Trojan.0Access please help remove

JustJoy · March 8, 2013

Hi, I've just encountered the rootkit Trojan.0Access. I've run malwarebytes and rebooted and it still shows up on the subsequent re-scan. In the past I have successfully removed rootkits with tools like RogueKiller and tdsskiller but I wasn't sure what would be best in this case. I'm not exactly a rookie but I'm no expert either. Please help. Thank you. Here are my logs: *note* I have uTorrent installed but it isn't running nor was it at the time of the scan. If it needs to be uninstalled I am happy to do that. Thank you

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_32

Run by Joy at 7:10:41 on 2013-03-08

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1976.651 [GMT -6:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\STacSV.exe

C:\windows\System32\spoolsv.exe

C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\aestsrv.exe

C:\Program Files\LSI SoftModem\agrsmsvc.exe

C:\Program Files\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe

C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe

C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe

C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\PDF Complete\pdfsvc.exe

C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\system32\taskhost.exe

C:\windows\Explorer.EXE

C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Nuance\PDF Professional 6\PdfPro6Hook.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\Cricket Broadband Connect\AvqAutorun.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\WhatPulse\WhatPulse.exe

C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Program Files\VideoLAN\VLC\vlc.exe

C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe

C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe

C:\Program Files\Clearwire\Connection Manager\ConAppsSvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe

C:\windows\system32\calc.exe

C:\Users\Joy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\windows\notepad.exe

C:\Users\Joy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\System32\svchost.exe -k LocalServiceNoNetwork

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.att.net

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf professional 6\bin\PlusIEContextMenu.dll

BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: WinAVI YouTube Download: {E8DF67A1-B618-4F3F-9E7D-CBE175ADEF5B} - c:\program files\winavi youtube download\YDTune.dll

TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Nuance PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll

TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll

uRun: [iSUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent

uRun: [Google Update] "c:\users\joy\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [WhatPulse] c:\program files\whatpulse\WhatPulse.exe

mRun: [QLBController] c:\program files\hewlett-packard\hp hotkey support\QLBController.exe /start

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [PDFHook] c:\program files\nuance\pdf professional 6\pdfpro6hook.exe

mRun: [PDF6 Registry Controller] c:\program files\nuance\pdf professional 6\RegistryController.exe

mRun: [Nuance PDF Reader-reminder] "c:\program files\nuance\pdf reader\ereg\ereg.exe" -r "c:\programdata\nuance\pdf reader\ereg\Ereg.ini"

mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NOBuActivation.exe" UNATTENDED

mRun: [{F9AA8FE2-E89A-E99B-E8b8-E9AE9B9ABA99}] "c:\program files\cricket broadband connect\avqautorun.exe" "c:\program files\cricket broadband connect\mphonetools.exe" /OnPlug=%s

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [EM_EXEC] c:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Clearwire Connection Manager] "c:\program files\clearwire\connection manager\ClearwireCM.exe" -a

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript

StartupFolder: c:\users\joy\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hawkes~1.lnk - c:\program files\hawkes learning systems\hawkes update service manager\HawkesUpdater.exe

uPolicies-Explorer: NoDrives = dword:0

uPolicies-Explorer: HideSCAHealth = dword:1

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: Append the content of the link to existing PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Append the content of the selected links to existing PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML

IE: Append to existing PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Create PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF file from the content of the link - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF files from the selected links - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Open with Nuance PDF Converter 6.0 - c:\program files\nuance\pdf professional 6\cnvres_eng.dll /100

IE: Open with PDF Professional 6 - c:\program files\nuance\pdf professional 6\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //FWEvent.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

TCP: NameServer = 66.233.164.12 64.13.115.12

TCP: Interfaces\{AC987FE2-3C83-4A1E-B4B3-0A9C8DF3920E} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{D329BE76-3F91-4718-9779-0510BBFFEA8A} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{D329BE76-3F91-4718-9779-0510BBFFEA8A}\442757764756368637 : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{D329BE76-3F91-4718-9779-0510BBFFEA8A}\A4F6970284F6D656 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{D329BE76-3F91-4718-9779-0510BBFFEA8A}\B6565607F65747 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{F90C3FEB-3D9A-4BB2-BE84-5BB54D92718C} : DHCPNameServer = 66.233.164.12 64.13.115.12

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\joy\appdata\roaming\mozilla\firefox\profiles\avir56eu.default\

FF - prefs.js: browser.startup.homepage - hxxp://apps.facebook.com/luckygemcasino/?fb_source=canvasbookmark&count=3

FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\nuance\pdf professional 6\bin\nppdf.dll

FF - plugin: c:\program files\nuance\pdf reader\bin\nppdf.dll

FF - plugin: c:\users\joy\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\users\joy\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R1 lkbdfltr;Logitech Keyboard Class Filter Driver;c:\windows\system32\drivers\LKBDFLTR.SYS [2011-3-31 4240]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\AEstSrv.exe [2010-6-12 81920]

R2 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics Service;c:\program files\clearwire\connection manager\clearwireDeviceDiagnosticsService.exe [2011-3-29 407552]

R2 HawkesUpdater;Hawkes Unattended Updater;c:\program files\hawkes learning systems\hawkes update service manager\srvany.exe [2011-8-28 8192]

R2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\hewlett-packard\hp hotkey support\hpHotkeyMonitor.exe [2010-1-28 265272]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2010-3-15 635416]

R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 6\PDFProFiltSrv.exe [2009-11-3 134944]

R2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\clearwire\connection manager\DeviceLaunchSvc.exe [2011-11-22 108376]

R3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2011-10-17 340992]

R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2011-10-17 48768]

R3 CACLEARWIRE;Clearwire Con App Svc;c:\program files\clearwire\connection manager\ConAppsSvc.exe [2011-11-22 124760]

R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\clearwire\connection manager\RcAppSvc.exe [2011-11-22 120664]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2011-1-18 122880]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-15 257568]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-6-12 1115240]

S1 lmoufltr;Logitech Mouse Class Filter Driver;c:\windows\system32\drivers\LMOUFLTR.SYS [2011-3-31 58592]

S1 lsermous;Logitech Serial Mouse Driver;c:\windows\system32\drivers\LSERMOUS.SYS [2011-3-31 58736]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [2010-12-20 54544]

S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [2010-12-20 12048]

S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [2010-12-20 160400]

S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [2010-12-20 115216]

S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [2010-12-20 160400]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-11-23 1120752]

.

=============== Created Last 30 ================

.

2013-03-08 12:40:13 54016 ----a-w- c:\windows\system32\drivers\wfvsi.sys

2013-03-08 09:18:40 -------- d-sh--w- c:\windows\system32\%APPDATA%

2013-03-08 09:14:29 -------- d-----w- c:\programdata\AC8853FB9BF075F40000AC87A7777979

2013-03-05 08:50:37 -------- d-----w- c:\users\joy\appdata\roaming\Nitreal Games

2013-03-04 12:00:29 -------- d-----w- c:\program files\Infogrames

2013-02-24 01:22:08 -------- d-----w- c:\users\joy\cookieart

2013-02-23 09:16:59 -------- d-----w- c:\users\joy\appdata\roaming\WhiteBear

2013-02-21 14:13:12 -------- d-----w- c:\programdata\Ice Cream Tycoon

2013-02-21 14:06:48 -------- d-----w- c:\users\joy\appdata\roaming\InImages

2013-02-21 11:13:56 -------- d-----w- c:\users\joy\appdata\roaming\RunningPillow

2013-02-21 07:44:11 -------- d-----w- c:\users\joy\appdata\local\MLS2

2013-02-17 06:49:19 -------- d-----w- c:\program files\R.G.BestGamer

2013-02-17 04:20:09 -------- d-----w- c:\users\joy\appdata\roaming\PetStorePanic

.

==================== Find3M ====================

.

2013-02-26 02:44:12 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-02-26 02:44:11 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-28 21:59:00 108144 ----a-w- c:\windows\system32\CmdLineExt.dll

2012-12-14 22:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 7:11:33.78 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/1/2010 1:38:02 PM

System Uptime: 3/8/2013 3:38:13 AM (4 hours ago)

.

Motherboard: Hewlett-Packard | | 1526

Processor: Genuine Intel® CPU T1600 @ 1.66GHz | Intel® Genuine processor | 1662/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 281 GiB total, 3.876 GiB free.

D: is CDROM (CDFS)

E: is CDROM (UDF)

F: is FIXED (FAT32) - 2 GiB total, 1.973 GiB free.

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Leawo DVD to FLV Converter version 4.3.0.0

Leawo FLV Converter version 3.1.0.0

µTorrent

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office system

A Gnomes Home The Great Crystal Crusade 1.00

ACDSee 5.0 Standard Trial

ACDSee 7.0

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Digital Editions 2.0

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.0.1)

Airport Simulator

Alchemy Deluxe 1.00

Amelies Cafe Holiday Spirit 1.00

Amelies Cafe Summer Time 1.00

Ancient Hearts and Spades 1.00

Anno 1602

Anno 1701

AnswerWorks 5.0 English Runtime

Antique Road Trip USA 1.00

Ashtons - Family Resort 1.00

AstroPop 1.00

Atomica 1.00

ATT-PRT22

Balloon Express 1.00

Barn Yarn Collectors 1.00

Baseball Mogul

Big Money 1.00

BLM 2.7.7

Boutique Boulevard 1.00

Burger Bustle 1.00

Burger Bustle Ellies Organics 1.00

Burger Island 2 1.00

Cake Mania 5 Lights Camera Action 1.00

Cake Mania Back to the Bakery 1.00

Cake Mania Main Street 1.00

Cake Mania To the Max 1.00

Cake Shop 3 1.00

Campfire Legends 2 The Babysitter 1.00

CBR Reader

Chocolatier - Decadence by Design 1.00

Chocolatier 1.00

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

CLEAR Connection Manager

Coby Media Manager

Compatibility Pack for the 2007 Office system

Cooking Academy 3 Recipe for Success 1.00

Cooking Dash 2 DinerTown Studios 1.00

CorsixTH 0.01

Corys Lunch Rush 1.00

Costume Chaos 1.00

Cricket Broadband Connect

Delicious Deluxe 2 Free Trial

Delicious Deluxe Free Trial

Delicious Emilys Childhood Memories PE 1.00

Delicious Emilys True Love Premium Edition 1.00

Depth Hunter

Din's Curse

Din's Curse - Demon War Expansion

Diner Dash 2 - Restaurant Rescue 1.00

DinerTown Tycoon 1.00

Direct Show Ogg Vorbis Filter (remove only)

DirectX 9 Runtime

DivX Setup

Doggie Dash 1.00

Dr. Mal Practice of Horror 1.00

Dream Builder Amusement Park 1.00

ER

Fab Fashion 1.00

Fairway Solitaire 2 Collectors Edition 1.1

Family Guy Back to the Multiverse

Family Restaurant 1.00

Farm Craft 1.00

Farm Frenzy Pizza Party 1.00

Farm Frenzy Viking Heroes 1.00

Farm Girl at the Nile 1.00

Farm Quest 1.00

Farm Tribe 2 1.00

Farm Tribe Updated 1.00

Farm Tribe Updated 1.2

Farm Up 1.00

Farmers Market 1.00

Fashion Fits Free Trial

Fashion Fortune 1.00

Fashion Season 1.00

Fashion Solitaire 1.00

Fill Up! 1.00

Fiona Finch and the Finest Flowers 1.00

FishCo

Fishdom 3 Collectors Edition 1.00

Fishers Family Farm New 1.00

Fishing Craze 1.00

Fix-It-Up Eighties Meet Kates Parents 1.00

focus booster

Fruits Inc 1.00

Gallop for Gold 1.00

GangLand

Garden-Simulator 2010 version 1.0

Garden Dash 1.00

Gardenscapes Mansion Makeover CE 1.00

Ghost Master

GhostMaster

GoldHeartsJuiceB

Google Chrome

Google Gears

Google Update Helper

Gourmania 3 Zoo Zoom 1.00

Happy Chef 1.00

Haunted Legends The Undertaker Collectors 1.00

Hawkes Update Service Manager

Hobby Farm 1.00

Hollywood Tycoon 1.00

Horatio's Travels 1.00

Hot Farm Africa 1.00

Hotel Dash 2 Lost Luxuries 1.00

HP Advisor

HP Customer Experience Enhancements

HP ESU for Microsoft Windows 7

HP HotKey Support

HP Product Detection

HP Setup

HP SoftPaq Download Manager

HP Software Framework

HP Software Setup

HP User Guides 0190

HP Web Camera

HP Webcam

HP Webcam Driver

HP Wireless Assistant

HPAsset component for HP Active Support Library

Ice Cream Craze Natural Hero 1.00

IDT Audio

IGT Slots Cleopatra II

Inquisit 3 Web Edition

Insaniquarium! Deluxe 1.00

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

Introductory and Intermediate Algebra (Fall 2011 Student)

Introductory and Intermediate Algebra (Fall 2012 Student)

Jack of All Tribes BFG 1.00

Java Auto Updater

Java 6 Update 32

Jessicas BowWow Bistro 1.00

Jojos Fashion Show World Tour 1.00

Jos Dream Organic Coffee 1.00

Juliettes Fashion Empire 1.00

K-Lite Codec Pack 6.5.0 (Basic)

Katy and Bob Way Back Home 1.00

Kings Smith 1.00

Kitchen Brigade 1.00

Knights and Merchants - The Peasants Rebellion

Kudos 2

Lake House Children of Silence Collectors Edition 1.00

Law and Order - Legacies

LightScribe System Software

Logitech MouseWare 9.10

Lottso! Deluxe 1.00

Lovely Kitchen 1.00

LPL Software 2.7

Lucy's Expedition 1.00

Magic Farm 2 Premium Edition 2.0.3

Magic ISO Maker v5.5 (build 0276)

Magic Sweets 1.00

MagicDisc 2.7.106

Majesty 2: Monster Kingdom

Malwarebytes Anti-Malware version 1.70.0.1100

MeggieSoft Games Gin Rummy

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Choice Guard

Microsoft Office Access MUI (English) 2007

Microsoft Office Access MUI (French) 2007

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Access MUI (Spanish) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Excel MUI (French) 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Excel MUI (Spanish) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office Outlook MUI (French) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Spanish) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint MUI (French) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Spanish) 2007

Microsoft Office Professional Hybrid 2007

Microsoft Office Proof (Arabic) 2007

Microsoft Office Proof (Basque) 2007

Microsoft Office Proof (Catalan) 2007

Microsoft Office Proof (Dutch) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Galician) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (French) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing (Spanish) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Publisher MUI (French) 2007

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Publisher MUI (Spanish) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (French) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Spanish) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Office Word MUI (French) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Spanish) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ Run Time Lib Setup

Microsoft WSE 3.0 Runtime

Microsoft XNA Framework Redistributable 3.1

Miriels Enchanted Mystery 1.00

Mob Rule

Mobile PhoneTools

Monopoly Tycoon

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

My Farm Life 1.00

My Life Story Adventures 1.00

My Vet Practice - Marine Patrol

Neighbours From Hell Compilation

Network Play System (Patching)

Night in the Opera 1.00

Norton Online Backup

Nuance PDF Professional 6

Nuance PDF Reader

NVIDIA PhysX

Oktoberfest Manager

OpenAL

Origin

PANTECH USB Modem V2

Paradise Pet Salon Free Trial

Party Planner 1.00

Path to Success 1.00

PDF Complete Special Edition

PeerGuardian 2.0

Pet Show Craze 1.00

Pet Store Panic 1.00

Pets Fun House 1.00

Pirates of Black Cove

Pizza Connection 2

Port Royale 3 Steam Edition 3.4.2.27374

Posh Shop Free Trial

Pranksterz Off Your Boss 1.00

Project Rescue Africa 1.00

Quicken 2011

Reality Show Fatal Shot Collectors Edition 1.00

Realtek Ethernet Controller All-In-One Windows Driver

REALTEK Wireless LAN Driver

REALTEK Wireless LAN Software

Road to Riches 1.00

Roller Rush Free Trial

RollerCoaster Tycoon Deluxe

Roxio Activation Module

Roxio Creator Audio

Roxio Creator Business

Roxio Creator Business v10

Roxio Creator Copy

Roxio Creator Data

Roxio Creator Tools

Roxio Express Labeler 3

Roxio MyDVD

Sale Frenzy 1.00

Sally's Spa 1.00

Sally's Studio Collector's Edition 1.00

Sallys Quick Clips 1.00

Satisfashion 1.00

Scansoft PDF Professional

Shaman Odyssey Tropic Adventure 1.00

Shiver Vanishing Hitchhiker Collectors Edition 1.00

Shop Spree Shopping Paradise 1.00

Shopmania 1.00

Sibelius Scorch (Firefox, Opera, Netscape only)

Sims2Pack Clean Installer

Skype™ 3.8

Slot Quest Wild West 1.00

Snackjack

Snow Globe Farm World 1.00

Soap Opera Dash 1.00

Solitaire Mystery Stolen Power 1.00

Sonic CinePlayer Decoder Pack

Spooky Mall 1.00

Stand OFood 3 1.00

Stone Age Cafe 1.00

Stronghold

SummerRush 1.00

Sunset Studio Free Trial

Supermarket Management 2 1.00

Supermarket Mania 2 1.00

Supple Episode 2 1.00

Synaptics Pointing Device Driver

System Requirements Lab for Intel

Tasty Turbo Trio 1.00

The Cat Lady

The Game of Life 1.00

The Golden Years Way Out West 1.00

The Island Castaway 2 1.00

The Joy of Farming 1.00

The Movies

The Movies Stunts & Effects

The Nations Gold

The Promised Land 1.00

The Sims™ 2 Deluxe

The Sims™ 3

The Sims™ 3 70s, 80s, & 90s Stuff

The Sims™ 3 Ambitions

The Sims™ 3 Diesel Stuff

The Sims™ 3 Fast Lane Stuff

The Sims™ 3 Generations

The Sims™ 3 High-End Loft Stuff

The Sims™ 3 Katy Perry's Sweet Treats

The Sims™ 3 Late Night

The Sims™ 3 Master Suite Stuff

The Sims™ 3 Outdoor Living Stuff

The Sims™ 3 Pets

The Sims™ 3 Seasons

The Sims™ 3 Showtime

The Sims™ 3 Supernatural

The Sims™ 3 Town Life Stuff

The Sims™ 3 World Adventures

The Walking Dead Episode 3 © TellTale Games version 1

The Walking Dead Game EP 1&2

Theme Hospital

Townopolis Gold 1.00

Trade Mania 1.00

Travel Agency 1.00

Treasure Adventure Game

Trick or Travel 1.00

Tropico Reloaded

TV Farm 1.00

Unity Web Player

Update for Microsoft Office Word 2007 (KB974631)

Vacation Quest The Hawaiian Islands 1.00

Vanilla and Chocolate 1.00

VC80CRTRedist - 8.0.50727.4053

Virtual City 2 Paradise Resort 1.00

Virtual Farm 2 1.00

Virtual Villagers 4 The Tree of Life 1.00

Virtual Villagers New Believers 1.00

VLC media player 2.0.5

Wedding Dash 3 Ready, Aim, Love 1.00

Wedding Salon 1.00

Wendys Wellness 1.00

Westward Kingdoms 1.00

WhatPulse 1.7.1

Wild Tribe 1.00

WinAVI YouTube Download

Windows 7 Default Setting

Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)

Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414)

Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)

Windows Live Essentials

Windows Live Sign-in Assistant

Windows Live Toolbar

Windows Live Upload Tool

Windows Media Player Firefox Plugin

WinRAR 4.01 (32-bit)

WinZip 12.0

World Wonderland 1.00

Yahoo! Install Manager

Yard Sale Junkie 1.00

Ye Olde Sandwich Shoppe 1.00

Youda Farmer 2 Save the Village 1.00

Youda Farmer 3 Seasons 1.00

Youda Fisherman 1.00

Youda Jewel Shop 1.00

Zombie Bowl-O-Rama 1.00

.

==== Event Viewer Messages From Past Week ========

.

3/8/2013 4:07:41 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

3/8/2013 4:07:41 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

3/8/2013 3:38:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: lmoufltr tcpipBM

3/8/2013 3:38:39 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

3/8/2013 3:38:39 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

3/8/2013 3:38:39 AM, Error: Service Control Manager [7000] - The atksgt service failed to start due to the following error: This driver has been blocked from loading

3/8/2013 3:38:39 AM, Error: Application Popup [875] - Driver atksgt.sys has been blocked from loading.

3/8/2013 3:38:38 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

3/5/2013 11:35:09 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

3/4/2013 6:04:41 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom2.

.

==== End Of File ===========================

MrCharlie · March 8, 2013

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Removing malware can be unpredictable

...things can go very wrong!

Backup

any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>

Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>

Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

JustJoy · March 8, 2013

Here we go, thank you

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version

Started in : Normal mode

User : Joy [Admin rights]

Mode : Scan -- Date : 03/08/2013 07:39:37

| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤

[Microsoft][HJNAME] notepad.exe -- C:\Windows\System32\notepad.exe [7] ->

KILLED [TermProc]

[Microsoft][HJNAME] notepad.exe -- C:\Windows\System32\notepad.exe [7] ->

KILLED [TermProc]

¤¤¤ Registry Entries : 13 ¤¤¤

[TASK][sUSP PATH] {300A9586-47AD-4979-9DEA-3FA644728265} : C:\Users\Joy