Jump to content

Infected by ttdasndku.exe, also no access to \Appdata\local\temp


Itzik

Recommended Posts

Hello.

 

I seem to have been infected by some malware.

a program called "ttdasndku.exe" appears during startup and cannot be removed due to security restrictions, and a process called "werfault" appears in task manager.

I'm running on Win 7, with AVG free as my default anti virus.

so far, AVG does not seem to respond.

RogueKiller and Combofix stop responding mid scan.

I also ran RKill and ADWcleaner  (logs attached as attachments).

I cannot install MBAM or SecurityCheck because the folder "C:\Users\<username>\AppData\Local\Temp" denies access.

This also prevents other programs from running.

 

Thanks in advance.

 

logs from DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16736
Run by revah at 9:38:27 on 2014-02-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1255.972.1033.18.4023.1874 [GMT 2:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Program Files\StruCad\Instance\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\OEM\USBDECTION\USBS3S4Detection.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\ComboFix\REGT.3XE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.





BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\revah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ttdasndku.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll





TCP: NameServer = 192.168.1.1
TCP: Interfaces\{058E9DDC-E5E0-470C-A610-E130A651F007} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{730A4578-714B-4374-B4AB-B9658DE8A230} : DHCPNameServer = 8.8.8.8
Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll
Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll
Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll
Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll
Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - <orphaned>
x64-Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - <orphaned>
x64-Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - <orphaned>
x64-Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - <orphaned>
x64-Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - <orphaned>
x64-Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1008030.006\SymEFA64.sys [2011-10-11 402992]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-11-28 46368]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\NISx64\1008030.006\BHDrvx64.sys [2011-10-11 334384]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1008030.006\cchpx64.sys [2011-10-11 561800]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-7-19 254528]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2014-1-29 44744]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110927.030\IDSviA64.sys [2011-9-28 488568]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2013-10-14 2370448]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 MSSQL$ACECADMODELSVR;SQL Server (ACECADMODELSVR);F:\Program Files\StruCad\Instance\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-2-10 29178224]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-10-11 117648]
R2 OberonGameConsoleService;Oberon Media Game Console service;C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [2009-11-17 44312]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-11-17 240160]
R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-14 76320]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-19 535656]
R3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\System32\drivers\NISx64\1008030.006\symndisv.sys [2011-10-11 56952]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-10-16 42184]
S2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe --> C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2014-1-23 145448]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2011-9-27 89160]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-6 102936]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-2-27 1431888]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2011-7-21 97040]
S3 netr7364;Gigabyte RT73 Wireless Driver for Vista for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-6 203544]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2012-7-15 30720]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-21 59392]
S3 tun3326;VPN Tunnel Adapter;C:\Windows\System32\drivers\tun3326.sys [2013-3-22 32368]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-20 1255736]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2014-02-01 06:26:31 -------- d-s---w- C:\ComboFix
2014-01-31 13:30:18 216576 ----a-r- C:\Users\revah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ttdasndku.exe
2014-01-30 17:01:04 910336 ----a-w- C:\Windows\scplayer.exe
2014-01-30 17:01:00 -------- d-----w- C:\Program Files\MIDAS
2014-01-30 17:00:33 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2014-01-29 09:47:05 44744 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys
2014-01-23 21:26:05 676864 ----a-w- C:\Windows\SysWow64\drivers\hardlock.sys
2014-01-23 21:25:47 -------- d-----w- C:\Users\revah\AppData\Local\ApplicationHistory
2014-01-23 21:18:42 33340 ------w- C:\Windows\SysWow64\dbmsqlgc.dll
2014-01-23 21:18:42 24576 ------w- C:\Windows\SysWow64\dbmsgnet.dll
2014-01-23 21:18:42 20480 ----a-w- C:\Windows\SysWow64\cliconfg.728
2014-01-23 21:15:35 145448 ----a-w- C:\Windows\System32\drivers\sentinel64.sys
2014-01-23 21:14:32 -------- d-----w- C:\Program Files (x86)\Acecad software ltd
2014-01-23 21:06:10 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2014-01-23 21:02:50 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2014-01-23 21:02:50 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2014-01-23 21:02:50 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2014-01-23 21:02:50 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2014-01-23 21:02:50 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2014-01-23 21:02:48 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2014-01-23 21:02:48 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2014-01-19 15:28:33 -------- d-----w- C:\Users\revah\AppData\Local\HP
2014-01-07 16:02:30 302751 ----a-w- C:\Windows\SysWow64\~.tmp
.
==================== Find3M  ====================
.
2013-12-11 08:41:12 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 08:41:12 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-28 21:37:02 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-11-05 19:55:48 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2013-11-04 19:52:42 240920 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2006-05-03 09:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 10:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 12:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-06 21:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH:  9:38:39.67 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 19/07/2011 20:03:10
System Uptime: 01/02/2014 07:45:09 (2 hours ago)
.
Motherboard: Packard Bell |  | imedia S3810
Processor: Intel® Core i3 CPU         550  @ 3.20GHz | CPU 1 | 1984/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 225 GiB total, 25.167 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 7.192 GiB free.
E: is FIXED (NTFS) - 0 GiB total, .064 GiB free.
F: is FIXED (NTFS) - 226 GiB total, 49.761 GiB free.
G: is CDROM (CDFS)
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is FIXED (NTFS) - 932 GiB total, 582.046 GiB free.
M: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Sentinel64
Device ID: ROOT\LEGACY_SENTINEL64\0000
Manufacturer:
Name: Sentinel64
PNP Device ID: ROOT\LEGACY_SENTINEL64\0000
Service: Sentinel64
.
==== System Restore Points ===================
.
RP446: 23/01/2014 23:09:59 - Installed StruCad V15.5
RP447: 23/01/2014 23:24:35 - Installed StruM.I.S.NET
RP448: 23/01/2014 23:26:16 - Installed StruCAD Estimating Patch Installer - 6.02 SP3
RP449: 29/01/2014 11:09:40 - Configured StruCad V15.5
RP450: 29/01/2014 11:13:59 - Configured StruM.I.S.NET
RP451: 29/01/2014 11:16:04 - Removed Microsoft SQL Server Desktop Engine
RP452: 29/01/2014 11:17:10 - Configured Struwalker
RP453: 29/01/2014 11:19:25 - Removed Microsoft SQL Server VSS Writer
RP454: 29/01/2014 11:20:40 - Removed Sentinel System Driver Installer 7.5.0
RP455: 29/01/2014 11:21:30 - Removed Microsoft SQL Server Setup Support Files (English)
RP456: 29/01/2014 11:21:56 - Removed Microsoft SQL Server Native Client
RP457: 29/01/2014 11:22:19 - Removed Microsoft .NET Framework 1.1
RP458: 29/01/2014 11:24:44 - Removed Microsoft SQL Server VSS Writer
RP459: 29/01/2014 11:38:27 - Device Driver Package Install: Anchorfree Inc Network Service
RP460: 29/01/2014 11:39:09 - Device Driver Package Install: Anchorfree HSS VPN Adapter Network adapters
RP461: 29/01/2014 17:54:20 - Installed MIDAS/GENw for windows
RP462: 29/01/2014 18:00:15 - Installed Sentinel Protection Installer 7.1.0
RP463: 30/01/2014 18:58:55 - Removed MIDAS/GENw for windows
RP464: 30/01/2014 19:00:53 - Installed MIDAS/GENw for windows
RP465: 30/01/2014 19:01:39 - Installed Sentinel Protection Installer 7.1.0
RP466: 31/01/2014 22:01:02 - Restore Operation
.
==== Installed Programs ======================
.
µTorrent
4500_G510af_Help
4500G510af
4500G510af_Software_Min
64 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.5 MUI
Advertising Center
Alice Greenfingers
Amazonia
Apple Application Support
Apple Software Update
Ares Tube 3.2
Assassin's Creed
ATI Catalyst Install Manager
Audacity 2.0
AutoCAD 2009 - English
Autodesk Robot Structural Analysis Professional 2012
Autodesk Robot Structural Analysis Professional 2012 - English regional settings
AVG 2014
AVI ReComp 1.5.5
AviSynth 2.5
Batman Arkham City version 1.0
Batman Arkham Origins Update v20131106
Batman: Arkham Asylum
BEAMD
Bing Bar
BufferChm
CCleaner (remove only)
Chicken Invaders 2
CSiBridge 15
DAEMON Tools Lite
Dairy Dash
Destinations
DeviceDiscovery
Diablo
DivX Setup
DocMgr
DocProc
Dream Day First Home
Easy Subtitles Synchronizer
ETABS 9
Farm Frenzy 2
Fax
FBReader for Windows
Fire eMule v7.1 (0.47c)
First Class Flurry
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 4.2.0620
FLV to AVI Video Converter v. 1.1
Free Video Joiner
Freez FLV to AVI/MPEG/WMV Converter
Google Earth
Google Update Helper
GPBaseService2
Granny In Paradise
Heroes of Hellas
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510a-f
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
Identity Card
ImagXpress
Intel® Matrix Storage Manager
Java Auto Updater
Java 6 Update 29
K-Lite Codec Pack 2.89 Full
MarketResearch
MathPlayer
MathType 6
Max Payne
Max Payne 2
Max Payne 3
Merriam Websters Spell Jam
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2003 Web Components
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server 2005 Express Edition (ACECADMODELSVR)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2005 Tools for Applications - ENU
MIDAS/GENw for windows
MKVToolNix 5.8.0
Mortal Kombat Komplete Edition
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Myth The Fallen Lords
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Norton Internet Security
Norton Online Backup
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 285.62
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA HD Audio Driver 1.2.24.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
OCR Software by I.R.I.S. 13.0
Packard Bell GameZone Console
Packard Bell InfoCentre
Packard Bell Recovery Management
Packard Bell Registration
Packard Bell ScreenSaver
Packard Bell Software Suite SE
Packard Bell Updater
PDFCreator
Plaxis 8.x
Portal
Portal 2
Prince of Persia
PS3 Media Server
PunkBuster Services
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Response-2000
Rockstar Games Social Club
SAFE 12
SAP2000 15
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Shop for HP Supplies
SmartWebPrinting
SolidWorks 2012 x64 Edition SP0
SolidWorks eDrawings 2012 x64 Edition SP0
SolidWorks Explorer 2012 SP0 x64 Edition
SolutionCenter
Status
SUPER © v2012.build.51 (April 7, 2012) version v2012.build.51
Super Street Fighter IV: Arcade Edition
System Requirements Lab CYRI
Time Adjuster STANDARD 3.1
Toolbox
TrayApp
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
VBA (2627.01)
VC80CRTRedist - 8.0.50727.4053
ViewCompanion Premium 5.11
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player 2.0.5
WebReg
Welcome Center
Windows Live ID Sign-in Assistant
Windows Media Player Firefox Plugin
WinISO 5.3
WinRAR archiver
Xvid Video Codec
YTD Video Downloader 3.9.6
.
==== Event Viewer Messages From Past Week ========
.
31/01/2014 22:15:01, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the SumRandoVPNService service to connect.
31/01/2014 22:15:01, Error: Service Control Manager [7000]  - The SumRandoVPNService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
31/01/2014 22:08:13, Error: Service Control Manager [7000]  - The SentinelFilter service failed to start due to the following error:  SentinelFilter is not a valid Win32 application.
31/01/2014 16:26:34, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
31/01/2014 15:51:34, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
31/01/2014 15:51:34, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
31/01/2014 15:51:29, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
31/01/2014 15:51:29, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
31/01/2014 15:51:24, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
31/01/2014 15:51:18, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
31/01/2014 15:51:15, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Avgdiska AVGIDSDriver Avgldx64 BHDrvx64 ccHP discache eeCtrl IDSVia64 spldr SRTSPX SYMTDI Wanarpv6
31/01/2014 15:51:15, Error: Service Control Manager [7001]  - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:  A device attached to the system is not functioning.
31/01/2014 15:38:18, Error: Service Control Manager [7034]  - The AVGIDSAgent service terminated unexpectedly.  It has done this 1 time(s).
31/01/2014 15:38:18, Error: Service Control Manager [7031]  - The AVG WatchDog service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
31/01/2014 12:40:48, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  and APPID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  to the user revah-PC\revah SID (S-1-5-21-1729897760-2043418707-3997494279-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
31/01/2014 12:40:48, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  and APPID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  to the user revah-PC\revah SID (S-1-5-21-1729897760-2043418707-3997494279-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
29/01/2014 16:03:16, Error: Schannel [36887]  - The following fatal alert was received: 100.
29/01/2014 15:51:58, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.
29/01/2014 15:51:58, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
29/01/2014 14:56:05, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk6\DR6.
29/01/2014 12:22:26, Error: Service Control Manager [7034]  - The SumRandoVPNService service terminated unexpectedly.  It has done this 1 time(s).
29/01/2014 11:09:27, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {9C0BA3C1-2B67-45EB-BF69-BED9658D28D2} as /. The error: "740" Happened while starting this command: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe -Embedding
27/01/2014 16:37:01, Error: Microsoft-Windows-DistributedCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  and APPID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  to the user revah-PC\revah SID (S-1-5-21-1729897760-2043418707-3997494279-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
25/01/2014 16:49:59, Error: EventLog [6008]  - The previous system shutdown at 16:47:51 on ‎25/‎01/‎2014 was unexpected.
01/02/2014 08:32:47, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
01/02/2014 08:24:15, Error: Service Control Manager [7034]  - The hpqcxs08 service terminated unexpectedly.  It has done this 1 time(s).
01/02/2014 08:24:15, Error: Service Control Manager [7034]  - The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 1 time(s).
01/02/2014 07:48:43, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
01/02/2014 07:48:43, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
01/02/2014 07:46:25, Error: Service Control Manager [7000]  - The SentinelFilter service failed to start due to the following error:  The system cannot find the path specified.
01/02/2014 07:46:06, Error: Service Control Manager [7000]  - The Sentinel64 service failed to start due to the following error:  The system cannot find the device specified.
01/02/2014 07:46:06, Error: Service Control Manager [7000]  - The hardlock service failed to start due to the following error:  This driver has been blocked from loading
01/02/2014 07:46:06, Error: Application Popup [1060]  - \??\C:\Windows\SysWow64\drivers\hardlock.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================
 

 

AdwCleanerS10.txt

Rkill.txt

Link to post
Share on other sites

Update:

 

After reading similar threads here, I downloaded Farbar Recovery Scan Tool.

Afterwards I was able to run RougeKiller.

It says that the application "ttdasndku" is "killed", but the app still apears on the startup list, and I still can't access "Appdata\Local\Temp".

 

Attached are the FRST and RK logs.

Addition.txt

FRST.txt

RKreport0_D_02012014_145028.txt

RKreport0_S_02012014_145008.txt

Link to post
Share on other sites

Update 2:

 

I believe I've solved the problem.

Using Unlocker I force-deleted the "Temp" folder.

This allowed me to install and run MBAM, SystemCheck and JunkRemovalTool.

The ttdasndku.exe still returned but after closing the application with the task manager I was able to force-delete it permentaly.

 

This forum was a great help. Previous posts helped with their insight.

This thread can now be moved to the "Resolved" section.

 

Thank you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.