Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desktop shows up after Login after 30 seconds everything is Unresponsive


  • This topic is locked This topic is locked
1 reply to this topic

#1 redbullpower

redbullpower

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 09 October 2014 - 03:33 AM

The computer became unresponsive after running malwarebytes and removing the recommended items which were not serious. After reboot it became unresponsive however I was able to shutdown the browser and other windows which allowed limited response, enough to try malwarebytes again. This time it showed there were no problems. I also tried ADW which showed nothing. At this point the computer remains unresponsive after 30 seconds after the desktop loads. After restarting many times I was able to get some response and run DDS as attached after waiting about 10 minutes. I was able to run tdsskiller which found a rootkit. It removed and restarted and did another scan which came up clean. The computer still remains the same. I am also getting multiple messages about the Intel Rapid Storage detecting and removing disks however this only happens after about 5 minutes lasting for another 5 minutes. There are no problems or lags on startup before the desktop shows up.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17280
Run by User at 8:11:14 on 2014-10-09
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.16358.12717 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
D:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
D:\Program Files (x86)\1Password\Agile1pService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\M-Audio\Axiom AIR\AudioDevMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
D:\Windows\Prey\versions\1.1.3\bin\windows\cronsvc.exe
D:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
D:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\system32\lxeccoms.exe
C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
D:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
D:\Windows\Prey\current\bin\node.exe
D:\Windows\Prey\versions\1.1.5\node_modules\triggers\bin\evtcheck.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
D:\Program Files (x86)\Glary Utilities 3\Integrator.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
D:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
D:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
D:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
D:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
D:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
D:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
D:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
D:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
D:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files (x86)\1Password\Agile1pAgent.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar64.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
D:\Desktop\stuff\rkill.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorUI.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
D:\Desktop\stuff\rkill64-256.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: 1Password: {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - D:\Program Files (x86)\1Password\Agile1pIE.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [DymoQuickPrint] "D:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [OfficeSyncProcess] "D:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
uRun: [AdobeBridge] <no file>
uRunOnce: [Application Restart #11] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --flag-switches-begin --flag-switches-end --restore-last-session -- http://www.richmond.gov.uk/home/transport_and_streets/parking/parking_bays/parking_suspensions_and_dispensations/parking_suspensions.htm
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [LogitechCommunicationsManager] "C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
mRun: [LVCOMSX] "C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe"
mRun: [LogitechQuickCamRibbon] "D:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe" /hide
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [nmapp] "D:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun: [Bonus.SSR.FR11] "D:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "D:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [Agile1pAgent] D:\Program Files (x86)\1Password\Agile1pAgent.exe
mRun: [DLSService] "D:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
mRun: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [WSHelperSetup.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - D:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\skype delay start.bat
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - D:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHILIP~1.LNK - C:\Program Files (x86)\Philips\GoGear Spark Device Manager\main.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
IE: Se&nd to OneNote - D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - {5D7B119E-062F-476B-A5E7-797FAF554BA2} - D:\Program Files (x86)\1Password\Agile1pIE.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} - hxxp://canesparta.dyndns.org:8888/WinWebPush.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{2660D9EE-857A-4FDD-9D3B-325DA75C9310} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{E5992F00-74F3-49ED-A7E1-BFEED05FA66E} : DHCPNameServer = 192.168.1.254 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files (x86)\MP3 Skype Recorder\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [CSRSkype] D:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
x64-Run: [BthSyncServ] "D:\Program Files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe"
x64-Run: [ConMgr] "D:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe"
x64-Run: [lxecmon.exe] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-Run: [BCSSync] "D:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760]
R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\System32\drivers\BtHidBus.sys [2010-4-6 23944]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2011-10-12 562456]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2012-8-2 23832]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-9-28 56208]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2014-2-25 534104]
R1 RapportCerberus_80055;RapportCerberus_80055;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80055.sys [2014-10-8 761720]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2014-10-1 445880]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2014-10-1 557656]
R2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;D:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [2011-9-22 819976]
R2 Agile1Password;1Password;D:\Program Files (x86)\1Password\Agile1pService.exe [2014-5-7 768784]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 AxiomAIRAudioDevMon;Axiom AIR Audio Device Monitor;C:\Program Files (x86)\M-Audio\Axiom AIR\AudioDevMon.exe [2013-1-15 204496]
R2 CronService;Cron Service;D:\Windows\Prey\versions\1.1.3\bin\windows\cronsvc.exe [2014-5-5 18432]
R2 DevoloNetworkService;devolo Network Service;D:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [2010-12-23 3304768]
R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-8-2 225280]
R2 DymoPnpService;DYMO PnP Service;D:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2012-6-20 32368]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2012-8-2 7168]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-8-2 178344]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2007-2-6 173344]
R2 lxec_device;lxec_device;C:\Windows\System32\lxeccoms.exe -service --> C:\Windows\System32\lxeccoms.exe -service [?]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 125584]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2012-12-13 230408]
R2 PaceLicenseDServices;PACE License Services;C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2012-11-19 2928128]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2014-10-1 1919256]
R2 VFPRadioSupportService;Bluetooth Feature Support;D:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-6-30 145280]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2014-4-24 266240]
R3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-13 29184]
R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);C:\Windows\System32\drivers\CamDrL64.sys [2007-2-3 955680]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2014-3-19 77592]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2014-3-19 13080]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-2-3 58528]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 lxecCATSCustConnectService;lxecCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxecserv.exe [2012-9-11 45736]
S3 AXIOM;Service for M-Audio Axiom AIR;C:\Windows\System32\drivers\MAudioAxiomAIR.sys [2013-1-15 137424]
S3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2013-8-20 95344]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSib.sys [2013-8-20 21872]
S3 btnetBUs;Bluetooth PAN Bus Service;C:\Windows\System32\drivers\btnetBus.sys [2010-4-6 30088]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-10 111616]
S3 iLokDrvr;Usb Driver;C:\Windows\System32\drivers\iLokDrvr.sys [2012-11-17 24728]
S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\Windows\System32\drivers\IvtBtBus.sys [2010-4-6 27016]
S3 LVcKap64;Logitech AEC Driver;C:\Windows\System32\drivers\LVCKap64.sys [2007-2-6 1013024]
S3 MADFUAXIOM;Service for M-Audio Axiom AIR DFU;C:\Windows\System32\drivers\MAudioAxiomAIR_DFU.sys [2013-1-15 29904]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-10-15 91352]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCAMp50a64.sys [2013-3-1 46648]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2013-3-1 45624]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-10 1255736]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .js: jsfile="D:\Program Files\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="D:\Program Files\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-10-09 06:50:25 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7E0F58FB-DCB6-4B66-A3D3-1C886BE6193C}\mpengine.dll
2014-10-08 20:24:16 -------- d-----w- C:\TDSSKiller_Quarantine
2014-10-08 13:22:06 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-10-08 13:21:33 -------- d-----w- C:\AdwCleaner
2014-10-08 12:44:20 -------- d-----w- C:\Windows\ERUNT
2014-10-08 06:34:31 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-07 15:28:43 -------- d-----w- C:\ProgramData\Wondershare
2014-10-07 15:28:32 -------- d-----w- C:\Users\User\AppData\Local\Wondershare
2014-10-07 15:28:31 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
2014-10-07 15:28:17 -------- d-----w- C:\Users\User\AppData\Roaming\Wondershare
2014-10-07 15:28:17 -------- d-----w- C:\Users\User\.android
2014-10-06 12:00:31 1188440 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1FB4ED93-23AA-4EE1-95B5-6DC3C1EBA272}\gapaengine.dll
2014-10-06 11:51:43 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-10-06 11:51:43 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-24 15:51:36 -------- d-----w- C:\ProgramData\DigiDNA
2014-09-24 15:51:35 -------- d-----w- C:\Users\User\AppData\Roaming\iMazing
2014-09-24 15:51:35 -------- d-----w- C:\Users\User\AppData\Local\DigiDNA
2014-09-24 12:50:28 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-24 12:50:28 -------- d-----w- C:\Program Files\iTunes
2014-09-24 12:50:28 -------- d-----w- C:\Program Files\iPod
2014-09-24 07:05:00 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-24 07:05:00 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-23 08:09:19 -------- d-----w- C:\Users\User\AppData\Local\D2B23928-2604-4CDC-8CAA-F19C1FC32377.aplzod
2014-09-17 06:55:20 -------- d-----w- C:\Program Files (x86)\Skype
2014-09-10 08:47:04 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-10 08:47:03 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-09 19:21:54 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-09 19:21:54 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-09 19:21:44 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-09 19:21:44 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-09 19:21:33 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-09 19:21:33 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-09 19:21:33 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-09 19:21:33 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-09 19:21:33 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-09 19:21:29 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-09 19:21:28 424448 ----a-w- C:\Windows\System32\aeinv.dll
.
==================== Find3M  ====================
.
2014-10-08 19:28:35 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-08 17:45:27 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 11:42:52 534104 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2014-09-24 07:03:46 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 07:03:46 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-22 06:42:39 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-30 07:39:45 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2014-07-29 13:11:29 51228 ----a-w- C:\ProgramData\SPLF05D.tmp
2014-07-28 13:52:00 6112072 ----a-w- C:\Windows\System32\usbaaplrc.dll
2014-07-28 13:52:00 54784 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2014-07-25 01:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 22:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-17 17:05:06 269008 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2014-07-17 17:05:06 125584 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
.
============= FINISH:  8:13:00.05 ===============
 

 

Thanks

Redbullpower

 


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:44 AM

Posted 09 October 2014 - 05:33 AM

Duplicate topic:

http://www.bleepingcomputer.com/forums/t/551352/desktop-shows-up-after-login-after-30-seconds-everything-is-unresponsive/


cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users