xtremetoxicguy Posted September 26, 2013 ID:734751 Share Posted September 26, 2013 Hello. My son has reported to me that his computer is acting very slow. He said that the internet was running much slower than usual, and some of his applications would not connect to the internet, and would run slowly as well. I used the anti-malwarebytes anti-malware scan, and ran a full scan, and found nothing. I am hoping that someone could help me resolve this problem, so he can continue his use on the computer. I am also hoping that this won't cost anything too expensive, as it is a very expensive computer. Please report back if you can with further information and/or instructions on how I can remove the virus. Thank you! Link to post Share on other sites More sharing options...
MrCharlie Posted September 26, 2013 ID:734753 Share Posted September 26, 2013 Welcome to the forum, please start HERE Post back the 2 logs here.....DDS.txt and Attach.txt (please don't put logs in code or quotes and use the default font) P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. 2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. <====><====><====><====><====><====><====><====> Next................ Please download and run RogueKiller 32 bit to your desktop. RogueKiller<---use this one for 64 bit systems Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything! Don't run any other options, they're not all bad!!!!!!! Post back the report which should be located on your desktop. (please don't put logs in code or quotes and use the default font) MrC Note: Please read all of my instructions completely including these. Make sure system restore is turned on and running Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>When we are done, I'll give to instructions on how to cleanup all the tools and logs <+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. ------->Your topic will be closed if you haven't replied within 3 days!<-------- (If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
xtremetoxicguy Posted September 26, 2013 Author ID:734756 Share Posted September 26, 2013 Hello. Thank you for the help. Here are the logs: DDS:DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORKInternet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.21.2Run by User at 12:11:06 on 2013-09-26Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.3197 [GMT -7:00].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\Explorer.EXEC:\Windows\system32\ctfmon.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - <orphaned>BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - <orphaned>BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dlluRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silentuRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exeuRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunmRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguimRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-startmRun: [RaidCall] C:\Program Files (x86)\RaidCall\raidcall.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option...INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..TCP: NameServer = 10.0.1.1TCP: Interfaces\{8113064E-7ECC-40CE-97D3-83CC46A736E6} : DHCPNameServer = 10.0.1.1TCP: Interfaces\{8113064E-7ECC-40CE-97D3-83CC46A736E6}\C696371676162746E6562737E6564777F627B6 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{A46E6B0C-3B7D-408E-B1BD-07D850F25986} : DHCPNameServer = 10.1.10.1Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllAppInit_DLLs= c:\progra~2\nvidia~1\nvstre~1\rxinput.dllmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Privacy Safeguard BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll.INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>.============= SERVICES / DRIVERS ===============.R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-4-30 283200]R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-6-28 2470736]R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\Windows\System32\drivers\BazisVirtualCDBus.sys [2011-6-4 198480]R3 BCMH43XX;N+ Wireless USB Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2009-11-6 838136]S0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-20 65336]S0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-20 189936]S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-10-15 1030952]S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-10-15 378944]S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-10-15 33400]S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-10-15 80816]S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-28 46808]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-24 14984480]S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2013-5-16 389896]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]S3 DCamUSBNovatek;USB2.0 UVC Camera;C:\Windows\System32\drivers\nvtcam.sys [2010-7-14 2746624]S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-12-20 131912]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-1-14 57856]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-5 25928]S3 NVFLASH;NVFLASH;C:\Windows\System32\drivers\nvflash.sys [2012-10-28 15168]S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-8-24 39712]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-27 59392]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-27 1255736]S4 ASGT;ASGT;C:\Windows\SysWOW64\ASGT.exe [2012-1-17 55296]S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-5 418376]S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-5 701512]S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-3-6 1153368]S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-4-15 3289208]S4 WLANBelkinService;Belkin WLAN service;C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [2009-12-28 36864].=============== Created Last 30 ================.2013-09-25 10:34:23 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2E63BF25-4B11-47F9-B0C6-6A95607112F4}\mpengine.dll2013-09-23 19:35:44 -------- d-----w- C:\Program Files\Sony2013-09-23 19:17:33 -------- d-----w- C:\Windows\en2013-09-21 15:39:13 3090544 ----a-w- C:\Users\User\worldpainter_64_1.6.2.exe2013-09-21 06:52:36 -------- d-----w- C:\Users\User\backups2013-09-21 06:35:55 -------- d-----w- C:\Users\User\ServerJarStorage2013-09-21 06:35:55 -------- d-----w- C:\Users\User\MCEdit-schematics2013-09-21 06:34:26 -------- d-----w- C:\Users\User\MCEdit-0.1.7.1.win-amd642013-09-20 06:51:03 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller2013-09-20 06:48:18 -------- d-----w- C:\Program Files (x86)\Origin Games2013-09-20 06:48:07 -------- d-----w- C:\Users\User\AppData\Local\Origin2013-09-19 18:29:08 -------- d-----w- C:\SIMCITY2013-09-18 16:18:10 -------- d-----w- C:\Users\User\AppData\Roaming\WorldPainter2013-09-18 16:18:01 -------- d-----w- C:\Program Files\WorldPainter2013-09-17 01:31:26 -------- d-----w- C:\Program Files (x86)\ss helper2013-09-17 01:31:20 -------- d-----w- C:\ProgramData\saVeNshaorae2013-09-11 15:22:24 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys2013-09-05 14:04:02 209272 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll2013-08-30 12:29:56 -------- d-----w- C:\Program Files (x86)\Windows Phone2013-08-30 12:29:44 -------- d-----w- C:\ProgramData\Applications2013-08-30 12:16:00 -------- d-----r- C:\Users\User\Podcasts2013-08-29 05:06:10 -------- d-----w- C:\Program Files (x86)\Snes9x.==================== Find3M ====================.2013-09-21 06:34:26 45056 ----a-w- C:\Users\User\mcedit.exe2013-09-21 06:34:26 2987520 ----a-w- C:\Users\User\python27.dll2013-09-20 19:07:18 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr2013-09-20 19:07:18 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe2013-09-20 18:59:15 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex02013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys2013-08-07 11:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys.============= FINISH: 12:12:12.85 =============== Attach:.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1Install Date: 10/12/2012 11:08:13 AMSystem Uptime: 9/26/2013 11:48:14 AM (1 hours ago).Motherboard: Intel Corporation | | DG35ECProcessor: Intel® Core2 Duo CPU E8400 @ 3.00GHz | LGA 775 | 2982/333mhz.==== Disk Partitions =========================.A: is RemovableC: is FIXED (NTFS) - 466 GiB total, 73.66 GiB free.D: is CDROM ()E: is CDROM ()F: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}Description: Microsoft PS/2 MouseDevice ID: ACPI\PNP0F03\4&264163AB&0Manufacturer: MicrosoftName: Microsoft PS/2 MousePNP Device ID: ACPI\PNP0F03\4&264163AB&0Service: i8042prt.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: aswRvrtDevice ID: ROOT\LEGACY_ASWRVRT\0000Manufacturer: Name: aswRvrtPNP Device ID: ROOT\LEGACY_ASWRVRT\0000Service: aswRvrt.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: Security Processor Loader DriverDevice ID: ROOT\LEGACY_SPLDR\0000Manufacturer: Name: Security Processor Loader DriverPNP Device ID: ROOT\LEGACY_SPLDR\0000Service: spldr.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: avast! Network Shield SupportDevice ID: ROOT\LEGACY_ASWTDI\0000Manufacturer: Name: avast! Network Shield SupportPNP Device ID: ROOT\LEGACY_ASWTDI\0000Service: aswTdi.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: aswVmmDevice ID: ROOT\LEGACY_ASWVMM\0000Manufacturer: Name: aswVmmPNP Device ID: ROOT\LEGACY_ASWVMM\0000Service: aswVmm.Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}Description: Standard PS/2 KeyboardDevice ID: ACPI\PNP0303\4&264163AB&0Manufacturer: (Standard keyboards)Name: Standard PS/2 KeyboardPNP Device ID: ACPI\PNP0303\4&264163AB&0Service: i8042prt.==== System Restore Points ===================.RP245: 9/19/2013 11:49:07 AM - Installed DirectXRP246: 9/19/2013 11:50:12 PM - Installed DirectXRP247: 9/23/2013 12:09:40 PM - Windows Live EssentialsRP248: 9/23/2013 12:11:17 PM - Installed DirectXRP249: 9/23/2013 12:12:31 PM - Installed DirectXRP250: 9/23/2013 12:13:28 PM - Installed DirectXRP251: 9/23/2013 12:14:26 PM - WLSetupRP252: 9/23/2013 12:22:18 PM - Removed Windows Movie Maker 2.6RP253: 9/25/2013 3:33:46 AM - Windows Update.==== Installed Programs ======================.7-Zip 9.20 (x64 edition)Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XI (11.0.04)Adobe Shockwave Player 12.0AirPortApple Application SupportApple Mobile Device SupportApple Software UpdateASUS GPU TweakAudacity 2.0.3avast! Free AntivirusBelkin USB Wireless AdaptorBonjourBonjour Print ServicesCall of Duty Black Ops IICarmageddon EFLC 2.0.1.1CCleanerCeltx (2.9.1)Counter-Strike: Global OffensiveCounter-Strike: SourceCyberLink PowerDirector 11D3DX10DAEMON Tools LiteDoom 3 BFG EditionESET Online Scanner v3FAKEFACTORY Cinematic Mod V12Far Cry 3FaçadeFileHippo.com Update CheckerFraps (remove only)Free WMA to MP3 Converter 1.16Garry's ModGoogle ChromeGoogle Update HelperHalf-LifeHalf-Life 2Half-Life 2: Episode TwoHalf-Life: Blue ShiftHalf-Life: Opposing ForceHalf-Life: SourceiCloudIntel® Network Connections 15.3.68.0iTunesJava 7 Update 10 (64-bit)Java 7 Update 21Java Auto UpdaterJoypadConnectJunk Mail filter updateL.A.NoireLeft 4 Dead 2LogMeIn HamachiMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Games for Windows - LIVE RedistributableMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office InfoPath MUI (English) 2007Microsoft Office Office 64-bit Components 2007Microsoft Office Outlook ConnectorMicrosoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Professional Plus 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft SkyDriveMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft WSE 3.0 RuntimeMicrosoft Xbox 360 Accessories 1.2Microsoft XNA Framework Redistributable 4.0MINERVA: MetastasisMovie MakerMSVCRTMSVCRT RedistsMSVCRT_amd64MSVCRT110MSVCRT110_amd64Newblue Art Effects for PowerDirectorNotepad++NVIDIA 3D Vision Controller Driver 320.49NVIDIA 3D Vision Driver 320.49NVIDIA Control Panel 320.49NVIDIA GeForce Experience 1.6NVIDIA Graphics Driver 320.49NVIDIA HD Audio Driver 1.3.24.2NVIDIA Install ApplicationNVIDIA PhysXNVIDIA PhysX System Software 9.13.0604NVIDIA Stereoscopic 3D DriverNVIDIA Update 7.2.17NVIDIA Update ComponentsNVIDIA Virtual Audio 1.2.1OriginPaint.NET v3.5.10Pando Media BoosterParanormal - CLOSED BETA 7.0Photo CommonPhoto GalleryPinnacle Game ProfilerPoker Night 2PortalPortal 2Project64 1.6PunkBuster ServicesQuickTimeRaidCallRAR Password UnlockerROBLOX Player for UserRockstar Games Social ClubSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition SHIELD StreamingSimCity 4 DeluxeSimCity™SkulltagSkype Click to CallSkype™ 6.6SOE Web InstallerSource SDK Base 2007Source SDK Base 2013 MultiplayerSource SDK Base 2013 SingleplayerSpider-manSpider-Man® - Web of Shadows 1.1 PatchSpider-Man - Web of ShadowsSpider-Man - Web of Shadows 1.1 PatchSpybot - Search & DestroySpywareBlaster 5.0ss helper 1.74SteamSteam Trading Card Beta AccessswMSMSystem Requirements Lab CYRISystem Requirements Lab for IntelSystem Shock 2Team Fortress 2The Sims™ 3The Sims™ 3 AmbitionsThe Walking DeadUnity Web PlayerUnlocker 1.9.1-x64Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Infopath 2007 Help (KB963662)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)UplayVegas Pro 12.0 (64-bit)WeGame Client 2.3.5WinCDEmuWindows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live MailWindows Live MessengerWindows Live MIME IFilterWindows Live Photo CommonWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Movie Maker 2.6Windows Phone app for desktopWinRAR 4.20 (64-bit)WorldPainter 1.6.2.==== Event Viewer Messages From Past Week ========.9/26/2013 9:39:23 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.9/26/2013 9:39:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}9/26/2013 9:39:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}9/26/2013 9:38:54 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswRvrt aswSnx aswSP aswTdi aswVmm CSC DfsC discache ISODisk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl9/26/2013 9:38:54 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.9/26/2013 9:38:54 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.9/26/2013 9:38:54 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.9/26/2013 9:38:54 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.9/26/2013 9:38:54 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.9/26/2013 9:38:54 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.9/26/2013 9:38:54 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.9/26/2013 9:38:53 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.9/26/2013 9:38:53 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.9/26/2013 9:38:53 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.9/26/2013 9:38:53 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.9/26/2013 8:11:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.9/26/2013 8:11:17 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.9/26/2013 12:11:19 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.9/26/2013 11:49:11 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.9/26/2013 11:49:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}9/26/2013 11:49:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}9/26/2013 11:49:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}9/26/2013 11:49:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}9/26/2013 11:48:57 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 219/26/2013 11:48:53 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswSP aswTdi aswVmm discache ISODisk spldr Wanarpv69/26/2013 11:39:37 AM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.9/26/2013 11:39:35 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ISODisk9/26/2013 11:14:07 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.9/22/2013 1:00:19 AM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by -60013 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->64.4.10.33:123) is working properly.9/19/2013 8:23:03 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.9/19/2013 11:41:09 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10..==== End Of File =========================== RK Report: RogueKiller V8.6.12 _x64_ [sep 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Safe mode with network supportUser : User [Admin rights]Mode : Scan -- Date : 09/26/2013 12:14:25| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 csc3-2010-crl.verisign.com127.0.0.1 ocsp.verisign.com127.0.0.1 crl.verisign.com127.0.0.1 download.dm.origin.com127.0.0.1 secure.download.dm.origin.com127.0.0.1 loginregistration.dm.origin.com127.0.0.1 achievements.gameservices.ea.com127.0.0.1 friends.dm.origin.com127.0.0.1 avatar.dm.origin.com127.0.0.1 ecommerce.dm.origin.com127.0.0.1 static.cdn.ea.com127.0.0.1 tealium.hs.llnwd.net127.0.0.1 heartbeat.dm.origin.com127.0.0.1 web.dm.origin.com127.0.0.1 store.origin.com127.0.0.1 ec2-54-243-231-82.compute-1.amazonaws.com127.0.0.1 eaassets-a.akamaihd.net127.0.0.1 ssl.resources.ea.com127.0.0.1 akamai.cdn.ea.com127.0.0.1 novafusion.ea.com[...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD5000AAKX-00ERMA0 ATA Device +++++--- User ---[MBR] de9f2f44d7e23ab87614073a872c745c[bSP] b37449bbcef8ec77da42b031804fbb1e : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_09262013_121425.txt >> Link to post Share on other sites More sharing options...
MrCharlie Posted September 26, 2013 ID:734823 Share Posted September 26, 2013 Please permanently disable Defender, you have Avast running and there's no need to have Defender running. Having 2 AVs running at the same time only causes conflicts, not double the protection:http://www.howtogeek.com/howto/15788/how-to-uninstall-disable-and-remove-windows-defender.-also-how-turn-it-off/ AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ---------------------------------------------------Not much showing, lets run some scans:Download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txtTo attach a log if needed:Bottom right corner of this page.New window that comes up.~~~~~~~~~~~~~~~~~~~~~~~Note:If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:Internet accessWindows UpdateWindows FirewallIf there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.Just run fixdamage.exe.Verify that they are now functioning normally.MrC Link to post Share on other sites More sharing options...
xtremetoxicguy Posted September 26, 2013 Author ID:734865 Share Posted September 26, 2013 Hello. I could not find out how to open Windows Defender, and no viruses were found in the scan.system-log.txtmbar-log-2013-09-26 (23-44-59).txt Link to post Share on other sites More sharing options...
xtremetoxicguy Posted September 26, 2013 Author ID:734871 Share Posted September 26, 2013 I found out how to open it, and it is now disabled. There were still problems, so I tried the fixdamage, but its still acting slow. Link to post Share on other sites More sharing options...
MrCharlie Posted September 26, 2013 ID:734893 Share Posted September 26, 2013 OK...Next: Please download and run ComboFix. The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop. Please visit this webpage for download links, and instructions for running ComboFix http://www.bleepingcomputer.com/combofix/how-to-use-combofix Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Information on disabling your malware programs can be found Here. Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed. Please include the C:\ComboFix.txt in your next reply for further review. ---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed. MrC Link to post Share on other sites More sharing options...
xtremetoxicguy Posted September 26, 2013 Author ID:735111 Share Posted September 26, 2013 Here is the log: ComboFix.txt Link to post Share on other sites More sharing options...
MrCharlie Posted September 26, 2013 ID:735123 Share Posted September 26, 2013 Lets clean out any adware next: (this will require a reboot so save all your work) Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program you want to save.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then.................. Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report. Make sure that everything is checked, and click Remove Selected. Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
xtremetoxicguy Posted September 27, 2013 Author ID:735141 Share Posted September 27, 2013 Ok. There was a file called reboot64 in system32 that seemed important, so I didn't delete it, because I wanted to make sure it was safe to do so. Report: # AdwCleaner v3.005 - Report created 27/09/2013 at 10:36:03# Updated 22/09/2013 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (64 bits)# Username : User - USER-PC# Running from : C:\Users\User\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\BabylonFolder Deleted : C:\ProgramData\StarAppFolder Deleted : C:\ProgramData\saVeNshaoraeFolder Deleted : C:\Users\User\AppData\Local\BabylonFolder Deleted : C:\Users\User\AppData\Local\creFolder Deleted : C:\Users\User\AppData\Roaming\yourfiledownloader[x] Not Deleted : C:\Windows\System32\roboot64.exe ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.comKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.comKey Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_eea72b4fKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_avg-pc-tuneup_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_avg-pc-tuneup_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_wegame_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_wegame_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-movie-maker-2012_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-movie-maker-2012_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\SoftonicKey Deleted : HKCU\Software\YourFileDownloaderKey Deleted : HKLM\Software\BabylonKey Deleted : HKLM\Software\SP GlobalKey Deleted : HKLM\Software\SProtectorKey Deleted : HKLM\Software\YourFileDownloaderKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16686 -\\ Google Chrome v29.0.1547.76 [ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [3761 octets] - [27/09/2013 10:23:04]AdwCleaner[s0].txt - [3554 octets] - [27/09/2013 10:36:03] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3614 octets] ########## Report Malwarebytes: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.09.26.09 Windows 7 Service Pack 1 x64 NTFS The computer seems to run faster now.Internet Explorer 10.0.9200.16686User :: USER-PC [administrator] 9/27/2013 10:47:53 AMmbam-log-2013-09-27 (10-47-53).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: File System | P2PObjects scanned: 237719Time elapsed: 18 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
MrCharlie Posted September 27, 2013 ID:735152 Share Posted September 27, 2013 Please find that file and upload to VirusTotal and Jotti for free scans, let me know the results (just copy back the url) http://www.virustotal.com/ http://virusscan.jotti.org/en MrC Link to post Share on other sites More sharing options...
xtremetoxicguy Posted September 27, 2013 Author ID:735175 Share Posted September 27, 2013 https://www.virustotal.com/en/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1380245818/ Jotti says that the file is empty. Link to post Share on other sites More sharing options...
MrCharlie Posted September 27, 2013 ID:735180 Share Posted September 27, 2013 0 byte file, so delete it. How's the computer???? MrC Link to post Share on other sites More sharing options...
xtremetoxicguy Posted September 27, 2013 Author ID:735181 Share Posted September 27, 2013 The computer is running a lot faster now, thank you for the support! Link to post Share on other sites More sharing options...
MrCharlie Posted September 27, 2013 ID:735182 Share Posted September 27, 2013 Good...... Lets check your computers security before you go and we have a little cleanup to do also: Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.If you get Unsupported operating system. Aborting now, just reboot and try again.A Notepad document should open automatically called checkup.txt.Please Post the contents of that document.Do Not Attach It!!!MrC Link to post Share on other sites More sharing options...
xtremetoxicguy Posted September 27, 2013 Author ID:735184 Share Posted September 27, 2013 Checkup: Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 5.0 Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 21 Java version out of Date! Adobe Flash Player 11.7.700.202 Adobe Reader XI Google Chrome 29.0.1547.66 Google Chrome 29.0.1547.76 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
MrCharlie Posted September 27, 2013 ID:735191 Share Posted September 27, 2013 Out dated programs on the system are vulnerable to malware.Please update or uninstall them:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Java 7 Update 21 <----please update, should be Update 40Java version out of Date! <--------Go to control panel > Java > Update Tab > Update NowUncheck the box to install the Ask toolbar!!! and any other free "stuff".~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~A little clean up to do....Please Uninstall ComboFix: (if you used it)Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)---------------------------------If you used FRST:Download the fixlist.txt to the same folder as FRST.Run FRST and click Fix only once and waitThat will delete the quarantine folder created by FRST.The rest you can manually delete.-----------------------------Please download OTC to your desktop.http://oldtimer.geekstogo.com/OTC.exeDouble-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")Click on the CleanUp! button and follow the prompts.(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)You will be asked to reboot the machine to finish the Cleanup process, choose Yes.After the reboot all the tools we used should be gone.Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.Any other programs or logs you can manually delete.IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.-------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 29, 2013 ID:735769 Share Posted September 29, 2013 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts