Malware or Rootkit Issue

[robemillner]

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2

Run by Robbie at 13:35:44 on 2013-08-24

Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.958.428 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ================

.

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

C:\WINDOWS\System32\imapi.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Motive\McciServiceHost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\ATTSplusPCMT\SPLUS_UI.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k NetworkService

C:\WINDOWS\System32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = google.com

BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPToolbar.dll

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRunOnce: [ (A0)] cmd /c "c:\documents and settings\robbie\desktop\mbar\mbar.exe" /rdv /s

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\at&t support plus pc maintenance toolbox.lnk - c:\program files\attspluspcmt\SPLUS_UI.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\install lastpass ff runonce.lnk - c:\program files\common files\lpuninstall.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\install lastpass ie runonce.lnk - c:\program files\common files\lpuninstall.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Windows\System: SlowLinkDetectEnabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: LastPass - c:\documents and settings\robbie\local settings\application data\lastpass\context.html?cmd=lastpass

IE: LastPass Fill Forms - c:\documents and settings\robbie\local settings\application data\lastpass\context.html?cmd=fillforms

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll

TCP: Interfaces\{21616C12-9FE2-44B8-B763-A6EE7B88AA65} : DHCPNameServer = 192.168.1.254 192.168.1.254

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2009-4-22 9344]

R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-8-7 13560]

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]

R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2009-4-22 501376]

R2 MBAMScheduler;MBAMScheduler;c:\jklms\mbamscheduler.exe [2012-9-16 418376]

R2 MBAMService;MBAMService;c:\jklms\mbamservice.exe [2010-9-14 701512]

R2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2012-3-5 315392]

R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2008-12-11 3575808]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-7-22 35144]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-4 22856]

S1 dmnnedig;dmnnedig; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1ca6d849962ee8e;Google Update Service (gupdate1ca6d849962ee8e);c:\program files\google\update\GoogleUpdate.exe [2009-11-25 133104]

S3 AVFSFilter;AVFSFilter; [x]

S3 CV2K1;CommView Network Monitor;c:\windows\system32\drivers\cv2k1.sys --> c:\windows\system32\drivers\cv2k1.sys [?]

S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]

S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-8-7 41584]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]

S3 RegKernelHelp;RegKernelHelp; [x]

S3 RkHit;RkHit; [x]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-8-18 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]

S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [2010-3-8 627072]

S4 PTUMLBUS;PTUML USB Composite Device Driver; [x]

S4 PTUMLCVsp;PANTECH UML290 Connection Manager Port; [x]

S4 PTUMLMdm;PANTECH UML290; [x]

S4 PTUMLNET;PANTECH UML290 WWAN; [x]

S4 PTUMLNVsp;PANTECH UML290 NMEA Port; [x]

S4 PTUMLRMNET;PANTECH UML290 RMNET Service; [x]

S4 PTUMLVsp;PANTECH UML290 Diagnostic Port; [x]

S4 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

S4 SASENUM;SASENUM; [x]

S4 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

.

=============== Created Last 30 ================

.

2013-08-24 03:59:04 7166848 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{13051743-48cd-4912-8f37-6232b8a779ae}\mpengine.dll

2013-08-22 23:31:47 11701760 ----a-w- c:\program files\common files\lpuninstall.exe

2013-08-22 23:31:05 -------- d-----w- c:\program files\LastPass

2013-08-22 23:31:05 -------- d-----w- c:\documents and settings\robbie\local settings\application data\LastPass

2013-08-22 23:01:45 7166848 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-08-22 22:55:59 -------- d-----w- c:\program files\Neo's SafeKeys v3

2013-08-16 02:39:17 105176 ----a-w- c:\windows\system32\drivers\48230029.sys

2013-08-12 02:01:42 -------- d-----w- c:\program files\Microsoft Security Client

2013-08-08 22:43:29 -------- d-----w- c:\documents and settings\robbie\application data\QFX Software

2013-08-08 22:43:29 -------- d-----w- c:\documents and settings\all users\application data\QFX Software

2013-08-08 00:58:57 41584 ----a-w- c:\windows\system32\drivers\gfiark.sys

2013-08-07 23:27:37 -------- d-----w- c:\program files\VS Revo Group

2013-08-07 22:54:53 -------- d-----w- c:\documents and settings\robbie\application data\LavasoftStatistics

2013-08-07 22:45:43 -------- d-----w- c:\documents and settings\all users\application data\Downloaded Installations

2013-08-07 22:45:33 -------- d-----w- c:\documents and settings\robbie\application data\SecureSearch

2013-08-07 22:45:13 -------- d-----w- c:\program files\Lavasoft

2013-08-07 22:44:16 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys

2013-08-05 03:06:08 -------- d-----w- c:\windows\471D8B37C5B344579FA1B3C693334F4F.TMP

2013-08-05 03:05:59 -------- d-----w- c:\program files\common files\Wise Installation Wizard

2013-08-05 03:05:43 -------- d-----w- c:\documents and settings\robbie\application data\Nico Mak Computing

2013-08-05 03:05:07 -------- d-----w- c:\documents and settings\robbie\application data\1O1L1I1PtF1F1C1N

2013-08-05 03:04:39 -------- d-----w- c:\windows\system32\MRT

2013-08-03 16:01:11 -------- d-----w- c:\program files\Enigma Software Group

2013-08-03 03:52:29 17224 ----a-w- c:\windows\system32\roboot.exe

2013-08-02 23:37:07 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll

2013-08-02 23:37:07 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll

2013-08-02 23:37:07 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll

2013-08-02 23:37:07 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll

2013-08-02 23:37:07 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll

2013-08-02 23:37:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2013-08-02 23:37:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2013-08-02 23:37:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2013-08-02 23:37:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2013-08-02 23:37:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2013-08-02 02:56:54 -------- dc-h--w- c:\documents and settings\all users\application data\{1DAA8EF7-3FC4-425F-A4A6-3A4C6473A77D}

2013-07-28 00:24:18 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation

2013-07-28 00:22:47 65536 ----a-w- c:\windows\system32\OpenCL.dll

2013-07-26 00:08:49 -------- d-----w- c:\documents and settings\robbie\local settings\application data\NPE

.

==================== Find3M  ====================

.

2013-07-28 00:22:46 1072544 ----a-w- c:\windows\system32\nvdrsdb0.bin

2013-07-28 00:22:46 1 ----a-w- c:\windows\system32\nvdrssel.bin

2013-07-28 00:22:40 1072544 ----a-w- c:\windows\system32\nvdrsdb1.bin

2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll

2013-07-26 02:47:13 43520 ------w- c:\windows\system32\licmgr10.dll

2013-07-26 02:47:12 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-07-25 15:52:59 385024 ------w- c:\windows\system32\html.iec

2013-07-24 03:15:29 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-07-24 03:15:23 144896 ----a-w- c:\windows\system32\javacpl.cpl

2013-07-24 03:15:21 867240 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-07-24 03:15:21 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-07-22 04:26:56 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll

2013-07-04 02:59:11 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-07-04 02:08:30 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-06-28 03:37:15 1024 ---h--r- c:\windows\system32\NTSHDW3.dll

2013-06-19 01:50:08 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll

2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys

2013-06-02 21:11:05 465280 ----a-r- c:\windows\system32\cpnprt2win32.cid

2013-05-28 01:59:37 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2013-05-28 00:41:07 6144 ----a-w- c:\windows\system32\xpsp4res.dll

2011-11-22 01:56:21 1978696 ----a-w- c:\program files\yWriter5Full.exe

.

============= FINISH: 13:37:19.04 ===============

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 4/22/2009 8:46:37 PM

System Uptime: 8/24/2013 11:21:37 AM (2 hours ago)

.

Motherboard: WinFast |  | C51MCP51

Processor: AMD Athlon 64 Processor 3200+ | Socket 939 | 2009/201mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 112 GiB total, 68.076 GiB free.

E: is CDROM ()

F: is FIXED (FAT32) - 233 GiB total, 178.184 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: D-Link DFE-550TX FAST Ethernet 10/100 Adapter

Device ID: PCI\VEN_1186&DEV_1002&SUBSYS_10021186&REV_00\4&DC268A3&0&4080

Manufacturer: D-Link

Name: D-Link DFE-550TX FAST Ethernet 10/100 Adapter

PNP Device ID: PCI\VEN_1186&DEV_1002&SUBSYS_10021186&REV_00\4&DC268A3&0&4080

Service: DLH5X

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: NVIDIA nForce Networking Controller

Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&BE1C8A6&0&01

Manufacturer: NVIDIA

Name: NVIDIA nForce Networking Controller

PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&BE1C8A6&0&01

Service: NVENETFD

.

==== System Restore Points ===================

.

RP1844: 7/13/2013 10:39:36 PM - System Checkpoint

RP1845: 7/14/2013 8:48:21 PM - Software Distribution Service 3.0

RP1846: 7/15/2013 9:53:55 AM - Software Distribution Service 3.0

RP1847: 7/15/2013 8:47:47 PM - Software Distribution Service 3.0

RP1848: 7/16/2013 8:47:23 PM - Software Distribution Service 3.0

RP1849: 7/17/2013 8:47:38 PM - Software Distribution Service 3.0

RP1850: 7/18/2013 10:28:37 PM - Software Distribution Service 3.0

RP1851: 7/21/2013 7:51:04 PM - Software Distribution Service 3.0

RP1852: 7/21/2013 11:14:04 PM - Restore Operation

RP1853: 7/22/2013 3:01:11 AM - Software Distribution Service 3.0

RP1854: 7/23/2013 3:37:36 AM - System Checkpoint

RP1855: 7/23/2013 7:44:29 PM - Software Distribution Service 3.0

RP1856: 7/23/2013 11:14:34 PM - Removed Java 7 Update 21

RP1857: 7/23/2013 11:15:12 PM - Installed Java 7 Update 25

RP1858: 7/24/2013 8:34:47 PM - Software Distribution Service 3.0

RP1859: 7/25/2013 8:06:16 PM - Installed Microsoft Fix it 50195

RP1860: 7/25/2013 9:21:53 PM - Software Distribution Service 3.0

RP1861: 7/26/2013 3:00:20 AM - Software Distribution Service 3.0

RP1862: 7/26/2013 6:21:59 PM - Norton_Power_Eraser_20130726182146921

RP1863: 8/26/2013 11:20:38 PM - System Checkpoint

RP1864: 8/27/2013 1:02:05 AM - Software Distribution Service 3.0

RP1865: 7/26/2013 1:42:50 AM - System Checkpoint

RP1866: 7/27/2013 1:37:28 AM - Software Distribution Service 3.0

RP1867: 7/27/2013 6:29:48 PM - Move file to quarantine: Windows Search Namespace Manager

RP1868: 7/27/2013 6:32:19 PM - Move file to quarantine: Windows Search Namespace Manager

RP1869: 7/27/2013 7:43:54 PM - Installed NVIDIA Performance Drivers.

RP1870: 7/29/2013 8:50:24 PM - Software Distribution Service 3.0

RP1871: 7/30/2013 8:59:32 PM - System Checkpoint

RP1872: 7/31/2013 11:12:16 PM - System Checkpoint

RP1873: 8/1/2013 12:16:01 AM - Software Distribution Service 3.0

RP1874: 8/1/2013 7:26:36 PM - Software Distribution Service 3.0

RP1875: 8/1/2013 11:11:25 PM - Software Distribution Service 3.0

RP1876: 8/2/2013 6:29:20 PM - Software Distribution Service 3.0

RP1877: 8/2/2013 7:34:23 PM - Installed QuickTime

RP1878: 8/2/2013 11:59:27 PM - WinZip Registry Optimizer Fri, Aug 02, 13  23:59

RP1879: 8/3/2013 11:27:59 AM - Software Distribution Service 3.0

RP1880: 8/3/2013 12:01:09 PM - Installed SpyHunter

RP1881: 8/3/2013 3:23:02 PM - Removed SpyHunter

RP1882: 8/3/2013 5:24:38 PM - Removed Windows Live Sync

RP1883: 8/3/2013 5:25:05 PM - Removed Windows Live Upload Tool

RP1884: 8/4/2013 7:15:26 PM - System Checkpoint

RP1885: 8/4/2013 11:09:57 PM - Restore Operation

RP1886: 8/4/2013 11:27:11 PM - Software Distribution Service 3.0

RP1887: 8/5/2013 9:56:17 AM - Software Distribution Service 3.0

RP1888: 8/5/2013 10:41:43 PM - Removed Windows Live Sign-in Assistant

RP1889: 8/6/2013 11:35:13 PM - System Checkpoint

RP1890: 8/7/2013 12:43:14 AM - Software Distribution Service 3.0

RP1891: 8/7/2013 7:29:08 PM - Revo Uninstaller's restore point - norton

RP1892: 8/7/2013 7:32:41 PM - Revo Uninstaller's restore point - Ad-Aware Antivirus

RP1893: 8/8/2013 3:00:26 AM - Software Distribution Service 3.0

RP1894: 8/9/2013 10:04:02 PM - System Checkpoint

RP1895: 8/11/2013 6:40:51 AM - System Checkpoint

RP1896: 8/11/2013 9:42:50 PM - Removed Ad-Aware Antivirus.

RP1897: 8/11/2013 10:04:59 PM - Software Distribution Service 3.0

RP1898: 8/13/2013 4:49:01 AM - System Checkpoint

RP1899: 8/13/2013 5:52:46 PM - Software Distribution Service 3.0

RP1900: 8/14/2013 3:00:41 AM - Software Distribution Service 3.0

RP1901: 8/14/2013 10:57:40 PM - Software Distribution Service 3.0

RP1902: 8/16/2013 1:44:56 AM - System Checkpoint

RP1903: 8/16/2013 10:54:42 PM - Software Distribution Service 3.0

RP1904: 8/17/2013 11:07:27 PM - Software Distribution Service 3.0

RP1905: 8/18/2013 2:21:53 AM - Software Distribution Service 3.0

RP1906: 8/19/2013 2:50:52 AM - System Checkpoint

RP1907: 8/19/2013 10:59:37 PM - Software Distribution Service 3.0

RP1908: 8/20/2013 11:15:43 PM - Software Distribution Service 3.0

RP1909: 8/21/2013 11:53:04 PM - System Checkpoint

RP1910: 8/22/2013 7:01:33 PM - Software Distribution Service 3.0

RP1911: 8/23/2013 7:50:46 PM - System Checkpoint

RP1912: 8/23/2013 11:58:58 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

2600

2600_Help

2600Trb

Acrobat.com

Adobe Acrobat 7.0 - Tryout Professional - English, Français, Deutsch

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.03)

Ahead InCD

Ahead InCD EasyWrite Reader

AiO_Scan

AiOSoftware

Ancestry World Archives Project - Keying Tool

Apple Application Support

Apple Software Update

AT&T Portal

AT&T Support Plus PC Maintenance Toolbox

att.net Internet Mail

BlackBerry Desktop Software 6.1

BufferChm

CCleaner

Celtx (2.7)

Compatibility Pack for the 2007 Office system

Copy

Coupon Printer for Windows

CP_AtenaShokunin1Config

cp_dwShrek2Albums1

cp_dwShrek2Cards1

CreativeProjects

CreativeProjectsTemplates

CueTour

Destinations

Director

DocProc

DocumentViewer

Family Tree Maker 2006

Fax

Google Apps

Google Chrome

Google Talk (remove only)

Google Talk Plugin

Google Update Helper

Google Updater

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

HP Extended Capabilities 4.7

HP Image Zone 4.7

HP Product Assistant

HP PSC & OfficeJet 4.7

HP Software Update

HPSystemDiagnostics

InstantShare

Internet Explorer (Enable DEP)

Java 7 Update 25

Java Auto Updater

LastPass (uninstall only)

Malwarebytes Anti-Malware version 1.75.0.1300

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2833941)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Automated Troubleshooting Services Shim

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Download Manager

Microsoft Fix it Center

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft National Language Support Downlevel APIs

Microsoft Office File Validation Add-In

Microsoft Office Live Add-in 1.5

Microsoft Office Outlook Connector

Microsoft Office Professional Edition 2003

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft XML Parser

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

MSXML4 Parser

Neo's SafeKeys v3

NTI Shadow

NVIDIA Control Panel 307.83

NVIDIA Graphics Driver 307.83

NVIDIA Install Application

NVIDIA nView 136.53

NVIDIA Performance Drivers

NVIDIA Update 1.10.8

NVIDIA Update Components

Oracle JInitiator 1.3.1.22

PanoStandAlone

PhotoGallery

ProductContext

QFolder

QuickTime

QuickTime Free Download Packages

Readme

RealPlayer

Realtek AC'97 Audio

runtime

Scan

ScannerCopy

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB2559049)

Security Update for Windows Internet Explorer 7 (KB2761465)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Internet Explorer 8 (KB2792100)

Security Update for Windows Internet Explorer 8 (KB2797052)

Security Update for Windows Internet Explorer 8 (KB2799329)

Security Update for Windows Internet Explorer 8 (KB2809289)

Security Update for Windows Internet Explorer 8 (KB2817183)

Security Update for Windows Internet Explorer 8 (KB2846071)

Security Update for Windows Internet Explorer 8 (KB2862772)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB2834904)

Security Update for Windows Media Player (KB975558)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2778344)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2799494)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB2807986)

Security Update for Windows XP (KB2808735)

Security Update for Windows XP (KB2813170)

Security Update for Windows XP (KB2813345)

Security Update for Windows XP (KB2820197)

Security Update for Windows XP (KB2820917)

Security Update for Windows XP (KB2834886)

Security Update for Windows XP (KB2839229)

Security Update for Windows XP (KB2845187)

Security Update for Windows XP (KB2849470)

Security Update for Windows XP (KB2850851)

Security Update for Windows XP (KB2850869)

Security Update for Windows XP (KB2859537)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982802)

SkinsHP1

Spotify

Springboard

SUPERAntiSpyware

swMSM

TrayApp

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB2863058)

Update for Windows XP (KB961503)

Update for Windows XP (KB971029)

WebFldrs XP

WebReg

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Player 11

Windows Search 4.0

Windows XP Service Pack 3

YPOPs! 0.9.7.3

yWriter5

ZoneAlarm LTD Toolbar

ZoneAlarm Security Toolbar 

.

==== Event Viewer Messages From Past Week ========

.

8/24/2013 11:05:13 AM, error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for Start with the following error:  Access is denied.

8/22/2013 11:43:57 PM, error: Service Control Manager [7034]  - The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

8/22/2013 11:43:32 PM, error: Service Control Manager [7031]  - The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

8/17/2013 10:58:22 PM, error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for DeleteFlag with the following error:  Access is denied.

.

==== End Of File ===========================

 

 

[MrCharlie]

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[robemillner]

RogueKiller V8.6.6 [Aug 19 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Robbie [Admin rights]

Mode : Scan -- Date : 08/24/2013 16:38:06

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 1 ¤¤¤

[RUN][sUSP PATH] HKLM\[...]\RunOnce :  (A0) (cmd /c "C:\Documents and Settings\Robbie\Desktop\mbar\mbar.exe" /rdv /s [7]) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

[Address] SSDT[122] : NtOpenProcess @ 0x805C1512 -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xB6CE7C4C)

[Address] SSDT[128] : NtOpenThread @ 0x805C179E -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xB6CE7D3C)

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: ST3120026A +++++

--- User ---

[MBR] 5d697fdeaa314e3e74988ebb22a15924

[bSP] 69c7478738abd2a644165946242fbbb8 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114463 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: ST3120026A +++++

--- User ---

[MBR] 2227858b0a49abda4ff3ffa187d1fc7a

[bSP] cc3a07178283079575399be04ba863e6 : Empty MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

 

Finished : << RKreport[0]_S_08242013_163806.txt >>

RKreport[0]_D_08222013_231115.txt;RKreport[0]_S_08212013_183741.txt

[MrCharlie]

Not seeing much....what seems to be the problem???

MrC

[robemillner]

When I boot up my desktop the logo screen starts to load then stops and goes black then starts to load again.  Then it goes black and loads the desktop screen.  I also wanted to use the Malwarebytes beta rootkit scanner but it kept saying it could not load a file and told me to reboot.  I rebooted like it said and it still wouldn't load.  Also, I suspect that someone may have had or still has some kind of access to my system remotely because of some odd things that have happened.  For instance, a photo file was placed on my desktop and I found a file named "catchme" with nothing in it.  

[MrCharlie]

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Here's a video that explains how to run it if needed:

How To Run TDSSKiller

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

  

• Put a checkmark beside loaded modules.

  

• A reboot will be needed to apply the changes. Do it.
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
• Then click on Change parameters in TDSSKiller.
• Check all boxes then click OK.

  

• Click the Start Scan button.

  

• The scan should take no longer than 2 minutes.
• If a suspicious object is detected, the default action will be Skip, click on Continue.

  

  Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

  If in doubt about an entry....please ask or choose Skip

• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

  

  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
• Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

New window that comes up.

MrC

[AdvancedSetup]

Are you still with us?

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!