Itzik Posted February 1, 2014 ID:785358 Share Posted February 1, 2014 Hello. I seem to have been infected by some malware.a program called "ttdasndku.exe" appears during startup and cannot be removed due to security restrictions, and a process called "werfault" appears in task manager.I'm running on Win 7, with AVG free as my default anti virus.so far, AVG does not seem to respond.RogueKiller and Combofix stop responding mid scan.I also ran RKill and ADWcleaner (logs attached as attachments).I cannot install MBAM or SecurityCheck because the folder "C:\Users\<username>\AppData\Local\Temp" denies access.This also prevents other programs from running. Thanks in advance. logs from DDS: DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16736Run by revah at 9:38:27 on 2014-02-01Microsoft Windows 7 Home Premium 6.1.7601.1.1255.972.1033.18.4023.1874 [GMT 2:00].AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\PROGRA~2\AVG\AVG2014\avgrsa.exeC:\Program Files (x86)\AVG\AVG2014\avgcsrva.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\AVG\AVG2014\avgidsagent.exeC:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exeC:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEF:\Program Files\StruCad\Instance\MSSQL.1\MSSQL\Binn\sqlservr.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exeC:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exeC:\Program Files (x86)\AVG\AVG2014\avgnsa.exeC:\Program Files (x86)\AVG\AVG2014\avgemca.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\SysWOW64\PnkBstrA.exeC:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXEC:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exeC:\OEM\USBDECTION\USBS3S4Detection.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files (x86)\DAEMON Tools Lite\DTLite.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exeC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\ComboFix\REGT.3XEC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dllBHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dllBHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dlluRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorunmRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLYStartupFolder: C:\Users\revah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ttdasndku.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTCP: NameServer = 192.168.1.1TCP: Interfaces\{058E9DDC-E5E0-470C-A610-E130A651F007} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{730A4578-714B-4374-B4AB-B9658DE8A230} : DHCPNameServer = 8.8.8.8Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dllFilter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dllFilter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dllFilter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dllFilter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dllHandler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dllSSODL: WebCheck - <orphaned>x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exex64-Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - <orphaned>x64-Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - <orphaned>x64-Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - <orphaned>x64-Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - <orphaned>x64-Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - <orphaned>x64-Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - <orphaned>x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1008030.006\SymEFA64.sys [2011-10-11 402992]R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-11-28 46368]R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\NISx64\1008030.006\BHDrvx64.sys [2011-10-11 334384]R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1008030.006\cchpx64.sys [2011-10-11 561800]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-7-19 254528]R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2014-1-29 44744]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110927.030\IDSviA64.sys [2011-9-28 488568]R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2013-10-14 2370448]R2 Greg_Service;GRegService;C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-8-28 1150496]R2 MSSQL$ACECADMODELSVR;SQL Server (ACECADMODELSVR);F:\Program Files\StruCad\Instance\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-2-10 29178224]R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-10-11 117648]R2 OberonGameConsoleService;Oberon Media Game Console service;C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [2009-11-17 44312]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-11-17 240160]R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-14 76320]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-19 535656]R3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\System32\drivers\NISx64\1008030.006\symndisv.sys [2011-10-11 56952]R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-10-16 42184]S2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe --> C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2014-1-23 145448]S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2011-9-27 89160]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-6 102936]S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-2-27 1431888]S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2011-7-21 97040]S3 netr7364;Gigabyte RT73 Wireless Driver for Vista for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-6 203544]S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2012-7-15 30720]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-21 59392]S3 tun3326;VPN Tunnel Adapter;C:\Windows\System32\drivers\tun3326.sys [2013-3-22 32368]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-20 1255736].=============== File Associations ===============.FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1".=============== Created Last 30 ================.2014-02-01 06:26:31 -------- d-s---w- C:\ComboFix2014-01-31 13:30:18 216576 ----a-r- C:\Users\revah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ttdasndku.exe2014-01-30 17:01:04 910336 ----a-w- C:\Windows\scplayer.exe2014-01-30 17:01:00 -------- d-----w- C:\Program Files\MIDAS2014-01-30 17:00:33 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe2014-01-29 09:47:05 44744 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys2014-01-23 21:26:05 676864 ----a-w- C:\Windows\SysWow64\drivers\hardlock.sys2014-01-23 21:25:47 -------- d-----w- C:\Users\revah\AppData\Local\ApplicationHistory2014-01-23 21:18:42 33340 ------w- C:\Windows\SysWow64\dbmsqlgc.dll2014-01-23 21:18:42 24576 ------w- C:\Windows\SysWow64\dbmsgnet.dll2014-01-23 21:18:42 20480 ----a-w- C:\Windows\SysWow64\cliconfg.7282014-01-23 21:15:35 145448 ----a-w- C:\Windows\System32\drivers\sentinel64.sys2014-01-23 21:14:32 -------- d-----w- C:\Program Files (x86)\Acecad software ltd2014-01-23 21:06:10 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server2014-01-23 21:02:50 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll2014-01-23 21:02:50 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll2014-01-23 21:02:50 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe2014-01-23 21:02:50 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll2014-01-23 21:02:50 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll2014-01-23 21:02:48 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll2014-01-23 21:02:48 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll2014-01-19 15:28:33 -------- d-----w- C:\Users\revah\AppData\Local\HP2014-01-07 16:02:30 302751 ----a-w- C:\Windows\SysWow64\~.tmp.==================== Find3M ====================.2013-12-11 08:41:12 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-12-11 08:41:12 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-11-28 21:37:02 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys2013-11-05 19:55:48 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys2013-11-04 19:52:42 240920 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys2006-05-03 09:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll2007-02-21 10:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll2008-03-16 12:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll2010-01-06 21:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll.============= FINISH: 9:38:39.67 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume3Install Date: 19/07/2011 20:03:10System Uptime: 01/02/2014 07:45:09 (2 hours ago).Motherboard: Packard Bell | | imedia S3810Processor: Intel® Core i3 CPU 550 @ 3.20GHz | CPU 1 | 1984/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 225 GiB total, 25.167 GiB free.D: is FIXED (NTFS) - 14 GiB total, 7.192 GiB free.E: is FIXED (NTFS) - 0 GiB total, .064 GiB free.F: is FIXED (NTFS) - 226 GiB total, 49.761 GiB free.G: is CDROM (CDFS)H: is RemovableI: is RemovableJ: is RemovableK: is RemovableL: is FIXED (NTFS) - 932 GiB total, 582.046 GiB free.M: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: Sentinel64Device ID: ROOT\LEGACY_SENTINEL64\0000Manufacturer:Name: Sentinel64PNP Device ID: ROOT\LEGACY_SENTINEL64\0000Service: Sentinel64.==== System Restore Points ===================.RP446: 23/01/2014 23:09:59 - Installed StruCad V15.5RP447: 23/01/2014 23:24:35 - Installed StruM.I.S.NETRP448: 23/01/2014 23:26:16 - Installed StruCAD Estimating Patch Installer - 6.02 SP3RP449: 29/01/2014 11:09:40 - Configured StruCad V15.5RP450: 29/01/2014 11:13:59 - Configured StruM.I.S.NETRP451: 29/01/2014 11:16:04 - Removed Microsoft SQL Server Desktop EngineRP452: 29/01/2014 11:17:10 - Configured StruwalkerRP453: 29/01/2014 11:19:25 - Removed Microsoft SQL Server VSS WriterRP454: 29/01/2014 11:20:40 - Removed Sentinel System Driver Installer 7.5.0RP455: 29/01/2014 11:21:30 - Removed Microsoft SQL Server Setup Support Files (English)RP456: 29/01/2014 11:21:56 - Removed Microsoft SQL Server Native ClientRP457: 29/01/2014 11:22:19 - Removed Microsoft .NET Framework 1.1RP458: 29/01/2014 11:24:44 - Removed Microsoft SQL Server VSS WriterRP459: 29/01/2014 11:38:27 - Device Driver Package Install: Anchorfree Inc Network ServiceRP460: 29/01/2014 11:39:09 - Device Driver Package Install: Anchorfree HSS VPN Adapter Network adaptersRP461: 29/01/2014 17:54:20 - Installed MIDAS/GENw for windowsRP462: 29/01/2014 18:00:15 - Installed Sentinel Protection Installer 7.1.0RP463: 30/01/2014 18:58:55 - Removed MIDAS/GENw for windowsRP464: 30/01/2014 19:00:53 - Installed MIDAS/GENw for windowsRP465: 30/01/2014 19:01:39 - Installed Sentinel Protection Installer 7.1.0RP466: 31/01/2014 22:01:02 - Restore Operation.==== Installed Programs ======================.µTorrent4500_G510af_Help4500G510af4500G510af_Software_Min64 Bit HP CIO Components InstallerAcrobat.comAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader 9.5.5 MUIAdvertising CenterAlice GreenfingersAmazoniaApple Application SupportApple Software UpdateAres Tube 3.2Assassin's CreedATI Catalyst Install ManagerAudacity 2.0AutoCAD 2009 - EnglishAutodesk Robot Structural Analysis Professional 2012Autodesk Robot Structural Analysis Professional 2012 - English regional settingsAVG 2014AVI ReComp 1.5.5AviSynth 2.5Batman Arkham City version 1.0Batman Arkham Origins Update v20131106Batman: Arkham AsylumBEAMDBing BarBufferChmCCleaner (remove only)Chicken Invaders 2CSiBridge 15DAEMON Tools LiteDairy DashDestinationsDeviceDiscoveryDiabloDivX SetupDocMgrDocProcDream Day First HomeEasy Subtitles SynchronizerETABS 9Farm Frenzy 2FaxFBReader for WindowsFire eMule v7.1 (0.47c)First Class FlurryFLV to AVI MPEG WMV 3GP MP4 iPod Converter 4.2.0620FLV to AVI Video Converter v. 1.1Free Video JoinerFreez FLV to AVI/MPEG/WMV ConverterGoogle EarthGoogle Update HelperGPBaseService2Granny In ParadiseHeroes of HellasHP Customer Participation Program 13.0HP Document Manager 2.0HP Imaging Device Functions 13.0HP Officejet 4500 G510a-fHP Smart Web Printing 4.5HP Solution Center 13.0HP UpdateHPDiagnosticAlertHPProductAssistantHPSSupplyIdentity CardImagXpressIntel® Matrix Storage ManagerJava Auto UpdaterJava 6 Update 29K-Lite Codec Pack 2.89 FullMarketResearchMathPlayerMathType 6Max PayneMax Payne 2Max Payne 3Merriam Websters Spell JamMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)Microsoft Games for Windows - LIVE RedistributableMicrosoft Games for Windows MarketplaceMicrosoft Office 2003 Web ComponentsMicrosoft Office File Validation Add-InMicrosoft Office Professional Edition 2003Microsoft Office Suite Activation AssistantMicrosoft SilverlightMicrosoft SQL Server 2005 Express Edition (ACECADMODELSVR)Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENUMicrosoft Visual Studio 2005 Tools for Applications - ENUMIDAS/GENw for windowsMKVToolNix 5.8.0Mortal Kombat Komplete EditionMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Myth The Fallen LordsNero 9 EssentialsNero ControlCenterNero DiscSpeedNero DiscSpeed HelpNero DriveSpeedNero DriveSpeed HelpNero Express HelpNero InfoToolNero InfoTool HelpNero InstallerNero Online UpgradeNero StartSmartNero StartSmart HelpNero StartSmart OEMNeroExpressneroxmlNorton Internet SecurityNorton Online BackupNVIDIA 3D Vision Controller DriverNVIDIA 3D Vision Controller Driver 285.62NVIDIA 3D Vision Driver 306.97NVIDIA Control Panel 306.97NVIDIA Graphics Driver 306.97NVIDIA HD Audio Driver 1.2.24.0NVIDIA Install ApplicationNVIDIA PhysXNVIDIA PhysX System Software 9.11.0621NVIDIA Stereoscopic 3D DriverNVIDIA Update 1.10.8NVIDIA Update ComponentsOCR Software by I.R.I.S. 13.0Packard Bell GameZone ConsolePackard Bell InfoCentrePackard Bell Recovery ManagementPackard Bell RegistrationPackard Bell ScreenSaverPackard Bell Software Suite SEPackard Bell UpdaterPDFCreatorPlaxis 8.xPortalPortal 2Prince of PersiaPS3 Media ServerPunkBuster ServicesQuickTimeRealtek Ethernet Controller DriverRealtek High Definition Audio DriverResponse-2000Rockstar Games Social ClubSAFE 12SAP2000 15ScanSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)Shop for HP SuppliesSmartWebPrintingSolidWorks 2012 x64 Edition SP0SolidWorks eDrawings 2012 x64 Edition SP0SolidWorks Explorer 2012 SP0 x64 EditionSolutionCenterStatusSUPER © v2012.build.51 (April 7, 2012) version v2012.build.51Super Street Fighter IV: Arcade EditionSystem Requirements Lab CYRITime Adjuster STANDARD 3.1ToolboxTrayAppUbisoft Game LauncherUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2836939v3)VBA (2627.01)VC80CRTRedist - 8.0.50727.4053ViewCompanion Premium 5.11Visual Studio 2010 x64 RedistributablesVisual Studio 2012 x64 RedistributablesVisual Studio 2012 x86 RedistributablesVLC media player 2.0.5WebRegWelcome CenterWindows Live ID Sign-in AssistantWindows Media Player Firefox PluginWinISO 5.3WinRAR archiverXvid Video CodecYTD Video Downloader 3.9.6.==== Event Viewer Messages From Past Week ========.31/01/2014 22:15:01, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SumRandoVPNService service to connect.31/01/2014 22:15:01, Error: Service Control Manager [7000] - The SumRandoVPNService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.31/01/2014 22:08:13, Error: Service Control Manager [7000] - The SentinelFilter service failed to start due to the following error: SentinelFilter is not a valid Win32 application.31/01/2014 16:26:34, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.31/01/2014 15:51:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}31/01/2014 15:51:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}31/01/2014 15:51:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}31/01/2014 15:51:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}31/01/2014 15:51:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}31/01/2014 15:51:18, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}31/01/2014 15:51:15, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgdiska AVGIDSDriver Avgldx64 BHDrvx64 ccHP discache eeCtrl IDSVia64 spldr SRTSPX SYMTDI Wanarpv631/01/2014 15:51:15, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.31/01/2014 15:38:18, Error: Service Control Manager [7034] - The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s).31/01/2014 15:38:18, Error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.31/01/2014 12:40:48, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user revah-PC\revah SID (S-1-5-21-1729897760-2043418707-3997494279-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.31/01/2014 12:40:48, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user revah-PC\revah SID (S-1-5-21-1729897760-2043418707-3997494279-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.29/01/2014 16:03:16, Error: Schannel [36887] - The following fatal alert was received: 100.29/01/2014 15:51:58, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.29/01/2014 15:51:58, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.29/01/2014 14:56:05, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.29/01/2014 12:22:26, Error: Service Control Manager [7034] - The SumRandoVPNService service terminated unexpectedly. It has done this 1 time(s).29/01/2014 11:09:27, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {9C0BA3C1-2B67-45EB-BF69-BED9658D28D2} as /. The error: "740" Happened while starting this command: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe -Embedding27/01/2014 16:37:01, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user revah-PC\revah SID (S-1-5-21-1729897760-2043418707-3997494279-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.25/01/2014 16:49:59, Error: EventLog [6008] - The previous system shutdown at 16:47:51 on 25/01/2014 was unexpected.01/02/2014 08:32:47, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.01/02/2014 08:24:15, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).01/02/2014 08:24:15, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).01/02/2014 07:48:43, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).01/02/2014 07:48:43, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.01/02/2014 07:46:25, Error: Service Control Manager [7000] - The SentinelFilter service failed to start due to the following error: The system cannot find the path specified.01/02/2014 07:46:06, Error: Service Control Manager [7000] - The Sentinel64 service failed to start due to the following error: The system cannot find the device specified.01/02/2014 07:46:06, Error: Service Control Manager [7000] - The hardlock service failed to start due to the following error: This driver has been blocked from loading01/02/2014 07:46:06, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\hardlock.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver..==== End Of File =========================== AdwCleanerS10.txtRkill.txt Link to post Share on other sites More sharing options...
Itzik Posted February 1, 2014 Author ID:785416 Share Posted February 1, 2014 Update: After reading similar threads here, I downloaded Farbar Recovery Scan Tool.Afterwards I was able to run RougeKiller.It says that the application "ttdasndku" is "killed", but the app still apears on the startup list, and I still can't access "Appdata\Local\Temp". Attached are the FRST and RK logs.Addition.txtFRST.txtRKreport0_D_02012014_145028.txtRKreport0_S_02012014_145008.txt Link to post Share on other sites More sharing options...
Itzik Posted February 1, 2014 Author ID:785586 Share Posted February 1, 2014 Update 2: I believe I've solved the problem.Using Unlocker I force-deleted the "Temp" folder.This allowed me to install and run MBAM, SystemCheck and JunkRemovalTool.The ttdasndku.exe still returned but after closing the application with the task manager I was able to force-delete it permentaly. This forum was a great help. Previous posts helped with their insight.This thread can now be moved to the "Resolved" section. Thank you. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 6, 2014 Root Admin ID:787361 Share Posted February 6, 2014 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts