ANYONE that recognizes these symptons please help me IDENTIFY this infection!
I plugged a friends Seagate Expansion drive (SRD00F1) into my machine's usb port and Windows Vista started to load the drivers and then stopped. I went to My Computer and the machine can't see the drive at all. After this I started to see the following occurring:
1) All the normal column names in Explorer are gone, Author is the only one showing. All of the common ones are unavailable when I try to choose details by right clicking the column header, Filename, Date Created/Created, Size etc...
2) Many windows won't open, specifically Control Panel windows like "Backup and Restore Center", System, regedit.exe.
3) Explorer shows no filenames or folder names.
4) The "Start Search" feature of the Start Bar returns nothing.
5) In My computer the sizes of the drives and free space are in bytes, not KB or MB.
It seems like some rootkit has replaced Explorer.exe, but I can't figure out which one. The external drive that caused the infection hasn't been used in months, so it can't be something brand new.
Any assistance on identifying this infection and/or removing it would be greatly appreciated.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 1/16/2015
Scan Time: 1:19:00 PM
Logfile: MBAMScan.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.01.16.11
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Shake
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335334
Time Elapsed: 7 min, 43 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 5
PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MyPC Backup, Quarantined, [aea326d143467db9100aafc22ed5a957],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Search-Protect, Quarantined, [5af7fbfc2f5a0333112ee0ad2bd8b14f],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-1027772261-2917165354-2662933974-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLAPLUGINS\@tnt2npapi.com/Plugin, Quarantined, [a5acb7408aff0630577c0ca8a162817f],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-1027772261-2917165354-2662933974-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7D834389-C771-4037-A6AC-9B96BAD6DEEE}, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, HKLM\SOFTWARE\CLASSES\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 10
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2, Delete-on-Reboot, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Common, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles, Delete-on-Reboot, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075, Delete-on-Reboot, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\Cache, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2, Delete-on-Reboot, [282909eea3e64de96ad567d3fa0939c7],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\2.0.0.1895, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\Profiles, Delete-on-Reboot, [282909eea3e64de96ad567d3fa0939c7],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\Profiles\11075, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
Files: 53
PUP.Optional.SearchProtect.A, C:\Windows\System32\Tasks\Search-Protect, Quarantined, [d77a3cbbaedb0c2aaa93deaffa098779],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\Autorun.inf, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\crx.tar, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\GameApps.ini, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\GameConsole.exe, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\GameEngine.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\GLOBALUNINSTALL.TNT, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\hmac.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\iestage2.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\IEToolbar.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\IEToolbar64.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\INSTALL.TNT, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\LastSession.log, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\log.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\MinecraftShims64.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\npTNT2.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\PARTNER.TNT, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\passport.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\passport64.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\pinnedSearch.htm, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\pinnedSearch_FindWide.htm, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\pinnedSearch_Freshy.htm, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\progress.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\regsvr.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\RemoteSkin.wms, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\sqlite.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\TNT2User.exe, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\TNT2UserPS.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\TNT2UserPS64.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\TntMagicDel.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\UnInjLib.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\UnInjLib64.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\UNINSTALL.TNT, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\UninstallDlg.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\untar.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\UPDATE.TNT, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\xpi.tar, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\zipunzip.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Common\GameConsole.exe, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\inst.ini, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\LastSession.log, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\os11075.xml, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\PARTNER.1.TNT, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\partner.dat, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\runt.ini, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\toolbar11075@freshy.com.xpi, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\yah11075.xml, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\TNT2UserPS.dll, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\TNT2UserPS64.dll, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\2.0.0.1895\IEToolbar.dll, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\2.0.0.1895\IEToolbar64.dll, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\Profiles\11075\passport.dll, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\Profiles\11075\passport64.dll, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
Physical Sectors: 0
(No malicious items detected)
(end)
Here is the DDS.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16592
Run by Shake at 17:09:02 on 2015-01-19
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.6133.3253 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\ehome\ehshell.exe
C:\Windows\ehome\ehRec.exe
C:\Windows\ehome\ehVid.exe
C:\Windows\System32\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://search.us.com/?guid={7D834389-C771-4037-A6AC-9B96BAD6DEEE}
mWinlogon: Userinit = userinit.exe,
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [LiveUpdate 5] "C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe" /reminder
mRun: [NCUpdateHelper] "C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe"
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{BDD833F9-552B-413B-A541-7C01A695658A} : DHCPNameServer = 192.168.1.1
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-mPolicies-System: SoftwareSASGeneration = dword:1
x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
x64-mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - C:\Windows\System32\soundschemes.exe /AddRegistration
x64-mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - C:\Windows\System32\soundschemes2.exe /AddRegistration
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Shake\AppData\Roaming\Mozilla\Firefox\Profiles\bxglrmeu.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll
FF - plugin: C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\npTNT2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2015-1-18 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2015-1-18 267632]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2015-1-18 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2015-1-18 436624]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2015-1-18 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswmonflt.sys [2015-1-18 87912]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-1-18 50344]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2015-1-1 167424]
R3 hcw18bda;Hauppauge WinTV 418 Driver;C:\Windows\System32\drivers\hcw18bda.sys [2014-5-11 912896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2014-10-24 90776]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2009-7-30 118872]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2014-5-11 14136]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
ShellExec: tonegen.exe: open="C:\Program Files (x86)\NCH Software\ToneGen\tonegen" "%L"
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2015-01-18 17:36:04 87912 ----a-w- C:\Windows\System32\drivers\aswmonflt.sys
2015-01-18 17:36:02 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2015-01-18 17:34:01 65264 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
2015-01-18 17:34:00 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-01-18 17:34:00 436624 ----a-w- C:\Windows\System32\drivers\aswSP.sys
2015-01-18 17:34:00 364512 ----a-w- C:\Windows\System32\aswBoot.exe
2015-01-18 17:34:00 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-01-18 17:34:00 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-01-18 17:33:59 64752 ----a-w- C:\Windows\System32\drivers\aswRdr.sys
2015-01-18 17:33:56 43152 ----a-w- C:\Windows\avastSS.scr
2014-12-22 04:08:46 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-22 04:08:46 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-27 23:04:52 1852168 ----a-w- C:\Users\Shake\AppData\Roaming\BeFrugal.com-Install.exe
2014-10-27 20:32:45 17870336 ----a-w- C:\Windows\System32\mshtml.dll
2014-10-27 20:13:57 2339840 ----a-w- C:\Windows\System32\jscript9.dll
2014-10-27 20:12:24 10921472 ----a-w- C:\Windows\System32\ieframe.dll
2014-10-27 20:07:15 1388032 ----a-w- C:\Windows\System32\urlmon.dll
2014-10-27 20:06:55 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-10-27 20:05:41 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-10-27 20:05:26 237056 ----a-w- C:\Windows\System32\url.dll
2014-10-27 20:05:13 86016 ----a-w- C:\Windows\System32\jsproxy.dll
2014-10-27 20:04:52 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-10-27 20:04:38 2157056 ----a-w- C:\Windows\System32\iertutil.dll
2014-10-27 20:04:37 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-10-27 20:04:29 816640 ----a-w- C:\Windows\System32\jscript.dll
2014-10-27 20:04:26 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2014-10-27 20:04:09 453120 ----a-w- C:\Windows\System32\dxtmsft.dll
2014-10-27 20:03:59 282112 ----a-w- C:\Windows\System32\dxtrans.dll
2014-10-27 20:03:57 55296 ----a-w- C:\Windows\System32\msfeedsbs.dll
2014-10-27 20:03:54 11264 ----a-w- C:\Windows\System32\msfeedssync.exe
2014-10-27 20:03:41 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2014-10-27 20:03:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-10-27 20:03:21 12800 ----a-w- C:\Windows\System32\mshta.exe
2014-10-27 20:03:05 248320 ----a-w- C:\Windows\System32\ieui.dll
2014-10-27 19:10:22 12366848 ----a-w- C:\Windows\SysWow64\mshtml.dll
2014-10-27 19:05:44 1810944 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-10-27 19:02:37 9739776 ----a-w- C:\Windows\SysWow64\ieframe.dll
2014-10-27 18:59:41 1139712 ----a-w- C:\Windows\SysWow64\urlmon.dll
2014-10-27 18:59:06 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-10-27 18:58:19 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-10-27 18:57:36 231936 ----a-w- C:\Windows\SysWow64\url.dll
2014-10-27 18:57:18 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2014-10-27 18:56:58 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-10-27 18:56:40 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-10-27 18:56:15 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2014-10-27 18:56:10 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2014-10-27 18:56:08 1802752 ----a-w- C:\Windows\SysWow64\iertutil.dll
2014-10-27 18:55:50 41472 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
2014-10-27 18:55:44 353792 ----a-w- C:\Windows\SysWow64\dxtmsft.dll
2014-10-27 18:55:39 223232 ----a-w- C:\Windows\SysWow64\dxtrans.dll
2014-10-27 18:55:32 10752 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
2014-10-27 18:55:28 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2014-10-27 18:55:20 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-10-27 18:55:17 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2014-10-27 18:54:43 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2014-10-24 01:04:29 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-24 01:03:40 499200 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-10-24 00:39:49 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-24 00:39:19 656384 ----a-w- C:\Windows\System32\kerberos.dll
.
============= FINISH: 17:10:26.56 ===============
Attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 5/11/2014 6:27:33 AM
System Uptime: 1/19/2015 4:12:58 AM (13 hours ago)
.
Motherboard: MSI | | MSI X58 PLATINUM SLI(MS-7522)
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | CPU 1 | 2533/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 2048 GiB total, 77.743 GiB free.
D: is FIXED (NTFS) - 1397 GiB total, 34.322 GiB free.
E: is FIXED (NTFS) - 149 GiB total, 8.228 GiB free.
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Video Controller
Device ID: PCI\VEN_1002&DEV_72A0&SUBSYS_E191174B&REV_00\4&12B3CBB2&0&0118
Manufacturer:
Name: Video Controller
PNP Device ID: PCI\VEN_1002&DEV_72A0&SUBSYS_E191174B&REV_00\4&12B3CBB2&0&0118
Service:
.
==== System Restore Points ===================
.
RP263: 4/30/2014 12:00:08 AM - Scheduled Checkpoint
RP264: 5/1/2014 3:56:28 AM - Scheduled Checkpoint
RP265: 5/2/2014 12:00:08 AM - Scheduled Checkpoint
RP266: 5/3/2014 4:30:55 AM - Scheduled Checkpoint
RP267: 5/4/2014 12:14:55 AM - Scheduled Checkpoint
RP268: 5/5/2014 12:00:05 AM - Scheduled Checkpoint
RP269: 5/6/2014 11:41:46 PM - Scheduled Checkpoint
RP270: 5/8/2014 5:43:03 AM - Scheduled Checkpoint
RP271: 5/9/2014 12:01:05 AM - Scheduled Checkpoint
RP272: 5/10/2014 6:40:18 AM - Scheduled Checkpoint
RP179: 11/23/2014 6:05:32 AM - Scheduled Checkpoint
RP180: 11/27/2014 5:27:39 AM - Scheduled Checkpoint
RP181: 12/1/2014 8:29:19 PM - Scheduled Checkpoint
RP182: 12/3/2014 1:04:18 AM - Scheduled Checkpoint
RP183: 12/4/2014 9:33:47 AM - Scheduled Checkpoint
RP184: 12/5/2014 12:55:40 PM - Scheduled Checkpoint
RP185: 12/7/2014 3:56:40 PM - Scheduled Checkpoint
RP186: 12/9/2014 8:02:03 AM - Scheduled Checkpoint
RP187: 12/10/2014 12:00:04 AM - Scheduled Checkpoint
RP188: 12/10/2014 8:12:55 PM - Scheduled Checkpoint
RP189: 12/11/2014 6:07:02 PM - Scheduled Checkpoint
RP190: 12/14/2014 7:55:53 AM - Scheduled Checkpoint
RP191: 12/23/2014 12:21:09 AM - Scheduled Checkpoint
RP192: 12/24/2014 12:19:47 AM - Scheduled Checkpoint
RP193: 12/25/2014 12:00:12 AM - Scheduled Checkpoint
RP194: 12/26/2014 4:12:32 AM - Scheduled Checkpoint
RP195: 12/27/2014 8:23:10 AM - Scheduled Checkpoint
RP196: 12/29/2014 3:00:42 AM - Scheduled Checkpoint
RP197: 12/30/2014 12:00:32 AM - Scheduled Checkpoint
RP198: 12/31/2014 12:23:56 AM - Scheduled Checkpoint
RP199: 1/1/2015 12:24:23 AM - Scheduled Checkpoint
RP200: 1/1/2015 3:12:51 AM - Device Driver Package Install: HTC Corporation Ports (COM & LPT)
RP201: 1/1/2015 3:13:26 AM - Device Driver Package Install: HTC Corporation Modems
RP202: 1/1/2015 3:15:36 AM - Device Driver Package Install: HTC, Corporation
RP204: 1/1/2015 3:16:46 AM - Device Driver Package Install: HTC Corporation Network adapters
RP203: 1/1/2015 3:16:46 AM - Device Driver Package Install: HTC Network Protocol
RP205: 1/1/2015 3:19:25 AM - Device Driver Package Install: HTC Corporation Portable Devices
RP206: 1/1/2015 3:21:29 AM - Installed HTC Sync.
RP207: 1/2/2015 12:00:32 AM - Scheduled Checkpoint
RP208: 1/3/2015 6:49:36 AM - Scheduled Checkpoint
RP209: 1/4/2015 6:47:08 AM - Scheduled Checkpoint
RP210: 1/5/2015 10:04:45 AM - Scheduled Checkpoint
RP211: 1/6/2015 12:00:22 AM - Scheduled Checkpoint
RP212: 1/7/2015 12:32:08 AM - Scheduled Checkpoint
RP213: 1/8/2015 12:31:55 AM - Scheduled Checkpoint
RP214: 1/9/2015 1:49:00 AM - Scheduled Checkpoint
RP215: 1/10/2015 12:25:01 AM - Scheduled Checkpoint
RP216: 1/11/2015 12:41:43 AM - Scheduled Checkpoint
RP217: 1/12/2015 4:03:36 AM - Scheduled Checkpoint
RP218: 1/13/2015 12:00:27 AM - Scheduled Checkpoint
RP219: 1/14/2015 12:00:23 AM - Scheduled Checkpoint
RP273: 1/15/2015 12:19:08 AM - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
RP220: 1/15/2015 9:58:55 PM - Installed HiJackThis
RP221: 1/16/2015 3:28:46 PM - Scheduled Checkpoint
RP222: 1/17/2015 5:52:16 PM - Tweaking.com - Windows Repair
RP223: 1/17/2015 7:46:31 PM - Restore Operation
RP224: 1/17/2015 8:31:45 PM - Tweaking.com - Windows Repair
RP225: 1/18/2015 10:31:46 AM - avast! antivirus system restore point
RP226: 1/19/2015 4:56:40 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Flash Player 16 NPAPI
Avast Free Antivirus
File Association Manager
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
IPTInstaller
Lineage II
Live Update 5
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Help Viewer 1.0
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Mozilla Firefox 35.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
NCH Tone Generator
NCSOFT Game Launcher
PDFlite 1.0.0.0
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RedMon - Redirection Port Monitor
Search-Protect
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
System Requirements Lab for Intel
TNT2-11075 Toolbar
Tweaking.com - Windows Repair (All in One)
Ultimate Extras sounds from Microsoft® Tinker™
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 2.1.3
WavePad Sound Editor
Windows Sound Schemes
.
==== Event Viewer Messages From Past Week ========
.
1/19/2015 5:10:28 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
1/19/2015 4:15:09 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The operating system is not presently configured to run this application.
1/19/2015 4:13:31 AM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
1/17/2015 9:04:01 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
1/17/2015 8:44:25 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00242151589A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/17/2015 5:43:28 PM, Error: Microsoft-Windows-TaskScheduler [412] - Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942405. User Action: restart task scheduler service.
1/17/2015 1:21:06 PM, Error: Service Control Manager [7034] - The Ati External Event Utility service terminated unexpectedly. It has done this 1 time(s).
1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Windows Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Windows Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Internet Pass-Through Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
1/16/2015 1:54:32 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
1/15/2015 9:45:14 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
1/15/2015 9:44:47 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/14/2015 11:36:01 PM, Error: EventLog [6008] - The previous system shutdown at 11:31:51 PM on 1/14/2015 was unexpected.
.
==== End Of File ===========================
I plugged a friends Seagate Expansion drive (SRD00F1) into my machine's usb port and Windows Vista started to load the drivers and then stopped. I went to My Computer and the machine can't see the drive at all. After this I started to see the following occurring:
1) All the normal column names in Explorer are gone, Author is the only one showing. All of the common ones are unavailable when I try to choose details by right clicking the column header, Filename, Date Created/Created, Size etc...
2) Many windows won't open, specifically Control Panel windows like "Backup and Restore Center", System, regedit.exe.
3) Explorer shows no filenames or folder names.
4) The "Start Search" feature of the Start Bar returns nothing.
5) In My computer the sizes of the drives and free space are in bytes, not KB or MB.
It seems like some rootkit has replaced Explorer.exe, but I can't figure out which one. The external drive that caused the infection hasn't been used in months, so it can't be something brand new.
Any assistance on identifying this infection and/or removing it would be greatly appreciated.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 1/16/2015
Scan Time: 1:19:00 PM
Logfile: MBAMScan.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.01.16.11
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Shake
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335334
Time Elapsed: 7 min, 43 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 5
PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MyPC Backup, Quarantined, [aea326d143467db9100aafc22ed5a957],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Search-Protect, Quarantined, [5af7fbfc2f5a0333112ee0ad2bd8b14f],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-1027772261-2917165354-2662933974-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLAPLUGINS\@tnt2npapi.com/Plugin, Quarantined, [a5acb7408aff0630577c0ca8a162817f],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-1027772261-2917165354-2662933974-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7D834389-C771-4037-A6AC-9B96BAD6DEEE}, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, HKLM\SOFTWARE\CLASSES\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 10
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2, Delete-on-Reboot, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Common, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles, Delete-on-Reboot, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075, Delete-on-Reboot, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\Cache, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2, Delete-on-Reboot, [282909eea3e64de96ad567d3fa0939c7],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\2.0.0.1895, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\Profiles, Delete-on-Reboot, [282909eea3e64de96ad567d3fa0939c7],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\Profiles\11075, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
Files: 53
PUP.Optional.SearchProtect.A, C:\Windows\System32\Tasks\Search-Protect, Quarantined, [d77a3cbbaedb0c2aaa93deaffa098779],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\Autorun.inf, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\crx.tar, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\GameApps.ini, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\GameConsole.exe, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\GameEngine.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\GLOBALUNINSTALL.TNT, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\hmac.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\iestage2.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\IEToolbar.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\IEToolbar64.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\INSTALL.TNT, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\LastSession.log, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\log.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\MinecraftShims64.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\npTNT2.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\PARTNER.TNT, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\passport.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\passport64.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\pinnedSearch.htm, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\pinnedSearch_FindWide.htm, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\pinnedSearch_Freshy.htm, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\progress.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\regsvr.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\RemoteSkin.wms, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\sqlite.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\TNT2User.exe, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\TNT2UserPS.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\TNT2UserPS64.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\TntMagicDel.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\UnInjLib.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\UnInjLib64.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\UNINSTALL.TNT, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\UninstallDlg.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\untar.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\UPDATE.TNT, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\xpi.tar, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\zipunzip.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Common\GameConsole.exe, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\inst.ini, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\LastSession.log, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\os11075.xml, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\PARTNER.1.TNT, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\partner.dat, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\runt.ini, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\toolbar11075@freshy.com.xpi, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\yah11075.xml, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\TNT2UserPS.dll, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\TNT2UserPS64.dll, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\2.0.0.1895\IEToolbar.dll, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\2.0.0.1895\IEToolbar64.dll, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\Profiles\11075\passport.dll, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\Profiles\11075\passport64.dll, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
Physical Sectors: 0
(No malicious items detected)
(end)
Here is the DDS.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16592
Run by Shake at 17:09:02 on 2015-01-19
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.6133.3253 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\ehome\ehshell.exe
C:\Windows\ehome\ehRec.exe
C:\Windows\ehome\ehVid.exe
C:\Windows\System32\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://search.us.com/?guid={7D834389-C771-4037-A6AC-9B96BAD6DEEE}
mWinlogon: Userinit = userinit.exe,
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [LiveUpdate 5] "C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe" /reminder
mRun: [NCUpdateHelper] "C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe"
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{BDD833F9-552B-413B-A541-7C01A695658A} : DHCPNameServer = 192.168.1.1
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-mPolicies-System: SoftwareSASGeneration = dword:1
x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
x64-mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - C:\Windows\System32\soundschemes.exe /AddRegistration
x64-mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - C:\Windows\System32\soundschemes2.exe /AddRegistration
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Shake\AppData\Roaming\Mozilla\Firefox\Profiles\bxglrmeu.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll
FF - plugin: C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\npTNT2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2015-1-18 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2015-1-18 267632]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2015-1-18 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2015-1-18 436624]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2015-1-18 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswmonflt.sys [2015-1-18 87912]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-1-18 50344]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2015-1-1 167424]
R3 hcw18bda;Hauppauge WinTV 418 Driver;C:\Windows\System32\drivers\hcw18bda.sys [2014-5-11 912896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2014-10-24 90776]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2009-7-30 118872]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2014-5-11 14136]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
ShellExec: tonegen.exe: open="C:\Program Files (x86)\NCH Software\ToneGen\tonegen" "%L"
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2015-01-18 17:36:04 87912 ----a-w- C:\Windows\System32\drivers\aswmonflt.sys
2015-01-18 17:36:02 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2015-01-18 17:34:01 65264 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
2015-01-18 17:34:00 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-01-18 17:34:00 436624 ----a-w- C:\Windows\System32\drivers\aswSP.sys
2015-01-18 17:34:00 364512 ----a-w- C:\Windows\System32\aswBoot.exe
2015-01-18 17:34:00 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-01-18 17:34:00 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-01-18 17:33:59 64752 ----a-w- C:\Windows\System32\drivers\aswRdr.sys
2015-01-18 17:33:56 43152 ----a-w- C:\Windows\avastSS.scr
2014-12-22 04:08:46 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-22 04:08:46 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-27 23:04:52 1852168 ----a-w- C:\Users\Shake\AppData\Roaming\BeFrugal.com-Install.exe
2014-10-27 20:32:45 17870336 ----a-w- C:\Windows\System32\mshtml.dll
2014-10-27 20:13:57 2339840 ----a-w- C:\Windows\System32\jscript9.dll
2014-10-27 20:12:24 10921472 ----a-w- C:\Windows\System32\ieframe.dll
2014-10-27 20:07:15 1388032 ----a-w- C:\Windows\System32\urlmon.dll
2014-10-27 20:06:55 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-10-27 20:05:41 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-10-27 20:05:26 237056 ----a-w- C:\Windows\System32\url.dll
2014-10-27 20:05:13 86016 ----a-w- C:\Windows\System32\jsproxy.dll
2014-10-27 20:04:52 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-10-27 20:04:38 2157056 ----a-w- C:\Windows\System32\iertutil.dll
2014-10-27 20:04:37 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-10-27 20:04:29 816640 ----a-w- C:\Windows\System32\jscript.dll
2014-10-27 20:04:26 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2014-10-27 20:04:09 453120 ----a-w- C:\Windows\System32\dxtmsft.dll
2014-10-27 20:03:59 282112 ----a-w- C:\Windows\System32\dxtrans.dll
2014-10-27 20:03:57 55296 ----a-w- C:\Windows\System32\msfeedsbs.dll
2014-10-27 20:03:54 11264 ----a-w- C:\Windows\System32\msfeedssync.exe
2014-10-27 20:03:41 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2014-10-27 20:03:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-10-27 20:03:21 12800 ----a-w- C:\Windows\System32\mshta.exe
2014-10-27 20:03:05 248320 ----a-w- C:\Windows\System32\ieui.dll
2014-10-27 19:10:22 12366848 ----a-w- C:\Windows\SysWow64\mshtml.dll
2014-10-27 19:05:44 1810944 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-10-27 19:02:37 9739776 ----a-w- C:\Windows\SysWow64\ieframe.dll
2014-10-27 18:59:41 1139712 ----a-w- C:\Windows\SysWow64\urlmon.dll
2014-10-27 18:59:06 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-10-27 18:58:19 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-10-27 18:57:36 231936 ----a-w- C:\Windows\SysWow64\url.dll
2014-10-27 18:57:18 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2014-10-27 18:56:58 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-10-27 18:56:40 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-10-27 18:56:15 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2014-10-27 18:56:10 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2014-10-27 18:56:08 1802752 ----a-w- C:\Windows\SysWow64\iertutil.dll
2014-10-27 18:55:50 41472 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
2014-10-27 18:55:44 353792 ----a-w- C:\Windows\SysWow64\dxtmsft.dll
2014-10-27 18:55:39 223232 ----a-w- C:\Windows\SysWow64\dxtrans.dll
2014-10-27 18:55:32 10752 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
2014-10-27 18:55:28 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2014-10-27 18:55:20 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-10-27 18:55:17 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2014-10-27 18:54:43 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2014-10-24 01:04:29 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-24 01:03:40 499200 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-10-24 00:39:49 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-24 00:39:19 656384 ----a-w- C:\Windows\System32\kerberos.dll
.
============= FINISH: 17:10:26.56 ===============
Attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 5/11/2014 6:27:33 AM
System Uptime: 1/19/2015 4:12:58 AM (13 hours ago)
.
Motherboard: MSI | | MSI X58 PLATINUM SLI(MS-7522)
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | CPU 1 | 2533/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 2048 GiB total, 77.743 GiB free.
D: is FIXED (NTFS) - 1397 GiB total, 34.322 GiB free.
E: is FIXED (NTFS) - 149 GiB total, 8.228 GiB free.
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Video Controller
Device ID: PCI\VEN_1002&DEV_72A0&SUBSYS_E191174B&REV_00\4&12B3CBB2&0&0118
Manufacturer:
Name: Video Controller
PNP Device ID: PCI\VEN_1002&DEV_72A0&SUBSYS_E191174B&REV_00\4&12B3CBB2&0&0118
Service:
.
==== System Restore Points ===================
.
RP263: 4/30/2014 12:00:08 AM - Scheduled Checkpoint
RP264: 5/1/2014 3:56:28 AM - Scheduled Checkpoint
RP265: 5/2/2014 12:00:08 AM - Scheduled Checkpoint
RP266: 5/3/2014 4:30:55 AM - Scheduled Checkpoint
RP267: 5/4/2014 12:14:55 AM - Scheduled Checkpoint
RP268: 5/5/2014 12:00:05 AM - Scheduled Checkpoint
RP269: 5/6/2014 11:41:46 PM - Scheduled Checkpoint
RP270: 5/8/2014 5:43:03 AM - Scheduled Checkpoint
RP271: 5/9/2014 12:01:05 AM - Scheduled Checkpoint
RP272: 5/10/2014 6:40:18 AM - Scheduled Checkpoint
RP179: 11/23/2014 6:05:32 AM - Scheduled Checkpoint
RP180: 11/27/2014 5:27:39 AM - Scheduled Checkpoint
RP181: 12/1/2014 8:29:19 PM - Scheduled Checkpoint
RP182: 12/3/2014 1:04:18 AM - Scheduled Checkpoint
RP183: 12/4/2014 9:33:47 AM - Scheduled Checkpoint
RP184: 12/5/2014 12:55:40 PM - Scheduled Checkpoint
RP185: 12/7/2014 3:56:40 PM - Scheduled Checkpoint
RP186: 12/9/2014 8:02:03 AM - Scheduled Checkpoint
RP187: 12/10/2014 12:00:04 AM - Scheduled Checkpoint
RP188: 12/10/2014 8:12:55 PM - Scheduled Checkpoint
RP189: 12/11/2014 6:07:02 PM - Scheduled Checkpoint
RP190: 12/14/2014 7:55:53 AM - Scheduled Checkpoint
RP191: 12/23/2014 12:21:09 AM - Scheduled Checkpoint
RP192: 12/24/2014 12:19:47 AM - Scheduled Checkpoint
RP193: 12/25/2014 12:00:12 AM - Scheduled Checkpoint
RP194: 12/26/2014 4:12:32 AM - Scheduled Checkpoint
RP195: 12/27/2014 8:23:10 AM - Scheduled Checkpoint
RP196: 12/29/2014 3:00:42 AM - Scheduled Checkpoint
RP197: 12/30/2014 12:00:32 AM - Scheduled Checkpoint
RP198: 12/31/2014 12:23:56 AM - Scheduled Checkpoint
RP199: 1/1/2015 12:24:23 AM - Scheduled Checkpoint
RP200: 1/1/2015 3:12:51 AM - Device Driver Package Install: HTC Corporation Ports (COM & LPT)
RP201: 1/1/2015 3:13:26 AM - Device Driver Package Install: HTC Corporation Modems
RP202: 1/1/2015 3:15:36 AM - Device Driver Package Install: HTC, Corporation
RP204: 1/1/2015 3:16:46 AM - Device Driver Package Install: HTC Corporation Network adapters
RP203: 1/1/2015 3:16:46 AM - Device Driver Package Install: HTC Network Protocol
RP205: 1/1/2015 3:19:25 AM - Device Driver Package Install: HTC Corporation Portable Devices
RP206: 1/1/2015 3:21:29 AM - Installed HTC Sync.
RP207: 1/2/2015 12:00:32 AM - Scheduled Checkpoint
RP208: 1/3/2015 6:49:36 AM - Scheduled Checkpoint
RP209: 1/4/2015 6:47:08 AM - Scheduled Checkpoint
RP210: 1/5/2015 10:04:45 AM - Scheduled Checkpoint
RP211: 1/6/2015 12:00:22 AM - Scheduled Checkpoint
RP212: 1/7/2015 12:32:08 AM - Scheduled Checkpoint
RP213: 1/8/2015 12:31:55 AM - Scheduled Checkpoint
RP214: 1/9/2015 1:49:00 AM - Scheduled Checkpoint
RP215: 1/10/2015 12:25:01 AM - Scheduled Checkpoint
RP216: 1/11/2015 12:41:43 AM - Scheduled Checkpoint
RP217: 1/12/2015 4:03:36 AM - Scheduled Checkpoint
RP218: 1/13/2015 12:00:27 AM - Scheduled Checkpoint
RP219: 1/14/2015 12:00:23 AM - Scheduled Checkpoint
RP273: 1/15/2015 12:19:08 AM - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
RP220: 1/15/2015 9:58:55 PM - Installed HiJackThis
RP221: 1/16/2015 3:28:46 PM - Scheduled Checkpoint
RP222: 1/17/2015 5:52:16 PM - Tweaking.com - Windows Repair
RP223: 1/17/2015 7:46:31 PM - Restore Operation
RP224: 1/17/2015 8:31:45 PM - Tweaking.com - Windows Repair
RP225: 1/18/2015 10:31:46 AM - avast! antivirus system restore point
RP226: 1/19/2015 4:56:40 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Flash Player 16 NPAPI
Avast Free Antivirus
File Association Manager
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
IPTInstaller
Lineage II
Live Update 5
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Help Viewer 1.0
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Mozilla Firefox 35.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
NCH Tone Generator
NCSOFT Game Launcher
PDFlite 1.0.0.0
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RedMon - Redirection Port Monitor
Search-Protect
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
System Requirements Lab for Intel
TNT2-11075 Toolbar
Tweaking.com - Windows Repair (All in One)
Ultimate Extras sounds from Microsoft® Tinker™
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 2.1.3
WavePad Sound Editor
Windows Sound Schemes
.
==== Event Viewer Messages From Past Week ========
.
1/19/2015 5:10:28 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
1/19/2015 4:15:09 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The operating system is not presently configured to run this application.
1/19/2015 4:13:31 AM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
1/17/2015 9:04:01 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
1/17/2015 8:44:25 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00242151589A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/17/2015 5:43:28 PM, Error: Microsoft-Windows-TaskScheduler [412] - Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942405. User Action: restart task scheduler service.
1/17/2015 1:21:06 PM, Error: Service Control Manager [7034] - The Ati External Event Utility service terminated unexpectedly. It has done this 1 time(s).
1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Windows Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Windows Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Internet Pass-Through Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
1/16/2015 1:54:32 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
1/15/2015 9:45:14 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
1/15/2015 9:44:47 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/14/2015 11:36:01 PM, Error: EventLog [6008] - The previous system shutdown at 11:31:51 PM on 1/14/2015 was unexpected.
.
==== End Of File ===========================