Tried to remove svchost.exe

[Davies]

Hello,

I have been getting the svchost.exe trojan result every time I run a scan. I updated to Pro and it's still detecting it. I would appreciate any help with this.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by A at 10:02:08 on 2012-09-23

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.3989 [GMT -7:00]

.

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

C:\Users\A\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe

C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\splwow64.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Dell Support Center\uaclauncher.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.hotmail.com/

uDefault_Page_URL = hxxp://www.dell.com

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "C:\Users\A\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

mRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

StartupFolder: C:\Users\A\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\A\AppData\Roaming\Dropbox\bin\Dropbox.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{8556A8C6-135E-4865-991C-38F57AA018DE} : DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{9AFEBA9C-41A7-4D8E-8876-59C7C5E1724C} : DhcpNameServer = 75.75.75.75 75.75.76.76

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO-X64: Canon Easy-WebPrint EX BHO - No File

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [(Default)]

mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun-x64: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

mRun-x64: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\glj0nir8.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.nbcnews.com/

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll

FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\A\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll

.

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.brc -

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [2012-9-20 1385120]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20120921.001\IDSviA64.sys [2012-9-21 513184]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-6-1 98208]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-13 901184]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-13 974912]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-10 676936]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe [2012-8-15 138272]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-1 2656280]

R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-13 1298496]

R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]

R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-9-16 138912]

R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-3-24 148360]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-8 136176]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 250288]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-8 136176]

S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-22 114144]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 CLKMSVC10_9EC60124;CyberLink Product - 2011/06/01 10:25:12;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-29 236016]

S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-6-1 1692480]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-09-23 16:19:37 20480 ----a-w- C:\Windows\svchost.exe

2012-09-17 15:18:43 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-09-17 15:18:04 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-09-17 15:18:04 -------- d-----w- C:\Program Files\iTunes

2012-09-17 15:18:04 -------- d-----w- C:\Program Files\iPod

2012-09-17 15:18:04 -------- d-----w- C:\Program Files (x86)\iTunes

2012-09-15 23:00:28 -------- d-sh--w- C:\found.000

2012-09-12 14:40:58 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-09-12 14:40:58 574464 ----a-w- C:\Windows\System32\d3d10level9.dll

2012-09-12 14:40:58 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2012-09-12 14:40:58 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys

2012-09-12 14:40:57 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-09-12 14:40:57 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-09-12 14:40:57 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-08-25 22:45:24 -------- d-----w- C:\ProgramData\PC-Doctor for Windows

.

==================== Find3M ====================

.

2012-09-20 22:56:12 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-20 22:56:12 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-09-08 00:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-21 20:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll

2012-08-21 20:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-09 20:42:56 4547984 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-07-09 20:42:54 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2012-07-06 20:07:42 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys

2012-07-06 02:17:58 37536 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\srtspx64.sys

2012-07-06 02:17:57 737952 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\srtsp64.sys

2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

.

============= FINISH: 10:03:30.54 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 6/8/2011 3:24:11 PM

System Uptime: 9/23/2012 9:14:20 AM (1 hours ago)

.

Motherboard: Dell Inc. | | 0YH79Y

Processor: Intel® Core i5-2410M CPU @ 2.30GHz | CPU | 2301/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 332.116 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP93: 9/8/2012 11:04:13 AM - Scheduled Checkpoint

RP94: 9/12/2012 9:48:03 AM - Windows Update

RP95: 9/22/2012 8:54:24 AM - Windows Update

.

==== Installed Programs ======================

.

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4) MUI

Advanced Audio FX Engine

Amazon MP3 Downloader 1.0.17

Apple Application Support

Apple Software Update

Canon Easy-PhotoPrint EX

Canon Easy-WebPrint EX

Canon IJ Network Scanner Selector EX

Canon IJ Network Tool

Canon MG5300 series On-screen Manual

Canon MG5300 series User Registration

Canon MP Navigator EX 3.0

Canon MP Navigator EX 5.0

Canon My Printer

Canon Solution Menu EX

Canon Utilities Solution Menu

Coupon Printer for Windows

Cozi

CyberLink PowerDVD 9.6

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell Digital Delivery

Dell Getting Started Guide

Dell Home Systems Service Agreement

Dell Marketplace Webslice IE8

Dell MusicStage

Dell PhotoStage

Dell Stage

Dell VideoStage

Dell Webcam Central

DirectX 9 Runtime

Dropbox

eBay

Garmin Lifetime Updater

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Wireless Display

Internet Explorer

IrfanView (remove only)

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

Malwarebytes Anti-Malware version 1.65.0.1400

Mani Screen Saver

Mesh Runtime

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 15.0 (x86 en-US)

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Norton Internet Security

PhotoShowExpress

Quicken WillMaker Plus 2011

QuickTime

Realtek High Definition Audio Driver

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

SereneScene Marine Aquarium 2

Skype Click to Call

Skype™ 5.10

Snagit 10.0.2

Sonic CinePlayer Decoder Pack

TouchCopy 09

TrustedID

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

9/23/2012 9:19:37 AM, Error: Service Control Manager [7034] - The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

9/23/2012 9:18:00 AM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: After starting, the service hung in a start-pending state.

9/23/2012 9:18:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

9/23/2012 9:17:59 AM, Error: Service Control Manager [7022] - The SSDP Discovery service hung on starting.

9/23/2012 9:16:29 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

9/22/2012 5:05:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

9/22/2012 5:00:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.

9/19/2012 8:40:30 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Dell Digital Delivery Service service to connect.

9/19/2012 8:40:30 AM, Error: Service Control Manager [7000] - The Dell Digital Delivery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/17/2012 8:18:55 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

9/17/2012 8:16:48 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.

9/17/2012 8:15:48 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/17/2012 8:15:37 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/16/2012 8:41:52 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

.

==== End Of File ===========================

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[Davies]

Thank you for your quick response. I'm not experienced with computers so please bear with me.

I have a USB mouse so I will remove that before the scan.

By quitting all running programs, do you mean to disable the Norton Internet Security as well? I tried to download RogueKiller.exe and Norton had a warning message, etc.

[MrCharlie]

I have a USB mouse so I will remove that before the scan.

You don't have to do that...it says

Please remove any usb or external drives from the computer before you run this scan!

~~~~~~~~~~~~

By quitting all running programs, do you mean to disable the Norton Internet Security as well? I tried to download RogueKiller.exe and Norton had a warning message, etc.

The program is safe and you don't have to disable Norton.

MrC

• 
  

[Davies]

Here is the report:

[00:00:0000] ***** Global Init *****

[00:00:0000] Has crashed before : Yes

[00:00:0000] Create mutex : RogueKiller

[00:00:0000] Mutex Created : 0x120

[00:00:0000] Fill lists

[00:00:0000] OS Language : English

[00:00:0000] Take Privileges

[00:00:0016] Modify Token

[00:00:0016] Set priority to HIGH

[00:00:0016] Getting Operating System

[00:00:0016] Os Getted : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

[00:00:0016] ***** Global Init OK *****

[00:00:0016] ***** GUI Init *****

[00:00:0016] Get build number

[00:00:0016] build number : RogueKiller (by Tigzy) -- v8.0.5

[00:00:0125] ***** GUI Init OK *****

[00:00:0141] ***** PreScan *****

[00:00:0156] Clear ListViews

[00:00:0156] Clear Objects

[00:00:0156] Enum Windows

[00:00:0156] [Check Window] Eula - Please read

[00:00:0172] [Check Window] Debug log sending

[00:00:0172] [Check Window] Start

[00:00:0188] [Check Window] Jump List

[00:00:0188] [Check Window] CiceroUIWndFrame

[00:00:0188] [Check Window] Task Switching

[00:00:0188] [Check Window] CiceroUIWndFrame

[00:00:0188] [Check Window] Network Flyout

[00:00:0188] [Check Window] Malwarebytes Anti-Malware

[00:00:0188] [Check Window] CiceroUIWndFrame

[00:00:0188] [Check Window] TF_FloatingLangBar_WndTitle

[00:00:0188] [Check Window] Search and restore

files and shortcuts hidden

by rogues of type \'FakeHDD\'

[00:00:0188] [Check Window] RogueKiller (by Tigzy) -- v8.0.5

[00:00:0188] [Check Window] Recipes

[00:00:0188] [Check Window] View Downloads - Windows Internet Explorer

[00:00:0188] [Check Window] GDI+ Window

[00:00:0188] [Check Window] DDE Server Window

[00:00:0203] [Check Window] DropboxTrayIcon

[00:00:0203] [Check Window] Garmin Lifetime Updater

[00:00:0203] [Check Window] CiceroUIWndFrame

[00:00:0203] [Check Window] MediaContextNotificationWindow

[00:00:0203] [Check Window] SystemResourceNotifyWindow

[00:00:0203] [Check Window] C:\Program Files\DellTPad\Apntex.exe

[00:00:0203] [Check Window] Elara

[00:00:0203] [Check Window] Dialog

[00:00:0203] [Check Window] WinAMRestoreWnd

[00:00:0203] [Check Window] FWSesAlWndTitle

[00:00:0203] [Check Window] HelperMsgListenerWnd

[00:00:0203] [Check Window] SYM_AVPAPP_WINDOW_NAME_{1BE293D4-E7AD-4314-B8C9-C088A7CC1E69}

[00:00:0203] [Check Window] Canon IJ Network Scanner Selector EX Wnd

[00:00:0203] [Check Window] Intel PROSet/Wireless - TF - Intel® Wireless Tray

[00:00:0203] [Check Window] ApUsbPnP

[00:00:0203] [Check Window] ApMsgFwdWindow

[00:00:0203] [Check Window] Europa

[00:00:0203] [Check Window] MotoSkypeWrapperWnd

[00:00:0219] [Check Window] {A7E495BF-9589-4a6e-8479-DDA2D8D3C05F}

[00:00:0219] [Check Window] Canon My Printer

[00:00:0219] [Check Window] SidebarBroadcastWatcher

[00:00:0219] [Check Window] BluetoothNotificationAreaIconWindowClass

[00:00:0219] [Check Window] GDI+ Window

[00:00:0219] [Check Window] QuickSet

[00:00:0219] [Check Window] GDI+ Window

[00:00:0219] [Check Window] MS_WebcheckMonitor

[00:00:0219] [Check Window] Realtek HD Audio CPL for Vista

[00:00:0219] [Check Window] ViennaSettingUI

[00:00:0219] [Check Window] Realtek SpeakerTestManager

[00:00:0219] [Check Window] Media Center SSO

[00:00:0219] [Check Window] Realtek HD Audio New GUI

[00:00:0219] [Check Window] Animate Manager

[00:00:0219] [Check Window] RTK TRAYICON

[00:00:0219] [Check Window] AudioEngine For Realtek HD Audio New GUI

[00:00:0219] [Check Window] RTK AUDIO DRIVER EVENT MGR

[00:00:0234] [Check Window] GDI+ Window

[00:00:0234] [Check Window] HkWndName

[00:00:0234] [Check Window] PersistWndName

[00:00:0234] [Check Window] HiddenFaxWindow

[00:00:0234] [Check Window] igfxtrayWindow

[00:00:0234] [Check Window] MCI command handling window

[00:00:0234] [Check Window] Battery Meter

[00:00:0234] [Check Window] Start menu

[00:00:0234] [Check Window] A

[00:00:0234] [Check Window] ccSvcHst

[00:00:0234] [Check Window] DDE Server Window

[00:00:0234] [Check Window] HotStartUAWindowClass

[00:00:0234] [Check Window] MCI command handling window

[00:00:0234] [Check Window] Task Host Window

[00:00:0234] [Check Window] DWM Notification Window

[00:00:0234] [Check Window] Weather

[00:00:0234] [Check Window] Program Manager

[00:00:0250] [Check Window] MSCTFIME UI

[00:00:0250] [Check Window] Default IME

[00:00:0250] [Check Window] Default IME

[00:00:0250] [Check Window] MSCTFIME UI

[00:00:0250] [Check Window] Default IME

[00:00:0250] [Check Window] MSCTFIME UI

[00:00:0250] [Check Window] Default IME

[00:00:0250] [Check Window] MSCTFIME UI

[00:00:0250] [Check Window] Default IME

[00:00:0250] [Check Window] MSCTFIME UI

[00:00:0250] [Check Window] Default IME

[00:00:0250] [Check Window] Default IME

[00:00:0250] [Check Window] Default IME

[00:00:0250] [Check Window] Default IME

[00:00:0250] [Check Window] MSCTFIME UI

[00:00:0250] [Check Window] Default IME

[00:00:0250] [Check Window] Default IME

[00:00:0250] [Check Window] Default IME

[00:00:0266] [Check Window] MSCTFIME UI

[00:00:0266] [Check Window] Default IME

[00:00:0266] [Check Window] Default IME

[00:00:0266] [Check Window] Default IME

[00:00:0266] [Check Window] MSCTFIME UI

[00:00:0266] [Check Window] Default IME

[00:00:0266] [Check Window] MSCTFIME UI

[00:00:0266] [Check Window] Default IME

[00:00:0266] [Check Window] Default IME

[00:00:0266] [Check Window] Default IME

[00:00:0266] [Check Window] Default IME

[00:00:0266] [Check Window] Default IME

[00:00:0266] [Check Window] Default IME

[00:00:0266] [Check Window] Default IME

[00:00:0266] [Check Window] MSCTFIME UI

[00:00:0266] [Check Window] Default IME

[00:00:0266] [Check Window] Default IME

[00:00:0266] [Check Window] Default IME

[00:00:0281] [Check Window] Default IME

[00:00:0281] [Check Window] Default IME

[00:00:0281] [Check Window] Default IME

[00:00:0281] [Check Window] Default IME

[00:00:0281] [Check Window] Default IME

[00:00:0281] [Check Window] Default IME

[00:00:0281] [Check Window] Default IME

[00:00:0281] [Check Window] Default IME

[00:00:0281] [Check Window] MSCTFIME UI

[00:00:0281] [Check Window] Default IME

[00:00:0281] [Check Window] Default IME

[00:00:0281] [Check Window] Default IME

[00:00:0281] [Check Window] Default IME

[00:00:0281] [Check Window] Default IME

[00:00:0281] [Check Window] Default IME

[00:00:0281] [Check Window] Default IME

[00:00:0281] [Check Window] Default IME

[00:00:0281] [Check Window] Default IME

[00:00:0297] [Check Window] Default IME

[00:00:0297] [Check Window] Default IME

[00:00:0297] [Check Window] Default IME

[00:00:0297] [Check Window] Default IME

[00:00:0297] [Check Window] Default IME

[00:00:0297] [Check Window] Default IME

[00:00:0297] [Check Window] MSCTFIME UI

[00:00:0297] [Check Window] Default IME

[00:00:0297] [Check Window] MSCTFIME UI

[00:00:0297] [Check Window] Default IME

[00:00:0297] [Check Processes] Service PID : 712

[MrCharlie]

Looks like RogueKiller crashed.

Please uncheck MBR scan on the right hand side and try it again, MrC

[Davies]

[00:00:0031] ***** Global Init *****

[00:00:0031] Has crashed before : Yes

[00:00:0031] Create mutex : RogueKiller

[00:00:0031] Mutex Created : 0x120

[00:00:0031] Fill lists

[00:00:0046] OS Language : English

[00:00:0140] Take Privileges

[00:00:0140] Modify Token

[00:00:0156] Set priority to HIGH

[00:00:0156] Getting Operating System

[00:00:0156] Os Getted : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

[00:00:0156] ***** Global Init OK *****

[00:00:0156] ***** GUI Init *****

[00:00:0156] Get build number

[00:00:0156] build number : RogueKiller (by Tigzy) -- v8.0.5

[00:00:0312] ***** GUI Init OK *****

[00:00:0312] ***** PreScan *****

[00:00:0312] Clear ListViews

[00:00:0312] Clear Objects

[00:00:0312] Enum Windows

[00:00:0358] [Check Window] Eula - Please read

[00:00:0358] [Check Window] Debug log sending

[00:00:0358] [Check Window] Task Switching

[00:00:0358] [Check Window] Start

[00:00:0358] [Check Window] CiceroUIWndFrame

[00:00:0358] [Check Window] Jump List

[00:00:0358] [Check Window] Snagit Editor - [sep 25, 2012 7:34:48 AM]

[00:00:0358] [Check Window] ms_sqlce_se_notify_wndproc

[00:00:0358] [Check Window] Malwarebytes Anti-Malware

[00:00:0358] [Check Window] AutoComplete

[00:00:0358] [Check Window] SysFader

[00:00:0358] [Check Window] CiceroUIWndFrame

[00:00:0358] [Check Window] Network Flyout

[00:00:0358] [Check Window] CiceroUIWndFrame

[00:00:0358] [Check Window] TF_FloatingLangBar_WndTitle

[00:00:0358] [Check Window] Tried to remove svchost.exe - Malwarebytes Forum - Windows Internet Explorer

[00:00:0374] [Check Window] RogueKiller (by Tigzy) -- v8.0.5

[00:00:0374] [Check Window] View Downloads - Windows Internet Explorer

[00:00:0374] [Check Window] Tried to remove svchost.exe - Malwarebytes Forum - Windows Internet Explorer

[00:00:0374] [Check Window] Snagit

[00:00:0374] [Check Window] DelayedWnd

[00:00:0374] [Check Window] GDI+ Window

[00:00:0374] [Check Window] DDE Server Window

[00:00:0374] [Check Window] C:\Program Files (x86)\TechSmith\Snagit 10\Snagit.chm

[00:00:0374] [Check Window] GDI+ Window

[00:00:0374] [Check Window] GDI+ Window

[00:00:0374] [Check Window] GDI+ Window

[00:00:0374] [Check Window] DDE Server Window

[00:00:0374] [Check Window] WinAMRestoreWnd

[00:00:0374] [Check Window] HelperMsgListenerWnd

[00:00:0374] [Check Window] CiceroUIWndFrame

[00:00:0374] [Check Window] Garmin Lifetime Updater

[00:00:0390] [Check Window] DropboxTrayIcon

[00:00:0390] [Check Window] Canon IJ Network Scanner Selector EX Wnd

[00:00:0390] [Check Window] Dialog

[00:00:0390] [Check Window] MediaContextNotificationWindow

[00:00:0390] [Check Window] SystemResourceNotifyWindow

[00:00:0390] [Check Window] Intel PROSet/Wireless - TF - Intel® Wireless Tray

[00:00:0390] [Check Window] BluetoothNotificationAreaIconWindowClass

[00:00:0390] [Check Window] HiddenFaxWindow

[00:00:0390] [Check Window] MS_WebcheckMonitor

[00:00:0390] [Check Window] Realtek HD Audio CPL for Vista

[00:00:0390] [Check Window] ViennaSettingUI

[00:00:0390] [Check Window] Realtek SpeakerTestManager

[00:00:0390] [Check Window] Realtek HD Audio New GUI

[00:00:0405] [Check Window] Animate Manager

[00:00:0405] [Check Window] RTK TRAYICON

[00:00:0405] [Check Window] AudioEngine For Realtek HD Audio New GUI

[00:00:0405] [Check Window] RTK AUDIO DRIVER EVENT MGR

[00:00:0405] [Check Window] GDI+ Window

[00:00:0405] [Check Window] C:\Program Files\DellTPad\Apntex.exe

[00:00:0405] [Check Window] ApUsbPnP

[00:00:0405] [Check Window] Elara

[00:00:0405] [Check Window] Europa

[00:00:0405] [Check Window] ApMsgFwdWindow

[00:00:0405] [Check Window] {A7E495BF-9589-4a6e-8479-DDA2D8D3C05F}

[00:00:0405] [Check Window] MotoSkypeWrapperWnd

[00:00:0405] [Check Window] PersistWndName

[00:00:0405] [Check Window] HkWndName

[00:00:0405] [Check Window] SidebarBroadcastWatcher

[00:00:0405] [Check Window] GDI+ Window

[00:00:0405] [Check Window] Canon My Printer

[00:00:0421] [Check Window] QuickSet

[00:00:0421] [Check Window] GDI+ Window

[00:00:0421] [Check Window] igfxtrayWindow

[00:00:0421] [Check Window] Media Center SSO

[00:00:0421] [Check Window] Battery Meter

[00:00:0421] [Check Window] ccSvcHst

[00:00:0421] [Check Window] Start menu

[00:00:0421] [Check Window] A

[00:00:0421] [Check Window] DDE Server Window

[00:00:0421] [Check Window] HotStartUAWindowClass

[00:00:0421] [Check Window] MCI command handling window

[00:00:0421] [Check Window] Task Host Window

[00:00:0421] [Check Window] DWM Notification Window

[00:00:0421] [Check Window] FWSesAlWndTitle

[00:00:0421] [Check Window] SYM_AVPAPP_WINDOW_NAME_{1BE293D4-E7AD-4314-B8C9-C088A7CC1E69}

[00:00:0421] [Check Window] Weather

[00:00:0436] [Check Window] Program Manager

[00:00:0436] [Check Window] Default IME

[00:00:0436] [Check Window] MSCTFIME UI

[00:00:0436] [Check Window] Default IME

[00:00:0436] [Check Window] MSCTFIME UI

[00:00:0436] [Check Window] Default IME

[00:00:0436] [Check Window] MSCTFIME UI

[00:00:0436] [Check Window] Default IME

[00:00:0436] [Check Window] Default IME

[00:00:0436] [Check Window] MSCTFIME UI

[00:00:0436] [Check Window] Default IME

[00:00:0436] [Check Window] MSCTFIME UI

[00:00:0436] [Check Window] Default IME

[00:00:0436] [Check Window] Default IME

[00:00:0436] [Check Window] MSCTFIME UI

[00:00:0436] [Check Window] MSCTFIME UI

[00:00:0452] [Check Window] Default IME

[00:00:0452] [Check Window] Default IME

[00:00:0452] [Check Window] MSCTFIME UI

[00:00:0452] [Check Window] Default IME

[00:00:0452] [Check Window] Default IME

[00:00:0452] [Check Window] Default IME

[00:00:0452] [Check Window] Default IME

[00:00:0452] [Check Window] Default IME

[00:00:0452] [Check Window] Default IME

[00:00:0452] [Check Window] Default IME

[00:00:0452] [Check Window] MSCTFIME UI

[00:00:0452] [Check Window] Default IME

[00:00:0452] [Check Window] Default IME

[00:00:0452] [Check Window] Default IME

[00:00:0452] [Check Window] MSCTFIME UI

[00:00:0452] [Check Window] Default IME

[00:00:0452] [Check Window] Default IME

[00:00:0452] [Check Window] Default IME

[00:00:0468] [Check Window] Default IME

[00:00:0468] [Check Window] Default IME

[00:00:0468] [Check Window] Default IME

[00:00:0468] [Check Window] MSCTFIME UI

[00:00:0468] [Check Window] Default IME

[00:00:0468] [Check Window] Default IME

[00:00:0468] [Check Window] Default IME

[00:00:0468] [Check Window] Default IME

[00:00:0468] [Check Window] Default IME

[00:00:0468] [Check Window] Default IME

[00:00:0468] [Check Window] Default IME

[00:00:0468] [Check Window] Default IME

[00:00:0468] [Check Window] Default IME

[00:00:0468] [Check Window] Default IME

[00:00:0468] [Check Window] Default IME

[00:00:0468] [Check Window] Default IME

[00:00:0468] [Check Window] Default IME

[00:00:0483] [Check Window] Default IME

[00:00:0483] [Check Window] Default IME

[00:00:0483] [Check Window] Default IME

[00:00:0483] [Check Window] Default IME

[00:00:0483] [Check Window] Default IME

[00:00:0483] [Check Window] Default IME

[00:00:0483] [Check Window] Default IME

[00:00:0483] [Check Window] Default IME

[00:00:0483] [Check Window] Default IME

[00:00:0483] [Check Window] Default IME

[00:00:0483] [Check Window] Default IME

[00:00:0483] [Check Window] Default IME

[00:00:0483] [Check Window] Default IME

[00:00:0483] [Check Window] Default IME

[00:00:0483] [Check Window] Default IME

[00:00:0483] [Check Window] MSCTFIME UI

[00:00:0483] [Check Window] Default IME

[00:00:0483] [Check Window] MSCTFIME UI

[00:00:0499] [Check Window] Default IME

[00:00:0499] [Check Window] MSCTFIME UI

[00:00:0499] [Check Window] Default IME

[00:00:0499] [Check Processes] Service PID : 648

[MrCharlie]

That's not working...do this instead:

Please read the directions carefully so you don't end up deleting something that is good!!

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
• Put a checkmark beside loaded modules.
  
  
• A reboot will be needed to apply the changes. Do it.
  
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  
• Then click on Change parameters in TDSSKiller.
  
• Check all boxes then click OK.
  
  
• Click the Start Scan button.
  
  
• The scan should take no longer than 2 minutes.
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  
• Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.
  

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[Davies]

I hope I did this right. This is the first log:

08:21:45.0991 5540 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

08:21:46.0755 5540 ============================================================

08:21:46.0755 5540 Current date / time: 2012/09/26 08:21:46.0755

08:21:46.0755 5540 SystemInfo:

08:21:46.0755 5540

08:21:46.0755 5540 OS Version: 6.1.7601 ServicePack: 1.0

08:21:46.0755 5540 Product type: Workstation

08:21:46.0755 5540 ComputerName: A-PC

08:21:46.0756 5540 UserName: A

08:21:46.0756 5540 Windows directory: C:\Windows

08:21:46.0756 5540 System windows directory: C:\Windows

08:21:46.0756 5540 Running under WOW64

08:21:46.0756 5540 Processor architecture: Intel x64

08:21:46.0756 5540 Number of processors: 4

08:21:46.0756 5540 Page size: 0x1000

08:21:46.0756 5540 Boot type: Normal boot

08:21:46.0756 5540 ============================================================

08:21:48.0519 5540 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

08:21:48.0534 5540 ============================================================

08:21:48.0534 5540 \Device\Harddisk0\DR0:

08:21:48.0534 5540 MBR partitions:

08:21:48.0534 5540 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0x1D4C000

08:21:48.0534 5540 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7F000, BlocksNum 0x38606830

08:21:48.0536 5540 ============================================================

08:21:48.0571 5540 C: <-> \Device\Harddisk0\DR0\Partition2

08:21:48.0572 5540 ============================================================

08:21:48.0572 5540 Initialize success

08:21:48.0572 5540 ============================================================

08:22:46.0857 4236 Deinitialize success

[Davies]

Attached are logs 2 and 3

TDSSKiller Logs 2 and 3.zip

[Davies]

Thank you for your help on this, I hope it worked...

[MrCharlie]

Run TDSSKiller again and choose Delete for this one only: (no need load the module or to post the log)

08:32:08.0840 1924 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

08:32:08.0841 1924 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

~~~~~~~~~~~~~~~~~~

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Reboot and see if you can run RogueKiller now, MrC

[Davies]

I ran TDSSKiller again and chose Delete for TDSS File System.

I updated and ran a quickscan with MBAM:

Malwarebytes Anti-Malware (PRO) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.26.13

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

A :: A-PC [administrator]

Protection: Enabled

9/26/2012 5:11:06 PM

mbam-log-2012-09-26 (17-11-06).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 205445

Time elapsed: 37 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

I ran RogueKiller again and it turns out my Norton was disabling it. In the meantime, Norton had a message saying it contained another Trojan (attached). Not sure if that has anything to do with the malware.

I disabled Norton temporarily and RogueKiller was able to run. I've attached the debug report.

Crossing my fingers this worked!

RK debug report.zip

[MrCharlie]

Norton most likely found items already in quarantine.

How is it running?? MrC

[Davies]

It seems to be running faster, I'm praying that I don't have any more proyblems.

Thank you again!

[MrCharlie]

Great

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

MrC

[Davies]

Results of screen317's Security Check version 0.99.51

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Norton Internet Security

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.0.1400

Java 6 Update 31

Java version out of Date!

Adobe Flash Player 11.4.402.265

Adobe Reader X (10.1.4)

Mozilla Firefox (15.0)

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

[MrCharlie]

Java™ 6 Update 31 <---please uninstall from add/remove programs

Java version out of Date! <---download and install the latest version

http://www.java.com/...load/manual.jsp <---latest version

You have out dated programs on the system which are vulnerable to malware.

Please update or delete them

Info on doing that can be found in my Preventive Maintenance

~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[Davies]

I uninstalled Java and installed the latest version.

I tried the combofix /uninstall and that didn't work, I renamed it and it still didn't work. What am I doing wrong?

[MrCharlie]

Running OTL will also uninstall it, MrC

[Davies]

I ran OTL and rebooted, the .exe file is gone so I think everything is okay?

[MrCharlie]

Yes! MrC

[Davies]

THANK YOU!!!!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!