TechSpot

Trojan removal generic29.anpx backdoor.generic15.cgsy

Inactive
By Fraze
Nov 24, 2012
  1. Hi there,

    My wife's laptop is riddled with Trojans I can't get rid of. I would be grateful for any help getting rid of them.

    Cheers.
  2. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. Fraze

    Fraze TS Rookie Topic Starter

    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.24.11

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Nellie :: NELLIE-HP [administrator]

    Protection: Enabled

    24/11/2012 23:32:18
    mbam-log-2012-11-24 (23-32-18).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 205445
    Time elapsed: 7 minute(s), 42 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Windows\Installer\{4c8eeba8-7479-d8e2-4b7f-f4b3ebeb2759}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{4c8eeba8-7479-d8e2-4b7f-f4b3ebeb2759}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{4c8eeba8-7479-d8e2-4b7f-f4b3ebeb2759}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

    (end)
  4. Fraze

    Fraze TS Rookie Topic Starter

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16455
    Run by Nellie at 23:51:49 on 2012-11-24
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4044.1997 [GMT 0:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\SysWOW64\ezSharedSvcHost.exe
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Users\Nellie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\SysWOW64\RunDll32.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
    C:\Windows\system32\consent.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Spotify Web Helper] "C:\Users\Nellie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    uPolicies-Explorer: HideSCAHealth = dword:1
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: EnableShellExecuteHooks = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{6DBD5B3B-2436-4CAE-8E2C-A63626F3B45D} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{6DBD5B3B-2436-4CAE-8E2C-A63626F3B45D}\75D49445C4C405 : DHCPNameServer = 130.1.103.241 130.1.103.240
    TCP: Interfaces\{7DCB0428-DC25-4ADE-AA05-96AFAF4D51E5} : DHCPNameServer = 192.168.0.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
    LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-6 291896]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-5-22 2372096]
    R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-24 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-24 676936]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-5-22 2656280]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
    R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-5-22 620584]
    R3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2011-12-3 89640]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-5-22 39976]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
    R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-9-13 1098296]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-4-11 317440]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-24 25928]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-26 565352]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
    S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2012-4-23 35840]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-25 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-5-22 335464]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-1 1255736]
    S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== Created Last 30 ================
    .
    2012-11-24 17:08:07--------d-----w-C:\Windows\pss
    2012-11-24 17:00:21--------d-----w-C:\Users\Nellie\AppData\Roaming\Malwarebytes
    2012-11-24 16:59:45--------d-----w-C:\ProgramData\Malwarebytes
    2012-11-24 16:59:4325928----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-11-24 16:59:43--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-24 15:40:07--------d-----w-C:\Users\Nellie\AppData\Local\{52B3D95A-EBD7-4AFC-B4D2-98BA688D9C71}
    2012-11-23 21:50:46--------d-----w-C:\Users\Nellie\AppData\Local\{670F4264-13C9-49B9-BC5D-B6190177744D}
    2012-11-22 17:07:39--------d-----w-C:\Users\Nellie\AppData\Local\{FE7D35B8-29B9-4B84-9182-C0890C77C15C}
    2012-11-20 20:49:37--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
    2012-11-20 20:45:36--------d-----w-C:\Users\Nellie\AppData\Local\{1FE681D0-C372-498A-8A24-1F75589485BF}
    2012-11-18 21:55:34--------d-----w-C:\Users\Nellie\AppData\Roaming\Syimas
    2012-11-18 21:55:34--------d-----w-C:\Users\Nellie\AppData\Roaming\Itfo
    2012-11-18 21:55:34--------d-----w-C:\Users\Nellie\AppData\Roaming\Axvuh
    2012-11-18 19:16:22--------d-----w-C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
    2012-11-18 15:37:16--------d-----w-C:\Users\Nellie\AppData\Local\{F51E74EB-01F6-4D7C-9033-1A69D543A01E}
    2012-11-18 03:12:289728----a-w-C:\Windows\System32\Wdfres.dll
    2012-11-18 03:12:28785512----a-w-C:\Windows\System32\drivers\Wdf01000.sys
    2012-11-18 03:12:2854376----a-w-C:\Windows\System32\drivers\WdfLdr.sys
    2012-11-18 03:12:282560----a-w-C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2012-11-18 03:02:0187040----a-w-C:\Windows\System32\drivers\WUDFPf.sys
    2012-11-18 03:02:01198656----a-w-C:\Windows\System32\drivers\WUDFRd.sys
    2012-11-18 03:02:0084992----a-w-C:\Windows\System32\WUDFSvc.dll
    2012-11-18 03:02:00194048----a-w-C:\Windows\System32\WUDFPlatform.dll
    2012-11-18 03:01:5945056----a-w-C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-18 03:01:56744448----a-w-C:\Windows\System32\WUDFx.dll
    2012-11-18 03:01:56229888----a-w-C:\Windows\System32\WUDFHost.exe
    2012-11-17 17:30:59--------d-----w-C:\Users\Nellie\AppData\Local\{1BE51FB8-8E06-401D-A3ED-753631BA05EC}
    2012-11-17 15:45:25--------d-----w-C:\Users\Nellie\AppData\Local\Rdio
    2012-11-17 15:45:0255296----a-w-C:\Windows\System32\dhcpcsvc6.dll
    2012-11-17 15:45:0244032----a-w-C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-11-17 15:45:02226816----a-w-C:\Windows\System32\dhcpcore6.dll
    2012-11-17 15:45:02193536----a-w-C:\Windows\SysWow64\dhcpcore6.dll
    2012-11-17 15:41:21--------d-----w-C:\Users\Nellie\AppData\Local\Apps
    2012-11-17 15:41:19--------d-----w-C:\Users\Nellie\AppData\Local\Deployment
    2012-11-10 20:49:13--------d-----w-C:\Users\Nellie\AppData\Local\{9BA6A1AC-B6FA-4743-9D7B-E2B874102C23}
    2012-11-06 23:18:55--------d-----w-C:\Users\Nellie\AppData\Local\{1FED829F-F8B3-4ED0-AA26-E3B700A8897B}
    2012-11-04 15:38:24--------d-----w-C:\Users\Nellie\AppData\Local\{65433D12-895A-4FF2-A29F-985C844AA744}
    2012-11-03 17:16:55--------d-----w-C:\Users\Nellie\AppData\Local\{C4A52644-0C64-46E1-A4F1-52E67BEF6714}
    2012-11-02 01:57:13--------d-----w-C:\Users\Nellie\AppData\Roaming\Yvyc
    2012-11-02 01:57:13--------d-----w-C:\Users\Nellie\AppData\Roaming\Vike
    2012-11-02 01:57:13--------d-----w-C:\Users\Nellie\AppData\Roaming\Tuman
    2012-11-02 00:24:09--------d-----w-C:\Users\Nellie\AppData\Local\{7A320B24-D182-413D-8104-947ED58B590F}
    .
    ==================== Find3M ====================
    .
    2012-10-18 18:25:583149824----a-w-C:\Windows\System32\win32k.sys
    2012-10-09 19:45:4473656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-09 19:45:44696760----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-10-08 11:31:032312704----a-w-C:\Windows\System32\jscript9.dll
    2012-10-08 11:23:521392128----a-w-C:\Windows\System32\wininet.dll
    2012-10-08 11:22:551494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-10-08 11:18:22173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-10-08 11:17:35599040----a-w-C:\Windows\System32\vbscript.dll
    2012-10-08 11:13:332382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-10-08 07:56:241800704----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-10-08 07:48:031129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-10-08 07:47:441427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-10-08 07:44:05142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-10-08 07:43:21420864----a-w-C:\Windows\SysWow64\vbscript.dll
    2012-10-08 07:40:562382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-10-03 17:56:541914248----a-w-C:\Windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:2170656----a-w-C:\Windows\System32\nlaapi.dll
    2012-10-03 17:44:21303104----a-w-C:\Windows\System32\nlasvc.dll
    2012-10-03 17:44:17246272----a-w-C:\Windows\System32\netcorehc.dll
    2012-10-03 17:44:1718944----a-w-C:\Windows\System32\netevent.dll
    2012-10-03 17:44:16216576----a-w-C:\Windows\System32\ncsi.dll
    2012-10-03 17:42:16569344----a-w-C:\Windows\System32\iphlpsvc.dll
    2012-10-03 16:42:2418944----a-w-C:\Windows\SysWow64\netevent.dll
    2012-10-03 16:42:24175104----a-w-C:\Windows\SysWow64\netcorehc.dll
    2012-10-03 16:42:23156672----a-w-C:\Windows\SysWow64\ncsi.dll
    2012-10-03 16:07:2645568----a-w-C:\Windows\System32\drivers\tcpipreg.sys
    2012-09-25 22:47:4378336----a-w-C:\Windows\SysWow64\synceng.dll
    2012-09-25 22:46:1795744----a-w-C:\Windows\System32\synceng.dll
    2012-09-14 19:19:292048----a-w-C:\Windows\System32\tzres.dll
    2012-09-14 18:28:532048----a-w-C:\Windows\SysWow64\tzres.dll
    2012-08-31 18:19:351659760----a-w-C:\Windows\System32\drivers\ntfs.sys
    2012-08-30 18:03:455559664----a-w-C:\Windows\System32\ntoskrnl.exe
    2012-08-30 17:12:023968880----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12:023914096----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    .
    ============= FINISH: 23:53:47.59 ===============
  5. Fraze

    Fraze TS Rookie Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 30/09/2011 17:14:44
    System Uptime: 24/11/2012 23:44:42 (0 hours ago)
    .
    Motherboard: Hewlett-Packard | | 1671
    Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | CPU1 | 798/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 582 GiB total, 443.204 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 1.51 GiB free.
    E: is CDROM ()
    F: is FIXED (FAT32) - 0 GiB total, 0.083 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP109: 05/10/2012 21:33:18 - Scheduled Checkpoint
    RP110: 11/10/2012 20:54:32 - Windows Update
    RP111: 27/10/2012 17:22:24 - Scheduled Checkpoint
    RP112: 03/11/2012 17:02:06 - HPSF Applying updates
    RP113: 18/11/2012 03:00:23 - Windows Update
    RP114: 18/11/2012 19:16:38 - Installed HP Support Assistant
    RP115: 18/11/2012 19:20:06 - Windows Modules Installer
    RP116: 18/11/2012 19:21:00 - Windows Modules Installer
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.1) MUI
    Adobe Shockwave Player 11.5
    Agatha Christie - Peril at End House
    Amazon Kindle
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2012
    Bejeweled 2 Deluxe
    Bejeweled 3
    Bing Bar
    Blackhawk Striker 2
    Blasterball 3
    Bonjour
    Bounce Symphony
    Broadcom 802.11 Wireless LAN Adapter
    Broadcom Bluetooth Software
    Broadcom InConcert Maestro
    Build-a-lot 2
    Cake Mania
    Canon MP495 series MP Drivers
    Chuzzle Deluxe
    CyberLink YouCam
    D3DX10
    Diner Dash 2 Restaurant Rescue
    Dora's World Adventure
    Energy Star Digital Logo
    ESU for Microsoft Windows 7
    Evernote v. 4.2.2
    Farm Frenzy
    FATE - The Traitor Soul
    Final Drive Nitro
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hewlett-Packard ACLM.NET v1.2.1.1
    HP Auto
    HP Client Services
    HP Connection Manager
    HP Customer Experience Enhancements
    HP Documentation
    HP Games
    HP On Screen Display
    HP Power Manager
    HP Quick Launch
    HP Setup
    HP Setup Manager
    HP Software Framework
    HP Support Assistant
    iCloud
    IDT Audio
    Intel(R) Control Center
    Intel(R) Identity Protection Technology 1.1.2.0
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 24 (64-bit)
    Java(TM) 6 Update 31
    Junk Mail filter update
    Magic Desktop
    Mah Jong Medley
    Malwarebytes Anti-Malware version 1.65.1.1000
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft PowerPoint Viewer
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MSVCRT
    MSVCRT_amd64
    Mystery P.I. - Stolen in San Francisco
    Namco All-Stars PAC-MAN
    Penguins!
    Plants vs. Zombies - Game of the Year
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    QuickTime
    Rdio
    Realtek Ethernet Controller Driver
    Realtek PCIE Card Reader
    Recovery Manager
    Safari
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Skype™ 5.10
    Slingo Supreme
    Spotify
    Synaptics TouchPad Driver
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update Installer for WildTangent Games App
    Virtual Villagers 4 - The Tree of Life
    Visual Studio 2008 x64 Redistributables
    WildTangent Games App (HP Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    24/11/2012 23:46:47, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    24/11/2012 23:45:55, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    24/11/2012 23:45:55, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    24/11/2012 23:45:16, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    24/11/2012 23:45:16, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    24/11/2012 23:45:16, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    24/11/2012 23:30:08, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IconMan_R service.
    24/11/2012 18:12:44, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
    24/11/2012 18:05:01, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    24/11/2012 18:05:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    24/11/2012 18:04:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    24/11/2012 18:04:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    24/11/2012 18:04:48, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
    24/11/2012 18:04:44, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    24/11/2012 18:04:29, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache spldr Wanarpv6
    24/11/2012 18:04:28, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    24/11/2012 18:04:28, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
    24/11/2012 17:11:56, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    23/11/2012 21:58:53, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
    23/11/2012 21:58:53, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    23/11/2012 21:50:02, Error: NetBT [4307] - Initialization failed because the transport refused to open initial addresses.
    23/11/2012 21:49:48, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    22/11/2012 20:01:56, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    20/11/2012 20:29:22, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
    17/11/2012 20:39:08, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpCMSrv service.
    .
    ==== End Of File ===========================
  6. Fraze

    Fraze TS Rookie Topic Starter

    OK that's the logs posted. Thanks for taking a look.
  7. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ********************************************

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  8. Fraze

    Fraze TS Rookie Topic Starter

    The log from the first scan with MBAR:


    Malwarebytes Anti-Rootkit 1.1.0.1009
    www.malwarebytes.org

    Database version: v2012.11.24.11

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Nellie :: NELLIE-HP [administrator]

    25/11/2012 00:26:37
    mbar-log-2012-11-25 (00-26-37).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled: PUP | PUM | P2P
    Objects scanned: 27852
    Time elapsed: 14 minute(s), 40 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 2
    C:\Windows\Installer\{4c8eeba8-7479-d8e2-4b7f-f4b3ebeb2759}\L (Backdoor.0Access) -> Delete on reboot. [c7ba2a8f72ebae881b664db324dc7d83]
    C:\Windows\Installer\{4c8eeba8-7479-d8e2-4b7f-f4b3ebeb2759}\U (Backdoor.0Access) -> Delete on reboot. [87fa6950114cb185463cd32dbb4544bc]

    Files Detected: 12
    C:\Windows\System32\services.exe (Rootkit.0Access) -> Delete on reboot. [50bea589f7d7958bdd2528a8f69d05cc]
    C:\Windows\Installer\{4c8eeba8-7479-d8e2-4b7f-f4b3ebeb2759}\@ (Backdoor.0Access) -> Delete on reboot. [087900b90f4ed75f82d80df333cd5aa6]
    C:\Windows\Installer\{4c8eeba8-7479-d8e2-4b7f-f4b3ebeb2759}\L\00000004.@ (Backdoor.0Access) -> Delete on reboot. [00818435a9b4f541ce8ad828709002fe]
    C:\Windows\Installer\{4c8eeba8-7479-d8e2-4b7f-f4b3ebeb2759}\U\00000004.@ (Backdoor.0Access) -> Delete on reboot. [4d343f7a88d5ad89fc5b16ea59a7a35d]
    C:\Windows\Installer\{4c8eeba8-7479-d8e2-4b7f-f4b3ebeb2759}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Delete on reboot. [c0c1407964f9db5b54f2ac0605fb8080]
    C:\Windows\Installer\{4c8eeba8-7479-d8e2-4b7f-f4b3ebeb2759}\U\000000cb.@ (Backdoor.0Access) -> Delete on reboot. [a6dba81108553105ef68a35df20e3ec2]
    C:\Windows\Installer\{4c8eeba8-7479-d8e2-4b7f-f4b3ebeb2759}\U\80000000.@ (Backdoor.0Access) -> Delete on reboot. [bfc2784185d849eda3b41be50cf47f81]
    C:\Windows\Installer\{4c8eeba8-7479-d8e2-4b7f-f4b3ebeb2759}\U\80000032.@ (Rootkit.0Access) -> Delete on reboot. [255c81384d107bbbf0ac9734867ab24e]
    C:\Windows\Installer\{4c8eeba8-7479-d8e2-4b7f-f4b3ebeb2759}\U\80000064.@ (Backdoor.0Access) -> Delete on reboot. [ea971e9b82dbe74f193e2dd3cb358a76]
    C:\Windows\assembly\GAC_32\Desktop.ini (Rootkit.0access) -> Delete on reboot. [b4cdc0f9d8856ccab7ec616736ca6799]
    C:\Windows\assembly\GAC_64\Desktop.ini (Rootkit.0access) -> Delete on reboot. [324f5267d28bef4782211eaac53b857b]
    C:\Windows\Installer\{4c8eeba8-7479-d8e2-4b7f-f4b3ebeb2759}\L\201d3dde (Backdoor.0Access) -> Delete on reboot. [c7ba2a8f72ebae881b664db324dc7d83]

    (end)
  9. Fraze

    Fraze TS Rookie Topic Starter

    The log second time around:
    Malwarebytes Anti-Rootkit 1.1.0.1009
    www.malwarebytes.org
    Database version: v2012.11.24.11
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Nellie :: NELLIE-HP [administrator]
    25/11/2012 00:50:46
    mbar-log-2012-11-25 (00-50-46).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled: PUP | PUM | P2P
    Objects scanned: 27820
    Time elapsed: 10 minute(s), 34 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  10. Fraze

    Fraze TS Rookie Topic Starter

    System-log.txt
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1009
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    Java version: 1.6.0_31
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
    CPU speed: 2.095000 GHz
    Memory total: 4240293888, free: 2422616064
    ------------ Kernel report ------------
    11/25/2012 00:11:13
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\compbatt.sys
    \SystemRoot\system32\drivers\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\avgrkx64.sys
    \SystemRoot\system32\DRIVERS\avgidsha.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\avgmfx64.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\avgtdia.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\drivers\blbdrive.sys
    \SystemRoot\system32\DRIVERS\avgldx64.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\drivers\CmBatt.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\bcmwl664.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\clwvd.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\stwrt64.sys
    \SystemRoot\system32\DRIVERS\portcls.sys
    \SystemRoot\system32\DRIVERS\drmk.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\drivers\btwampfl.sys
    \SystemRoot\system32\drivers\HIDPARSE.SYS
    \SystemRoot\System32\Drivers\BTHUSB.sys
    \SystemRoot\System32\Drivers\bthport.sys
    \SystemRoot\system32\DRIVERS\rfcomm.sys
    \SystemRoot\system32\drivers\BthEnum.sys
    \SystemRoot\system32\DRIVERS\bthmodem.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\drivers\btwavdt.sys
    \SystemRoot\system32\drivers\btwaudio.sys
    \SystemRoot\system32\DRIVERS\btwl2cap.sys
    \SystemRoot\system32\DRIVERS\btwdpan.sys
    \SystemRoot\system32\DRIVERS\btwrchid.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\system32\DRIVERS\Sftvollh.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\avgidsfiltera.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\system32\DRIVERS\Sftfslh.sys
    \SystemRoot\system32\DRIVERS\Sftplaylh.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
    \SystemRoot\system32\DRIVERS\Sftredirlh.sys
    \SystemRoot\system32\drivers\spsys.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa800726e060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa80049dd050
    Lower Device Driver Name: \Driver\iaStor\
    Driver name found: iaStor
    DriverEntry returned 0x0
    Function returned 0x0
    Downloaded database version: v2012.11.24.11
    Downloaded database version: v2012.11.19.01
    Initializing...
    Done!
    Scanning directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa800726e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800726eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800726e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80049dd050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Upper DeviceData: 0xfffff8a009707ca0, 0xfffffa800726e060, 0xfffffa80072a9790
    Lower DeviceData: 0xfffff8a00aa7b420, 0xfffffa80049dd050, 0xfffffa80044606b0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 2DDB96F7
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 407552
    Partition file system is NTFS
    Partition is bootable
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600 Numsec = 1221357568
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1221767168 Numsec = 28282880
    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1250050048 Numsec = 211632
    Disk Size: 640135028736 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
    Done!
    Performing system, memory and registry scan...
    Read File: File "C:\ProgramData\AVG2012\Chjw\2ca29a66a29a3474.dat" is sparse (flags = 32768)
    Read File: File "C:\ProgramData\AVG2012\Chjw\2ca29a66a29a3474.dat" is sparse (flags = 32768)
    Read File: File "C:\ProgramData\AVG2012\Chjw\2ca29a66a29a3474.dat" is sparse (flags = 32768)
    Read File: File "C:\ProgramData\AVG2012\Chjw\1ac8a789c8a761ad.dat" is sparse (flags = 32768)
    Read File: File "C:\ProgramData\AVG2012\Chjw\2ca29a66a29a3474.dat" is sparse (flags = 32768)
    Read File: File "C:\ProgramData\AVG2012\log\avgual.2012-10-14.log" is compressed (flags = 1)
    Read File: File "C:\ProgramData\AVG2012\log\avgual.2012-10-23.log" is compressed (flags = 1)
    Read File: File "C:\ProgramData\AVG2012\log\avgual.2012-11-02.log" is compressed (flags = 1)
    Read File: File "C:\ProgramData\AVG2012\log\avgual.2012-11-03.log" is compressed (flags = 1)
    Read File: File "C:\ProgramData\AVG2012\log\avgual.2012-11-10.log" is compressed (flags = 1)
    Read File: File "C:\ProgramData\AVG2012\log\avgual.2012-11-18.log" is compressed (flags = 1)
    Read File: File "C:\ProgramData\AVG2012\log\avgual.2012-11-20.log" is compressed (flags = 1)
    Read File: File "C:\ProgramData\AVG2012\log\avgual.2012-11-22.log" is compressed (flags = 1)
    Read File: File "C:\ProgramData\AVG2012\log\avgual.2012-11-23.log" is compressed (flags = 1)
    Infected: C:\Windows\System32\services.exe --> [Rootkit.0Access]
    Backup file found for a file C:\Windows\System32\services.exe
    Infected: C:\Windows\Installer\{4c8eeba8-7479-d8e2-4b7f-f4b3ebeb2759}\@ --> [Backdoor.0Access]
    Infected: C:\Windows\Installer\{4c8eeba8-7479-d8e2-4b7f-f4b3ebeb2759}\L\00000004.@ --> [Backdoor.0Access]
    Infected: C:\Windows\Installer\{4c8eeba8-7479-d8e2-4b7f-f4b3ebeb2759}\U\00000004.@ --> [Backdoor.0Access]
    Infected: C:\Windows\Installer\{4c8eeba8-7479-d8e2-4b7f-f4b3ebeb2759}\U\00000008.@ --> [Trojan.Dropper.BCMiner]
    Infected: C:\Windows\Installer\{4c8eeba8-7479-d8e2-4b7f-f4b3ebeb2759}\U\000000cb.@ --> [Backdoor.0Access]
    Infected: C:\Windows\Installer\{4c8eeba8-7479-d8e2-4b7f-f4b3ebeb2759}\U\80000000.@ --> [Backdoor.0Access]
    Infected: C:\Windows\Installer\{4c8eeba8-7479-d8e2-4b7f-f4b3ebeb2759}\U\80000032.@ --> [Rootkit.0Access]
    Infected: C:\Windows\Installer\{4c8eeba8-7479-d8e2-4b7f-f4b3ebeb2759}\U\80000064.@ --> [Backdoor.0Access]
    Infected: C:\Windows\assembly\GAC_32\Desktop.ini --> [Rootkit.0access]
    Infected: C:\Windows\assembly\GAC_64\Desktop.ini --> [Rootkit.0access]
    Infected: C:\Windows\Installer\{4c8eeba8-7479-d8e2-4b7f-f4b3ebeb2759}\L --> [Backdoor.0Access]
    Infected: C:\Windows\Installer\{4c8eeba8-7479-d8e2-4b7f-f4b3ebeb2759}\L\201d3dde --> [Backdoor.0Access]
    Infected: C:\Windows\Installer\{4c8eeba8-7479-d8e2-4b7f-f4b3ebeb2759}\U --> [Backdoor.0Access]
    Done!
    Scan finished
    Creating System Restore point...
    Scheduling clean up...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Removal scheduling successful. System shutdown needed.
    System shutdown occured
    =======================================
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1009
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    Java version: 1.6.0_31
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
    CPU speed: 2.095000 GHz
    Memory total: 4240293888, free: 2993373184
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1009
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    Java version: 1.6.0_31
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
    CPU speed: 2.095000 GHz
    Memory total: 4240293888, free: 2456055808
    ------------ Kernel report ------------
    11/25/2012 00:40:00
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\compbatt.sys
    \SystemRoot\system32\drivers\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\avgrkx64.sys
    \SystemRoot\system32\DRIVERS\avgidsha.sys
    \SystemRoot\system32\DRIVERS\avgmfx64.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\avgtdia.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\drivers\blbdrive.sys
    \SystemRoot\system32\DRIVERS\avgldx64.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\drivers\CmBatt.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\bcmwl664.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\clwvd.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\stwrt64.sys
    \SystemRoot\system32\DRIVERS\portcls.sys
    \SystemRoot\system32\DRIVERS\drmk.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\drivers\btwampfl.sys
    \SystemRoot\system32\drivers\HIDPARSE.SYS
    \SystemRoot\System32\Drivers\BTHUSB.sys
    \SystemRoot\System32\Drivers\bthport.sys
    \SystemRoot\system32\DRIVERS\rfcomm.sys
    \SystemRoot\system32\drivers\BthEnum.sys
    \SystemRoot\system32\DRIVERS\bthmodem.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\drivers\btwavdt.sys
    \SystemRoot\system32\drivers\btwaudio.sys
    \SystemRoot\system32\DRIVERS\btwl2cap.sys
    \SystemRoot\system32\DRIVERS\btwdpan.sys
    \SystemRoot\system32\DRIVERS\btwrchid.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\system32\DRIVERS\Sftvollh.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\avgidsfiltera.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\system32\DRIVERS\Sftfslh.sys
    \SystemRoot\system32\DRIVERS\Sftplaylh.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
    \SystemRoot\system32\DRIVERS\Sftredirlh.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa800725c060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-0\
    Lower Device Object: 0xfffffa8005fff050
    Lower Device Driver Name: \Driver\iaStor\
    Driver name found: iaStor
    DriverEntry returned 0x0
    Function returned 0x0
    Initializing...
    Done!
    Scanning directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa800725c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800725cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800725c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8005fff050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Upper DeviceData: 0xfffff8a009dc6690, 0xfffffa800725c060, 0xfffffa8004a21790
    Lower DeviceData: 0xfffff8a009f336f0, 0xfffffa8005fff050, 0xfffffa8004a60090
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 2DDB96F7
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 407552
    Partition file system is NTFS
    Partition is bootable
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600 Numsec = 1221357568
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1221767168 Numsec = 28282880
    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1250050048 Numsec = 211632
    Disk Size: 640135028736 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
    Done!
    Performing system, memory and registry scan...
    Read File: File "C:\ProgramData\AVG2012\Chjw\2ca29a66a29a3474.dat" is sparse (flags = 32768)
    Read File: File "C:\ProgramData\AVG2012\Chjw\2ca29a66a29a3474.dat" is sparse (flags = 32768)
    Read File: File "C:\ProgramData\AVG2012\Chjw\2ca29a66a29a3474.dat" is sparse (flags = 32768)
    Read File: File "C:\ProgramData\AVG2012\Chjw\1ac8a789c8a761ad.dat" is sparse (flags = 32768)
    Read File: File "C:\ProgramData\AVG2012\Chjw\2ca29a66a29a3474.dat" is sparse (flags = 32768)
    Read File: File "C:\ProgramData\AVG2012\log\avgual.2012-10-23.log" is compressed (flags = 1)
    Read File: File "C:\ProgramData\AVG2012\log\avgual.2012-11-02.log" is compressed (flags = 1)
    Read File: File "C:\ProgramData\AVG2012\log\avgual.2012-11-03.log" is compressed (flags = 1)
    Read File: File "C:\ProgramData\AVG2012\log\avgual.2012-11-10.log" is compressed (flags = 1)
    Read File: File "C:\ProgramData\AVG2012\log\avgual.2012-11-18.log" is compressed (flags = 1)
    Read File: File "C:\ProgramData\AVG2012\log\avgual.2012-11-20.log" is compressed (flags = 1)
    Read File: File "C:\ProgramData\AVG2012\log\avgual.2012-11-22.log" is compressed (flags = 1)
    Read File: File "C:\ProgramData\AVG2012\log\avgual.2012-11-23.log" is compressed (flags = 1)
    Done!
    Scan finished
    =======================================
  11. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Good :)

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  12. Fraze

    Fraze TS Rookie Topic Starter

    RogueKiller V8.3.1 [Nov 23 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Nellie [Admin rights]
    Mode : Remove -- Date : 11/25/2012 02:19:24

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [RUN][SUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : Z1 (C:\Users\Nellie\Desktop\mbar\mbar.exe /cleanup /s) -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD6400BPVT-60HXZT1 +++++
    --- User ---
    [MBR] 8e95a901452ff0d2f3f6d7cad23606bd
    [BSP] 11bd84dee09c1206547394baa3c8e91c : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 596366 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1221767168 | Size: 13810 Mo
    3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_11252012_02d0219.txt >>
    RKreport[1]_S_11252012_02d0219.txt ; RKreport[2]_D_11252012_02d0219.txt
  13. Fraze

    Fraze TS Rookie Topic Starter

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-25 02:23:31
    -----------------------------
    02:23:31.832 OS Version: Windows x64 6.1.7601 Service Pack 1
    02:23:31.833 Number of processors: 4 586 0x2A07
    02:23:31.833 ComputerName: NELLIE-HP UserName: Nellie
    02:23:34.228 Initialize success
    02:25:52.310 AVAST engine defs: 12112401
    02:25:57.295 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    02:25:57.300 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
    02:25:57.309 Disk 0 MBR read successfully
    02:25:57.314 Disk 0 MBR scan
    02:25:57.324 Disk 0 Windows 7 default MBR code
    02:25:57.330 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    02:25:57.349 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 596366 MB offset 409600
    02:25:57.385 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13810 MB offset 1221767168
    02:25:57.400 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048
    02:25:57.436 Disk 0 scanning C:\Windows\system32\drivers
    02:26:09.456 Service scanning
    02:26:31.844 Modules scanning
    02:26:31.862 Disk 0 trace - called modules:
    02:26:31.907 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    02:26:31.913 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800725c060]
    02:26:31.919 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8005fff050]
    02:26:34.231 AVAST engine scan C:\Windows
    02:26:36.844 AVAST engine scan C:\Windows\system32
    02:30:43.469 AVAST engine scan C:\Windows\system32\drivers
    02:30:56.651 AVAST engine scan C:\Users\Nellie
    02:58:08.049 AVAST engine scan C:\ProgramData
    02:59:50.889 Scan finished successfully
    03:00:10.503 Disk 0 MBR has been saved successfully to "C:\Users\Nellie\Desktop\MBR.dat"
    03:00:10.509 The log file has been saved successfully to "C:\Users\Nellie\Desktop\aswMBR.txt"


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.