Inactive Laptop running real slow

N

NorGitram

Posts: 112   +0
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.04.21.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Terry LaVigne :: TERRYLAVIGNE-PC [administrator]
4/21/2013 3:27:56 PM
mbam-log-2013-04-21 (15-27-56).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203793
Time elapsed: 13 minute(s), 49 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16476
Run by Terry LaVigne at 15:53:48 on 2013-04-21
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1014.285 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\AOL\1366057420\ee\aolsoftware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AOL Desktop 9.7\waol.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\ProgramData\OfficeGuardianV2\UACProxy.exe
C:\Windows\system32\lxbucoms.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\alg.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\AOL Desktop 9.7\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Windows\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4081127
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: MSN Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [SacReminderHDDV2] c:\programdata\officeguardianv2\reminder\SacReminder.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [AOL Fast Start] "c:\program files\aol desktop 9.7\AOL.EXE" -b
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ITSecMng] c:\program files\toshiba\bluetooth toshiba stack\ItSecMng.exe /START
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [LXBUCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBUtime.dll,_RunDLLEntry@16
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [HostManager] c:\program files\common files\aol\1366057420\ee\AOLSoftware.exe
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4C9D0D10-9A6B-421E-B1CE-6BC85EE36C99} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{501FDFAA-0831-4802-8E1F-C5C2D0980C6E} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R2 CFUACProxy_officeguardianv2;CFUACProxy_officeguardianv2;c:\programdata\officeguardianv2\UACProxy.exe [2010-12-11 83792]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 100328]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-12-10 92008]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-04-21 20:26:34 -------- d-----w- c:\users\terry lavigne\appdata\roaming\Malwarebytes
2013-04-21 20:26:09 -------- d-----w- c:\programdata\Malwarebytes
2013-04-21 20:26:05 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-21 20:26:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-15 20:28:52 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
2013-04-15 20:23:16 -------- d-----w- c:\program files\common files\AOL
2013-04-15 20:23:16 -------- d-----w- c:\program files\AOL Desktop 9.7
2013-04-15 20:23:12 -------- d-----w- c:\program files\common files\aolshare
2013-04-15 18:17:22 64000 ----a-w- c:\windows\system32\smss.exe
2013-04-15 18:17:22 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-15 18:17:22 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-15 18:17:22 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-15 18:17:20 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-04-15 18:17:18 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-04-15 18:16:49 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-15 18:00:31 7108640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{803fc571-2e66-47d7-9c08-8a5c4ca6b13b}\mpengine.dll
2013-04-08 22:23:15 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1b55aa69-2533-44bd-ba1c-628bc3e237e1}\gapaengine.dll
2013-04-08 22:13:32 7108640 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-04-08 20:07:07 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-04-08 20:07:03 1314816 ----a-w- c:\windows\system32\quartz.dll
2013-04-08 20:07:01 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-04-08 20:06:58 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-04-08 20:06:58 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-04-08 20:04:47 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-04-01 23:24:02 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-04-01 23:24:01 499712 ----a-w- c:\windows\system32\msvcp71.dll
.
==================== Find3M ====================
.
2013-04-08 19:35:41 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-08 19:35:39 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-02 10:33:22 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-02-22 03:46:00 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 15:54:57.69 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 11/26/2008 11:22:21 AM
System Uptime: 4/21/2013 2:51:09 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0Y487G
Processor: Intel(R) Celeron(R) CPU 560 @ 2.13GHz | Microprocessor | 2128/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 102 GiB total, 61.252 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 8.866 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.4
AOL Uninstaller (Choose which Products to Remove)
BlackBerry Desktop Software 6.1
Bluetooth Stack for Windows by Toshiba
Browser Address Error Redirector
CameraHelperMsi
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Dell Touchpad
erLT
Google Earth
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java(TM) 6 Update 29
Lexmark 6200 Series
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Mavis Beacon Teaches Typing Platinum 20
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works
MSN Toolbar
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
PowerDVD
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
RTC Client API v1.2
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Skype™ 5.10
Sonic CinePlayer Decoder Pack
SupportSoft Assisted Service
TomTom HOME 2.8.0.2146
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Viewpoint Media Player
Visual Studio 2005 Tools for Office Second Edition Runtime
.
==== End Of File ===========================
 
redtarget.gif
Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Terry LaVigne [Admin rights]
Mode : Scan -- Date : 04/22/2013 02:52:32
| ARK || FAK || MBR |
¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] SacReminder.exe -- C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe [7] -> KILLED [TermProc]
[SUSP PATH] UACProxy.exe -- C:\ProgramData\OfficeGuardianV2\UACProxy.exe [7] -> KILLED [TermProc]
¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SacReminderHDDV2 (C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe) [7] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3249288382-3704238121-507417022-1000[...]\Run : SacReminderHDDV2 (C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe) [7] -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1252GSX ATA Device +++++
--- User ---
[MBR] d9db8186841f9d263dc0ec2f4834408f
[BSP] 32913c31cce9e5ae3fbce4a9cd321f11 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 10000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20560325 | Size: 104433 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_04222013_02d0252.txt >>
RKreport[1]_S_04222013_02d0252.txt

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Terry LaVigne [Admin rights]
Mode : Remove -- Date : 04/22/2013 02:53:42
| ARK || FAK || MBR |
¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] SacReminder.exe -- C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe [7] -> KILLED [TermProc]
[SUSP PATH] UACProxy.exe -- C:\ProgramData\OfficeGuardianV2\UACProxy.exe [7] -> KILLED [TermProc]
¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SacReminderHDDV2 (C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe) [7] -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1252GSX ATA Device +++++
--- User ---
[MBR] d9db8186841f9d263dc0ec2f4834408f
[BSP] 32913c31cce9e5ae3fbce4a9cd321f11 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 10000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20560325 | Size: 104433 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_04222013_02d0253.txt >>
RKreport[1]_S_04222013_02d0252.txt ; RKreport[2]_D_04222013_02d0253.txt

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.04.22.03
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Terry LaVigne :: TERRYLAVIGNE-PC [administrator]
4/22/2013 3:09:24 AM
mbar-log-2013-04-22 (03-09-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 25888
Time elapsed: 12 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.0.6002 Windows Vista Service Pack 2 x86
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_29
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.128000 GHz
Memory total: 1062883328, free: 290021376
------------ Kernel report ------------
04/22/2013 02:55:58
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\intelide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\pcmcia.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athr.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\System32\Drivers\tosrfcom.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\wanatw4.sys
\SystemRoot\system32\DRIVERS\RimSerial.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\tosporte.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\CHDRT32.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\??\C:\Users\TERRYL~1\AppData\Local\Temp\mbr.sys
\??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{803FC571-2E66-47D7-9C08-8A5C4CA6B13B}\MpKsl798ed819.sys
\??\C:\Windows\system32\drivers\TrueSight.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff845d0418
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff83b55528
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.04.22.03
Downloaded database version: v2013.04.17.03
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff845d0418, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff845efd18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff845d0418, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff83b55528, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffaed8e248, 0xffffffff845d0418, 0xffffffff84b3c2d0
Lower DeviceData: 0xffffffffac339738, 0xffffffff83b55528, 0xffffffff84b5e040
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 80
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 80262
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 80325 Numsec = 20480000
Partition 2 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 20560325 Numsec = 213879275
Partition file system is NTFS
Partition is bootable
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 120034123776 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-234421648-234441648)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
 
All looks clean...

In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
785
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back