TechSpot

[Not curable - Ramnit] Virus using command promp on start up

By paul1988
Mar 10, 2012
  1. hi guys really neeed help tried all the scans recomended and everything shows up nothing the only time i get a result is when the pc first starts something trys to use command promp and asks for my permision if i hit no then it keeps popping up till i say yes then when i say yes the anti virus programmes i have block it, i have webroot and microsoft security essentials installed.

    I followed the 5 steps and everything came up with nothing so i dont think i should post logs of the first four steps since they reported no errors but i will post step 5 and coppy and paste the virus alert from start up

    the threat seems to be Trojan:WinNT/Ramnit.gen!A and it appeared in users/paul/appdata/local/temp/bigrbxxr.sys

    Any help or advice would greatly be appreciated im if its too much hassel should i just reinstall windows? pc is only 2 months old so i dont have alot on it

    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514
    Run by Paul at 18:57:49 on 2012-03-10
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.8175.6334 [GMT 0:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\ULBnxfpT\aamBmADr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe
    C:\Program Files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\ULBnxfpT\aamBmADr.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Logitech Gaming Software\LCore.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\BitTorrent\BitTorrent.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files (x86)\XFastUsb\XFastUsb.exe
    C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe
    C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uURLSearchHooks: SearchHook Class: {0f3dc9e0-c459-4a40-bcf8-747bd9322e10} - C:\Program Files (x86)\DeviceVM\SmartView\AddressBarSearch.dll
    BHO: SmartView VisualBookmark: {0e5680d1-bf44-4929-94af-fd30d784ad1d} - C:\Program Files (x86)\DeviceVM\SmartView\SmartView.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [ASRockXTU]
    uRun: [zASRockInstantBoot]
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [TtiKxbcf] C:\Users\Paul\AppData\Local\lnqxnbso\ttikxbcf.exe
    uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
    mRun: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [SmartViewAgent] "C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [WRSVC] "C:\Program Files\ULBnxfpT\aamBmADr.exe" -ul
    mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
    mRun: [UpdReg] C:\Windows\UpdReg.EXE
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    StartupFolder: C:\Users\Paul\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech Gaming Software\EReg\eReg.exe
    StartupFolder: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ttikxbcf.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMLDEV~1.LNK - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
    uPolicies-explorer: NoViewOnDrive = 0 (0x0)
    uPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
    uPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
    uPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
    uPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
    uPolicies-explorer: NoFile = 0 (0x0)
    uPolicies-explorer: HideClock = 0 (0x0)
    uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
    uPolicies-explorer: NoDFSTab = 0 (0x0)
    uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
    uPolicies-explorer: NoEncryptOnMove = 0 (0x0)
    uPolicies-explorer: NoResolveTrack = 0 (0x0)
    uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
    uPolicies-system: NoDispAppearancePage = 0 (0x0)
    uPolicies-system: NoDispSettingsPage = 0 (0x0)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoViewOnDrive = 0 (0x0)
    mPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
    mPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
    mPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
    mPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
    mPolicies-explorer: NoFile = 0 (0x0)
    mPolicies-explorer: HideClock = 0 (0x0)
    mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
    mPolicies-explorer: NoDFSTab = 0 (0x0)
    mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
    mPolicies-explorer: NoEncryptOnMove = 0 (0x0)
    mPolicies-explorer: NoResolveTrack = 0 (0x0)
    mPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: NoDispAppearancePage = 0 (0x0)
    mPolicies-system: NoDispSettingsPage = 0 (0x0)
    dPolicies-explorer: NoViewOnDrive = 0 (0x0)
    dPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
    dPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
    dPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
    dPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
    dPolicies-explorer: NoFile = 0 (0x0)
    dPolicies-explorer: HideClock = 0 (0x0)
    dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
    dPolicies-explorer: NoDFSTab = 0 (0x0)
    dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
    dPolicies-explorer: NoEncryptOnMove = 0 (0x0)
    dPolicies-explorer: NoResolveTrack = 0 (0x0)
    dPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
    dPolicies-system: NoDispAppearancePage = 0 (0x0)
    dPolicies-system: NoDispSettingsPage = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{DE43D65F-606B-478F-9A9B-1B4075A443A9} : DhcpNameServer = 192.168.1.254
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: SmartView VisualBookmark: {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\DeviceVM\SmartView\SmartView.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [SmartViewAgent] "C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe"
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [WRSVC] "C:\Program Files\ULBnxfpT\aamBmADr.exe" -ul
    mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
    mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
    mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\0f8pjf03.default\
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
    R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?]
    R1 AsrAppCharger;AsrAppCharger;C:\Windows\system32\DRIVERS\AsrAppCharger.sys --> C:\Windows\system32\DRIVERS\AsrAppCharger.sys [?]
    R1 FNETURPX;FNETURPX;C:\Windows\system32\drivers\FNETURPX.SYS --> C:\Windows\system32\drivers\FNETURPX.SYS [?]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 SmartViewService;SmartView service;C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe [2010-9-2 125216]
    R2 WCUService;SmartView Software Updater Service;C:\Program Files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe [2010-9-2 456976]
    R2 WRSVC;WRSVC;C:\Program Files\ULBnxfpT\aamBmADr.exe [2012-3-2 658432]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
    R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
    R3 FNETTBOH_305;FNETTBOH_305;C:\Windows\system32\drivers\FNETTBOH_305.SYS --> C:\Windows\system32\drivers\FNETTBOH_305.SYS [?]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S0 hzRkoLBA;hzRkoLBA;C:\Windows\system32\drivers\hzRkoLBA.sys --> C:\Windows\system32\drivers\hzRkoLBA.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 136176]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== File Associations ===============
    .
    inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
    txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    .
    =============== Created Last 30 ================
    .
    2012-03-10 18:56:04 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F6EB2C6-0773-4AA9-B105-868C1C201A39}\offreg.dll
    2012-03-10 18:54:41 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F6EB2C6-0773-4AA9-B105-868C1C201A39}\mpengine.dll
    2012-03-10 18:42:07 -------- d-----w- C:\Users\Paul\AppData\Local\Diagnostics
    2012-03-10 18:25:39 111592 ----a-w- C:\Windows\System32\drivers\hzRkoLBA.sys
    2012-03-10 00:21:17 -------- d-----w- C:\Windows\System32\appmgmt
    2012-03-09 23:14:20 98224 --s---w- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ttikxbcf.exe
    2012-03-09 22:59:18 -------- d-----w- C:\ProgramData\AMD
    2012-03-09 22:59:17 -------- d-----w- C:\Program Files (x86)\AMD AVT
    2012-03-09 22:59:16 -------- d-----w- C:\Program Files (x86)\AMD APP
    2012-03-09 22:58:46 0 ----a-w- C:\Windows\SysWow64\SETC9C9.tmp
    2012-03-09 22:58:46 0 ----a-w- C:\Windows\System32\SETC9EA.tmp
    2012-03-09 22:58:46 0 ----a-w- C:\Windows\System32\SETC989.tmp
    2012-03-09 22:58:45 0 ----a-w- C:\Windows\SysWow64\SETC5B5.tmp
    2012-03-09 22:58:43 0 ----a-w- C:\Windows\SysWow64\SETBB5A.tmp
    2012-03-09 22:58:42 0 ----a-w- C:\Windows\System32\SETBABC.tmp
    2012-03-09 22:58:42 0 ----a-w- C:\Windows\System32\SETB7ED.tmp
    2012-03-09 22:58:42 0 ----a-w- C:\Windows\System32\SETB7DB.tmp
    2012-03-09 22:58:42 0 ----a-w- C:\Windows\System32\SETB7AA.tmp
    2012-03-09 19:38:12 -------- d-----w- C:\Users\Paul\AppData\Local\lnqxnbso
    2012-03-05 05:39:29 235344 ----a-w- C:\Windows\SysWow64\d3dx11_42.dll
    2012-03-05 05:22:29 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
    2012-03-05 05:22:20 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2012-03-05 05:22:20 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2012-03-03 23:37:01 90112 ------w- C:\Windows\Updreg.EXE
    2012-03-03 23:37:01 17920 ------w- C:\Windows\System32\THXCfg64.dll
    2012-03-03 23:37:01 141312 ------w- C:\Windows\System32\THXCfg64.exe
    2012-03-03 23:36:59 89088 ----a-w- C:\Windows\System32\CmdRtr64.DLL
    2012-03-03 23:36:59 73728 ----a-w- C:\Windows\SysWow64\CmdRtr.DLL
    2012-03-03 23:36:59 236544 ----a-w- C:\Windows\System32\APOMgr64.DLL
    2012-03-03 23:36:59 181760 ----a-w- C:\Windows\SysWow64\APOMngr.DLL
    2012-03-03 23:36:28 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
    2012-03-02 22:09:36 97648 ----a-w- C:\Windows\System32\WRusr.dll
    2012-03-02 22:09:36 145528 ----a-w- C:\Windows\SysWow64\WRusr.dll
    2012-03-02 22:09:36 111592 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
    2012-03-02 22:09:35 -------- d-----w- C:\Program Files\ULBnxfpT
    2012-03-02 22:09:26 -------- d-----w- C:\ProgramData\WRData
    2012-03-01 00:02:08 51504 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\rmdll\Final\RandomMap.dll
    2012-03-01 00:02:08 19248 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\rmdll\Final\CLRBinder.dll
    2012-03-01 00:02:08 13616 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\rmdll\Final\RandomMapBinder.dll
    2012-02-29 23:58:50 81998 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\RockallDLL.dll
    2012-02-29 23:58:49 847872 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\granny2.dll
    2012-02-29 23:58:47 139568 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\eulax.dll
    2012-02-29 23:58:46 173408 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\pw32b.dll
    2012-02-29 23:58:37 -------- d-----w- C:\Program Files (x86)\Microsoft Games
    2012-02-29 23:56:44 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
    2012-02-29 23:56:44 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
    2012-02-29 23:56:35 -------- d-----w- C:\Windows\SysWow64\xlive
    2012-02-29 23:56:33 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    2012-02-27 14:52:46 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
    2012-02-27 14:52:35 -------- d-----w- C:\Windows\PCHEALTH
    2012-02-27 14:52:35 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2012-02-27 14:51:15 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
    2012-02-27 14:50:58 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
    2012-02-27 14:50:44 -------- d-----w- C:\Users\Paul\AppData\Local\Microsoft Help
    2012-02-24 01:11:42 -------- d-----w- C:\Program Files\CCleaner
    2012-02-23 17:11:52 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-02-22 14:55:31 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C71F2C0-4F49-4BE5-8AC1-EE1E2DF09D4B}\gapaengine.dll
    2012-02-22 14:54:59 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-02-22 14:54:49 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-02-22 14:29:34 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1BF67D1E-F97B-4DC5-BE65-9CA756C21278}\mpengine.dll
    2012-02-22 14:29:33 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-02-21 16:41:20 -------- d-----w- C:\Users\Paul\AppData\Local\CrashRpt
    2012-02-15 03:48:32 10856960 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2012-02-15 03:18:56 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
    2012-02-15 03:18:40 791040 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2012-02-15 03:17:04 957952 ----a-w- C:\Windows\System32\aticfx64.dll
    2012-02-15 03:13:56 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2012-02-15 03:13:40 496128 ----a-w- C:\Windows\System32\atieclxx.exe
    2012-02-15 03:13:00 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
    2012-02-15 03:11:42 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2012-02-15 03:10:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll
    2012-02-15 03:10:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2012-02-15 03:10:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2012-02-15 03:07:44 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2012-02-15 02:58:56 19392000 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2012-02-15 02:52:28 7646208 ----a-w- C:\Windows\System32\atidxx64.dll
    2012-02-15 02:41:28 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
    2012-02-15 02:40:54 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
    2012-02-15 02:40:42 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll
    2012-02-15 02:34:56 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2012-02-15 02:34:54 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2012-02-15 02:34:46 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2012-02-15 02:34:44 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2012-02-15 02:34:36 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2012-02-15 02:34:30 13859840 ----a-w- C:\Windows\System32\aticaldd64.dll
    2012-02-15 02:29:50 11561984 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2012-02-15 02:25:06 7551488 ----a-w- C:\Windows\System32\atiumd64.dll
    2012-02-15 02:16:38 58880 ----a-w- C:\Windows\System32\coinst.dll
    2012-02-15 02:13:50 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2012-02-15 02:13:36 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
    2012-02-15 02:13:32 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2012-02-15 02:13:32 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
    2012-02-15 02:13:28 39936 ----a-w- C:\Windows\System32\atig6txx.dll
    2012-02-15 02:13:20 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2012-02-15 02:13:12 327680 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2012-02-15 02:12:22 43008 ----a-w- C:\Windows\System32\atiuxp64.dll
    2012-02-15 02:12:08 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
    2012-02-15 02:11:22 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\atimpc64.dll
    2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
    2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2012-02-14 22:05:32 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2012-02-14 22:05:26 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2012-02-14 22:05:20 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
    2012-02-14 22:05:16 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2012-02-14 22:05:08 16507904 ----a-w- C:\Windows\System32\amdocl64.dll
    2012-02-14 22:04:26 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2012-02-14 22:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll
    2012-02-14 22:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2012-02-11 17:38:18 -------- d-----w- C:\AMD
    2012-02-10 01:47:24 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
    .
    ==================== Find3M ====================
    .
    2012-02-23 17:03:40 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-15 03:21:24 25839104 ----a-w- C:\Windows\System32\atio6axx.dll
    2012-02-15 02:29:52 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2012-02-15 02:14:00 512000 ----a-w- C:\Windows\System32\atiadlxx.dll
    2012-02-15 02:12:14 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2012-02-15 02:12:00 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2012-01-31 06:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll
    2012-01-31 06:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
    2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
    2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
    2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
    2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
    2011-12-27 13:36:31 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-12-27 13:36:31 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-12-24 14:13:45 31808 ----a-w- C:\Windows\System32\drivers\FNETTBOH_305.SYS
    2011-12-23 22:40:10 0 ----a-w- C:\Windows\ativpsrm.bin
    2011-12-23 21:47:04 15936 ----a-w- C:\Windows\System32\drivers\FNETURPX.SYS
    2011-12-16 08:47:38 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2011-12-16 08:46:06 634880 ----a-w- C:\Windows\System32\msvcrt.dll
    2011-12-16 07:54:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-12-16 07:52:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
    2011-12-16 06:44:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-12-16 06:09:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 18:58:01.80 ===============


    And the second log from step 5:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 23/12/2011 21:40:07
    System Uptime: 10/03/2012 18:24:31 (0 hours ago)
    .
    Motherboard: ASRock | | P67 Extreme4
    Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | CPUSocket | 3301/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 56 GiB total, 16.498 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 932 GiB total, 596.926 GiB free.
    Z: is FIXED (NTFS) - 1863 GiB total, 1800.859 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Reader 9
    Age of Empires Online
    ASRock eXtreme Tuner v0.1.54
    ASRock InstantBoot v1.26
    BitTorrent
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Etron USB3.0 Host Controller
    Google Earth Plug-in
    Google Toolbar for Internet Explorer
    Google Update Helper
    HydraVision
    ImgBurn
    Intel(R) Management Engine Components
    Malwarebytes Anti-Malware version 1.60.1.1000
    marvell 91xx driver
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 10.0 (x86 en-GB)
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek Ethernet Controller Driver For Windows 7
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
    Skype™ 5.5
    SmartView for IE
    SmartView Software Updater
    Star Wars: The Old Republic
    Steam
    THX TruStudio Pro
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    VideoLAN VLC media player 0.8.6f
    Webroot SecureAnywhere
    XFastUsb
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/03/2012 17:16:36, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    10/03/2012 17:16:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/03/2012 17:16:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/03/2012 17:16:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    10/03/2012 17:16:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    10/03/2012 17:16:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/03/2012 17:16:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/03/2012 17:16:14, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsrAppCharger CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
    10/03/2012 17:16:14, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/03/2012 17:16:14, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/03/2012 17:16:14, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    10/03/2012 17:16:14, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/03/2012 17:16:14, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/03/2012 17:16:14, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    10/03/2012 17:16:14, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/03/2012 17:16:14, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/03/2012 17:16:14, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/03/2012 17:16:14, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/03/2012 17:10:39, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
    10/03/2012 17:07:47, Error: Service Control Manager [7031] - The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    10/03/2012 17:04:44, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    10/03/2012 12:40:26, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
    10/03/2012 07:36:56, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume E:.
    10/03/2012 07:21:32, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The paging file is too small for this operation to complete.
    10/03/2012 00:14:45, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    09/03/2012 06:40:42, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1095.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    09/03/2012 06:40:42, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1095.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    03/03/2012 23:37:56, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    03/03/2012 23:37:56, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    03/03/2012 05:17:04, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 47,070   +257

    Welcome aboard [​IMG]
    If it's true that's very bad news.

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  3. paul1988

    paul1988 TS Rookie Topic Starter

    not good news at all then lol here is the log

    aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-11 10:35:46
    -----------------------------
    10:35:46.599 OS Version: Windows x64 6.1.7601 Service Pack 1
    10:35:46.599 Number of processors: 4 586 0x2A07
    10:35:46.599 ComputerName: PAUL-PC UserName: Paul
    10:35:46.862 Initialize success
    10:36:07.598 AVAST engine defs: 12031100
    10:36:14.320 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
    10:36:14.322 Disk 0 Vendor: ST32000641AS CC13 Size: 1907729MB BusType: 3
    10:36:14.324 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
    10:36:14.325 Disk 1 Vendor: OCZ-AGILITY3 2.15 Size: 57241MB BusType: 3
    10:36:14.327 Disk 1 MBR read successfully
    10:36:14.329 Disk 1 MBR scan
    10:36:14.331 Disk 1 Windows 7 default MBR code
    10:36:14.333 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    10:36:14.348 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 57139 MB offset 206848
    10:36:14.379 Disk 1 scanning C:\Windows\system32\drivers
    10:36:18.312 Service scanning
    10:36:29.200 Modules scanning
    10:36:29.204 Disk 1 trace - called modules:
    10:36:29.532 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    10:36:29.535 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007a24060]
    10:36:29.538 3 CLASSPNP.SYS[fffff88001b6a43f] -> nt!IofCallDriver -> [0xfffffa8007332580]
    10:36:29.545 5 ACPI.sys[fffff88000f777a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800732f060]
    10:36:29.706 AVAST engine scan C:\Windows
    10:36:30.253 AVAST engine scan C:\Windows\system32
    10:37:54.237 AVAST engine scan C:\Windows\system32\drivers
    10:37:58.596 AVAST engine scan C:\Users\Paul
    10:38:02.492 File: C:\Users\Paul\AppData\Local\Temp\{A4829CC5-DC39-4767-8A3E-10CF46249DB4}\setup.exe **INFECTED** Win32:Ramnit-AC [Drp]
    10:38:17.270 AVAST engine scan C:\ProgramData
    10:38:20.479 File: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll **INFECTED** Win32:Ramnit-AC [Drp]
    10:38:20.740 File: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll **INFECTED** Win32:Ramnit-AC [Drp]
    10:38:20.914 File: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordlegacyext.dll **INFECTED** Win32:Ramnit-AC [Drp]
    10:38:21.192 File: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll **INFECTED** Win32:Ramnit-AC [Drp]
    10:38:21.371 File: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll **INFECTED** Win32:Ramnit-AC [Drp]
    10:38:21.740 File: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll **INFECTED** Win32:Ramnit-AC [Drp]
    10:38:22.112 File: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll **INFECTED** Win32:Ramnit-AC [Drp]
    10:38:22.303 File: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll **INFECTED** Win32:Ramnit-AC [Drp]
    10:38:22.675 File: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll **INFECTED** Win32:Ramnit-AC [Drp]
    10:38:23.855 Scan finished successfully
    10:38:44.360 Disk 1 MBR has been saved successfully to "C:\Users\Paul\Desktop\MBR.dat"
    10:38:44.364 The log file has been saved successfully to "C:\Users\Paul\Desktop\aswMBR.txt"
     
  4. Broni

    Broni Malware Annihilator Posts: 47,070   +257

    I'm afraid I have very bad news.

    You're infected with Ramnit file infector virus.

    Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

    -- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.
    With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

    Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

    Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

    In my opinion, Ramnit.A is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

    Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
    Backdoors and What They Mean to You

    This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

    Important Note:: If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to to include those used for banking, email, eBay, paypal and any online activities which require a username and password. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.
     
  5. paul1988

    paul1988 TS Rookie Topic Starter

    i have a portable hdd which i use mainly for media files would id be advisable to wipe this also?
     
  6. Broni

    Broni Malware Annihilator Posts: 47,070   +257

    Do you have any important files there?
     
  7. paul1988

    paul1988 TS Rookie Topic Starter

    nothing that i cant afford to loose i supposse and i have a laptop and another older pc which hasnt even been switched on in the last 3 months however, im converned about what you mentioned about it been transfered by usb. as my usb pen has been in both pcs and my university laptop. should i scan them with the aplication you linked in your first post
     
  8. Broni

    Broni Malware Annihilator Posts: 47,070   +257

    Leave those external devices alone for now.

    Reinstall Windows.
    Then...
    Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

    Now you're safe to plug anything in and scan.
     
  9. paul1988

    paul1988 TS Rookie Topic Starter

    hey thankss soo much for all your help so far i was really out of my league with this virus lol

    i reinstalled everything and did the first scan that you linked again and things seem to be ok the only dificulty ive had is internet exploer wont open in normal mode it just gets stuck on conecting, the onlly way i can get it to work is in safe mode. i installed firefox from a disk and it seemed to work however could this be a result of the previous infection?
     
  10. paul1988

    paul1988 TS Rookie Topic Starter

    actualy update none of the browsers are working out of safe mode the firefox was just showing the home page
     
  11. paul1988

    paul1988 TS Rookie Topic Starter

    actualy scrub that was norton free trial screwing things up
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,070   +257

    Hahahaha.....
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.