Jump to content

Virus Not fully removed? Computer acting slow and crashing

WoodyGrape

By WoodyGrape
in Resolved Malware Removal Logs

 Share

Recommended Posts

WoodyGrape

WoodyGrape

Posted
Posted

Thought malwarebytes removed the virus but it seems to be acting wierd.  Logs follow

 

dds.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.25.2
Run by Richard Waltonsmith at 11:22:08 on 2013-09-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6135.4978 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dldocoms.exe
C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe
C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Richard Waltonsmith\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Users\Richard Waltonsmith\AppData\Local\LogMeIn Rescue Applet\LMIR0002.tmp\lmi_rescue.exe
C:\Users\Richard Waltonsmith\AppData\Local\LogMeIn Rescue Applet\LMIR0002.tmp\LMI_Rescue_srv.exe
C:\Users\Richard Waltonsmith\AppData\Local\LogMeIn Rescue Applet\LMIR0002.tmp\LMI_Rescue_srv.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
 
 
 
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [Dell 968 AIO Printer] "C:\Program Files (x86)\Dell 968 AIO Printer\fm3032.exe" /s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [mxomssmenu] "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\RICHAR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Richard Waltonsmith\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoResolveTrack = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoResolveTrack = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
 
 
 
 
 
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{BDD10FB5-D80A-4B5E-8AA3-43B08904122D} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{BDD10FB5-D80A-4B5E-8AA3-43B08904122D} : DHCPNameServer = 192.168.1.1
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [dldomon.exe] "C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe"
x64-Run: [MemoryCardManager] "C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-1-26 55280]
R2 dldo_device;dldo_device;C:\Windows\System32\dldocoms.exe -service --> C:\Windows\System32\dldocoms.exe -service [?]
R2 LMIRescue_87618170-cc61-4da4-9942-2e0ca45ce400;LogMeIn Rescue (87618170-cc61-4da4-9942-2e0ca45ce400);C:\Users\Richard Waltonsmith\AppData\Local\LogMeIn Rescue Applet\LMIR0002.tmp\LMI_Rescue_srv.exe [2013-9-19 2570592]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-1-27 216064]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-1-27 215040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dldoCATSCustConnectService;dldoCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\dldoserv.exe [2007-10-5 34032]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-12 701512]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-4-12 25928]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 139616]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-25 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-27 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2013-09-19 11:03:20 9694160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B1C7D90F-C68C-40AE-8557-7EF4EE554EF1}\mpengine.dll
2013-09-18 07:57:04 9694160 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-13 16:40:06 4751752 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-09-12 00:27:21 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-09-07 01:29:30 965008 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{32D80C0A-7EC9-4936-95D0-961FB8990283}\gapaengine.dll
2013-08-27 23:06:46 -------- d-----w- C:\ProgramData\Citrix
2013-08-27 23:06:06 -------- d-----w- C:\Users\Richard Waltonsmith\AppData\Local\Citrix
2013-08-27 23:06:04 103832 ----a-w- C:\Users\Richard Waltonsmith\GoToAssistDownloadHelper.exe
2013-08-27 00:39:07 -------- d-----w- C:\ProgramData\Garmin
2013-08-27 00:39:01 -------- d-----w- C:\ProgramData\Package Cache
2013-08-26 21:07:35 -------- d-----w- C:\Program Files\iPod
2013-08-26 21:07:34 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-26 21:07:34 -------- d-----w- C:\Program Files\iTunes
2013-08-26 21:07:34 -------- d-----w- C:\Program Files (x86)\iTunes
2013-08-26 20:39:03 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-26 20:33:20 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-08-26 20:33:20 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-08-26 20:33:19 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-08-26 20:33:19 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-08-26 20:33:19 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-08-26 20:33:19 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-08-26 20:33:19 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-08-26 20:22:10 -------- d-sh--w- C:\$RECYCLE.BIN
2013-08-26 19:40:38 -------- d-----w- C:\AdwCleaner
2013-08-26 18:58:39 963488 ----a-w- C:\Windows\System32\deployJava1.dll
2013-08-26 18:58:39 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-08-26 18:53:45 -------- d-----w- C:\TDSSKiller_Quarantine
2013-08-26 17:28:03 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-08-26 17:28:02 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-26 17:28:02 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-08-26 17:28:02 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-08-26 17:28:02 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-08-26 17:28:02 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-08-26 17:28:02 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-08-26 17:28:02 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-08-26 17:27:48 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-08-26 17:27:48 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-08-26 14:49:32 -------- d-sh--w- C:\$$PendingFiles
2013-08-24 00:17:22 -------- d-----w- C:\Users\Richard Waltonsmith\AppData\Roaming\Garmin
2013-08-21 10:03:13 -------- d-----w- C:\7f92f0a1687e03f91254b7686dfd60f3
2013-08-21 10:01:29 -------- d-----w- C:\Windows\System32\MRT
2013-08-20 22:02:37 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-20 22:02:37 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-08-20 22:02:37 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-08-20 22:02:36 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-08-20 22:01:59 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-08-20 22:01:57 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M  ====================
.
2013-09-13 16:40:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-13 16:40:22 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-26 20:38:54 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-08-26 20:38:54 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-03-25 13:10:31 174016 ----a-w- C:\Program Files (x86)\gcres.dll
2012-03-25 13:10:30 693648 ----a-w- C:\Program Files (x86)\gcUninstall WeatherBlink.dll
.
============= FINISH: 11:22:38.19 ===============
 
 
 
 
Attach.txt
 
 
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 6/26/2010 12:09:03 PM
System Uptime: 9/19/2013 5:12:13 AM (6 hours ago)
.
Motherboard: DELL Inc. |  | 0X501H
Processor: Intel® Core™ i7 CPU         920  @ 2.67GHz | CPU 1 | 1574/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 688 GiB total, 558.579 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP287: 8/26/2013 5:42:56 PM - Garmin Express
RP288: 8/27/2013 5:34:33 AM - Windows Update
RP289: 9/3/2013 8:33:36 AM - Windows Update
RP290: 9/4/2013 8:38:21 AM - Windows Update
RP291: 9/8/2013 4:54:36 AM - Windows Update
RP292: 9/11/2013 2:17:23 PM - Windows Update
RP293: 9/11/2013 8:16:28 PM - Windows Update
RP294: 9/13/2013 8:49:35 AM - Windows Update
RP295: 9/16/2013 12:08:09 PM - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArtTracker
Banctec Service Agreement
Bing Rewards Client Installer
Bonjour
Business Contact Manager for Outlook 2007 SP2
Cisco WebEx Meetings
Complete Care Consumer Service Agreement
Dell 968 AIO Printer
Dell Driver Download Manager
Dell Edoc Viewer
Dell Getting Started Guide
DirectXInstallService
Dropbox
EMC 10 Content
EMCGadgets64
GIMP 2.6.11
Google Chrome
Google Earth
Google SketchUp 8
Google Toolbar for Internet Explorer
Google Update Helper
HP Product Detection
iCloud
Intel® Matrix Storage Manager
iTunes
Java 7 Update 25
Java Auto Updater
join.me
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Maxtor Manager
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access Runtime (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MobileMe Control Panel
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
NVIDIA PhysX
Picasa 3
PowerDVD DX
QuickTime
Realtek High Definition Audio Driver
Rosetta Stone Homeschool
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio File Backup
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition 
SolidWorks eDrawings 2012
SolidWorks eDrawings 2012 x64
Sonic CinePlayer Decoder Pack
Spelling Dictionaries Support For Adobe Reader 9
TOPO! 4
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VD64Inst
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
9/19/2013 3:53:06 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  RxFilter
9/19/2013 3:52:59 AM, Error: Service Control Manager [7023]  - The Windows Defender service terminated with the following error:  The specified module could not be found.
9/19/2013 3:52:58 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the dldoCATSCustConnectService service to connect.
9/19/2013 3:52:58 AM, Error: Service Control Manager [7000]  - The SessionLauncher service failed to start due to the following error:  The system cannot find the file specified.
9/19/2013 3:52:58 AM, Error: Service Control Manager [7000]  - The dldoCATSCustConnectService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
9/15/2013 10:00:04 PM, Error: Service Control Manager [7016]  - The NVIDIA Display Driver Service service has reported an invalid current state 32.
.
==== End Of File ===========================
 
 
 
 
RoguKiller Log
 
 
 
 
RogueKiller V8.6.12 _x64_ [sep 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Richard Waltonsmith [Admin rights]
Mode : Scan -- Date : 09/19/2013 11:39:45
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 8 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST3750528AS +++++
--- User ---
[MBR] 20d5d3dcd52815f1b17e67270949f198
[bSP] 03e305809de40ceaf54bfec6cdaeba67 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10366 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 21311488 | Size: 704997 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_09192013_113945.txt >>

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.