TechSpot

SVChost.exe trojan, memory process help!

Solved
By BWashburn
Aug 3, 2012
Topic Status:
Not open for further replies.
  1. BWashburn

    BWashburn TS Member Topic Starter Posts: 58

    ASW log
    # AdwCleaner v1.801 - Logfile created 08/29/2012 at 20:37:10
    # Updated 14/08/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Uer - UER-HP
    # Boot Mode : Normal
    # Running from : C:\Users\Uer\Desktop\adwcleaner.exe
    # Option [Search]

    ***** [Services] *****

    ***** [Files / Folders] *****
    Folder Found : C:\Users\Uer\AppData\Local\AVG Secure Search
    Folder Found : C:\Users\Uer\AppData\Local\Babylon
    Folder Found : C:\Users\Uer\AppData\Local\Conduit
    Folder Found : C:\Users\Uer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngmmcbedgcbfghamlghhpbpifnbhhpik
    Folder Found : C:\Users\Uer\AppData\Local\Ilivid Player
    Folder Found : C:\Users\Uer\AppData\LocalLow\AskToolbar
    Folder Found : C:\Users\Uer\AppData\LocalLow\AVG Secure Search
    Folder Found : C:\Users\Uer\AppData\LocalLow\Bandoo
    Folder Found : C:\Users\Uer\AppData\LocalLow\BitTorrentBar2
    Folder Found : C:\Users\Uer\AppData\LocalLow\boost_interprocess
    Folder Found : C:\Users\Uer\AppData\LocalLow\Conduit
    Folder Found : C:\Users\Uer\AppData\LocalLow\PriceGong
    Folder Found : C:\Users\Uer\AppData\LocalLow\searchquband
    Folder Found : C:\Users\Uer\AppData\LocalLow\Searchqutoolbar
    Folder Found : C:\Users\Uer\AppData\LocalLow\Toolbar4
    Folder Found : C:\Users\Uer\AppData\Roaming\Babylon
    Folder Found : C:\Users\Uer\AppData\Roaming\Bandoo
    Folder Found : C:\ProgramData\AVG Secure Search
    Folder Found : C:\ProgramData\Babylon
    Folder Found : C:\ProgramData\boost_interprocess
    Folder Found : C:\ProgramData\Tarma Installer
    Folder Found : C:\ProgramData\Trymedia
    Folder Found : C:\Program Files (x86)\Ask.com
    Folder Found : C:\Program Files (x86)\AVG Secure Search
    Folder Found : C:\Program Files (x86)\BitTorrentBar2
    Folder Found : C:\Program Files (x86)\Conduit
    Folder Found : C:\Program Files (x86)\Yontoo
    Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
    File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml
    ***** [Registry] *****
    [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
    [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3045275
    Key Found : HKCU\Software\APN
    Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
    Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Found : HKCU\Software\AppDataLow\Software\PriceGong
    Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
    Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    Key Found : HKCU\Software\AppDataLow\Toolbar
    Key Found : HKCU\Software\Ask.com
    Key Found : HKCU\Software\AVG Secure Search
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\DataMngr
    Key Found : HKCU\Software\Google\Chrome\Extensions\ngmmcbedgcbfghamlghhpbpifnbhhpik
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Found : HKCU\Software\SweetIm
    Key Found : HKCU\Software\Zugo
    Key Found : HKLM\SOFTWARE\APN
    Key Found : HKLM\SOFTWARE\AskToolbar
    Key Found : HKLM\SOFTWARE\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Babylon
    Key Found : HKLM\SOFTWARE\bandoo
    Key Found : HKLM\SOFTWARE\BitTorrentBar2
    Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
    Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
    Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
    Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
    Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
    Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
    Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
    Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
    Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Found : HKLM\SOFTWARE\Classes\S
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
    Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
    Key Found : HKLM\SOFTWARE\Conduit
    Key Found : HKLM\SOFTWARE\DataMngr
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ngmmcbedgcbfghamlghhpbpifnbhhpik
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Found : HKLM\SOFTWARE\Iminent
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar2 Toolbar
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Found : HKLM\SOFTWARE\SearchquMediabarTb
    Key Found : HKLM\SOFTWARE\SweetIM
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    [x64] Key Found : HKCU\Software\APN
    [x64] Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
    [x64] Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
    [x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
    [x64] Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    [x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong
    [x64] Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
    [x64] Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    [x64] Key Found : HKCU\Software\AppDataLow\Toolbar
    [x64] Key Found : HKCU\Software\Ask.com
    [x64] Key Found : HKCU\Software\AVG Secure Search
    [x64] Key Found : HKCU\Software\Conduit
    [x64] Key Found : HKCU\Software\DataMngr
    [x64] Key Found : HKCU\Software\Google\Chrome\Extensions\ngmmcbedgcbfghamlghhpbpifnbhhpik
    [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    [x64] Key Found : HKCU\Software\SweetIm
    [x64] Key Found : HKCU\Software\Zugo
    [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
    [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    [x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    [x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    [x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    [x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    [x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
    [x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
    [x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
    [x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
    [x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
    [x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
    [x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
    [x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
    [x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
    [x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    [x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    [x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    [x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    [x64] Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    [x64] Key Found : HKLM\SOFTWARE\Classes\S
    [x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    [x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    [x64] Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
    [x64] Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
    [x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    [x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    [x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    [x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    [x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
    [x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
    [x64] Key Found : HKLM\SOFTWARE\DataMngr
    [x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
    [x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    [x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    [x64] Key Found : HKLM\SOFTWARE\Tarma Installer
    ***** [Registre - GUID] *****
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{656461EF-40F6-4115-9FF1-BCED9812CCBB}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{70B469C4-47B1-48BD-8149-D2749E4B8832}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E1BB230-EB40-40E1-B9E9-256F3DA1E583}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ABDA17ED-0246-4631-A9D8-28F9A0A5D6C3}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{656461EF-40F6-4115-9FF1-BCED9812CCBB}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{70B469C4-47B1-48BD-8149-D2749E4B8832}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{656461EF-40F6-4115-9FF1-BCED9812CCBB}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{656461EF-40F6-4115-9FF1-BCED9812CCBB}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70B469C4-47B1-48BD-8149-D2749E4B8832}
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{656461EF-40F6-4115-9FF1-BCED9812CCBB}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{656461EF-40F6-4115-9FF1-BCED9812CCBB}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{656461EF-40F6-4115-9FF1-BCED9812CCBB}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{656461EF-40F6-4115-9FF1-BCED9812CCBB}]
    [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
    [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    [x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
    [x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
    [x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
    [x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
    [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
    [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
    [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
    [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
    [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
    [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
    [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
    [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
    [x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    [x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
    [x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
    [x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
    [x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
    [x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    [x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    [x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
    [x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    [x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    [x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
    [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
    [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{656461EF-40F6-4115-9FF1-BCED9812CCBB}
    [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
    [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
    [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{656461EF-40F6-4115-9FF1-BCED9812CCBB}
    [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70B469C4-47B1-48BD-8149-D2749E4B8832}
    [x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    [x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{656461EF-40F6-4115-9FF1-BCED9812CCBB}]
    [x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
    [x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{656461EF-40F6-4115-9FF1-BCED9812CCBB}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16421
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.bigseekpro.com/burn4free/{A291445C-28E6-4312-B647-D918E3043F4A}
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={723579B1-56E1-455E-9750-8DF5D3B41CEF}&mid=94ff05c7b9e947d1888c05cc2248f341-1639eedb14566357d5c24318bb42d6a6751e4e71&lang=en&ds=AVG&pr=fr&d=2011-10-12 00:03:16&v=9.0.0.22&sap=nt
    -\\ Google Chrome v21.0.1180.83
    File : C:\Users\Uer\AppData\Local\Google\Chrome\User Data\Default\Preferences
    Found : "description": "AVG Secure Search",
    Found : "name": "AVG Secure Search",
    Found : "description": "The fastest way to search the web.",
    Found : "scriptable_host": [ "hxxp://*/*", "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdC[...]
    Found : "matches": [ "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdController.html*", "[...]
    Found : "path": "plugins/ConduitChromeApiPlugin.dll",
    Found : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT304527[...]
    Found : "path": "C:\\Program Files (x86)\\Common Files\\AVG Secure Search\\SiteSafetyInstaller\\11.[...]
    *************************
    AdwCleaner[R1].txt - [31003 octets] - [29/08/2012 20:37:10]
    ########## EOF - C:\AdwCleaner[R1].txt - [31132 octets] ##########
     
  2. BWashburn

    BWashburn TS Member Topic Starter Posts: 58

    Combo fix has been running for about 2 hours now stuck on stage 4. I am on my phone posting this. I will continue to ket it run until I get a response from you to tell me what to do.
     
  3. BWashburn

    BWashburn TS Member Topic Starter Posts: 58

    Update..I did end up shutting it down for the fact I had to use my computer. restarted it and computer is running slow again. not sure why combo fix is not wanting to work for me? :(
     
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Not sure. Pretty weird. :p

    Please download aswMBR from here

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below

    [​IMG]

    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review


    Remove the Adware.
    • Please close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
    Please post the log.
     
  5. BWashburn

    BWashburn TS Member Topic Starter Posts: 58

    ASW log unaltered.
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-30 16:42:56
    -----------------------------
    16:42:56.677 OS Version: Windows x64 6.1.7601 Service Pack 1
    16:42:56.677 Number of processors: 2 586 0x603
    16:42:56.677 ComputerName: UER-HP UserName: Uer
    16:42:59.766 Initialize success
    16:43:25.065 AVAST engine defs: 12081700
    16:43:26.376 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062
    16:43:26.376 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 11
    16:43:26.408 Disk 0 MBR read successfully
    16:43:26.408 Disk 0 MBR scan
    16:43:26.408 Disk 0 Windows 7 default MBR code
    16:43:26.423 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    16:43:26.439 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941412 MB offset 206848
    16:43:26.486 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12355 MB offset 1928218624
    16:43:26.565 Disk 0 scanning C:\Windows\system32\drivers
    16:43:35.769 Service scanning
    16:44:00.435 Modules scanning
    16:44:00.455 Disk 0 trace - called modules:
    16:44:00.465 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
    16:44:00.465 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007664060]
    16:44:00.465 3 CLASSPNP.SYS[fffff8800198743f] -> nt!IofCallDriver -> [0xfffffa80072856e0]
    16:44:00.465 5 amdxata.sys[fffff88000e947a8] -> nt!IofCallDriver -> \Device\00000062[0xfffffa80072838a0]
    16:44:03.217 AVAST engine scan C:\Windows
    16:44:16.789 AVAST engine scan C:\Windows\system32
    16:47:38.108 AVAST engine scan C:\Windows\system32\drivers
    16:47:52.513 AVAST engine scan C:\Users\Uer
    16:56:30.423 File: C:\Users\Uer\Desktop\RK_Quarantine\80000064.@.vir **INFECTED** Win32:Malware-gen
    16:59:01.066 AVAST engine scan C:\ProgramData
    17:01:32.341 Scan finished successfully
    17:17:17.704 Disk 0 MBR has been saved successfully to "C:\Users\Uer\Desktop\MBR.dat"
    17:17:17.704 The log file has been saved successfully to "C:\Users\Uer\Desktop\aswMBR.txt"
     
  6. BWashburn

    BWashburn TS Member Topic Starter Posts: 58

    Ok I ran the adwcleaner. when it was deleting my AVG popped up and said a threat was detected. (ADWCLEANER.EXE) I had option to move to vault or skip and stupid me chose move to vault which deleted it. So I ran another asw scan then redownloaded ADW and saved it to my User profile (UER) because it would not let me save it onto my desktop. So I ran it again and selected delete and this time chose skip when the threat detected came up and then it ran through smoothly (so I thought) it rebooted fine. But no report came up. I went to the path you told em to to find it but it was last modified the 29th and not the 30th which is today. Which means it could not be the recent one I just did. Really confused here. :(
     
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    That's fine, good job!

    Scan with Malwarebytes' Anti-Malware

    Please open Malwarebytes' Anti-Malware, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.
     
  8. BWashburn

    BWashburn TS Member Topic Starter Posts: 58

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.08.31.12
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Uer :: UER-HP [administrator]
    8/31/2012 4:27:24 PM
    mbam-log-2012-08-31 (16-27-24).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 236077
    Time elapsed: 2 minute(s), 56 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 6
    C:\Windows\System32\config\systemprofile\0.04350892934149009.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\0.04607298496785539.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\0.04996638027305533.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\0.4236519195480817.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\0.5705691742244525.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\0.8015336184689984.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    (end)
     
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Go to Start, type in CMD and hit Enter.

    Copy the following:

    dir /a:h /s C:\Windows\System32\config\systemprofile >log.txt && dir /s C:\Windows\System32\config\systemprofile >>log.txt && log.txt

    Go to Command Prompt, right-click and select Paste. It will launch a log quickly, please post that in your next reply.
     
  10. BWashburn

    BWashburn TS Member Topic Starter Posts: 58

    It said file was not found.
     
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Now, let's make sure the partition infection is diminished.

    Please re-run FRST and post a new log.
     
     
  12. BWashburn

    BWashburn TS Member Topic Starter Posts: 58

    Here is the FRST log...
    Scan result of Farbar Recovery Scan Tool Version: 04-08-2012 01
    Ran by Uer at 03-09-2012 21:48:13
    Running from K:\
    Service Pack 1 (X64) OS Language: English(US)
    Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.
    ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

    ============ One Month Created Files and Folders ==============
    2012-09-02 20:11 - 2012-09-03 20:12 - 00000000 ____D C:\Users\Uer\AppData\Local\{7E0B7AE4-66B1-47F2-84ED-711FE5E194B9}
    2012-08-30 18:25 - 2012-08-31 06:26 - 00000000 ____D C:\Users\Uer\AppData\Local\{D5036376-267D-4FCD-AD1B-C8C6E6A63C3C}
    2012-08-30 17:38 - 2012-08-30 17:38 - 00511265 ____A C:\Users\Uer\adwcleaner.exe
    2012-08-30 16:41 - 2012-08-30 16:42 - 04731392 ____A (AVAST Software) C:\Users\Uer\Desktop\aswMBR.exe
    2012-08-30 06:25 - 2012-08-30 06:25 - 00000000 ____D C:\Users\Uer\AppData\Local\{D6912953-EA48-4302-842D-71F2929FB091}
    2012-08-29 20:42 - 2012-08-29 22:40 - 00000000 ___SD C:\ComboFix
    2012-08-29 20:41 - 2012-08-29 20:41 - 04740381 ___RA (Swearware) C:\Users\Uer\Desktop\ComboFix.exe
    2012-08-29 20:37 - 2012-08-29 20:37 - 00030868 ____A C:\AdwCleaner[R1].txt
    2012-08-29 20:28 - 2012-08-29 20:28 - 00001433 ____A C:\Users\Uer\Desktop\RKreport[3].txt
    2012-08-29 20:27 - 2012-08-29 20:27 - 00002939 ____A C:\Users\Uer\Desktop\RKreport[2].txt
    2012-08-29 20:24 - 2012-08-29 20:24 - 00002589 ____A C:\Users\Uer\Desktop\RKreport[1].txt
    2012-08-29 20:21 - 2012-08-29 20:25 - 00000000 ____D C:\Users\Uer\Desktop\RK_Quarantine
    2012-08-29 20:18 - 2012-08-29 20:18 - 01367552 ____A C:\Users\Uer\Desktop\RogueKiller.exe
    2012-08-29 19:56 - 2012-08-24 13:28 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Uer\Desktop\TDSSKiller.exe
    2012-08-29 19:55 - 2012-08-29 19:56 - 02193184 ____A C:\Users\Uer\Downloads\tdsskiller.zip
    2012-08-25 18:23 - 2012-08-29 18:25 - 00000000 ____D C:\Users\Uer\AppData\Local\{7D8E6B8A-CA5B-41AD-823F-34D558746C31}
    2012-08-18 18:20 - 2012-08-18 18:20 - 00000000 ____D C:\Users\Uer\AppData\Local\{F32B41C8-E833-4DB7-A13C-8B7EE69BD51E}
    2012-08-18 10:47 - 2012-08-18 10:47 - 00000000 ____D C:\Program Files (x86)\ESET
    2012-08-17 18:19 - 2012-08-17 18:19 - 00000000 ____D C:\Users\Uer\AppData\Local\{7C14C59E-E886-47A7-860E-A1E6F4F85F32}
    2012-08-17 06:19 - 2012-08-17 06:19 - 00000000 ____D C:\Users\Uer\AppData\Local\{8AA020C2-6B69-465A-BFCE-F259BAF16624}
    2012-08-16 18:18 - 2012-08-16 18:19 - 00000000 ____D C:\Users\Uer\AppData\Local\{D419E73C-E560-45C1-9C68-CFAC57FBDC4F}
    2012-08-16 06:18 - 2012-08-16 06:18 - 00000000 ____D C:\Users\Uer\AppData\Local\{5C2F1B3A-9F8E-443D-866F-272A0DF59DF4}
    2012-08-15 18:18 - 2012-08-15 18:18 - 00000000 ____D C:\Users\Uer\AppData\Local\{FF16F4F6-E506-4198-9FE4-95750C4DB5F6}
    2012-08-15 13:13 - 2012-08-30 17:17 - 00008111 ____A C:\Users\Uer\Desktop\aswMBR.txt
    2012-08-15 13:13 - 2012-08-30 17:17 - 00000512 ____A C:\Users\Uer\Desktop\MBR.dat
    2012-08-15 06:17 - 2012-08-15 06:17 - 00000000 ____D C:\Users\Uer\AppData\Local\{D599C698-33C9-47F9-82E7-25BCD706FE55}
    2012-08-14 18:17 - 2012-08-25 06:23 - 00000000 ____D C:\Users\Uer\AppData\Local\{1A237A70-A8BA-426E-A80B-95611C94FCBD}
    2012-08-14 18:17 - 2012-08-14 18:17 - 00000000 ____D C:\Users\Uer\AppData\Local\{C5BE3F18-0F0B-47AE-A49E-26BB30B5A4B7}
    2012-08-13 20:49 - 2012-08-13 20:50 - 92296199 ____A C:\Users\Uer\Desktop\Automatic Scan Report.txt
    2012-08-13 20:48 - 2012-08-13 20:48 - 00007389 ____A C:\Users\Uer\Desktop\Detected Threats.txt
    2012-08-13 20:48 - 2012-08-13 20:48 - 00000392 __ASH C:\Windows\9596485drv.spi
    2012-08-13 20:26 - 2012-08-13 20:26 - 00000000 ____D C:\Users\Uer\AppData\Local\{FBF18B35-F7B0-4F5E-96E1-4962DAA9009C}
    2012-08-13 20:26 - 2012-08-13 20:26 - 00000000 ____D C:\Users\Uer\AppData\Local\{161C394B-D57D-4AA4-921E-E8FC58E12E7A}
    2012-08-13 18:25 - 2012-08-08 11:11 - 00460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\72847843.sys
    2012-08-13 18:19 - 2012-08-13 18:19 - 00000000 ____D C:\Users\Uer\AppData\Local\{645AA617-1BA4-443D-A02A-99B2A48713BA}
    2012-08-12 21:26 - 2012-08-12 21:26 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
    2012-08-12 21:25 - 2012-08-12 21:01 - 141851192 ____A C:\Users\Uer\Desktop\setup_11.0.0.1245.x01_2012_08_08_11_11.exe
    2012-08-09 20:30 - 2012-08-09 20:30 - 00001541 ____A C:\Users\Uer\Desktop\Techspot.txt
    2012-08-09 15:10 - 2012-08-09 15:10 - 00000000 ____D C:\Users\Uer\AppData\Local\{D68AC073-2305-4E18-AF72-8CBEFB52C7CF}
    2012-08-09 03:09 - 2012-08-09 03:10 - 00000000 ____D C:\Users\Uer\AppData\Local\{3E674265-A83B-4EB3-931B-D6098D9C3017}
    2012-08-08 15:09 - 2012-08-09 15:10 - 00000000 ____D C:\Users\Uer\AppData\Local\{340D0D0D-4B9F-4721-AF45-9AD6B65FD672}
    2012-08-08 15:09 - 2012-08-08 15:09 - 00000000 ____D C:\Users\Uer\AppData\Local\{B0935338-A6BB-46DB-AF32-248C950A2739}
    2012-08-08 14:16 - 2012-08-29 20:43 - 00000000 ___SD C:\32788R22FWJFW
    2012-08-08 14:16 - 2012-08-08 14:16 - 00001175 ____A C:\Users\Uer\Desktop\ComboFix - Shortcut.lnk
    2012-08-06 16:17 - 2012-08-06 16:17 - 00000000 ____D C:\Users\Uer\Desktop\Malware Removal Stuff
    2012-08-06 09:06 - 2012-08-06 09:06 - 00000000 ____D C:\Users\Uer\AppData\Local\{9CC0742D-56D5-4017-97B7-AE30F0ED02CF}
    2012-08-06 09:06 - 2012-08-06 09:06 - 00000000 ____D C:\Users\Uer\AppData\Local\{641396F2-8817-4A42-A569-7EAEDFD98159}
    2012-08-06 08:09 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-08-06 08:09 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-08-06 08:09 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-08-06 08:09 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-08-06 08:09 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-08-06 08:09 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe
    2012-08-06 08:09 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe
    2012-08-06 08:09 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe
    2012-08-06 08:05 - 2012-08-06 08:09 - 00000000 ____D C:\Qoobox
    2012-08-06 08:04 - 2012-08-06 08:04 - 00000000 ____D C:\Windows\erdnt
    2012-08-05 20:39 - 2012-08-05 20:40 - 00000000 ____D C:\Users\Uer\AppData\Local\{3E5281A0-63A7-4317-B52A-76618B6D108E}
    2012-08-05 20:39 - 2012-08-05 20:39 - 00000000 ____D C:\Users\Uer\AppData\Local\{FD8AEFED-7FED-4E7B-BF25-91CEB9E24079}
    2012-08-05 18:56 - 2012-08-05 18:56 - 00000053 ____A C:\Users\Uer\Documents\modem info.txt
    2012-08-05 17:58 - 2009-07-13 20:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
    2012-08-05 08:39 - 2012-08-05 08:39 - 00000000 ____D C:\Users\Uer\AppData\Local\{1539AAB6-CA73-4279-B503-042065F6B2F2}
    2012-08-04 20:38 - 2012-08-05 08:39 - 00000000 ____D C:\Users\Uer\AppData\Local\{27C3DFC8-8847-4B68-8CD0-1DAAEFB5E52E}
    2012-08-04 20:38 - 2012-08-04 20:38 - 00000000 ____D C:\Users\Uer\AppData\Local\{46A2E6E9-CD96-4CDC-85E2-08E7075E5BC2}
    2012-08-04 13:32 - 2012-09-03 21:48 - 00000000 ____D C:\FRST
    2012-08-04 13:29 - 2012-08-04 13:32 - 01439619 ____A (Farbar) C:\Users\Uer\Downloads\FRST64.exe
    2012-08-04 03:42 - 2012-08-04 03:42 - 00000000 ____D C:\Users\Uer\AppData\Local\{B44DC109-C9A4-4194-A318-84044716D3D1}
    2012-08-04 03:42 - 2012-08-04 03:42 - 00000000 ____D C:\Users\Uer\AppData\Local\{863948AB-FBB3-47E0-81BA-B291443B7A3D}
    ============ 3 Months Modified Files ========================
    2012-09-03 21:19 - 2011-03-18 11:09 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-09-03 21:18 - 2012-07-19 16:07 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2308464352-3331396735-3360041561-1000UA.job
    2012-09-03 21:12 - 2012-04-12 19:10 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-03 20:14 - 2011-03-09 04:20 - 00025539 ____A C:\Windows\setupact.log
    2012-09-03 17:18 - 2012-07-19 16:07 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2308464352-3331396735-3360041561-1000Core.job
    2012-09-03 16:49 - 2010-09-04 15:45 - 01636865 ____A C:\Windows\WindowsUpdate.log
    2012-09-03 14:19 - 2011-03-18 11:09 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-09-02 20:18 - 2009-07-13 23:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-02 20:18 - 2009-07-13 23:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-02 20:10 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-31 16:31 - 2011-03-09 04:19 - 00042176 ____A C:\Windows\PFRO.log
    2012-08-30 17:38 - 2012-08-30 17:38 - 00511265 ____A C:\Users\Uer\adwcleaner.exe
    2012-08-30 17:17 - 2012-08-15 13:13 - 00008111 ____A C:\Users\Uer\Desktop\aswMBR.txt
    2012-08-30 17:17 - 2012-08-15 13:13 - 00000512 ____A C:\Users\Uer\Desktop\MBR.dat
    2012-08-30 16:42 - 2012-08-30 16:41 - 04731392 ____A (AVAST Software) C:\Users\Uer\Desktop\aswMBR.exe
    2012-08-30 15:48 - 2012-07-20 18:33 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2012-08-29 22:46 - 2011-02-19 16:15 - 00000258 _RASH C:\Users\All Users\ntuser.pol
    2012-08-29 20:41 - 2012-08-29 20:41 - 04740381 ___RA (Swearware) C:\Users\Uer\Desktop\ComboFix.exe
    2012-08-29 20:37 - 2012-08-29 20:37 - 00030868 ____A C:\AdwCleaner[R1].txt
    2012-08-29 20:28 - 2012-08-29 20:28 - 00001433 ____A C:\Users\Uer\Desktop\RKreport[3].txt
    2012-08-29 20:27 - 2012-08-29 20:27 - 00002939 ____A C:\Users\Uer\Desktop\RKreport[2].txt
    2012-08-29 20:24 - 2012-08-29 20:24 - 00002589 ____A C:\Users\Uer\Desktop\RKreport[1].txt
    2012-08-29 20:18 - 2012-08-29 20:18 - 01367552 ____A C:\Users\Uer\Desktop\RogueKiller.exe
    2012-08-29 19:56 - 2012-08-29 19:55 - 02193184 ____A C:\Users\Uer\Downloads\tdsskiller.zip
    2012-08-24 13:28 - 2012-08-29 19:56 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Uer\Desktop\TDSSKiller.exe
    2012-08-13 20:50 - 2012-08-13 20:49 - 92296199 ____A C:\Users\Uer\Desktop\Automatic Scan Report.txt
    2012-08-13 20:48 - 2012-08-13 20:48 - 00007389 ____A C:\Users\Uer\Desktop\Detected Threats.txt
    2012-08-13 20:48 - 2012-08-13 20:48 - 00000392 __ASH C:\Windows\9596485drv.spi
    2012-08-12 21:01 - 2012-08-12 21:25 - 141851192 ____A C:\Users\Uer\Desktop\setup_11.0.0.1245.x01_2012_08_08_11_11.exe
    2012-08-09 20:30 - 2012-08-09 20:30 - 00001541 ____A C:\Users\Uer\Desktop\Techspot.txt
    2012-08-08 14:16 - 2012-08-08 14:16 - 00001175 ____A C:\Users\Uer\Desktop\ComboFix - Shortcut.lnk
    2012-08-08 11:11 - 2012-08-13 18:25 - 00460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\72847843.sys
    2012-08-05 18:56 - 2012-08-05 18:56 - 00000053 ____A C:\Users\Uer\Documents\modem info.txt
    2012-08-04 13:32 - 2012-08-04 13:29 - 01439619 ____A (Farbar) C:\Users\Uer\Downloads\FRST64.exe
    2012-08-03 23:16 - 2012-04-12 19:10 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-03 23:16 - 2011-05-24 19:38 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-03 15:40 - 2009-07-14 00:08 - 00032576 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-01 20:08 - 2009-07-14 00:13 - 00727334 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-26 23:17 - 2012-07-26 23:10 - 65351161 ____A C:\Users\Uer\Downloads\Cupid - Time For A Change (2007) - R&B.rar
    2012-07-25 19:11 - 2012-07-25 19:11 - 00001745 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-07-20 18:33 - 2011-10-12 00:03 - 00000927 ____A C:\Users\Public\Desktop\AVG 2012.lnk
    2012-07-12 18:55 - 2012-06-16 12:55 - 00001075 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-11 22:36 - 2012-07-11 22:35 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Uer\Downloads\tdsskiller.exe
    2012-07-11 03:22 - 2009-07-13 23:45 - 00273296 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-11 03:05 - 2012-07-11 03:04 - 00265966 ____A C:\Windows\msxml4-KB2721691-enu.LOG
    2012-07-11 03:04 - 2012-06-14 03:07 - 00000129 ____A C:\Windows\System32\MRT.INI
    2012-07-11 03:02 - 2010-11-20 05:50 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-03 13:46 - 2012-06-16 12:55 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-26 21:45 - 2012-06-26 21:45 - 00001123 ____A C:\Users\Public\Desktop\DJ Intro.lnk
    2012-06-25 16:04 - 2012-06-25 16:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
    2012-06-23 13:26 - 2012-06-23 13:26 - 00001104 ____A C:\Users\Uer\Desktop\ASIO4ALL v2 Instruction Manual.lnk
    2012-06-11 22:08 - 2012-07-11 03:05 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-09 00:43 - 2012-07-10 22:23 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 23:41 - 2012-07-10 22:23 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-06 01:06 - 2012-07-10 22:23 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-06 01:06 - 2012-07-10 22:23 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-06 01:02 - 2012-07-10 22:23 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-06 00:05 - 2012-07-10 22:23 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-06 00:05 - 2012-07-10 22:23 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-06 00:03 - 2012-07-10 22:23 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

    Possible partition infection:
    C:\Windows\svchost.exe
    ========================= Bamital & volsnap Check ============
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ========================= Memory info ======================
    Percentage of memory in use: 27%
    Total physical RAM: 7935.29 MB
    Available physical RAM: 5755.03 MB
    Total Pagefile: 15868.76 MB
    Available Pagefile: 13412.05 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB
    ======================= Partitions =========================
    1 Drive c: (OS) (Fixed) (Total:919.35 GB) (Free:780.53 GB) NTFS
    2 Drive d: (HP_RECOVERY) (Fixed) (Total:12.07 GB) (Free:1.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive e: (Serato DJ Intro) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
    9 Drive k: (BLAKE'S IPO) (Removable) (Total:3.77 GB) (Free:3.42 GB) FAT32
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 Online 3867 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 919 GB 101 MB
    Partition 3 Primary 12 GB 919 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 SYSTEM NTFS Partition 100 MB Healthy System (partition with boot components)
    ==================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C OS NTFS Partition 919 GB Healthy Boot
    ==================================================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 D HP_RECOVERY NTFS Partition 12 GB Healthy
    ==================================================================================
    Partitions of Disk 5:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 3867 MB 0 B
    ==================================================================================
    Disk: 5
    There is no partition selected.
    There is no partition selected.
    Please select a partition and try again.
    ==================================================================================
    ==========================================================
    Last Boot: 2012-08-27 00:03
    ======================= End Of Log ==========================
     
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    The tool had to be run from the Recovery Environment. Please do that, so we can get an accurate reading.
     
  14. BWashburn

    BWashburn TS Member Topic Starter Posts: 58

    OK..here is the log ran in recovery mode...
    Scan result of Farbar Recovery Scan Tool Version: 04-08-2012 01
    Ran by SYSTEM at 05-09-2012 21:22:37
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [568888 2010-01-18] ()
    HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)
    HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-05-11] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
    HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [x]
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [x]
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
    HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [x]
    HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
    HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
    HKU\Mcx1-UER-HP\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
    HKU\Mcx1-UER-HP.Uer-HP\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
    HKU\Uer\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
    HKU\Uer\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [1305408 2011-01-20] (DT Soft Ltd)
    HKU\Uer\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
    HKU\Uer\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [1652736 2010-10-29] (AWS Convergence Technologies, Inc.)
    HKU\Uer\...\Run: [Google Update] "C:\Users\Uer\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-19] (Google Inc.)
    Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
    ShortcutTarget: NETGEAR WNDA3100v2 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
    ==================== Services (Whitelisted) ======
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
    4 CinemaNow Service; C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [400368 2010-06-12] (CinemaNow, Inc.)
    4 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
    4 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
    2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [81408 2011-05-04] ()
    2 vToolbarUpdater12.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [722528 2012-08-30] ()
    2 WSWNDA3100; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [272864 2010-08-19] ()
    ========================== Drivers (Whitelisted) =============
    3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
    1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-08-30] (AVG Technologies)
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [254528 2011-01-23] (DT Soft Ltd)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
    1 nnfwdk; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\nnfwdk64.sys [23120 2009-12-29] (The Nielsen Company)
    3 NPF; C:\Windows\System32\Drivers\NPF.sys [47632 2010-02-03] (CACE Technologies, Inc.)
    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============
    2012-09-02 17:11 - 2012-09-05 17:12 - 00000000 ____D C:\Users\Uer\AppData\Local\{7E0B7AE4-66B1-47F2-84ED-711FE5E194B9}
    2012-08-30 15:25 - 2012-08-31 03:26 - 00000000 ____D C:\Users\Uer\AppData\Local\{D5036376-267D-4FCD-AD1B-C8C6E6A63C3C}
    2012-08-30 14:38 - 2012-08-30 14:38 - 00511265 ____A C:\Users\Uer\adwcleaner.exe
    2012-08-30 13:41 - 2012-08-30 13:42 - 04731392 ____A (AVAST Software) C:\Users\Uer\Desktop\aswMBR.exe
    2012-08-30 03:25 - 2012-08-30 03:25 - 00000000 ____D C:\Users\Uer\AppData\Local\{D6912953-EA48-4302-842D-71F2929FB091}
    2012-08-29 17:42 - 2012-08-29 19:40 - 00000000 ___SD C:\ComboFix
    2012-08-29 17:41 - 2012-08-29 17:41 - 04740381 ___RA (Swearware) C:\Users\Uer\Desktop\ComboFix.exe
    2012-08-29 17:37 - 2012-08-29 17:37 - 00030868 ____A C:\AdwCleaner[R1].txt
    2012-08-29 17:28 - 2012-08-29 17:28 - 00001433 ____A C:\Users\Uer\Desktop\RKreport[3].txt
    2012-08-29 17:27 - 2012-08-29 17:27 - 00002939 ____A C:\Users\Uer\Desktop\RKreport[2].txt
    2012-08-29 17:24 - 2012-08-29 17:24 - 00002589 ____A C:\Users\Uer\Desktop\RKreport[1].txt
    2012-08-29 17:21 - 2012-08-29 17:25 - 00000000 ____D C:\Users\Uer\Desktop\RK_Quarantine
    2012-08-29 17:18 - 2012-08-29 17:18 - 01367552 ____A C:\Users\Uer\Desktop\RogueKiller.exe
    2012-08-29 16:56 - 2012-08-24 10:28 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Uer\Desktop\TDSSKiller.exe
    2012-08-29 16:55 - 2012-08-29 16:56 - 02193184 ____A C:\Users\Uer\Downloads\tdsskiller.zip
    2012-08-25 15:23 - 2012-08-29 15:25 - 00000000 ____D C:\Users\Uer\AppData\Local\{7D8E6B8A-CA5B-41AD-823F-34D558746C31}
    2012-08-18 15:20 - 2012-08-18 15:20 - 00000000 ____D C:\Users\Uer\AppData\Local\{F32B41C8-E833-4DB7-A13C-8B7EE69BD51E}
    2012-08-18 07:47 - 2012-08-18 07:47 - 00000000 ____D C:\Program Files (x86)\ESET
    2012-08-17 15:19 - 2012-08-17 15:19 - 00000000 ____D C:\Users\Uer\AppData\Local\{7C14C59E-E886-47A7-860E-A1E6F4F85F32}
    2012-08-17 03:19 - 2012-08-17 03:19 - 00000000 ____D C:\Users\Uer\AppData\Local\{8AA020C2-6B69-465A-BFCE-F259BAF16624}
    2012-08-16 15:18 - 2012-08-16 15:19 - 00000000 ____D C:\Users\Uer\AppData\Local\{D419E73C-E560-45C1-9C68-CFAC57FBDC4F}
    2012-08-16 03:18 - 2012-08-16 03:18 - 00000000 ____D C:\Users\Uer\AppData\Local\{5C2F1B3A-9F8E-443D-866F-272A0DF59DF4}
    2012-08-15 15:18 - 2012-08-15 15:18 - 00000000 ____D C:\Users\Uer\AppData\Local\{FF16F4F6-E506-4198-9FE4-95750C4DB5F6}
    2012-08-15 10:13 - 2012-08-30 14:17 - 00008111 ____A C:\Users\Uer\Desktop\aswMBR.txt
    2012-08-15 10:13 - 2012-08-30 14:17 - 00000512 ____A C:\Users\Uer\Desktop\MBR.dat
    2012-08-15 03:17 - 2012-08-15 03:17 - 00000000 ____D C:\Users\Uer\AppData\Local\{D599C698-33C9-47F9-82E7-25BCD706FE55}
    2012-08-14 15:17 - 2012-08-25 03:23 - 00000000 ____D C:\Users\Uer\AppData\Local\{1A237A70-A8BA-426E-A80B-95611C94FCBD}
    2012-08-14 15:17 - 2012-08-14 15:17 - 00000000 ____D C:\Users\Uer\AppData\Local\{C5BE3F18-0F0B-47AE-A49E-26BB30B5A4B7}
    2012-08-13 17:49 - 2012-08-13 17:50 - 92296199 ____A C:\Users\Uer\Desktop\Automatic Scan Report.txt
    2012-08-13 17:48 - 2012-08-13 17:48 - 00007389 ____A C:\Users\Uer\Desktop\Detected Threats.txt
    2012-08-13 17:48 - 2012-08-13 17:48 - 00000392 __ASH C:\Windows\9596485drv.spi
    2012-08-13 17:26 - 2012-08-13 17:26 - 00000000 ____D C:\Users\Uer\AppData\Local\{FBF18B35-F7B0-4F5E-96E1-4962DAA9009C}
    2012-08-13 17:26 - 2012-08-13 17:26 - 00000000 ____D C:\Users\Uer\AppData\Local\{161C394B-D57D-4AA4-921E-E8FC58E12E7A}
    2012-08-13 15:25 - 2012-08-08 08:11 - 00460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\72847843.sys
    2012-08-13 15:19 - 2012-08-13 15:19 - 00000000 ____D C:\Users\Uer\AppData\Local\{645AA617-1BA4-443D-A02A-99B2A48713BA}
    2012-08-12 18:26 - 2012-08-12 18:26 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
    2012-08-12 18:25 - 2012-08-12 18:01 - 141851192 ____A C:\Users\Uer\Desktop\setup_11.0.0.1245.x01_2012_08_08_11_11.exe
    2012-08-09 17:30 - 2012-08-09 17:30 - 00001541 ____A C:\Users\Uer\Desktop\Techspot.txt
    2012-08-09 12:10 - 2012-08-09 12:10 - 00000000 ____D C:\Users\Uer\AppData\Local\{D68AC073-2305-4E18-AF72-8CBEFB52C7CF}
    2012-08-09 00:09 - 2012-08-09 00:10 - 00000000 ____D C:\Users\Uer\AppData\Local\{3E674265-A83B-4EB3-931B-D6098D9C3017}
    2012-08-08 12:09 - 2012-08-09 12:10 - 00000000 ____D C:\Users\Uer\AppData\Local\{340D0D0D-4B9F-4721-AF45-9AD6B65FD672}
    2012-08-08 12:09 - 2012-08-08 12:09 - 00000000 ____D C:\Users\Uer\AppData\Local\{B0935338-A6BB-46DB-AF32-248C950A2739}
    2012-08-08 11:16 - 2012-08-29 17:43 - 00000000 ___SD C:\32788R22FWJFW
    2012-08-08 11:16 - 2012-08-08 11:16 - 00001175 ____A C:\Users\Uer\Desktop\ComboFix - Shortcut.lnk
    2012-08-06 13:17 - 2012-08-06 13:17 - 00000000 ____D C:\Users\Uer\Desktop\Malware Removal Stuff
    2012-08-06 06:06 - 2012-08-06 06:06 - 00000000 ____D C:\Users\Uer\AppData\Local\{9CC0742D-56D5-4017-97B7-AE30F0ED02CF}
    2012-08-06 06:06 - 2012-08-06 06:06 - 00000000 ____D C:\Users\Uer\AppData\Local\{641396F2-8817-4A42-A569-7EAEDFD98159}
    2012-08-06 05:09 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-08-06 05:09 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-08-06 05:09 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-08-06 05:09 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-08-06 05:09 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-08-06 05:09 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2012-08-06 05:09 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2012-08-06 05:09 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2012-08-06 05:05 - 2012-08-06 05:09 - 00000000 ____D C:\Qoobox
    2012-08-06 05:04 - 2012-08-06 05:04 - 00000000 ____D C:\Windows\erdnt
    ============ 3 Months Modified Files ========================
    2012-09-05 18:19 - 2011-03-18 08:09 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-09-05 18:18 - 2012-07-19 13:07 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2308464352-3331396735-3360041561-1000UA.job
    2012-09-05 18:18 - 2011-03-18 08:09 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-09-05 18:17 - 2011-03-09 01:20 - 00025819 ____A C:\Windows\setupact.log
    2012-09-05 18:17 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-05 18:16 - 2010-09-04 12:45 - 01742462 ____A C:\Windows\WindowsUpdate.log
    2012-09-05 18:12 - 2012-04-12 16:10 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-05 14:18 - 2012-07-19 13:07 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2308464352-3331396735-3360041561-1000Core.job
    2012-09-02 17:18 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-02 17:18 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-31 13:31 - 2011-03-09 01:19 - 00042176 ____A C:\Windows\PFRO.log
    2012-08-30 14:38 - 2012-08-30 14:38 - 00511265 ____A C:\Users\Uer\adwcleaner.exe
    2012-08-30 14:17 - 2012-08-15 10:13 - 00008111 ____A C:\Users\Uer\Desktop\aswMBR.txt
    2012-08-30 14:17 - 2012-08-15 10:13 - 00000512 ____A C:\Users\Uer\Desktop\MBR.dat
    2012-08-30 13:42 - 2012-08-30 13:41 - 04731392 ____A (AVAST Software) C:\Users\Uer\Desktop\aswMBR.exe
    2012-08-30 12:48 - 2012-07-20 15:33 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2012-08-29 19:46 - 2011-02-19 13:15 - 00000258 _RASH C:\Users\All Users\ntuser.pol
    2012-08-29 17:41 - 2012-08-29 17:41 - 04740381 ___RA (Swearware) C:\Users\Uer\Desktop\ComboFix.exe
    2012-08-29 17:37 - 2012-08-29 17:37 - 00030868 ____A C:\AdwCleaner[R1].txt
    2012-08-29 17:28 - 2012-08-29 17:28 - 00001433 ____A C:\Users\Uer\Desktop\RKreport[3].txt
    2012-08-29 17:27 - 2012-08-29 17:27 - 00002939 ____A C:\Users\Uer\Desktop\RKreport[2].txt
    2012-08-29 17:24 - 2012-08-29 17:24 - 00002589 ____A C:\Users\Uer\Desktop\RKreport[1].txt
    2012-08-29 17:18 - 2012-08-29 17:18 - 01367552 ____A C:\Users\Uer\Desktop\RogueKiller.exe
    2012-08-29 16:56 - 2012-08-29 16:55 - 02193184 ____A C:\Users\Uer\Downloads\tdsskiller.zip
    2012-08-24 10:28 - 2012-08-29 16:56 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Uer\Desktop\TDSSKiller.exe
    2012-08-13 17:50 - 2012-08-13 17:49 - 92296199 ____A C:\Users\Uer\Desktop\Automatic Scan Report.txt
    2012-08-13 17:48 - 2012-08-13 17:48 - 00007389 ____A C:\Users\Uer\Desktop\Detected Threats.txt
    2012-08-13 17:48 - 2012-08-13 17:48 - 00000392 __ASH C:\Windows\9596485drv.spi
    2012-08-12 18:01 - 2012-08-12 18:25 - 141851192 ____A C:\Users\Uer\Desktop\setup_11.0.0.1245.x01_2012_08_08_11_11.exe
    2012-08-09 17:30 - 2012-08-09 17:30 - 00001541 ____A C:\Users\Uer\Desktop\Techspot.txt
    2012-08-08 11:16 - 2012-08-08 11:16 - 00001175 ____A C:\Users\Uer\Desktop\ComboFix - Shortcut.lnk
    2012-08-08 08:11 - 2012-08-13 15:25 - 00460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\72847843.sys
    2012-08-05 15:56 - 2012-08-05 15:56 - 00000053 ____A C:\Users\Uer\Documents\modem info.txt
    2012-08-04 10:32 - 2012-08-04 10:29 - 01439619 ____A (Farbar) C:\Users\Uer\Downloads\FRST64.exe
    2012-08-03 20:16 - 2012-04-12 16:10 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-03 20:16 - 2011-05-24 16:38 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-03 12:40 - 2009-07-13 21:08 - 00032576 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-01 17:08 - 2009-07-13 21:13 - 00727334 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-26 20:17 - 2012-07-26 20:10 - 65351161 ____A C:\Users\Uer\Downloads\Cupid - Time For A Change (2007) - R&B.rar
    2012-07-25 16:11 - 2012-07-25 16:11 - 00001745 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-07-20 15:33 - 2011-10-11 21:03 - 00000927 ____A C:\Users\Public\Desktop\AVG 2012.lnk
    2012-07-12 15:55 - 2012-06-16 09:55 - 00001075 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-11 19:36 - 2012-07-11 19:35 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Uer\Downloads\tdsskiller.exe
    2012-07-11 00:22 - 2009-07-13 20:45 - 00273296 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-11 00:05 - 2012-07-11 00:04 - 00265966 ____A C:\Windows\msxml4-KB2721691-enu.LOG
    2012-07-11 00:04 - 2012-06-14 00:07 - 00000129 ____A C:\Windows\System32\MRT.INI
    2012-07-11 00:02 - 2010-11-20 02:50 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-03 10:46 - 2012-06-16 09:55 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-26 18:45 - 2012-06-26 18:45 - 00001123 ____A C:\Users\Public\Desktop\DJ Intro.lnk
    2012-06-25 13:04 - 2012-06-25 13:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
    2012-06-23 10:26 - 2012-06-23 10:26 - 00001104 ____A C:\Users\Uer\Desktop\ASIO4ALL v2 Instruction Manual.lnk
    2012-06-11 19:08 - 2012-07-11 00:05 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-08 21:43 - 2012-07-10 19:23 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:41 - 2012-07-10 19:23 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

    Possible partition infection:
    C:\Windows\svchost.exe
    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 12%
    Total physical RAM: 7935.29 MB
    Available physical RAM: 6967.16 MB
    Total Pagefile: 7933.43 MB
    Available Pagefile: 6948.17 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB
    ======================= Partitions =========================
    1 Drive c: (OS) (Fixed) (Total:919.35 GB) (Free:780.26 GB) NTFS
    2 Drive e: (HP_RECOVERY) (Fixed) (Total:12.07 GB) (Free:1.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive f: (Serato DJ Intro) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
    4 Drive g: (BLAKE'S IPO) (Removable) (Total:3.77 GB) (Free:3.42 GB) FAT32
    9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    10 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 3867 MB 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 919 GB 101 MB
    Partition 3 Primary 12 GB 919 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy
    ==================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 919 GB Healthy
    ==================================================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E HP_RECOVERY NTFS Partition 12 GB Healthy
    ==================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 3867 MB 0 B
    ==================================================================================
    Disk: 1
    There is no partition selected.
    There is no partition selected.
    Please select a partition and try again.
    ==================================================================================
    ==========================================================
    Last Boot: 2012-08-26 21:03
    ======================= End Of Log ==========================
     
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Download ListParts64 to a USB flash drive.

    Download the attached fix.txt and save it to the flash drive where ListParts64 is located.

    To run it type g:/listparts64 in the command window and hit Enter
    ListParts will start to run.
    • Press the Fix button.
    • ListParts will process the script in Fix.txt
    • When finished close the notification of finishing, please check "List BCD" and then press the Scan button.
    • A log Result.txt will be saved to the flash drive. Post it to your reply.
    • Also restart, let it boot normally and tell me how it went.
     
  16. BWashburn

    BWashburn TS Member Topic Starter Posts: 58

    And here is the result log...
    ListParts by Farbar Version: 10-08-2012
    Ran by Uer (administrator) on 08-09-2012 at 13:14:25
    Windows 7 (X64)
    Running From: K:\
    Language: 0409
    ************************************************************
    ========================= Memory info ======================
    Percentage of memory in use: 28%
    Total physical RAM: 7935.29 MB
    Available physical RAM: 5652.01 MB
    Total Pagefile: 15868.76 MB
    Available Pagefile: 13268.06 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ======================= Partitions =========================
    1 Drive c: (OS) (Fixed) (Total:919.35 GB) (Free:779.67 GB) NTFS
    2 Drive d: (HP_RECOVERY) (Fixed) (Total:12.07 GB) (Free:1.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive e: (Serato DJ Intro) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
    9 Drive k: (BLAKE'S IPO) (Removable) (Total:3.77 GB) (Free:3.42 GB) FAT32
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 Online 3867 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 919 GB 101 MB
    Partition 3 Primary 12 GB 919 GB
    ======================================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 SYSTEM NTFS Partition 100 MB Healthy System (partition with boot components)
    ======================================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C OS NTFS Partition 919 GB Healthy Boot
    ======================================================================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 D HP_RECOVERY NTFS Partition 12 GB Healthy
    ======================================================================================================
    Partitions of Disk 5:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 3867 MB 0 B
    ======================================================================================================
    Disk: 5
    There is no partition selected.
    There is no partition selected.
    Please select a partition and try again.
    ======================================================================================================
    Windows Boot Manager
    --------------------
    identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
    device partition=\Device\HarddiskVolume1
    description Windows Boot Manager
    locale en-US
    inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
    extendedinput Yes
    default {5312aa07-7887-11de-b1db-001321be213f}
    resumeobject {5312aa06-7887-11de-b1db-001321be213f}
    displayorder {5312aa07-7887-11de-b1db-001321be213f}
    toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
    timeout 30
    customactions 0x1000085000001
    0x5400000f
    custom:5400000f {2d3c1387-f450-11df-9901-d48564ac1ab2}
    Windows Boot Loader
    -------------------
    identifier {2d3c1387-f450-11df-9901-d48564ac1ab2}
    device ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{2d3c1388-f450-11df-9901-d48564ac1ab2}
    path \windows\system32\winload.exe
    description Windows Recovery Environment
    inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
    osdevice ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{2d3c1388-f450-11df-9901-d48564ac1ab2}
    systemroot \windows
    nx OptIn
    winpe Yes
    custom:46000010 Yes
    Windows Boot Loader
    -------------------
    identifier {5312aa07-7887-11de-b1db-001321be213f}
    device partition=C:
    path \Windows\system32\winload.exe
    description Windows 7
    locale en-US
    inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
    recoverysequence {2d3c1387-f450-11df-9901-d48564ac1ab2}
    recoveryenabled Yes
    osdevice partition=C:
    systemroot \Windows
    resumeobject {5312aa06-7887-11de-b1db-001321be213f}
    nx OptIn
    Resume from Hibernate
    ---------------------
    identifier {5312aa06-7887-11de-b1db-001321be213f}
    device partition=C:
    path \Windows\system32\winresume.exe
    description Windows Resume Application
    locale en-US
    inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
    filedevice partition=C:
    filepath \hiberfil.sys
    debugoptionenabled No
    Windows Memory Tester
    ---------------------
    identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
    device partition=\Device\HarddiskVolume1
    path \boot\memtest.exe
    description Windows Memory Diagnostic
    locale en-US
    inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
    badmemoryaccess Yes
    EMS Settings
    ------------
    identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
    bootems Yes
    Debugger Settings
    -----------------
    identifier {4636856e-540f-4170-a130-a84776f4c654}
    debugtype Serial
    debugport 1
    baudrate 115200
    RAM Defects
    -----------
    identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}
    Global Settings
    ---------------
    identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
    inherit {4636856e-540f-4170-a130-a84776f4c654}
    {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
    {5189b25c-5558-4bf2-bca4-289b11bd29e2}
    Boot Loader Settings
    --------------------
    identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
    inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
    {7ff607e0-4395-11db-b0de-0800200c9a66}
    Hypervisor Settings
    -------------------
    identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
    hypervisordebugtype Serial
    hypervisordebugport 1
    hypervisorbaudrate 115200
    Resume Loader Settings
    ----------------------
    identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
    inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
    Device options
    --------------
    identifier {2d3c1388-f450-11df-9901-d48564ac1ab2}
    description Ramdisk Options
    ramdisksdidevice partition=D:
    ramdisksdipath \Recovery\WindowsRE\boot.sdi

    ****** End Of Log ******
     
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please do the same as post #65 above...

    Except use this fix.txt attached...
     
  18. BWashburn

    BWashburn TS Member Topic Starter Posts: 58

    Computer just bsod. Using my phone to type this. Error message bad system config info. Looked at diagnostics in boot menu and it said file: \boot\memtest.exe file is either missing or corrupt. Basically my computer just took a big crap on me.
     
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Can you allow ListParts to run? If it can, a regular log from it would be good...
     
  20. BWashburn

    BWashburn TS Member Topic Starter Posts: 58

    I cannot boot into windows at all. Tried safe mode still got the same message. No option for repair windows. Thinking about going with Linux or MAC lol so frustrated right now I want to throw this thing out the window. :(
     
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    If you don't have a Windows Disc, I can point you to tutorials for installing Linux.

    At this point, it's going to have to be reformatted and reinstalled. The malware has killed your partitions too much.
     
  22. BWashburn

    BWashburn TS Member Topic Starter Posts: 58

    Yes I figured that would be the case I really appreciate the help. What I think happened was I ran an AVG scan and something popped up and I selected remove I rebooted and that's when I received the BSOD. Programs I use I'm not sure if it is compatible with Linux I will have to do some research and figure out my options. I might just reinstall Windows if I can get a copy for cheap. If not then I'm going to go with MAC or Linux.
     
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Sorry it seems to be that way, however, we've hacked at it for days together.

    Wine for Linux should get you up and running for Windows Apps to run: http://www.winehq.org/
     
  24. BWashburn

    BWashburn TS Member Topic Starter Posts: 58

    Ok I am either: A. Going to purchase a laptop and use that for my VDJ program(I looked into it and it seems wine will not run it properly). And put Linux on my desktop. Or B. Put OSX on my desktop. Now a couple questions what would be the best way to retrieve me file from my HDD (songs, videos etc.) And is it even possible to put OSX on a windows PC?
     
  25. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Mac OS X is not allowed on Windows-based PCs non-Apple-branded computers.

    Please refer to their legal agreement on OS X Mountain Lion (latest release), which is actually what they've always had in their agreements:

    Noted from here: http://images.apple.com/legal/sla/docs/OSX108.pdf


    For the documents and pictures, use of a DVD, flash drive, or external drive should work just fine.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.