Author Topic: won't download (Read 11937 times)

wilmot3 · « **on:** October 18, 2013, 08:18:21 PM »

ok I am posting from my computer. I am working on a friends computer. I have downloaded and burnt all the programs you recommended and I am running them. I am up to the point of running Malwarebytes. I have restarted it twice because it says "not responding" and the elapsed time stops. It says it found 2 objects. What do I do now?

[recovering disk space, attachment deleted by admin]

SuperDave · « **Reply #1 on:** October 19, 2013, 04:23:34 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)

Remove the Adware:

Please close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with OK
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

*********************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
**********************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

wilmot3 · « **Reply #2 on:** October 19, 2013, 08:12:45 PM »

here is the txt doc

when I ran the security scan it said operating system not supported....... I downloaded the program with my laptop running win 8 and burnt it to cd....the laptop I am working on is running win 7 would that make the scan say that?

[recovering disk space, attachment deleted by admin]

SuperDave · « **Reply #3 on:** October 20, 2013, 11:14:47 AM »

Quote

when I ran the security scan it said operating system not supported....... I downloaded the program with my laptop running win 8 and burnt it to cd....the laptop I am working on is running win 7 would that make the scan say that?

There's something not quite correct with that program. I'm getting that a lot.

Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)

Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

wilmot3 · « **Reply #4 on:** October 20, 2013, 12:46:05 PM »

Ok I am running the combo fix it says attempting to create restore point. I got a pop up window saying c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe
Illegal operation attempted on a registry key that has been marked for deletion

the scan is running .....after the scan is done should I click ok on the popup?

wilmot3 · « **Reply #5 on:** October 20, 2013, 01:49:20 PM »

ok scan done ....when it restarted it said it did not shut down correctly

ComboFix 13-10-19.02 - LUKE 10/20/2013 14:42:49.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3989.2656 [GMT -4:00]
Running from: C:\Users\LUKE\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

((((((((((((((((((((((((( Files Created from 2013-09-20 to 2013-10-20 )))))))))))))))))))))))))))))))

2013-10-20 19:30:51 . 2013-10-20 19:30:51   --------   d-----w-   C:\Users\Default\AppData\Local\temp
2013-10-20 18:59:10 . 2013-10-20 18:59:12   76232   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CBFAD093-4198-4880-9E9D-B1F29DD54632}\offreg.dll
2013-10-20 01:11:59 . 2013-10-20 01:11:59   --------   d-----w-   C:\windows\ERUNT
2013-10-19 01:34:42 . 2013-04-04 18:50:32   25928   ----a-w-   C:\windows\system32\drivers\mbam.sys
2013-10-19 01:27:54 . 2013-10-19 01:30:13   --------   d-----w-   C:\AdwCleaner
2013-10-19 01:24:04 . 2013-10-19 01:24:05   --------   d-----w-   C:\Program Files\CCleaner
2013-10-18 07:31:04 . 2013-10-18 07:31:06   --------   d-----w-   C:\Program Files (x86)\GUMBA2A.tmp
2013-10-18 07:31:04 . 2013-10-18 07:31:04   50053120   ----a-w-   C:\Program Files (x86)\GUTBA3B.tmp
2013-10-18 07:00:58 . 2013-09-22 22:54:55   19252224   ----a-w-   C:\windows\system32\mshtml.dll
2013-10-15 15:38:31 . 2013-09-16 04:50:04   9694160   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CBFAD093-4198-4880-9E9D-B1F29DD54632}\mpengine.dll
2013-10-15 15:25:34 . 2013-10-17 20:14:59   --------   d-----w-   C:\windows\system32\MpEngineStore
2013-10-15 15:05:06 . 2013-08-28 01:12:33   461312   ----a-w-   C:\windows\system32\scavengeui.dll
2013-10-15 14:55:58 . 2013-07-12 10:41:35   185344   ----a-w-   C:\windows\system32\drivers\usbvideo.sys
2013-10-15 14:34:24 . 2013-10-15 14:34:58   --------   d-----w-   C:\Program Files (x86)\GUME4E2.tmp
2013-10-15 14:34:24 . 2013-10-15 14:34:24   50053120   ----a-w-   C:\Program Files (x86)\GUTE502.tmp
2013-10-14 22:32:27 . 2013-10-14 22:32:27   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2013-10-14 22:31:42 . 2013-10-15 13:21:52   --------   d-----w-   C:\Program Files (x86)\SUPERAntiSpyware
2013-10-14 22:31:42 . 2013-10-14 22:31:42   --------   d-----w-   C:\Users\LUKE\AppData\Roaming\SUPERAntiSpyware.com
2013-10-14 12:07:56 . 2013-10-14 12:07:56   --------   d-----w-   C:\Users\LUKE\AppData\Roaming\Malwarebytes
2013-10-14 12:07:47 . 2013-10-14 12:07:47   --------   d-----w-   C:\ProgramData\Malwarebytes
2013-10-14 12:07:46 . 2013-10-19 01:34:44   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-14 01:18:32 . 2013-10-15 13:21:55   --------   d-----w-   C:\db6e1935fd4a99eb2198d051
2013-10-13 23:33:12 . 2013-10-13 23:33:12   50053120   ----a-w-   C:\Program Files (x86)\GUT1D31.tmp
2013-09-25 22:37:02 . 2013-09-25 22:37:02   --------   d-----w-   C:\Users\LUKE\AppData\Roaming\spotmau
2013-09-25 22:35:04 . 2013-10-15 14:25:13   --------   d-----w-   C:\ProgramData\TuneUp360
2013-09-25 22:34:47 . 2013-10-15 14:25:10   --------   d-----w-   C:\Program Files (x86)\TuneUp360
2013-09-25 22:24:29 . 2013-09-25 22:24:29   --------   d-----w-   C:\Users\LUKE\AppData\Roaming\AVG2014
2013-09-25 22:18:11 . 2013-09-25 22:21:56   --------   d-----w-   C:\ProgramData\AVG2014
2013-09-25 22:12:46 . 2013-09-25 23:10:22   --------   d-----w-   C:\Users\LUKE\AppData\Local\Avg2014
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-10-15 15:04:10 . 2013-01-30 18:50:08   80541720   ----a-w-   C:\windows\system32\MRT.exe
2013-10-15 14:34:44 . 2013-01-30 02:19:23   692616   ----a-w-   C:\windows\SysWow64\FlashPlayerApp.exe
2013-10-15 14:34:44 . 2012-03-22 21:34:13   71048   ----a-w-   C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-07 22:24:54 . 2013-09-12 21:32:07   46368   ----a-w-   C:\windows\system32\drivers\avgtpx64.sys
2013-09-09 02:11:42 . 2013-09-09 02:11:42   31544   ----a-w-   C:\windows\system32\drivers\avgrkx64.sys
2013-09-03 18:35:10 . 2010-11-21 03:27:21   278800   ------w-   C:\windows\system32\MpSigStub.exe
2013-09-02 14:59:14 . 2013-09-02 14:59:14   212280   ----a-w-   C:\windows\system32\drivers\avgldx64.sys
2013-09-02 14:29:18 . 2013-09-02 14:29:18   294712   ----a-w-   C:\windows\system32\drivers\avgloga.sys
2013-09-02 14:26:50 . 2013-09-02 14:26:50   192824   ----a-w-   C:\windows\system32\drivers\avgidsha.sys
2013-09-02 14:26:42 . 2013-09-02 14:26:42   241464   ----a-w-   C:\windows\system32\drivers\avgidsdrivera.sys
2013-08-21 02:53:58 . 2013-08-21 02:53:58   123704   ----a-w-   C:\windows\system32\drivers\avgmfx64.sys
2013-08-10 05:22:18 . 2013-09-12 21:32:49   2241024   ----a-w-   C:\windows\system32\wininet(118).dll
2013-08-10 05:22:05 . 2013-09-12 21:32:51   1365504   ----a-w-   C:\windows\system32\urlmon(115).dll
2013-08-10 05:20:55 . 2013-09-12 21:32:56   2647040   ----a-w-   C:\windows\system32\iertutil(111).dll
2013-08-10 03:59:10 . 2013-09-12 21:32:50   1767936   ----a-w-   C:\windows\SysWow64\wininet(124).dll
2013-08-10 03:59:01 . 2013-09-12 21:32:51   1141248   ----a-w-   C:\windows\SysWow64\urlmon(123).dll
2013-08-10 03:58:06 . 2013-09-12 21:32:57   2048000   ----a-w-   C:\windows\SysWow64\iertutil(121).dll
2013-08-05 02:25:45 . 2013-09-11 22:06:33   155584   ----a-w-   C:\windows\system32\drivers\ataport.sys
2013-08-01 20:07:06 . 2013-08-01 20:07:06   251192   ----a-w-   C:\windows\system32\drivers\avgtdia.sys
2013-08-01 20:06:28 . 2013-08-01 20:06:28   147768   ----a-w-   C:\windows\system32\drivers\avgdiska.sys
2013-07-26 02:24:57 . 2013-09-11 22:37:17   14172672   ----a-w-   C:\windows\system32\shell32.dll
2013-07-26 02:24:56 . 2013-09-11 22:37:15   197120   ----a-w-   C:\windows\system32\shdocvw.dll
2013-07-25 09:25:54 . 2013-08-16 23:02:12   1888768   ----a-w-   C:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57:27 . 2013-08-16 23:02:12   1620992   ----a-w-   C:\windows\SysWow64\WMVDECOD.DLL

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-02-14 12:59:36 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-05 11:59:50 291608]
"ToshibaServiceStation"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 01:16:10 1298816]
"ToshibaAppPlace"="C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 18:03:36 552960]
"NortonOnlineBackupReminder"="C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 22:26:14 3218864]
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe" [2013-09-16 03:12:16 4851760]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 21:06:36 958576]
"EKStatusMonitor"="C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 18:07:42 2750840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-02-18 19:00:08 2236792]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]
Rand McNally Dock.lnk - C:\Program Files (x86)\Rand McNally\RNDDock\StartupLauncher.bat [2013-3-9 25]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

2;2 CareMon;CareMon;C:\Program Files (x86)\TuneUp360\CareMon.exe;C:\Program Files (x86)\TuneUp360\CareMon.exe

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

R2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe

R3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\iusb3hub.sys;C:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys

R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\system32\DRIVERS\iusb3xhc.sys;C:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys

R3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\windows\system32\DRIVERS\NwUsbCdFil64.sys;C:\windows\SYSNATIVE\DRIVERS\NwUsbCdFil64.sys

R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);C:\windows\system32\DRIVERS\nwusbmdm_000.sys;C:\windows\SYSNATIVE\DRIVERS\nwusbmdm_000.sys

R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);C:\windows\system32\DRIVERS\nwusbser_000.sys;C:\windows\SYSNATIVE\DRIVERS\nwusbser_000.sys

R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);C:\windows\system32\DRIVERS\nwusbser2_000.sys;C:\windows\SYSNATIVE\DRIVERS\nwusbser2_000.sys

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\system32\drivers\rdpvideominiport.sys;C:\windows\SYSNATIVE\drivers\rdpvideominiport.sys

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys;C:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys

R3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys;C:\windows\SYSNATIVE\drivers\tsusbflt.sys

R3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys;C:\windows\SYSNATIVE\drivers\TsUsbGD.sys

R3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe;C:\windows\SYSNATIVE\Wat\WatAdminSvc.exe

R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

S0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys;C:\windows\SYSNATIVE\DRIVERS\avgidsha.sys

S0 Avgloga;AVG Logging Driver;C:\windows\system32\DRIVERS\avgloga.sys;C:\windows\SYSNATIVE\DRIVERS\avgloga.sys

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys;C:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys

S0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys;C:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys

S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\system32\DRIVERS\iusb3hcs.sys;C:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys

S0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys;C:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys

S1 Avgdiska;AVG Disk Driver;C:\windows\system32\DRIVERS\avgdiska.sys;C:\windows\SYSNATIVE\DRIVERS\avgdiska.sys

S1 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys;C:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys

S1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys;C:\windows\SYSNATIVE\DRIVERS\avgldx64.sys

S1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys;C:\windows\SYSNATIVE\DRIVERS\avgtdia.sys

S1 avgtp;avgtp;C:\windows\system32\drivers\avgtpx64.sys;C:\windows\SYSNATIVE\drivers\avgtpx64.sys

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe;C:\Program Files\Intel\iCLS Client\HeciServer.exe

S2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe

S2 NWVZHelper;Novatel Wireless Verizon Device Helper;C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe;C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe

S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe

S2 ptumlcmsvc;PTUML290 Connection Manager Service;C:\windows\system32\ptumlcmsvc64.exe;C:\windows\SYSNATIVE\ptumlcmsvc64.exe

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe;C:\Program Files\TOSHIBA\TECO\TecoService.exe

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys;C:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys

S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

S3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys;C:\windows\SYSNATIVE\DRIVERS\FwLnk.sys

S3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys;C:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys

S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys;C:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys

S3 MBAMProtector;MBAMProtector;C:\windows\system32\drivers\mbam.sys;C:\windows\SYSNATIVE\drivers\mbam.sys

S3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys;C:\windows\SYSNATIVE\DRIVERS\pgeffect.sys

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUVStor.sys;C:\windows\SYSNATIVE\Drivers\RtsUVStor.sys

S3 SmbDrv;SmbDrv;C:\windows\system32\DRIVERS\Smb_driver.sys;C:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys

S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-15 20:33:25 1185744 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe

Contents of the 'Scheduled Tasks' folder

2013-10-20 C:\windows\Tasks\Adobe Flash Player Updater.job
- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-30 02:19:23 . 2013-10-15 14:35:07]

2013-10-20 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-14 12:59:08 . 2013-02-14 12:58:57]

2013-10-20 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-14 12:59:08 . 2013-02-14 12:58:57]

2013-10-20 C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 21:41:18 . 2011-11-25 21:41:18]

2013-10-18 C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 21:41:18 . 2011-11-25 21:41:18]

2013-10-20 C:\windows\Tasks\TuneUp360 Reminder.job
- C:\Program Files (x86)\TuneUp360\reminder.exe [2013-09-25 22:34:48 . 2011-10-26 20:42:56]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-01 03:09:06 12446824]
"TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-11-26 02:53:16 710560]
"TosVolRegulator"="C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22:31:34 24376]
"IgfxTray"="C:\windows\system32\igfxtray.exe" [2012-05-10 20:20:46 170264]
"HotKeysCmds"="C:\windows\system32\hkcmd.exe" [2012-05-10 20:20:46 398616]
"Persistence"="C:\windows\system32\igfxpers.exe" [2012-05-10 20:20:46 440088]

------- Supplementary Scan -------

uLocal Page = C:\windows\system32\blank.htm
uStart Page = hxxp://www.facebook.com/
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.0.1 192.168.1.1

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_0913a - C:\Users\LUKE\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe
Wow6432Node-HKLM-Run-Conime - C:\windows\system32\conime.exe
Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

SuperDave · « **Reply #6 on:** October 20, 2013, 07:17:48 PM »

Quote

Illegal operation attempted on a registry key that has been marked for deletion

A re-boot usually clears this warning.

Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page for performing a scan.
Caution: This is a beta version so also read the disclaimer and back up all your data before using.
When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
Copy and paste the contents of these two log files in your next reply.

wilmot3 · « **Reply #7 on:** October 21, 2013, 07:33:40 PM »

Ok here is the files you requested

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.10.02.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
LUKE :: LUKE-PC [administrator]

10/21/2013 6:43:42 PM
mbar-log-2013-10-21 (18-43-42).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 219777
Time elapsed: 15 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\ProgramData\Adobe\AIH.c8f5ba2b974df516abd351117d42750b68e802e8\install_flash_player.exe (Trojan.Downloader) -> Delete on reboot.

Physical Sectors Detected: 3
Physical Sector #51 on Drive #0 (Rootkit.Pihar.c.MBR) -> Replace on reboot.
Master Boot Record on Drive #0 (Rootkit.Pihar.c.MBR) -> Replace on reboot.
Physical Sector #1250263184 on Drive #0 (Forged physical sector) -> Replace on reboot.

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16721

Java version: 1.6.0_25

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 4182564864, free: 2366554112

=======================================
Initializing...
------------ Kernel report ------------
10/21/2013 18:43:38
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\avgdiska.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\Smb_driver.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\FwLnk.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\NWADIenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\RtsUVStor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004f54060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004ed3050
Lower Device Driver Name: \00000245\
IRP handler 0 of \Driver\iaStor points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004f54060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004ed3050
Lower Device Driver Name: \00000245\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004f54060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004f54b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004f54060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004ed3050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \00000245\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a012f6b800, 0xfffffa8004f54060, 0xfffffa8003f84790
Lower DeviceData: 0xfffff8a00b153c70, 0xfffffa8004ed3050, 0xfffffa800ab24dc0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
MBR buffers are not equal
MBR is forged! [4333f673a96dbe57f4d0023e55e5303d]
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: DC51DF2C

Partition information:

Partition 0 type is Empty (0x0)
Partition is ACTIVE.
Partition starts at LBA: 51 Numsec = 0
Partition is not bootable
Infected: VBR on Empty active partition --> [Rootkit.Pihar.c.MBR]
Changing partition to empty and not active. New active partition is 1 on drive 0 ...

Partition 0 type is Other (0x27)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 3074048 Numsec = 1219319808
Partition file system is NTFS
Partition is bootable

Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 1222393856 Numsec = 27869184
Partition is not bootable
Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

MBR infection found on drive 0
Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-50-1250243728-1250263728)...
Sectors 1250263184 - 1250263727 --> [Forged physical sectors]
Done!
Infected: C:\ProgramData\Adobe\AIH.c8f5ba2b974df516abd351117d42750b68e802e8\install_flash_player.exe --> [Trojan.Downloader]
Read File: File "c:\programdata\avg2014\chjw\6c3e28c43e2888e2.dat:2885e41e-fb70-4d53-8067-86600d5bba5b" is sparse (flags = 32768)
Scan finished
Creating System Restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
BCD Entry for BOOTEMS is missing
Malicious Entry 26000022 for BOOTEMS present!
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16721

Java version: 1.6.0_25

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 4182564864, free: 3051991040

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16721

Java version: 1.6.0_25

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 4182564864, free: 2668781568

=======================================
Initializing...
------------ Kernel report ------------
10/21/2013 19:15:24
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\avgdiska.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\Smb_driver.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\FwLnk.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\NWADIenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\RtsUVStor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004f14060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004ed3050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004f14060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004f14b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004f14060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004ed3050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: DC51DF2C

Partition information:

Partition 0 type is Other (0x27)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 3074048 Numsec = 1219319808
Partition file system is NTFS
Partition is bootable

Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 1222393856 Numsec = 27869184
Partition is not bootable
Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Done!
Read File: File "c:\programdata\avg2014\chjw\6c3e28c43e2888e2.dat:2885e41e-fb70-4d53-8067-86600d5bba5b" is sparse (flags = 32768)
Scan Interrupted
Scan was aborted.
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_3074048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_2_1222393856_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16721

Java version: 1.6.0_25

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 4182564864, free: 2723405824

=======================================
Initializing...
------------ Kernel report ------------
10/21/2013 20:26:24
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\avgdiska.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\Smb_driver.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\FwLnk.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\NWADIenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\RtsUVStor.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004f32060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004eb1050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004f32060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004f32b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004f32060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004eb1050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: DC51DF2C

Partition information:

Partition 0 type is Other (0x27)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 3074048 Numsec = 1219319808
Partition file system is NTFS
Partition is bootable

Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 1222393856 Numsec = 27869184
Partition is not bootable
Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Done!
Read File: File "c:\programdata\avg2014\chjw\6c3e28c43e2888e2.dat:2885e41e-fb70-4d53-8067-86600d5bba5b" is sparse (flags = 32768)
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_3074048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_2_1222393856_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished

SuperDave · « **Reply #8 on:** October 22, 2013, 01:22:53 PM »

I am required to give you this warning.

It appears your system is infected with a rootkit. A rootkit is a powerful piece of malware, that allows hackers full control over your computer for means of sending attacks over the Internet, or using your computer to generate revenue.

Malware experts have recommended that we make it clear that with the system under control of a hacker, your computer might become impossible to clean 100%.

Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your antivirus and security tools to prevent detection and removal. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is sent back to the hacker. To learn more about these types of infections, you can refer to:

What danger is presented by rootkits?
Rootkits and how to combat them
r00tkit Analysis: What Is A Rootkit

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
What Should I Do If I've Become A Victim Of Identity Theft?
Identity Theft Victims Guide - What to do
It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot
be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety. Making this decision is based on what the computer is used for, and what information can be accessed from it. For more information, please read these references very carefully:
When should I re-format? How should I reinstall?
Help: I Got Hacked. Now What Do I Do?
Help: I Got Hacked. Now What Do I Do? Part II
Where to draw the line? When to recommend a format and reinstall?

Guides for format and reinstall:

how-to-reformat-and-reinstall-your-operating-system-the-easy-way

However, if you do not have the resources to reinstall your computer's OS and would like me to attempt to clean it, I will be happy to do so. But please consider carefully before deciding against a reformat.
If you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful.

Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.

wilmot3 · « **Reply #9 on:** October 26, 2013, 09:46:17 AM »

I have reformatted and installed win7.....any recommendations for virus scan?

SuperDave · « **Reply #10 on:** October 26, 2013, 12:46:59 PM »

I wouldn't use AVG. It's too much of a resource hog. Here's a list of free AV's. I prefer MSE by MS.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) MicroSoft Security Essentials All versions and all languages.
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

wilmot3 · « **Reply #11 on:** October 26, 2013, 04:59:08 PM »

OK thanks for your assistance with this one. I will highly recommend this site to anyone that needs help, thanks again

SuperDave · « **Reply #12 on:** October 26, 2013, 05:53:01 PM »

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Computer Hope Forum

News:

Author Topic: won't download (Read 11937 times)

wilmot3

won't download

SuperDave

Re: won't download

wilmot3

Re: won't download

SuperDave

Re: won't download

wilmot3

Re: won't download

wilmot3

Re: won't download

SuperDave

Re: won't download

wilmot3

Re: won't download

SuperDave

Re: won't download

wilmot3

Re: won't download

SuperDave

Re: won't download

wilmot3

Re: won't download

SuperDave

Re: won't download