while and froze at some point, I couldn't lower the window and the atomic clock stopped counting but the text line in the window showed as if it were working, constantly blinking. Several hours later it hadn't moved.

    I ran it again in normal windows, it ran successfully up until the point where combofix creates a log (blue screen) also telling me to not run any other programs until combofix is finished.It stayed at this screen for 9hrs before I decided to shutdown the system manually.

    The problems persist, internet explorer is on a rampage anytime I am connected to the internet and is always running in processes, and reappears if ended.. I'll check back for your response every 4hrs, having no AV makes me cautious about this IE thing, who knows what it's doing.
     
  16. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    Did you try to run rKill first?
    Did you try to rename Combofix file to something else?
     
  17. Brutal Black

    Brutal Black TS Rookie Topic Starter Posts: 75

    I did definitely follow the second steps, sorry I did not mention that. I have one left to try that I intend to allow to run for at least several hours. I need to run both in safe mode, last time I had combofix in safe mode it didn't completely finish hours later, it may have needed rKill.

    I just ran both rKill then Combofix immediately after and got the same results as the first time. Hours of blue screen and no log ever produced to show for it.

    I will post back with the results of running both in safe mode.

    (Also I completely remove my ethernet cord when running Combofix, is this a nessacary step? I don't mind either way, thanks for the help!
     
  18. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    No.
     
  19. Brutal Black

    Brutal Black TS Rookie Topic Starter Posts: 75

    Ok, so I ran both programs in safe mode.

    Oddly when I start my computer in safe mode DDS seems to open itself and begin running, once this happens its impossible to close without shutting down completely. I restarted and ran rkill then combofix (renamed) immediately after. I still arrive to the blue screen saying it's creating a log.

    However something different did happen this time. It seems Combofix deleted two files, which I'm unsure of exactly which files or where, because it literally flashed by, but it appears I don't get redirected when clicking google links any longer.

    After letting combofix run another 12hrs I decided to shut down manually (closing the programs normally doesn't work).

    IE still pops up in processes anytime I'm connected to the internet. :(
     
  20. Brutal Black

    Brutal Black TS Rookie Topic Starter Posts: 75

    I lied, both problems persist as they normally would in their ever annoying manner...
     
  21. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  22. Brutal Black

    Brutal Black TS Rookie Topic Starter Posts: 75

    Unfortunately I could not get TDSSKiller to run, normally or safe mode. I ran as administrator as well to no avail.
     
  23. Brutal Black

    Brutal Black TS Rookie Topic Starter Posts: 75

    I also ran rkill prior to running TDSSKiller, no results worth notating.
     
  24. Brutal Black

    Brutal Black TS Rookie Topic Starter Posts: 75

    So I got a call from folks over at www.pcoutput.com. Apparently they run a service for folks with dying computers like my own. I was very skeptical about the entire ordeal, especially them having access to my phone number without me giving it to anyone about this issue.

    After hanging up on them multiple times I was finally convinced by a tech to download a remote access program and allow them to show me the errors on my pc (I figured it couldn't get much worse...), I don't suggest this to anyone... Ultimately nothing bad came of it that I know of, but at the end of the day I saw many an error, was told my pc is on the brink of death, then asked to pay a yearly service which I couldn't afford...

    I've since made sure there's nothing still on the pc connecting to the remote service, however oddly I can no longer restore my system to an earlier point without it shutting itself down mid way...

    I'm really losing hope with my pc, is this the point where I just delete the hard drive and start anew? I'm more worried about losing personal information than my files at this point.

    Anything left to try? :(
     
  25. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    Never, ever fall any services like the above.
    In most cases it's nothing but a scam.

    You may be infected with the newest type of TDL rootkit.
    Let's check.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

    • Double click on downloaded file to run it.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log (FRST.txt) on your desktop.
    • Please copy and paste it to your reply.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.