Inactive (new TDL4) Keylogged & IE with a mind of its own

B

Brutal Black

Posts: 75   +0
Hello! New here, but I've been doing a lot of research since an incident corrupted my computers soul a few nights ago, and this is the best place to be from my understanding, so hopefully you guys can help me.

I managed to pick up a keylogger at some point a few nights back, I made the mistake of falling asleep watching Hulu and had the horror of awakening to see a kyelogger attempting to send private information across servers. it was posing as an anti virus program and was completely in control of the PC. I had lost complete access to my C drive. It literally shut down on me a few times when I would try to do simple actions to combat it. Then I found that it would instantly shut down task manager, forcing me to rename the TM and close as much of it as I could just to perform a restore. After much deliberation I decided it was best to just restore to an early point.

This did me justice but of course left traces of the virus throughout my computer. I ran AVG 2012 free edition and cleaned up quite a bit, I didn't have this log saved because I hadn't discovered you guys yet, every scan I run at this point in that program comes up clean (I've ran several others return clean results as well). However I'm 100% certain my computer is infected. I'm often redirected at google links, even to this page. My homepage changes itself. Internet explorer opens itself trying to get me to download things every 10-20mins. Sometimes its an itunes file, other times its a torrent, but almost always I'm offered random software that appears malicious. This didn't happen before the keylogging incident.

I've taken the liberty of reading some of your guide lines and took the steps to get the logs you guys require to give me a hand. It's greatly appreciated in advance. You guys are life savers, no ocean involved.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8211

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/22/2011 8:10:32 PM
mbam-log-2011-11-22 (20-10-32).txt

Scan type: Full scan (C:\|Q:\|)
Objects scanned: 585752
Time elapsed: 1 hour(s), 34 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

------------------------------------------------------

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-23 13:21:10
Windows 6.1.7600
Running: u6gx0ld6.exe; Driver: C:\Users\gamers\AppData\Local\Temp\uftiraob.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAA 0x57 0xCF 0x1A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x03 0x9E 0xA5 0x4D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x75 0x0E 0x83 0x86 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x49 0x1A 0xC1 0xC4 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x03 0x9E 0xA5 0x4D ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x75 0x0E 0x83 0x86 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{909FCFE5-19B5-D007-74EB-19EE542DABFF}\mdbc@ boPD
Reg HKLM\SOFTWARE\Classes\CLSID\{909FCFE5-19B5-D007-74EB-19EE542DABFF}\TkCHktsPaogS@ LiMujQd`GzRQ\x[qnmj}FZAAhiuqgRf
Reg HKLM\SOFTWARE\Classes\CLSID\{909FCFE5-19B5-D007-74EB-19EE542DABFF}\TvaOBoztEgaf@ EziuyyUF?|fceslI]DXVPvzLIAaMMt

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB49674$\1756167456 0 bytes
File C:\Windows\$NtUninstallKB49674$\1896461059 0 bytes
File C:\Windows\$NtUninstallKB49674$\1896461059\L 0 bytes
File C:\Windows\$NtUninstallKB49674$\1896461059\U 0 bytes

---- EOF - GMER 1.0.15 ----

--------------------------------------------------
 
Continuation in order to add both DDS logs

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Run by gamers at 13:24:03 on 2011-11-23
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3072.1480 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\MediaMall\PlayOn.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\boostspeed.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\AVG\AVG2012\avgui.exe
C:\Program Files\AVG\AVG2012\avgcfgex.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - MediaBar
BHO: Updater For Comcast Toolbar 3.5: {164d3751-cac6-4a6d-becd-ea67df61d232} - c:\program files\comcasttb\auxi\comcastAu.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program files\somototoolbar\vmntemplateX.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - UrlHelper Class
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} -
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
TB: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program files\somototoolbar\vmntemplateX.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [EADM] "c:\program files\electronic arts\eadm\EADMUI.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [PlayOn] c:\program files\mediamall\PlayOn.exe
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0401.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Recordpad] "c:\program files\nch swift sound\recordpad\recordpad.exe" -logon
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA"&"inst=NwA3AC0AMQAwADYANwA5ADUANQA2ADUANAAtAEQARABUACsAMAAtAFgATwA5ACsAMQAtAEYATAArADkALQBTAFQAOQAwAEYAQQBQAFAAKwAxAA"&"prod=90"&"ver=9.0.914
StartupFolder: c:\users\gamers\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4D2B2A96-6A10-48DA-8ED6-BD39C7B2FA12} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8FA21C40-577B-4FC9-AE95-8CA970995B71} : DhcpNameServer = 192.168.1.1 68.87.74.166 68.87.68.166
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 74.208.10.249 gs.apple.com
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gamers\appdata\roaming\mozilla\firefox\profiles\jxpiwbqm.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z133&install_date=20111123
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z133&form=ZGAADF&install_date=20111123&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components\WCFirefoxExtn.dll
FF - component: c:\users\gamers\appdata\roaming\mozilla\firefox\profiles\jxpiwbqm.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\users\gamers\appdata\roaming\mozilla\firefox\profiles\jxpiwbqm.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\gamers\appdata\roaming\mozilla\firefox\profiles\jxpiwbqm.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\gamers\appdata\roaming\mozilla\firefox\profiles\jxpiwbqm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2009-7-13 4608]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-15 1361288]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-12-2 483688]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2009-12-2 550760]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2009-12-2 195944]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-12-2 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2009-12-2 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-12-2 209768]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [2011-3-30 49240]
R3 uftiraob;uftiraob;c:\users\gamers\appdata\local\temp\uftiraob.sys [2011-11-23 100864]
R3 WRfiltv;WRfiltv;c:\windows\system32\drivers\WRfiltv.sys [2009-7-31 17920]
RUnknown 0478876drv;0478876drv; [x]
RUnknown 62528263;62528263; [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-9 135664]
S2 MediaMall Server;MediaMall Server;c:\program files\mediamall\MediaMallServer.exe [2011-4-21 4208496]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\bitcomet\tools\bitcometservice.exe -service --> c:\program files\bitcomet\tools\BitCometService.exe -service [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2011-3-29 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-3-29 79360]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-9 135664]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-1 1343400]
.
=============== Created Last 30 ================
.
2011-11-23 18:22:40 -------- d-----w- c:\windows\system32\wbem\Logs
2011-11-23 17:11:23 -------- d-----w- c:\program files\somototoolbar
2011-11-23 17:10:39 -------- d-----w- c:\program files\DealBulldog Toolbar
2011-11-23 17:10:34 -------- d-----w- c:\program files\Temp File Cleaner
2011-11-23 12:29:12 -------- d-----w- c:\users\gamers\appdata\roaming\AVG
2011-11-23 11:45:53 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-23 11:42:50 -------- d-----w- c:\users\gamers\appdata\roaming\QuickScan
2011-11-23 11:39:35 -------- d-----w- c:\programdata\boost_interprocess
2011-11-23 11:02:49 388096 ----a-r- c:\users\gamers\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-11-23 11:02:48 -------- d-----w- c:\program files\Trend Micro
2011-11-21 22:57:13 -------- d-----w- c:\users\gamers\appdata\roaming\Malwarebytes
2011-11-21 22:56:58 -------- d-----w- c:\programdata\Malwarebytes
2011-11-21 22:56:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-20 14:17:40 -------- d--h--w- C:\$AVG
2011-11-20 13:42:19 -------- d-----w- c:\users\gamers\appdata\roaming\AVG2012
2011-11-20 13:40:54 -------- d-----w- c:\windows\system32\drivers\AVG
2011-11-20 13:40:54 -------- d-----w- c:\programdata\AVG2012
2011-11-20 13:37:55 -------- d-----w- c:\programdata\MFAData
2011-11-20 13:18:05 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2011-11-19 11:16:58 -------- d--h--w- c:\programdata\Common Files
2011-11-19 11:13:01 -------- d-----w- c:\program files\AVG
2011-11-19 10:33:25 -------- d-----w- c:\programdata\AVAST Software
2011-11-19 10:33:25 -------- d-----w- c:\program files\AVAST Software
2011-11-19 09:17:48 -------- d-----w- c:\users\gamers\appdata\roaming\jFF44pmG5sQJdE8
2011-11-19 08:59:30 -------- d-----w- c:\users\gamers\appdata\roaming\tppmmG55aJ6KfLh
2011-11-19 08:10:43 -------- d-----w- c:\users\gamers\appdata\roaming\B424F
2011-11-19 08:10:42 -------- d-----w- c:\program files\LP
2011-11-19 08:10:41 -------- d-----w- c:\users\gamers\appdata\roaming\FiiibFF3pnGa
2011-11-19 08:10:38 -------- d-----w- c:\users\gamers\appdata\roaming\wcccS11ivD
2011-11-19 08:10:37 -------- d-----w- c:\users\gamers\appdata\roaming\kttxxP0uuS1
2011-11-16 18:20:35 -------- d-----w- c:\users\gamers\appdata\local\Black_Tree_Gaming
2011-11-16 18:20:33 -------- d-----w- c:\program files\Nexus Mod Manager
2011-11-10 21:16:23 -------- d--h--w- c:\users\gamers\appdata\local\Skyrim
2011-11-10 20:50:21 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim
2011-11-10 20:45:43 -------- d-----w- C:\Elder Scrolls
.
==================== Find3M ====================
.
2011-10-07 11:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 11:21:28 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-13 11:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-03-28 16:21:54 1187840 ----a-w- c:\program files\Hook.dll
2008-09-06 21:00:38 224256 ----a-w- c:\program files\launcher_gui.exe
2008-01-29 14:29:22 385536 ----a-w- c:\program files\launcher.exe
.
============= FINISH: 13:30:54.04 ===============
 
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/3/2010 5:07:20 PM
System Uptime: 11/23/2011 6:28:03 AM (7 hours ago)
.
Motherboard: alienware | | alienware
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ | Socket M2 | 2400/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 78.209 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Null
Device ID: ROOT\LEGACY_NULL\0000
Manufacturer:
Name: Null
PNP Device ID: ROOT\LEGACY_NULL\0000
Service: Null
.
==== System Restore Points ===================
.
RP214: 11/23/2011 9:32:30 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
"Nero SoundTrax Help
7-Zip 9.20
Activation (Nero 9)
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Advertising Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Astroburn Lite
AVG 2012
AVG PC Tuneup 2011
BitComet 1.29
Blood Omen 2
Blu-ray Disc Authoring Plug-in
Bonjour
CA Pest Patrol Realtime Protection
Cisco Connect
CloneDVD2
Comcast Desktop Software (v1.2.0.9)
Comcast Toolbar 3.5
Creative System Information
Crysis® 2
Curse Client
DAEMON Tools Toolbar
Dead Island
DealBulldog Toolbar
Desktop Doctor
Deus Ex - Human Revolution version 1.0
DolbyFiles
Dragon Age II
Dragon Age Redesigned©
Dragon Age: Origins
DTS Plug-in
EA Download Manager
Eusing Free Registry Cleaner
Fallout 3 - The Garden of Eden Creation Kit
Fallout Mod Manager 0.13.21
FINAL FANTASY XI
FINAL FANTASY XI: Chains of Promathia
FINAL FANTASY XI: Rise of the Zilart
FINAL FANTASY XI: Treasures of Aht Urhgan
FINAL FANTASY XI: Wings of the Goddess
FINAL FANTASY XIV
FrostWire 5.0.8
FXAA Post-Process Injector
Gears of War
Google Toolbar for Internet Explorer
Google Update Helper
Gracenote Plug-in
HiJackThis
ImagXpress
iTunes
Java Auto Updater
Java(TM) 6 Update 24
LightScribe System Software 1.14.17.1
LogMeIn Hamachi
Malwarebytes' Anti-Malware version 1.51.2.1300
Menu Templates - Starter Kit
Microsoft Default Manager
Microsoft DirectX SDK (June 2010)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Midnight Club 2
Movie Templates - Starter Kit
Mozilla Firefox 8.0 (x86 en-US)
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9
Nero BackItUp 4
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero Live
Nero Live Help
Nero MediaHome 4
Nero Move it
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
Nexus Mod Manager
NVIDIA PhysX
One-click FLAC to MP3 Converter
PlayOn
PlayOnline Viewer & Tetra Master
QuickTime
RecordPad Sound Recorder
RIFT
SHIFT 2 UNLEASHED™
Sound Blaster World of Warcraft Wireless Headset
SoundTap Streaming Audio Recorder
SoundTrax
Steam
Switch Sound File Converter
Temp File Cleaner
The Witcher 2
The Witcher 2 Assassins of Kings version 1.0
Ventrilo Client
VLC media player 1.1.5
WavePad Sound Editor
Windows Live ID Sign-in Assistant
WinZip 15.0
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
11/23/2011 8:06:20 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
11/23/2011 7:25:37 AM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
11/23/2011 6:40:28 AM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "0" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
11/23/2011 6:34:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
11/23/2011 6:34:34 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/23/2011 6:34:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/23/2011 6:34:03 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
11/23/2011 6:34:03 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
11/23/2011 6:33:50 AM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
11/23/2011 6:28:53 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASPI32 Null
11/23/2011 6:10:51 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/23/2011 6:10:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/23/2011 6:10:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/23/2011 6:10:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/23/2011 6:10:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/23/2011 6:10:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/23/2011 6:10:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/23/2011 6:10:31 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ASPI32 Avgldx86 Avgmfx86 Avgtdix CSC DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Null Psched rdbss spldr sptd Tcpip tdx Wanarpv6 WfpLwf
11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/23/2011 6:10:30 AM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/23/2011 6:10:28 AM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
11/23/2011 6:09:56 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
11/19/2011 9:20:55 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
11/19/2011 9:20:55 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/19/2011 6:02:49 AM, Error: Service Control Manager [7000] - The MPFP service failed to start due to the following error: This driver has been blocked from loading
11/19/2011 6:02:18 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Network Agent service, but this action failed with the following error: An instance of the service is already running.
11/19/2011 6:02:14 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Services service, but this action failed with the following error: An instance of the service is already running.
11/19/2011 6:01:46 AM, Error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 4 time(s).
11/19/2011 6:01:45 AM, Error: Service Control Manager [7030] - The Windows Update service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/19/2011 6:01:18 AM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 6:01:14 AM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 5:59:30 AM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
11/19/2011 5:59:18 AM, Error: Service Control Manager [7034] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s).
11/19/2011 5:59:00 AM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 5:58:56 AM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 5:54:34 AM, Error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 3 time(s).
11/19/2011 5:53:33 AM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 5:52:32 AM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 5:50:17 AM, Error: Application Popup [875] - Driver Mpfp.sys has been blocked from loading.
11/19/2011 5:05:26 AM, Error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 4 time(s).
11/19/2011 5:05:26 AM, Error: Service Control Manager [7034] - The avast! Mail Scanner service terminated unexpectedly. It has done this 4 time(s).
11/19/2011 5:05:26 AM, Error: Service Control Manager [7034] - The avast! Antivirus service terminated unexpectedly. It has done this 4 time(s).
11/19/2011 5:01:43 AM, Error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 3 time(s).
11/19/2011 5:01:43 AM, Error: Service Control Manager [7034] - The avast! Mail Scanner service terminated unexpectedly. It has done this 3 time(s).
11/19/2011 5:01:43 AM, Error: Service Control Manager [7034] - The avast! Antivirus service terminated unexpectedly. It has done this 3 time(s).
11/19/2011 5:01:32 AM, Error: Service Control Manager [7031] - The avast! Web Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/19/2011 5:01:32 AM, Error: Service Control Manager [7031] - The avast! Mail Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/19/2011 5:01:32 AM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/19/2011 5:01:21 AM, Error: Service Control Manager [7031] - The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/19/2011 5:01:21 AM, Error: Service Control Manager [7031] - The avast! Mail Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/19/2011 5:01:21 AM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/19/2011 4:46:59 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the avast! Antivirus service, but this action failed with the following error: An instance of the service is already running.
11/19/2011 4:37:25 AM, Error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.
11/19/2011 4:19:41 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
11/19/2011 4:18:37 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
11/19/2011 4:17:45 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
11/19/2011 4:17:45 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
11/19/2011 4:16:23 AM, Error: Service Control Manager [7038] - The Winmgmt service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/19/2011 4:16:23 AM, Error: Service Control Manager [7038] - The Themes service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/19/2011 4:16:23 AM, Error: Service Control Manager [7038] - The SENS service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/19/2011 4:16:23 AM, Error: Service Control Manager [7038] - The ProfSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/19/2011 4:16:23 AM, Error: Service Control Manager [7038] - The MMCSS service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/19/2011 4:16:23 AM, Error: Service Control Manager [7038] - The gpsvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/19/2011 4:16:23 AM, Error: Service Control Manager [7038] - The EapHost service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/19/2011 4:16:23 AM, Error: Service Control Manager [7001] - The TuneUp Theme Extension service depends on the Themes service which failed to start because of the following error: The service did not start due to a logon failure.
11/19/2011 4:16:23 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not start due to a logon failure.
11/19/2011 4:16:23 AM, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: The service did not start due to a logon failure.
11/19/2011 4:16:23 AM, Error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not start due to a logon failure.
11/19/2011 4:16:23 AM, Error: Service Control Manager [7000] - The System Event Notification Service service failed to start due to the following error: The service did not start due to a logon failure.
11/19/2011 4:16:23 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not start due to a logon failure.
11/19/2011 4:16:23 AM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The service did not start due to a logon failure.
11/19/2011 4:16:23 AM, Error: Service Control Manager [7000] - The Extensible Authentication Protocol service failed to start due to the following error: The service did not start due to a logon failure.
11/19/2011 4:16:01 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 4:16:01 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 4:16:01 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
11/19/2011 4:16:01 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 4:15:58 AM, Error: Service Control Manager [7034] - The UPnP Device Host service terminated unexpectedly. It has done this 3 time(s).
11/19/2011 4:15:58 AM, Error: Service Control Manager [7034] - The SSDP Discovery service terminated unexpectedly. It has done this 3 time(s).
11/19/2011 4:15:58 AM, Error: Service Control Manager [7031] - The Windows Font Cache Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/19/2011 4:15:30 AM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147467243.
11/19/2011 4:15:30 AM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80004015.
11/19/2011 4:15:28 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
11/19/2011 4:15:26 AM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
11/19/2011 4:14:47 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: A system shutdown has already been scheduled.
11/19/2011 4:14:47 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled.
11/19/2011 4:14:47 AM, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
11/19/2011 4:14:47 AM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
11/19/2011 4:14:47 AM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The TuneUp Theme Extension service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 4:14:23 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 4:14:18 AM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 4:14:18 AM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
11/19/2011 4:14:18 AM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/19/2011 4:14:18 AM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 4:14:14 AM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/19/2011 4:14:14 AM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/19/2011 4:14:09 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the SSDP Discovery service, but this action failed with the following error: An instance of the service is already running.
11/19/2011 4:14:08 AM, Error: Service Control Manager [7031] - The UPnP Device Host service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
11/19/2011 4:14:08 AM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
11/19/2011 4:14:05 AM, Error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
11/19/2011 4:14:03 AM, Error: Service Control Manager [7031] - The Windows Font Cache Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 4:14:03 AM, Error: Service Control Manager [7031] - The UPnP Device Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
11/19/2011 4:14:03 AM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
11/19/2011 4:14:03 AM, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/19/2011 4:13:51 AM, Error: Service Control Manager [7031] - The Peer Networking Identity Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
11/19/2011 4:13:51 AM, Error: Service Control Manager [7031] - The Peer Networking Grouping service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
11/19/2011 4:13:51 AM, Error: Service Control Manager [7031] - The Peer Name Resolution Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
11/19/2011 12:31:59 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
11/18/2011 4:08:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASPI32 aswSnx Null
11/18/2011 3:53:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/18/2011 3:51:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ASPI32 aswRdr aswSnx aswSP aswTdi CSC DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Null Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
11/18/2011 3:51:42 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
.
==== End Of File ===========================
 
I apologize if I don't respond to your helping posts right away, my connection has been dropping all day, please, bear with me.
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Hi, thanks for the quick reply, and apologies for my late one.

I've uninstalled AVG because it seemed to be a road block according to your post. I can't say I feel safer with the system completely unprotected. haha

I can't seem to get aswMRB to run no matter what I do. I've uninstalled AVG as I said, I've tried to run it in safe mode to no avail. Running it as administrator does nothing. Combofix doesn't give me issues when opened, but I haven't run it because it's step 2, and I've yet to take step 1.

Any suggesstions?
 
I ran Rkill to see if it would enable me to run aswMBR (not in safemode) here was the log.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 11/24/2011 at 14:44:56.
Operating System: Windows 7 Ultimate


Processes terminated by Rkill or while it was running:

C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe


Rkill completed on 11/24/2011 at 14:46:21.

However it still will not launch using administrator or otherwise.
 
Instead of aswMBR....

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Posting to ensure my topic stays open. I'm currently in the process of moving and won't have home internet until tomorrow. But I managed to get to a computer in order to post this for Broni.

Thanks again for the help, I'll definitely try that new program tomorrow and keep you updated. Happy Thanksgiving!
 
I got an error while running boot cleaner.

ATA_PASS_THROUGH_DIRECT is not supported by your disk controller
SCSI_PASS_THROUGH_DIRECT will be use for disk I/O

Then asked me to press any key to quit.

Any idea?
 
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Ultimate Edition (build 7600), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
 
Last post was 12hrs ago, just bumping to make sure this is seen...

Bump. :)

Thanks again Broni & Co. you guys save lives, machine or otherwise!
 
I ran combofix, I tried first in safemode, it ran for a while and froze at some point, I couldn't lower the window and the atomic clock stopped counting but the text line in the window showed as if it were working, constantly blinking. Several hours later it hadn't moved.

I ran it again in normal windows, it ran successfully up until the point where combofix creates a log (blue screen) also telling me to not run any other programs until combofix is finished.It stayed at this screen for 9hrs before I decided to shutdown the system manually.

The problems persist, internet explorer is on a rampage anytime I am connected to the internet and is always running in processes, and reappears if ended.. I'll check back for your response every 4hrs, having no AV makes me cautious about this IE thing, who knows what it's doing.
 
Did you try to run rKill first?
Did you try to rename Combofix file to something else?
 
I did definitely follow the second steps, sorry I did not mention that. I have one left to try that I intend to allow to run for at least several hours. I need to run both in safe mode, last time I had combofix in safe mode it didn't completely finish hours later, it may have needed rKill.

I just ran both rKill then Combofix immediately after and got the same results as the first time. Hours of blue screen and no log ever produced to show for it.

I will post back with the results of running both in safe mode.

(Also I completely remove my ethernet cord when running Combofix, is this a nessacary step? I don't mind either way, thanks for the help!
 
Ok, so I ran both programs in safe mode.

Oddly when I start my computer in safe mode DDS seems to open itself and begin running, once this happens its impossible to close without shutting down completely. I restarted and ran rkill then combofix (renamed) immediately after. I still arrive to the blue screen saying it's creating a log.

However something different did happen this time. It seems Combofix deleted two files, which I'm unsure of exactly which files or where, because it literally flashed by, but it appears I don't get redirected when clicking google links any longer.

After letting combofix run another 12hrs I decided to shut down manually (closing the programs normally doesn't work).

IE still pops up in processes anytime I'm connected to the internet. :(
 
Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
So I got a call from folks over at www.pcoutput.com. Apparently they run a service for folks with dying computers like my own. I was very skeptical about the entire ordeal, especially them having access to my phone number without me giving it to anyone about this issue.

After hanging up on them multiple times I was finally convinced by a tech to download a remote access program and allow them to show me the errors on my pc (I figured it couldn't get much worse...), I don't suggest this to anyone... Ultimately nothing bad came of it that I know of, but at the end of the day I saw many an error, was told my pc is on the brink of death, then asked to pay a yearly service which I couldn't afford...

I've since made sure there's nothing still on the pc connecting to the remote service, however oddly I can no longer restore my system to an earlier point without it shutting itself down mid way...

I'm really losing hope with my pc, is this the point where I just delete the hard drive and start anew? I'm more worried about losing personal information than my files at this point.

Anything left to try? :(
 
Never, ever fall any services like the above.
In most cases it's nothing but a scam.

You may be infected with the newest type of TDL rootkit.
Let's check.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

  • Double click on downloaded file to run it.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log (FRST.txt) on your desktop.
  • Please copy and paste it to your reply.
 
You must log in or register to reply here.

Similar threads

C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
8K
Broni
Broni
W
Solved HackTool:Wind32/Mailpassview found
Replies
10
Views
5K
Broni
Broni
dubs1987
Solved Possible virus infection (slowing down of browsing, programs, etc)
Replies
22
Views
6K
Broni
Broni

Latest posts

Back