1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Keeps Crashing - Critical Event 41 Kernal-Power

Discussion in 'Malware and Virus Removal Archive' started by Ladyfirst, 2013/04/27.

  1. 2013/04/27
    Ladyfirst

    Ladyfirst Inactive Thread Starter

    Joined:
    2005/10/04
    Messages:
    29
    Likes Received:
    0
    [Inactive] Keeps Crashing - Critical Event 41 Kernal-Power

    Hi!
    There were eight crashes yesterday - two this morning. No BSOD just black screen and the computer sounds like it's revving up to restart but it doesn't and I have to do a hard shut-down at the tower.
    Also, when rebooting this last time the CHKDSK came on (unscheduled by me) and said "one of your Disks needs to be checked for consistancy "

    Backtracking slightly - for the past two months my computer has been acting "buggy ".
    The MBAM and Avast scans showed nothing wrong but I knew something was. I read about "Microsoft Security Scanner" and tried it, here's what it found:
    Win32:RootKit-gen[RTK]
    Exploit:Java/CVE-2012-4681
    Win32.Eupuds TrojansC-03

    I also ran SpybotS&D and besides the usual tracking cookies it found some files that it said it couldn't remove because they were password protected - I have never created a password protected file.

    I know event 41 may mean that the PSU is failing (or some other hardware problem), but it could also be the result of some malicious malware so I'm hoping you can help me sort out what's happening. :)

    I'll post the requested logs next.
     
    Ladyfirst,
    #1
  2. 2013/04/27
    Ladyfirst

    Ladyfirst Inactive Thread Starter

    Joined:
    2005/10/04
    Messages:
    29
    Likes Received:
    0
    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.04.27.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16521
    Suzanne :: HOME [administrator]

    4/27/2013 10:05:20 AM
    mbam-log-2013-04-27 (10-05-20).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 241671
    Time elapsed: 6 minute(s), 28 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-04-27 10:19:15
    -----------------------------
    10:19:15.898 OS Version: Windows x64 6.1.7601 Service Pack 1
    10:19:15.898 Number of processors: 4 586 0x203
    10:19:15.898 ComputerName: HOME UserName:
    10:19:21.311 Initialize success
    10:19:22.543 AVAST engine defs: 13042700
    10:19:33.806 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    10:19:33.806 Disk 0 Vendor: ST3320613AS CC4H Size: 305245MB BusType: 3
    10:19:33.931 Disk 0 MBR read successfully
    10:19:33.931 Disk 0 MBR scan
    10:19:33.947 Disk 0 Windows 7 default MBR code
    10:19:33.947 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
    10:19:33.962 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
    10:19:33.978 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 289821 MB offset 31586304
    10:19:33.994 Disk 0 scanning C:\Windows\system32\drivers
    10:19:50.140 Service scanning
    10:20:12.058 Modules scanning
    10:20:12.073 Disk 0 trace - called modules:
    10:20:12.089 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    10:20:12.105 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ba1790]
    10:20:12.448 3 CLASSPNP.SYS[fffff8800198843f] -> nt!IofCallDriver -> [0xfffffa80049fb910]
    10:20:12.448 5 ACPI.sys[fffff88000fa27a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b32060]
    10:20:12.963 AVAST engine scan C:\Windows
    10:20:16.114 AVAST engine scan C:\Windows\system32
    10:22:38.183 AVAST engine scan C:\Windows\system32\drivers
    10:22:50.476 AVAST engine scan C:\Users\Suzanne
    10:33:03.979 AVAST engine scan C:\ProgramData
    10:37:01.143 Scan finished successfully
    10:38:38.315 Disk 0 MBR has been saved successfully to "C:\Users\Suzanne\Desktop\MBR.dat "
    10:38:38.315 The log file has been saved successfully to "C:\Users\Suzanne\Desktop\aswMBR.txt "

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16521 BrowserJavaVersion: 10.17.2
    Run by Suzanne at 10:39:59 on 2013-04-27
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.1859 [GMT -4:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\ThreatFire\TFService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\System32\StikyNot.exe
    C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
    C:\Users\Suzanne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files (x86)\ThreatFire\TFTray.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\wuauclt.exe
    C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://my.yahoo.com/
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - <orphaned>
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    uRun: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
    uRun: [Spotify Web Helper] "C:\Users\Suzanne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe "
    uRun: [Google Update] "C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe
    mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe "
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    StartupFolder: C:\Users\Suzanne\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:157
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    TCP: NameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{11AE1164-2137-4131-8DB2-8CAF435748A9} : DHCPNameServer = 192.168.1.1 192.168.1.1
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection64.cab
    x64-DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Suzanne\AppData\Roaming\Mozilla\Firefox\Profiles\go8ceu5v.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np32asw.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Suzanne\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Suzanne\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Suzanne\AppData\Roaming\Mozilla\Firefox\Profiles\go8ceu5v.default\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}\plugins\npqbc.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\Npindeo.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-04-14 11:26; translator@zoli.bod; C:\Users\Suzanne\AppData\Roaming\Mozilla\Firefox\Profiles\go8ceu5v.default\extensions\translator@zoli.bod.xpi
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-2-28 65336]
    R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-2-28 178624]
    R0 hotcore3;hc3ServiceName;C:\Windows\System32\drivers\hotcore3.sys [2010-5-3 37392]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-9-23 53488]
    R0 TfFsMon;TfFsMon;C:\Windows\System32\drivers\TfFsMon.sys [2010-8-17 65072]
    R0 TfSysMon;TfSysMon;C:\Windows\System32\drivers\TfSysMon.sys [2010-8-17 59880]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-2-24 1025808]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-8-11 377920]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-8-11 33400]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-8-11 80816]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2013-3-13 45248]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
    R2 ThreatFire;ThreatFire;C:\Program Files (x86)\ThreatFire\TFService.exe service --> C:\Program Files (x86)\ThreatFire\TFService.exe service [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
    R3 TfNetMon;TfNetMon;C:\Windows\System32\drivers\TfNetMon.sys [2010-8-17 41888]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2009-10-28 1152000]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-1-27 1153368]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-3-20 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2007-5-9 16032]
    S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-5-9 50208]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-8 59392]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-28 1255736]
    S4 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2009-9-23 226832]
    .
    =============== Created Last 30 ================
    .
    2013-04-08 02:55:30 -------- d-----w- C:\Program Files (x86)\Fairly Twisted Tales - The Price Of A Rose
    2013-04-07 04:50:22 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-04-07 04:50:20 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-04-07 04:50:19 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-04-02 14:09:52 4550656 ----a-w- C:\Windows\SysWow64\GPhotos.scr
    2013-03-31 10:20:49 -------- d-----w- C:\Users\Suzanne\AppData\Roaming\Friday's games
    .
    ==================== Find3M ====================
    .
    2013-04-12 13:29:42 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-04-12 13:29:42 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-03-23 05:55:22 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-03-06 22:33:21 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2013-03-06 22:33:21 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2013-03-06 22:33:21 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2013-03-06 22:33:21 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2013-03-06 22:33:20 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2013-03-06 22:32:51 41664 ----a-w- C:\Windows\avastSS.scr
    2013-03-06 01:20:25 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-03-06 01:20:24 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-03-06 01:20:24 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    .
    ============= FINISH: 10:43:56.20 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 11/18/2009 11:41:55 AM
    System Uptime: 4/27/2013 10:00:33 AM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0F896N
    Processor: AMD Phenom(tm) 9650 Quad-Core Processor | AM2 | 1196/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 283 GiB total, 179.962 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 7.07 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP434: 2/7/2013 9:47:00 PM - Installed Java 7 Update 13
    RP435: 2/7/2013 9:52:44 PM - Windows Update
    RP436: 2/8/2013 11:41:05 PM - Windows Update
    RP437: 2/12/2013 9:39:53 AM - Restore Operation
    RP438: 2/20/2013 10:29:31 AM - Scheduled Checkpoint
    RP439: 2/28/2013 7:19:43 AM - Scheduled Checkpoint
    RP440: 2/28/2013 11:44:35 AM - avast! Free Antivirus Setup
    RP441: 3/1/2013 8:16:15 AM - Installed Java 7 Update 15
    RP442: 3/2/2013 1:45:34 AM - Windows Update
    RP443: 3/5/2013 8:19:08 PM - Installed Java 7 Update 17
    RP444: 3/13/2013 9:08:47 AM - Scheduled Checkpoint
    RP445: 3/19/2013 11:52:30 PM - Windows Update
    RP446: 3/23/2013 1:51:17 AM - Windows Update
    RP447: 3/31/2013 1:29:57 PM - Scheduled Checkpoint
    RP448: 4/4/2013 8:22:54 AM - Windows Update
    RP449: 4/7/2013 12:50:36 AM - Windows Update
    RP450: 4/14/2013 9:55:46 AM - Scheduled Checkpoint
    RP451: 4/22/2013 8:00:30 AM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    64 Bit HP CIO Components Installer
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.02)
    Adobe Shockwave Player 12.0
    Annie's Millions
    APC PowerChute Personal Edition
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Around the World in 80 Days
    ATI Catalyst Install Manager
    Autumn's Treasures - The Jade Coin
    avast! Free Antivirus
    Awakening: The Dreamless Castle
    Belarc Advisor 8.2
    Best Recipes Ever Vol.21,Num.9
    Big City Adventure: London Story
    Big Fish Games: Game Manager
    Bonjour
    Botanica: Into the Unknown
    Call of Atlantis
    Cisco Connect
    Compatibility Pack for the 2007 Office system
    Coupon Printer for Windows
    D3DX10
    Dell Dock
    Dell Edoc Viewer
    Dell Getting Started Guide
    Eraser 6.0.8.2273
    Escape the Museum
    Evernote v. 4.5.4
    Fairly Twisted Tales: The Price Of A Rose
    Farmington Tales
    Farmscapes
    FinePixViewer Resource
    FinePixViewer Ver.5.5
    FinePixViewer YTUPL
    Fishdom
    Fishdom H2O - Hidden Odyssey
    Flux Family Secrets - The Rabbit Hole
    Flux Family Secrets: The Book of Oracles
    Flux Family Secrets: The Ripple Effect
    FUJIFILM FinePixViewer S Ver.2.1
    Gardenscapes
    Google Chrome
    Google Translator
    GoToAssist 8.0.0.514
    Hidden Mysteries: The Fateful Voyage - Titanic
    HP Deskjet 1050 J410 series Basic Device Software
    HP Deskjet 1050 J410 series Help
    HP Deskjet 1050 J410 series Product Improvement Study
    HP Photo Creations
    HP Update
    Internet TV for Windows Media Center
    IrfanView (remove only)
    iTunes
    Java 7 Update 17
    Java Auto Updater
    Journey to the Center of the Earth
    Junk Mail filter update
    Kate Arrow: Deserted Wood
    Love Story: Letters from the Past
    Love Story: The Beach Cottage
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Default Manager
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Murder, She Wrote 2: Return to Cabot Cove
    NVIDIA 3D Vision Controller Driver 296.10
    NVIDIA 3D Vision Driver 306.97
    NVIDIA Control Panel 306.97
    NVIDIA Display Control Panel
    NVIDIA Graphics Driver 306.97
    NVIDIA HD Audio Driver 1.3.12.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0213
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    Opera 12.15
    Paragon Drive Backup™ 9.5 Professional Edition
    Picasa 3
    Platform
    PowerDVD DX
    PVSonyDll
    QualXServ Service Agreement
    QuickTime
    Rainlendar2 (remove only)
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Royal Envoy
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Skype Click to Call
    Skype™ 6.3
    Spelling Dictionaries Support For Adobe Reader 9
    Spotify
    Spybot - Search & Destroy
    SpywareBlaster 5.0
    swMSM
    System Requirements Lab
    The Rise of Atlantis
    The Scruffs
    ThreatFire
    Treasure Of Persia
    TriO: The Great Settlement
    Unity Web Player
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Vacation Quest: Australia
    VIA Platform Device Manager
    Watchtower Library 2011 - English
    Watchtower Library 2012 - English
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Center Add-in for Flash
    Windows Media Player Firefox Plugin
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/27/2013 10:05:08 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    4/27/2013 10:05:08 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
    4/27/2013 10:01:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
    4/27/2013 10:01:36 AM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    4/24/2013 8:47:40 AM, Error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    4/24/2013 8:43:47 AM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    4/24/2013 8:43:24 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================
     
    Last edited: 2013/04/27
    Ladyfirst,
    #2


  3. to hide this advert.

  4. 2013/04/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #3
  5. 2013/04/27
    Ladyfirst

    Ladyfirst Inactive Thread Starter

    Joined:
    2005/10/04
    Messages:
    29
    Likes Received:
    0
    Yes, it is.
    I had completely forgotten about that thread and that problem, but then again, I'm getting old. :)

    The problem seemed resolved until recently now, with it crashing so often I'm just not sure if it's hardware or something else. Can you help me determine if malware is involved?
     
    Last edited: 2013/04/27
    Ladyfirst,
    #4
  6. 2013/04/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    We can run couple more scans but so far I don't see anything malicious.

    [​IMG] Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
    broni,
    #5
  7. 2013/04/27
    Ladyfirst

    Ladyfirst Inactive Thread Starter

    Joined:
    2005/10/04
    Messages:
    29
    Likes Received:
    0
    Here are the two logs for RogueKiller:

    Log #1

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Suzanne [Admin rights]
    Mode : Scan -- Date : 04/27/2013 12:19:31
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 9 ¤¤¤
    [TASK][SUSP PATH] {3672E9C8-D65C-4D89-9E44-316310170E21} : C:\Users\Suzanne\Desktop\Familypuzzle\Setup.exe [x] -> FOUND
    [TASK][SUSP PATH] {9DFC73A9-83A6-44C4-A10D-61CF529B70AA} : C:\Users\Suzanne\Desktop\Downloads\driverhivetrialsetup.exe [x] -> FOUND
    [TASK][SUSP PATH] {E128DCF5-01A6-4FF6-B7FA-8A385729155B} : C:\Users\Suzanne\Desktop\Downloads\driverhivetrialsetup.exe [x] -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤
    -> D:\windows\system32\config\SOFTWARE
    -> D:\windows\system32\config\SYSTEM
    -> D:\Users\Default\NTUSER.DAT

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3320613AS ATA Device +++++
    --- User ---
    [MBR] 81a203ceece8803bad38ca9004b3c8fd
    [BSP] 346b64ba3606b9c23b53a66f6abcac30 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 129024 | Size: 15360 Mo
    2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31586304 | Size: 289821 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_04272013_02d1219.txt >>
    RKreport[1]_S_04272013_02d1219.txt

    Log #2

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Suzanne [Admin rights]
    Mode : Remove -- Date : 04/27/2013 12:21:50
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 9 ¤¤¤
    [TASK][SUSP PATH] {3672E9C8-D65C-4D89-9E44-316310170E21} : C:\Users\Suzanne\Desktop\Familypuzzle\Setup.exe [x] -> DELETED
    [TASK][SUSP PATH] {9DFC73A9-83A6-44C4-A10D-61CF529B70AA} : C:\Users\Suzanne\Desktop\Downloads\driverhivetrialsetup.exe [x] -> DELETED
    [TASK][SUSP PATH] {E128DCF5-01A6-4FF6-B7FA-8A385729155B} : C:\Users\Suzanne\Desktop\Downloads\driverhivetrialsetup.exe [x] -> DELETED
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤
    -> D:\windows\system32\config\SOFTWARE
    -> D:\windows\system32\config\SYSTEM
    -> D:\Users\Default\NTUSER.DAT

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3320613AS ATA Device +++++
    --- User ---
    [MBR] 81a203ceece8803bad38ca9004b3c8fd
    [BSP] 346b64ba3606b9c23b53a66f6abcac30 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 129024 | Size: 15360 Mo
    2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31586304 | Size: 289821 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_04272013_02d1221.txt >>
    RKreport[1]_S_04272013_02d1219.txt ; RKreport[2]_D_04272013_02d1221.txt


    Here is the log for Malwarebytes Anti-Rootkit - The scan was clean and no rebooting was necessary:

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16521

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.300000 GHz
    Memory total: 4294041600, free: 2271813632

    ------------ Kernel report ------------
    04/27/2013 12:26:24
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\drivers\TfSysMon.sys
    \SystemRoot\system32\drivers\TfFsMon.sys
    \SystemRoot\System32\Drivers\PxHlpa64.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\hotcore3.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\AtiPcie.sys
    \SystemRoot\System32\Drivers\aswVmm.sys
    \SystemRoot\System32\Drivers\aswRvrt.sys
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\System32\Drivers\aswSnx.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\Drivers\aswTdi.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\Drivers\aswrdr2.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\System32\Drivers\aswSP.SYS
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\amdppm.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\Drivers\nvBridge.kmd
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\kbdclass.sys
    \SystemRoot\system32\drivers\mouclass.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\nvhda64v.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\viahduaa.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\drivers\kbdhid.sys
    \SystemRoot\system32\DRIVERS\HidBatt.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\aswMonFlt.sys
    \SystemRoot\System32\Drivers\aswFsBlk.SYS
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \??\C:\Windows\system32\drivers\TfNetMon.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \??\C:\Users\Suzanne\AppData\Local\Temp\aswMBR.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\wininet.dll
    \Windows\System32\shell32.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\msctf.dll
    \Windows\System32\nsi.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\usp10.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\imm32.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\ole32.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\lpk.dll
    \Windows\System32\user32.dll
    \Windows\System32\psapi.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\devobj.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8004ba1790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
    Lower Device Object: 0xfffffa8004b32060
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initialization returned 0x0
    Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
    Load Function returned 0x0
    Host not found
    Downloaded database version: v2013.04.27.03
    Downloaded database version: v2013.04.25.01
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 3
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8004ba1790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8004ba12c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8004ba1790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80049fb910, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8004b32060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a018137590, 0xfffffa8004ba1790, 0xfffffa800e8b04f0
    Lower DeviceData: 0xfffff8a0034fe130, 0xfffffa8004b32060, 0xfffffa800a80d820
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 3
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A0000000

    Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 128457

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 129024 Numsec = 31457280

    Partition 2 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 31586304 Numsec = 593553408
    Partition file system is NTFS
    Partition is bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    =======================================
     
    Ladyfirst,
    #6
  8. 2013/04/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Nothing there.

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.
     
    broni,
    #7
  9. 2013/04/27
    Ladyfirst

    Ladyfirst Inactive Thread Starter

    Joined:
    2005/10/04
    Messages:
    29
    Likes Received:
    0
    ~ Thank you, broni, I sincerely appreciate all of your help and how very thorough you are!
    That's a good point, I probably will head over to the Windows section now that you've ruled out malware. Thanks again. :)
     
    Last edited: 2013/04/27
    Ladyfirst,
    #8

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...