Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Avast found Rootkit and Strange Behavior Win7 [Solved]


  • This topic is locked This topic is locked

#1
sportspeddler1

sportspeddler1

    Member

  • Member
  • PipPipPip
  • 110 posts
I have a dual boot, Windows 7 Professional SP1 32 bit and Windows XP Professional SP3 32 bit. The Windows 7 part started acting strange and I have no idea how or when it started. The majority of the time I use the WinXP side for my business. For security I run the free version of Avast Anti-virus as well as the free version of Comodo Firewall.

The first thing I noticed was that I was asked to Register Windows again even though it was registered several months ago. I did so and that went through fine. Then when I tried to do almost anything on my normal user account in Windows 7 I get a window that pops up that reads 'A device attached to the system is not functioning'. I tried to run Malwarebytes and got the same pop-up. I finally was able to run Malwarebytes by uninstalling it and then running it on a fresh install. It did not find anything. I also scheduled a boot-time scan in Avast which did not find anything. Next came a problem not being able to log into Windows 7 at all which relates to this post on geekstogo. http://www.geekstogo...n-in-safe-mode/ I finally was able to get Windows 7 to open up again. While installing some Windows updates, my Avast popped up with the message: Rootkit found C:\LG112CDevice > Win32:EVO-GEN [susp] I hit the delete button as was recommended by Avast.

At this point I still cannot do much at all when logged into my regular user account in Windows 7 without getting the pop-up 'A device attached to the system is not functioning'. When I try to delete files I get a pop up that says I do not have administrator permission even though the user account is set up with full administrator permissions. I was not able to run OTL under my regular user account because of the 'A device attached to the system is not functioning' pop-up, but was able to run it while logged in as Administrator. I have attached the text from that scan.

Hopefully someone can help and Thank you for any help you can offer!

OTL logfile created on: 9/27/2013 11:29:39 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 58.71% Memory free
3.93 Gb Paging File | 2.91 Gb Available in Paging File | 74.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.13 Gb Total Space | 121.00 Gb Free Space | 88.89% Space Free | Partition Type: NTFS
Drive D: | 200.78 Gb Total Space | 194.27 Gb Free Space | 96.76% Space Free | Partition Type: NTFS
Drive E: | 100.00 Gb Total Space | 89.46 Gb Free Space | 89.46% Space Free | Partition Type: NTFS

Computer Name: WIN7DESKTOP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/27 11:28:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2013/09/24 06:53:53 | 004,831,680 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2013/09/24 06:53:26 | 007,022,808 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cis.exe
PRC - [2013/09/24 06:53:26 | 001,576,152 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
PRC - [2013/09/24 06:53:25 | 001,857,752 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
PRC - [2013/09/19 21:39:32 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Mozilla\Firefox\firefox.exe
PRC - [2013/09/05 10:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/30 03:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/08/30 03:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/11/24 10:17:34 | 000,368,640 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/11/24 10:17:04 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/04/24 17:01:24 | 001,683,456 | ---- | M] () -- C:\Forte Manager\bin\Monitor.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/19 21:39:31 | 003,551,640 | ---- | M] () -- C:\Mozilla\Firefox\mozjs.dll
MOD - [2013/08/17 01:55:42 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\40b43527d6fdbeb6e905a7b6123f3a42\System.Web.ni.dll
MOD - [2013/08/17 01:55:33 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\dd8f4efb7e81c75fe444a180f6f1aacf\System.Runtime.Remoting.ni.dll
MOD - [2013/08/17 01:54:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/08/17 01:54:46 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/17 01:54:18 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/17 01:54:13 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/08/17 01:54:12 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/08/02 12:37:00 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/05/29 01:58:40 | 001,708,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3615.38717__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll
MOD - [2013/05/29 01:58:40 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3615.38687__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2013/05/29 01:58:40 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3615.38596__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2013/05/29 01:58:40 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3615.38616__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2013/05/29 01:58:40 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3615.38667__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2013/05/29 01:58:40 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3615.38605__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2013/05/29 01:58:40 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3615.38688__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2013/05/29 01:58:40 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3615.38649__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2013/05/29 01:58:40 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3615.38639__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2013/05/29 01:58:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3615.38610__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2013/05/29 01:58:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3615.38605__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2013/05/29 01:58:39 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3615.38654__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2013/05/29 01:58:39 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3615.38654__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2013/05/29 01:58:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3615.38653__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2013/05/29 01:58:39 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3615.38717__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll
MOD - [2013/05/29 01:58:38 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3615.38713__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2013/05/29 01:58:38 | 000,827,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3615.38641__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2013/05/29 01:58:38 | 000,643,072 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3615.38698__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2013/05/29 01:58:38 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3615.38617__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2013/05/29 01:58:38 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3615.38662__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2013/05/29 01:58:38 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3615.38616__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2013/05/29 01:58:38 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3615.38641__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2013/05/29 01:58:38 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3615.38646__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2013/05/29 01:58:38 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3615.38697__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2013/05/29 01:58:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3615.38646__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2013/05/29 01:58:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3615.38621__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2013/05/29 01:58:37 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3615.38640__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2013/05/29 01:58:37 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3615.38635__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2013/05/29 01:58:37 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2013/05/29 01:58:37 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3615.38640__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2013/05/29 01:58:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3615.38640__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2013/05/29 01:58:37 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3615.38647__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2013/05/29 01:58:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3615.23253__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2013/05/29 01:58:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3615.23247__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2013/05/29 01:58:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3615.23256__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2013/05/29 01:58:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3615.23275__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2013/05/29 01:58:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3615.23270__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2013/05/29 01:58:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3615.23258__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2013/05/29 01:58:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3615.23269__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2013/05/29 01:58:36 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3615.23232__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2013/05/29 01:58:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3615.23235__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2013/05/29 01:58:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3615.23254__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2013/05/29 01:58:36 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2013/05/29 01:58:35 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3615.23245__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2013/05/29 01:58:35 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3615.23236__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2013/05/29 01:58:35 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2013/05/29 01:58:35 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3615.23288__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2013/05/29 01:58:35 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3615.23249__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2013/05/29 01:58:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2013/05/29 01:58:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3615.23252__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2013/05/29 01:58:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3615.23243__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2013/05/29 01:58:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2013/05/29 01:58:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3615.23269__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2013/05/29 01:58:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2013/05/29 01:58:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3615.23253__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2013/05/29 01:58:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3615.23265__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2013/05/29 01:58:34 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3615.23274__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2013/05/29 01:58:34 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3615.23256__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2013/05/29 01:58:34 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3615.23273__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2013/05/29 01:58:34 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3615.23267__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2013/05/29 01:58:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3615.23267__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll
MOD - [2013/05/29 01:58:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3615.23254__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2013/05/29 01:58:34 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3615.23256__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2013/05/29 01:58:33 | 000,741,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3615.38711__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2013/05/29 01:58:33 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3615.23260__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2013/05/29 01:58:33 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3615.23256__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2013/05/29 01:58:33 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3615.23263__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2013/05/29 01:58:33 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3615.38692__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2013/05/29 01:58:33 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3615.23252__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2013/05/29 01:58:33 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3615.23259__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2013/05/29 01:58:33 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3615.23264__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2013/05/29 01:58:33 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3615.23268__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2013/05/29 01:58:33 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3615.23250__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2013/05/29 01:58:33 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3615.23260__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2013/05/29 01:58:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3615.23259__90ba9c70f846762e\APM.Foundation.dll
MOD - [2013/05/29 01:58:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3615.23254__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2013/05/29 01:58:32 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3615.38601__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2013/05/29 01:58:32 | 000,565,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3615.38676__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2013/05/29 01:58:32 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3615.38610__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2013/05/29 01:58:32 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3615.38682__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2013/05/29 01:58:32 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3615.38680__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2013/05/29 01:58:32 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3615.38594__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2013/05/29 01:58:32 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3615.38595__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2013/05/29 01:58:32 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3615.23257__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2013/05/29 01:58:32 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3615.23241__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2013/05/29 01:58:32 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3615.23250__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2013/05/29 01:58:32 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3615.23239__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2013/05/29 01:58:32 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2013/05/29 01:58:32 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3615.23255__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2013/05/29 01:58:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3615.23247__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2013/05/29 01:58:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3615.23259__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2013/05/29 01:58:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3615.23257__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2013/05/29 01:58:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3615.23261__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2013/05/29 01:58:32 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3615.38681__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2013/05/29 01:58:32 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3615.38593__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2013/05/29 01:58:31 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard\1.2.3636.24084__90ba9c70f846762e\CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard.dll
MOD - [2013/05/29 01:58:31 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3615.38592__90ba9c70f846762e\APM.Server.dll
MOD - [2013/05/29 01:58:31 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3615.38593__90ba9c70f846762e\AEM.Server.dll
MOD - [2009/12/15 13:22:58 | 001,552,384 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009/04/24 17:01:24 | 001,683,456 | ---- | M] () -- C:\Forte Manager\bin\Monitor.exe
MOD - [2009/04/24 16:03:28 | 000,069,632 | ---- | M] () -- C:\Forte Manager\bin\MonitorEngRes.dll
MOD - [2009/04/24 16:03:22 | 000,122,880 | ---- | M] () -- C:\Forte Manager\bin\ApplicationManager.dll
MOD - [2009/04/24 16:03:14 | 000,090,112 | ---- | M] () -- C:\Forte Manager\bin\ACRHook.dll
MOD - [2009/04/24 16:03:14 | 000,073,728 | ---- | M] () -- C:\Forte Manager\bin\ProtocolEngine.dll
MOD - [2009/04/24 16:03:12 | 000,159,744 | ---- | M] () -- C:\Forte Manager\bin\DeviceManager.dll
MOD - [2009/04/24 16:03:10 | 000,053,248 | ---- | M] () -- C:\Forte Manager\bin\ErrorHandler.dll


========== Services (SafeList) ==========

SRV - [2013/09/24 06:53:53 | 004,831,680 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2013/09/24 06:53:27 | 000,131,288 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\Comodo\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV - [2013/09/05 10:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/08/30 03:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/05/29 01:14:48 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/11/24 10:17:04 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- F:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - [2013/09/24 06:54:09 | 000,085,464 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2013/09/24 06:54:08 | 000,582,936 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2013/09/24 06:54:08 | 000,044,752 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2013/09/24 06:54:07 | 000,020,072 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd)
DRV - [2013/08/30 03:48:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/08/30 03:48:13 | 000,177,864 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/08/30 03:48:13 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/08/30 03:48:12 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/08/30 03:48:12 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/08/30 03:48:12 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/08/30 03:48:11 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/08/30 03:48:11 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/01/19 12:46:28 | 000,081,920 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NmPar.sys -- (NmPar)
DRV - [2009/11/24 10:51:32 | 005,143,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/11/18 06:25:04 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/09/17 19:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/13 19:19:25 | 000,114,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mf.sys -- (mf)
DRV - [2009/04/24 16:03:10 | 000,018,432 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Forte Manager\bin\PII2CDriver.sys -- (LGII2CDevice)
DRV - [2009/04/24 16:03:10 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Forte Manager\bin\I2CDriver.sys -- (LGDDCDevice)
DRV - [2007/03/27 08:20:06 | 000,011,264 | ---- | M] (Beijing Senselock Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\elite4v2.sys -- (Elite4v2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/09/19 00:36:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Mozilla\Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Mozilla\Firefox\plugins

[2013/09/19 22:17:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2013/09/27 11:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rekrc0ty.default\extensions

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\Comodo\COMODO Internet Security\cistray.exe (COMODO)
O4 - HKLM..\Run: [EaseUS EPM tray] C:\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{411F08C0-FF20-442C-9FCB-9E02D9FA13E2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{411F08C0-FF20-442C-9FCB-9E02D9FA13E2}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/27 11:28:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013/09/27 00:56:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2013/09/27 00:56:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe
[2013/09/20 00:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/20 00:01:20 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/09/20 00:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/09/20 00:00:17 | 000,000,000 | ---D | C] -- C:\MalwareBytes
[2013/09/19 22:50:44 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/09/19 22:17:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2013/09/19 22:17:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Mozilla
[2013/09/19 22:14:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ATI
[2013/09/19 22:14:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ATI
[2013/09/19 22:14:21 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/09/19 22:14:21 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2013/09/19 22:14:21 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/09/19 22:14:21 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/09/19 22:14:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2013/09/19 22:14:11 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2013/09/19 22:14:04 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2013/09/19 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos
[2013/09/19 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games
[2013/09/19 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures
[2013/09/19 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music
[2013/09/19 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/09/19 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links
[2013/09/19 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites
[2013/09/19 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads
[2013/09/19 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents
[2013/09/19 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop
[2013/09/19 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/09/19 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2013/09/19 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Templates
[2013/09/19 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Start Menu
[2013/09/19 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo
[2013/09/19 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent
[2013/09/19 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\PrintHood
[2013/09/19 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\NetHood
[2013/09/19 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Videos
[2013/09/19 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Pictures
[2013/09/19 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Music
[2013/09/19 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\My Documents
[2013/09/19 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Local Settings
[2013/09/19 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History
[2013/09/19 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies
[2013/09/19 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Application Data
[2013/09/19 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data
[2013/09/19 22:14:04 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData
[2013/09/19 22:14:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp
[2013/09/19 22:14:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2013/09/19 22:14:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs

========== Files - Modified Within 30 Days ==========

[2013/09/27 11:32:41 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/27 11:32:41 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/27 11:28:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013/09/27 11:27:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/27 11:26:51 | 1581,899,776 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/27 11:23:45 | 000,026,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/27 11:23:45 | 000,026,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/27 01:21:33 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/09/27 01:12:15 | 000,259,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/27 01:05:59 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/09/27 01:00:40 | 000,013,273 | ---- | M] () -- C:\Users\Administrator\Desktop\Windows Update - Shortcut.lnk
[2013/09/25 11:34:32 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/09/25 11:33:10 | 000,002,144 | ---- | M] () -- C:\Windows\System32\drivers\fvstore.dat
[2013/09/25 11:32:35 | 000,001,838 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2013/09/24 06:54:09 | 000,085,464 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2013/09/24 06:54:08 | 000,582,936 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2013/09/24 06:54:08 | 000,044,752 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2013/09/24 06:54:07 | 000,020,072 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys
[2013/09/24 06:53:51 | 000,354,240 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
[2013/09/24 06:53:51 | 000,036,000 | ---- | M] (COMODO) -- C:\Windows\System32\cmdcsr.dll
[2013/09/24 06:53:35 | 000,280,792 | ---- | M] (COMODO) -- C:\Windows\System32\cmdvrt32.dll
[2013/09/24 06:53:34 | 000,040,664 | ---- | M] (COMODO) -- C:\Windows\System32\cmdkbd32.dll
[2013/09/20 00:01:23 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/19 23:00:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/09/19 23:00:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/08/30 03:48:13 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/08/30 03:48:13 | 000,177,864 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/08/30 03:48:13 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/08/30 03:48:12 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/08/30 03:48:12 | 000,061,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/08/30 03:48:12 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/08/30 03:48:11 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/08/30 03:48:11 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/08/30 03:47:40 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/08/30 03:47:32 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

========== Files Created - No Company Name ==========

[2013/09/27 01:05:59 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/09/27 01:00:40 | 000,013,273 | ---- | C] () -- C:\Users\Administrator\Desktop\Windows Update - Shortcut.lnk
[2013/09/20 00:01:23 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/19 23:00:32 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/09/19 23:00:32 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/09/19 22:14:23 | 000,001,413 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/09/19 22:14:04 | 000,001,228 | ---- | C] () -- C:\Users\Administrator\Desktop\Windows Explorer.lnk
[2013/09/19 22:14:04 | 000,000,290 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/09/19 22:14:04 | 000,000,272 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/08/18 17:00:43 | 000,069,632 | ---- | C] () -- C:\Windows\System32\Tiffw32.dll
[2013/08/18 17:00:39 | 000,120,832 | ---- | C] () -- C:\Windows\System32\Iolinlpt.DLL
[2013/08/02 12:24:38 | 000,002,144 | ---- | C] () -- C:\Windows\System32\drivers\fvstore.dat
[2013/06/28 13:27:17 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/28 13:27:17 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/28 13:27:17 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/05 10:53:35 | 000,065,793 | ---- | C] () -- C:\Windows\System32\esfw54.bin
[2013/05/29 02:00:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/05/29 01:27:47 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013/05/29 00:06:55 | 000,177,864 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/05/29 00:06:55 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========


========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello sportspeddler1

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo
  • 0

#3
sportspeddler1

sportspeddler1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
Hello Gringo,

Thank you so much for your response and your help. I was not able to run AdwCleaner in my regular "Brad" user account but was able to run both programs you suggested in my Administrator Account. Does it matter which user account I am logged into when I run the scans? I have attached the logs. After I ran the scans, I logged back into my "Brad" user account and was still not able to run AdwCleaner. I got the same pop-up 'A Device Attached to the system is not functioning'

Thank you,
Brad

AdwCleaner Log:
# AdwCleaner v3.005 - Report created 28/09/2013 at 02:30:26
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Administrator - WIN7DESKTOP
# Running from : C:\Users\Administrator\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v21.0 (en-US)

[ File : C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\sxknpzjg.default\prefs.js ]


[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rekrc0ty.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [895 octets] - [28/09/2013 02:29:03]
AdwCleaner[S0].txt - [817 octets] - [28/09/2013 02:30:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [876 octets] ##########


JRT Log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Professional x86
Ran by Administrator on Sat 09/28/2013 at 2:37:12.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/28/2013 at 2:44:51.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello sportspeddler1

Run this from the admin account

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
sportspeddler1

sportspeddler1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
Gringo,

I ran ComboFix without any problem. The log from the ComboFix scan follows. When I logged back into my "Brad" user account, I was still getting the 'device not functioning' pop-up.

Thank you,
Brad

ComboFix 13-09-28.01 - Administrator 09/28/2013 11:56:35.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2011.1356 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Fonts\msjh.ttf
.
.
((((((((((((((((((((((((( Files Created from 2013-08-28 to 2013-09-28 )))))))))))))))))))))))))))))))
.
.
2013-09-28 16:03 . 2013-09-28 16:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-28 16:03 . 2013-09-28 16:03 -------- d-----w- c:\users\Brad\AppData\Local\temp
2013-09-28 06:37 . 2013-09-28 06:37 -------- d-----w- c:\windows\ERUNT
2013-09-28 06:28 . 2013-09-28 06:30 -------- d-----w- C:\AdwCleaner
2013-09-27 05:07 . 2013-09-16 04:50 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EAB59E23-BE6E-4FC3-A20A-099F8CDDBCD6}\mpengine.dll
2013-09-27 05:05 . 2013-09-27 05:05 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-09-27 05:04 . 2013-09-27 05:04 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-27 05:03 . 2013-09-27 05:03 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-09-20 04:01 . 2013-09-20 04:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-20 04:01 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-20 04:00 . 2013-09-20 04:00 -------- d-----w- C:\MalwareBytes
2013-09-20 02:50 . 2013-09-20 02:58 -------- d-----w- c:\programdata\HitmanPro
2013-09-20 02:14 . 2013-09-20 03:46 -------- d-----w- c:\users\Administrator
2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-24 10:54 . 2013-04-25 15:05 85464 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-09-24 10:54 . 2013-04-15 22:38 44752 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-09-24 10:54 . 2013-04-15 22:38 582936 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-09-24 10:54 . 2013-04-15 22:38 20072 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-09-24 10:53 . 2013-04-23 19:04 354240 ----a-w- c:\windows\system32\guard32.dll
2013-09-24 10:53 . 2013-04-15 22:38 36000 ----a-w- c:\windows\system32\cmdcsr.dll
2013-09-24 10:53 . 2013-04-15 22:38 280792 ----a-w- c:\windows\system32\cmdvrt32.dll
2013-09-24 10:53 . 2013-04-15 22:38 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-08-30 07:48 . 2013-05-29 04:06 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2013-05-29 04:06 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-05-29 04:06 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2013-05-29 04:06 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48 . 2013-05-29 04:06 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2013-05-29 04:06 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2013-05-29 04:06 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2013-05-29 04:06 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2013-05-29 04:06 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2013-05-29 04:06 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-07 08:22 . 2013-05-29 04:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-07-25 08:57 . 2013-08-17 05:52 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41 . 2013-08-17 05:51 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-09 05:03 . 2013-08-17 05:53 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-09 05:03 . 2013-08-17 05:53 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-09 04:53 . 2013-08-17 05:53 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 04:52 . 2013-08-17 05:52 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 04:50 . 2013-08-17 05:52 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 04:46 . 2013-08-17 05:52 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 04:46 . 2013-08-17 05:52 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 04:46 . 2013-08-17 05:52 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-06 05:05 . 2013-08-17 05:52 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-09-24 1576152]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-25 98304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-05-29 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
forteManager.lnk - c:\forte manager\bin\Monitor.exe -startup [2013-6-4 1683456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-09-24 131288]
R3 LGDDCDevice;LGDDCDevice;c:\forte manager\bin\I2CDriver.sys [2009-04-24 14336]
R3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-05-29 1343400]
R4 LGII2CDevice;LGII2CDevice;c:\forte manager\bin\PII2CDriver.sys [2009-04-24 18432]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2013-09-24 20072]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2013-09-24 582936]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2013-09-24 44752]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-24 172032]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-08-30 66336]
S3 Elite4v2;Senselock EliteIV v2.x Service;c:\windows\system32\Drivers\elite4v2.sys [2007-03-27 11264]
S3 NmPar;PCI Parallel Port;c:\windows\system32\DRIVERS\NmPar.sys [2010-01-19 81920]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{411F08C0-FF20-442C-9FCB-9E02D9FA13E2}: NameServer = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rekrc0ty.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - ExtSQL: 2013-09-19 00:36; [email protected]; c:\program files\AVAST Software\Avast\WebRep\FF
.
.
------- File Associations -------
.
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-EaseUS EPM tray - c:\easeus\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4079146356-2118840559-2295162176-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-4079146356-2118840559-2295162176-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-4079146356-2118840559-2295162176-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-4079146356-2118840559-2295162176-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-4079146356-2118840559-2295162176-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(596)
c:\windows\system32\guard32.dll
.
Completion time: 2013-09-28 12:06:07
ComboFix-quarantined-files.txt 2013-09-28 16:06
.
Pre-Run: 129,440,256,000 bytes free
Post-Run: 129,340,407,808 bytes free
.
- - End Of File - - 0D74CBA31DB77B4596FF2387104E9505
A36C5E4F47E84449FF07ED3517B43A31
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

In the Brad account I want you to open Device manager and look for something that may look like a yellow exclamation mark !


Right click on this one and select uninstall


Restart the computer and see if you still get the same Popup




To enter device manager

Click on the start button and in the search field type in device manager and click on the top selection



Gringo
  • 0

#7
sportspeddler1

sportspeddler1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
Perhaps we are on to something here. I found a yellow (!) in device manager. However, I can't seem to uninstall it and it is still there upon re-start. It is under Network adapters and says "WAN Miniport (IKEv2) next to the yellow !. When I click on properties and under Device status it states "This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)"

I wonder if the fact that I cant seem to uninstall it has something to do with the fact that I don't seem to have administrative privileges under this user name.

Thank you again,
Brad
  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

Is there anything like delete or remove


gringo
  • 0

#9
sportspeddler1

sportspeddler1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
I could not find any Delete or Remove. There was a "Disable" which I tried. But even after rebooting I still got the pop-up 'A device attached to the system is not functioning'.
  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I found this when reading about device manager

If you are logged on as a standard user, a message appears indicating that you cannot make any changes to the devices. Click OK to open Device Manager in read-only mode. On Properties pages that would normally allow an administrator to make changes, there is now a Change settings button at the bottom of the page. When you click that button, you are prompted for a user name and password with permissions to modify the device.


See if you can put in your user name and password


Gringo
  • 0

Advertisements


#11
sportspeddler1

sportspeddler1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
Getting more confused here. I did not get any message that said I could not make changes. Did not find anything that said anything about opening in Read-only mode. Could not find any Change Setting button. While trying to look for these things, my screen went black for a second and when it came back up, I had a new yellow (!). This one under Portable Devices. says G:\ next to it. Device type: Portable Devices. Manufacturer: Multi. Location: on UMBus Enumerator. Under Device status states: "Windows has stopped this device because it has reported problems. (Code 43)" I tried to uninstall it, it disappeared for a minute, the screen went black for a second again and then it was back. Any thoughts?

Thank you,
Brad
  • 0

#12
sportspeddler1

sportspeddler1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
After re-booting the other yellow ! was gone so back to just the original one.

Am starting to wonder about just deleting this user name and creating a new one. What do you think about that idea? Am I correct in assuming that you do not think I have a malware problem?
  • 0

#13
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

how about temporary make this an admin account and try to remove it?


And this what we are doing now has nothing to do with malware


Gringo
  • 0

#14
sportspeddler1

sportspeddler1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
Not really sure what you mean by making this an admin account. The "brad" account is set to have full administrative privileges. Also, I went into my Administrator account and tried to delete or uninstall it from there and was not able to do so.

I came across this article http://support.micro....com/kb/2871372 which seems to describe my exact problem, however it is for Windows 8. I could not find a similar article for Windows 7. Any information we could glean from this article that would help?

From what I can find it seems that the WAN miniport devices are protected from deleting them, even as administrator, without some sort of work-around or making changes in the registry. I hope you don't mind me posting these things that I found. I am afraid to try anything without some input from someone who knows a lot more than I do.

Thank you,
Brad
  • 0

#15
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I found this if you want to give it a try - http://en.community....t/19368629.aspx


Gringo
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP