Jump to content

Something isn't right and I need help, please!


Recommended Posts

My computer has problems with IE crashing, which is the first symptom I've noticed of trouble .

I am not too tech savvy but I read the instructions, downloaded DDS and ran it.

It is disturbing to me that, although I saved the 2 DDS logs to my desktop, I can not see them there.

 

I also installed and ran Roguekiller, which seems to have located some undesirable things but I didn't want to delete anything without your help.

 

In another post there is a link to Kaspersky TDSS and when I clicked on the link, it opens a blank IE page  but it did allow me to download the program--which I have not yet run.

 

I have the free MBAM but will upgrade after problems are resolved and the computer is secure (I hope this is possible.)

 

Roguekiller log:

 
 

ogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : KN [Admin rights]
Mode : Scan -- Date : 11/09/2013 00:42:20
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : 1 (C:\Users\Kathleen\Desktop\mbam-chameleon.exe /r /p [7]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][sUSP PATH] MHotkey : %SystemRoot%\MHotKey.exe [x] -> FOUND
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31500341AS +++++
--- User ---
[MBR] b66b957614115ab30deaca80fffd9b5b
[bSP] 59d73e51b4177d25b39e802db07a385c : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 20002 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 40965750 | Size: 1410794 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- Compact Flash USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Generic- SM/xD-Picture USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- SD/MMC USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- MS/MS-Pro USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[0]_S_11092013_004220.txt >>
 
DDS text file
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16514
Run by KN at 11:57:51 on 2013-11-09
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.6134.3997 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\WUDFHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.




BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [eRecoveryService] <no file>
mRunOnce: [1] C:\Users\Kathleen\Desktop\mbam-chameleon.exe /r /p
dRunOnce: [startMSu] "C:\Program Files (x86)\Creative\MediaSource5\Startmsu.exe" /s
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.








TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4135624C-5499-4451-8FDA-5930EA698CA8} : DHCPNameServer = 192.168.1.1
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome


x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2008-1-9 53488]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys [2013-6-18 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys [2013-6-18 1139800]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2011-2-10 1263200]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [2013-11-5 1524824]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys [2013-6-18 169048]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [2013-11-8 62168]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131108.001\IDSviA64.sys [2013-11-9 521816]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys [2013-6-18 224416]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\1404000.028\symtdiv.sys [2013-6-18 457304]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-16 203776]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe [2013-6-18 144368]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-7-2 93072]
R3 dc3d;MS Hardware Device Detection Driver;C:\Windows\System32\drivers\dc3d.sys [2011-8-1 52584]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2008-9-30 316544]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-8-28 140376]
R3 gwfilt64;gwfilt64;C:\Windows\System32\drivers\gwfilt64.sys [2008-1-9 28160]
R3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\System32\drivers\point64.sys [2011-8-1 45416]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RTS5121.sys [2008-10-19 204288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-2-10 285280]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-7-20 1022632]
S4 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-2-10 3246040]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-6-23 89920]
S4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2008-1-9 79360]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-1-9 79360]
S4 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-10-19 24576]
S4 Partner Service;Partner Service;C:\ProgramData\Partner\partner.exe [2008-12-28 110576]
S4 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-9-8 288256]
S4 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [2010-9-8 1034752]
S4 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [2010-9-8 485376]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-11-08 20:12:12 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-10-09 15:03:56 80541720 ----a-w- C:\Windows\System32\mrt.exe
2013-09-22 15:43:54 17833984 ----a-w- C:\Windows\System32\mshtml.dll
2013-09-22 15:01:48 10926080 ----a-w- C:\Windows\System32\ieframe.dll
2013-09-22 14:42:33 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 14:36:01 1346560 ----a-w- C:\Windows\System32\urlmon.dll
2013-09-22 14:33:53 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 14:33:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-09-22 14:30:37 237056 ----a-w- C:\Windows\System32\url.dll
2013-09-22 14:27:05 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2013-09-22 14:23:30 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-09-22 14:22:05 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-09-22 14:21:21 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-09-22 14:19:35 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-09-22 14:19:20 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-09-22 14:16:32 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-09-22 14:15:47 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-22 14:07:22 248320 ----a-w- C:\Windows\System32\ieui.dll
2013-09-22 10:29:45 12336128 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-09-22 10:22:59 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 10:22:17 9739264 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-09-22 10:14:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-09-22 10:13:42 1104896 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-09-22 10:13:22 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 10:12:32 231936 ----a-w- C:\Windows\SysWow64\url.dll
2013-09-22 10:09:55 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-09-22 10:08:41 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-09-22 10:07:38 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-09-22 10:06:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-09-22 10:05:42 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-09-22 10:03:54 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-09-22 10:03:33 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-09-22 10:03:18 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-22 09:59:06 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-08-29 07:48:37 2775552 ----a-w- C:\Windows\System32\win32k.sys
2013-08-27 03:39:20 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-08-27 03:39:20 287232 ----a-w- C:\Windows\System32\d3d10core.dll
2013-08-27 03:39:20 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-08-27 03:39:20 1268224 ----a-w- C:\Windows\System32\d3d10.dll
2013-08-27 02:47:50 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-08-27 02:47:50 189952 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-08-27 02:47:50 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-08-27 02:47:50 1029120 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-08-27 02:32:30 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-08-27 02:30:51 566272 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-08-27 02:06:03 834048 ----a-w- C:\Windows\System32\d2d1.dll
2013-08-27 02:00:46 1556480 ----a-w- C:\Windows\System32\DWrite.dll
2013-08-27 02:00:46 1149952 ----a-w- C:\Windows\System32\FntCache.dll
2013-08-27 01:52:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-08-27 01:50:40 486400 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-08-27 01:32:20 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-08-27 01:28:36 1069056 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-08-21 13:02:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-21 13:02:33 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 11:58:07.57 ===============
 
DDS Attach file
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/20/2008 12:13:35 AM
System Uptime: 11/9/2013 7:01:11 AM (4 hours ago)
.
Motherboard: Gateway |  | TBGM01
Processor: Intel® Core i7 CPU         920  @ 2.67GHz | CPU 1 | 1600/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1378 GiB total, 876.614 GiB free.
D: is Removable
E: is Removable
F: is Removable
G: is Removable
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet 6800
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Deskjet 6800
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Prem C410 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Photosmart Prem C410 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4d36e979-e325-11ce-bfc1-08002be10318}
Description: Deskjet 6800
Device ID: ROOT\PRINTER\0000
Manufacturer: HP
Name: Deskjet 6800
PNP Device ID: ROOT\PRINTER\0000
Service:
.
==== System Restore Points ===================
.
RP1359: 7/11/2013 7:08:19 PM - Windows Update
RP1360: 7/12/2013 9:35:00 AM - Installed TomTom HOME.
RP1361: 7/16/2013 10:20:36 PM - Scheduled Checkpoint
RP1362: 7/27/2013 12:38:16 AM - Scheduled Checkpoint
RP1363: 8/13/2013 9:05:22 PM - Windows Update
RP1364: 8/24/2013 5:14:42 PM - Scheduled Checkpoint
RP1365: 8/28/2013 5:13:50 PM - Windows Update
RP1366: 8/28/2013 6:26:59 PM - Installed Driver Detective.
RP1367: 8/28/2013 7:27:17 PM - Device Driver Package Install: Advanced Micro Devices, Inc. Display adapters
RP1368: 8/28/2013 7:28:21 PM - Device Driver Package Install: Advanced Micro Devices Sound, video and game controllers
RP1369: 8/29/2013 10:25:41 AM - Norton 360 Registry Clean
RP1370: 8/30/2013 12:57:05 PM - Scheduled Checkpoint
RP1371: 9/1/2013 12:30:47 PM - Scheduled Checkpoint
RP1372: 9/2/2013 11:08:51 AM - Scheduled Checkpoint
RP1373: 9/3/2013 10:03:25 AM - Scheduled Checkpoint
RP1374: 9/4/2013 11:10:05 AM - Scheduled Checkpoint
RP1375: 9/5/2013 5:01:17 PM - Scheduled Checkpoint
RP1376: 9/6/2013 12:25:55 PM - Scheduled Checkpoint
RP1377: 9/6/2013 4:36:11 PM - Installed TomTom HOME.
RP1378: 9/7/2013 12:24:29 PM - Scheduled Checkpoint
RP1379: 9/8/2013 9:50:26 AM - Scheduled Checkpoint
RP1380: 9/9/2013 11:01:52 AM - Scheduled Checkpoint
RP1381: 9/10/2013 12:54:43 PM - Scheduled Checkpoint
RP1382: 9/11/2013 9:36:44 AM - Scheduled Checkpoint
RP1383: 9/11/2013 12:12:05 PM - Windows Update
RP1384: 9/12/2013 5:55:15 PM - Scheduled Checkpoint
RP1385: 9/13/2013 12:00:06 AM - Windows Update
RP1386: 9/13/2013 1:16:13 PM - Scheduled Checkpoint
RP1387: 9/14/2013 2:33:07 AM - Windows Update
RP1388: 9/14/2013 4:14:42 PM - Scheduled Checkpoint
RP1389: 9/15/2013 4:19:17 PM - Scheduled Checkpoint
RP1390: 9/16/2013 3:18:24 PM - Scheduled Checkpoint
RP1391: 9/17/2013 3:04:50 PM - Scheduled Checkpoint
RP1392: 9/18/2013 4:29:16 PM - Scheduled Checkpoint
RP1393: 9/19/2013 9:04:27 AM - Scheduled Checkpoint
RP1394: 9/20/2013 10:29:19 AM - Scheduled Checkpoint
RP1395: 9/21/2013 1:04:21 PM - Scheduled Checkpoint
RP1396: 9/22/2013 4:41:22 PM - Scheduled Checkpoint
RP1397: 10/9/2013 10:53:40 AM - Windows Update
RP1398: 11/8/2013 6:09:18 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer
6800
6800_Help
Acrobat.com
Acronis True Image Home 2011
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.5
Agere Systems PCI-SV92EX Soft Modem
Autodesk DWF Viewer
AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.64.5
BufferChm
C410
CCleaner
Compatibility Pack for the 2007 Office system
Corel VideoStudio 12
Coupon Printer for Windows
Creative ALchemy
Creative MediaSource 5
CyberLink LabelPrint
CyberLink Power2Go
Destinations
DeviceDiscovery
DeviceManagementQFolder
DocProc
Driver Fusion
Driver Sweeper 2.1.0
eSupportQFolder
Fax
FileASSASSIN
Gateway Games
Gateway Recovery Management
GEAR driver installer for x86 and x64
GearDrvs
Google Chrome
Google Update Helper
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet Printer Driver Software. 8.0.B
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart Prem C410 All-In-One Driver Software 14.0 Rel. 7
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HP_Network_UserGuide
HPAppStudio
HPPhotoGadget
HPProductAssistant
Intel® Network Connections Drivers
Intel® Matrix Storage Manager
Java Auto Updater
Java 6 Update 18
Java 6 Update 5
KB0817 Keyboard Driver
Legacy System Utility
Legacy System Utility (C:\Program Files (x86)\Lionel\LSU\)
Malwarebytes Anti-Exploit version 0.09.4.2000
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Napster
Napster Burn Engine
NEF Codec
Network64
Norton 360
OCR Software by I.R.I.S. 14.0
Opanda IExif 2.3
Opanda PowerExif 1.2 Professional Trial
PS_AIO_07_C410_SW_Min
QuickTime
QuickTransfer
Realtek Card Reader
Realtek High Definition Audio Driver
Rosetta Stone Version 3
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
SF_CDB_ProductContext
SF_CDB_Software
SF_CDB_ToolboxIni64
SIW version 2010.03.10
SmartCopy
SmartLauncher
SmartSound Quicktracks Plugin
SmartWebPrinting
SolutionCenter
Sound Blaster X-Fi MB
Status
SUPERAntiSpyware
The Ultimate French Review and Practice CD-ROM
TomTom HOME
TomTom HOME Visual Studio Merge Modules
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoStudio
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WD SmartWare
WebReg
Windows Media Encoder 9 Series
WinRAR 4.00 beta 2 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
11/9/2013 9:56:48 AM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.9 for the Network Card with network address 002268076E38 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/9/2013 8:51:27 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
11/9/2013 10:48:59 AM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.5 for the Network Card with network address 002268076E38 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/9/2013 10:42:26 AM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.4 for the Network Card with network address 002268076E38 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/9/2013 10:23:19 AM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.3 for the Network Card with network address 002268076E38 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/9/2013 10:06:55 AM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.10 for the Network Card with network address 002268076E38 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/8/2013 4:53:57 PM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.6 for the Network Card with network address 002268076E38 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/8/2013 3:46:30 PM, Error: mbamchameleon [61440]  -
11/8/2013 11:59:36 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Lbd
11/8/2013 11:46:34 PM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.2 for the Network Card with network address 002268076E38 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/8/2013 10:51:06 AM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.8 for the Network Card with network address 002268076E38 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/8/2013 10:27:50 AM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.7 for the Network Card with network address 002268076E38 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/7/2013 6:25:45 PM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.12 for the Network Card with network address 002268076E38 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/7/2013 11:02:53 AM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.11 for the Network Card with network address 002268076E38 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/7/2013 10:08:43 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  BHDrvx64 ccSet_N360 eeCtrl IDSVia64 Lbd SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv Wanarpv6
11/7/2013 10:08:43 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
11/7/2013 10:08:20 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/7/2013 10:08:18 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/7/2013 10:08:17 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/7/2013 10:08:10 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/6/2013 10:12:10 AM, Error: netbt [4307]  - Initialization failed because the transport refused to open initial addresses.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

1.Download Malwarebytes Anti-Rootkit from this link:

 

 http://www.malwarebytes.org/products/mbar/

 

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

 

Image1.png

 

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

 

mbarwm.png

 

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

 

6. The following image opens, select Next.

 

Image2.png

 

7. The following image opens, select Update

 

Image3.png

 

8. When the update completes select Next.

 

Image4.png

 

9. In the following window ensure "Targets" are ticked. Then select "Scan"

 

Image5.png

 

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

 

MBAntiRKcleanA.png

 

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.

12. If no threats were found you will see the following image, Select Exit:

 

Image6.png

 

13. Verify that your system is now running normally, making sure that the following items are functional:

 


  •      
  • Internet access
         
  • Windows Update
         
  • Windows Firewall

 

14.  If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

 

15. Select "Y" from your Keyboard, tap Enter.

 

16. The fix will be applied, select any key to Exit.

 

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

 

System - log

Mbar - log   Date and time of scan will also be shown

 

Thanks,

 

Kevin...

Link to post
Share on other sites

I do not see anything wrong or malicious in the RK log..

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites

I got a WARNING popup window warning me that there is an error saving the file    C:\FRST\HIVES\SECURITY (Reg Create Key Ex:5 Access is denied)

and it asks if I want to continue with the next file

 

I have Malwarebytes Anti-Exploit installed. Is that causing this error and, if so,  how do I allow the Farbar tool to get the access it needs?

Link to post
Share on other sites

I do not see anything wrong or malicious in the RK log..

 

 

 

 

RK reported these 2 registry items, which I thought might be bad:

 

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

It also reported this but I figured it was supposed to be part of MWB Chameleon

 

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : 1 (C:\Users\Kathleen\Desktop\mbam-chameleon.exe /r /p [7]) -> FOUND

Link to post
Share on other sites

Turn off your security and let FRST run and complete, is very safe, also is totally diagnostic with initial scan no changes are made...

 

Why do you think RK entries are bad? what is your reason...

 

I don't understand which security I need to turn off. NAV 360? MWB Anti-exploit? Something else?

As mentioned in the first post, I'm not too computer savvy, so I don't know which one(s) or how to turn it(them) off.

The RK registry entries were flagged by RK, so I thought they might be something bad.

Link to post
Share on other sites

What gave the alert popup to FRST, was it a specific security program....

 

All RK log is letting you know it has found entries where they do not normally show or run from, these are user folders maybe you have them on your Desktop?

 

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Link to post
Share on other sites

I don't know what created the warning window. It does not have anything identifying on the window. I thought it could be a warning from FRST itself.

 

As for the folders reported by RK--how can I determine what they are?

I entered the numbers that are within the brackets in the Windows search box and it found nothing.

Is that normal?
Also, is it normal for the Kaspersky TDSS page mentioned in my first post to show only as a completely blank page?

 

Thanks for your help. I do appreciate your time and efforts.

Link to post
Share on other sites

Actually, although the popup has no id on it, the taskbar shows a logo of  ERU (in red letters) above NT (in blue or black letters).

I searched on my computer and it is a program--but I do not recall ever intentionally installing it and it does not show up in Control Panel Add/Remove programs, nor is it in my programs list.

Link to post
Share on other sites

I give you hint for RK {20D04FE0-3AEA-1069-A2D8-08002B30309D} is My Computer, do you have that on your Desktop?

 

Lets see if you can run FRST via the Recovery Environment, you will need a USB stick for this....

 

Please download Farbar Recovery Scan Tool from here:                                                                  

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

Plug the flash drive into the infected PC.

 

If you are using Vista or Windows 7 enter System Recovery Options.

 

Plug the flashdrive into the infected PC.

 

Enter System Recovery Options I give two methods, use whichever is convenient for you.

 

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

 

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

 

On the System Recovery Options menu you will get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

 

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type  e:\frst64 or e:\frst depending on your version. Press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

Sorry for the delay. I didn't have a flash drive but was finally able to run FRST in Safe Mode as the administrator.

It produced a log file and an additional log file.

Both are included below:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by KN (administrator) on KN-PC on 10-11-2013 07:23:43
Running from C:\Users\Kathleen\Desktop
Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [intelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [1] - C:\Users\Kathleen\Desktop\mbam-chameleon.exe /r /p [218184 2013-11-08] ()
HKLM-x32\...\Runonce: [{F5CF3B09-5625-4B92-8043-18A2EE1FD817}] - cmd.exe /C start /D "C:\Users\KN\AppData\Local\Temp" /B {F5CF3B09-5625-4B92-8043-18A2EE1FD817}.exe -accepteula -accepteulaksn -activeimages -postboot [x]
MountPoints2: {1ed9d23f-9e5f-11dd-b727-806e6f6e6963} - H:\Start.exe
MountPoints2: {8d3b07d7-3b0b-11e0-8151-806e6f6e6963} - H:\Start.exe
HKLM-x32\...\Run: [eRecoveryService] - [x]
HKLM-x32\...\Run: [] - [x]
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1008&m=fx6800-01e&c=BB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1008&m=fx6800-01e&c=BB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1008&m=fx6800-01e&c=BB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1008&m=fx6800-01e&c=BB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1008&m=fx6800-01e&c=BB
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {419A5551-0B02-4A68-B658-CF588DCFF47F} URL = http://www.dogpile.com/dogpile/ws/results/Web/{searchTerms}/1/417/TopNavigation/Relevance/iq=true/zoom=off/_iceUrlFlag=7?_IceUrl=true
SearchScopes: HKCU - {419A5551-0B02-4A68-B658-CF588DCFF47F} URL = http://www.dogpile.com/dogpile/ws/results/Web/{searchTerms}/1/417/TopNavigation/Relevance/iq=true/zoom=off/_iceUrlFlag=7?_IceUrl=true
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
DPF: HKLM-x32 {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install-ie/alttiff.cab
DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======


CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll No File
CHR Plugin: (Java Platform SE 6 U18) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Computer, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\KN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\KN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\KN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\KN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Norton Identity Protection) - C:\Users\KN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\KN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\KN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
S4 ETService; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [24576 2008-06-11] ()
S2 N360; C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S4 WDFME; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] ()
S4 WDSC; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [485376 2010-09-08] ()

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [1524824 2013-10-22] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-27] (Symantec Corporation)
S1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\MBAE.sys [62168 2013-10-23] ()
S3 gwfilt64; C:\Windows\System32\drivers\gwfilt64.sys [28160 2008-04-10] (Creative Technology Ltd.)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131108.001\IDSvia64.sys [521816 2013-10-28] (Symantec Corporation)
S2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [17952 2008-06-11] (Acer, Inc.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131109.006\ENG64.SYS [126040 2013-11-07] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131109.006\EX64.SYS [2099288 2013-11-07] (Symantec Corporation)
R3 RSUSBSTOR; C:\Windows\System32\Drivers\RTS5121.sys [204288 2008-06-04] (Realtek Semiconductor Corporation)
S3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [335360 2008-08-14] (Realtek Semiconductor Corporation                           )
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-18] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMTDIV.SYS [457304 2013-04-24] (Symantec Corporation)
S3 AtiHDAudioService; system32\drivers\AtihdLH6.sys [x]
S3 cpuz132; \??\C:\Users\KN\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S0 Lbd; system32\DRIVERS\Lbd.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-09 17:03 - 2013-11-09 17:03 - 01957098 _____ (Farbar) C:\Users\Kathleen\Desktop\FRST64.exe
2013-11-09 14:00 - 2013-11-09 14:00 - 00000000 ____D C:\FRST
2013-11-09 13:59 - 2013-11-09 13:59 - 01957098 _____ (Farbar) C:\Users\Kathleen\Downloads\FRST64.exe
2013-11-09 12:08 - 2013-11-09 12:08 - 00017520 _____ C:\Users\KN\Desktop\DDS Attach file.txt
2013-11-09 12:07 - 2013-11-09 12:07 - 00016224 _____ C:\Users\KN\Desktop\DDS text file 2.txt
2013-11-09 12:02 - 2013-11-09 12:02 - 00016224 _____ C:\Users\KN\Desktop\DDS text file.txt
2013-11-09 11:50 - 2013-11-09 11:50 - 00016169 _____ C:\Users\KN\Desktop\DDS txt.txt
2013-11-09 11:50 - 2013-11-09 11:50 - 00010650 _____ C:\Users\KN\Desktop\DDS Attach.txt
2013-11-09 11:46 - 2013-11-09 11:58 - 00017520 _____ C:\Users\KN\Desktop\attach.txt
2013-11-09 11:46 - 2013-11-09 11:58 - 00016224 _____ C:\Users\KN\Desktop\dds.txt
2013-11-09 11:32 - 2013-11-09 11:32 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Kathleen\Desktop\tdsskiller.exe
2013-11-09 11:31 - 2013-11-09 11:31 - 00688992 ____R (Swearware) C:\Users\Kathleen\Desktop\dds.com
2013-11-09 11:18 - 2013-11-09 11:18 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Kathleen\Downloads\tdsskiller (1).exe
2013-11-09 11:17 - 2013-11-09 11:17 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Kathleen\Downloads\tdsskiller.exe
2013-11-09 00:49 - 2013-11-09 00:49 - 03538944 _____ C:\Users\Kathleen\Downloads\RogueKiller (1).exe
2013-11-09 00:42 - 2013-11-09 00:42 - 00002836 _____ C:\Users\KN\Desktop\RKreport[0]_S_11092013_004220.txt
2013-11-09 00:39 - 2013-11-09 00:47 - 00000000 ____D C:\Users\KN\Desktop\RK_Quarantine
2013-11-09 00:39 - 2013-11-09 00:39 - 03538944 _____ C:\Users\Kathleen\Downloads\RogueKiller.exe
2013-11-08 19:39 - 2013-11-10 01:18 - 00003104 _____ C:\Windows\System32\Tasks\Malwarebytes Anti-Exploit
2013-11-08 19:39 - 2013-11-10 01:18 - 00000508 _____ C:\Windows\Tasks\Malwarebytes Anti-Exploit.job
2013-11-08 19:39 - 2013-11-08 20:17 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2013-11-08 19:39 - 2013-11-08 19:39 - 01793648 _____ (Malwarebytes                                                ) C:\Users\KN\Downloads\mbae-setup-0.09.4.2000.exe
2013-11-08 19:39 - 2013-11-08 19:39 - 00000857 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2013-11-08 19:39 - 2013-07-16 04:41 - 01858896 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100d.dll
2013-11-08 19:39 - 2013-07-16 04:41 - 01498960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100d.dll
2013-11-08 19:39 - 2013-07-16 04:41 - 01014096 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100d.dll
2013-11-08 19:39 - 2013-07-16 04:41 - 00743248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100d.dll
2013-11-08 15:12 - 2013-11-08 15:12 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-08 15:11 - 2013-11-08 15:12 - 12576792 _____ (Malwarebytes Corp.) C:\Users\KN\Downloads\mbar-1.07.0.1007 (2).exe
2013-11-08 13:39 - 2013-11-08 13:39 - 01440846 _____ C:\Users\Kathleen\Downloads\mbam-chameleon-1.62.1.1000 (1).zip
2013-11-08 13:30 - 2013-11-08 13:30 - 01440846 _____ C:\Users\Kathleen\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-11-08 13:29 - 2013-11-08 13:29 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Kathleen\Downloads\mbar-1.07.0.1007 (1).exe
2013-11-08 07:21 - 2013-11-08 07:21 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Kathleen\Downloads\mbar-1.07.0.1007.exe
2013-11-08 06:11 - 2013-11-08 06:12 - 12576792 _____ (Malwarebytes Corp.) C:\Users\KN\Downloads\mbar-1.07.0.1007 (1).exe
2013-11-08 05:57 - 2013-11-08 05:57 - 12576792 _____ (Malwarebytes Corp.) C:\Users\KN\Downloads\mbar-1.07.0.1007.exe
2013-11-07 22:43 - 2013-11-07 22:43 - 00000896 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk
2013-11-07 22:43 - 2013-11-07 22:43 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN
2013-11-07 22:41 - 2013-11-07 22:41 - 01440846 _____ C:\Users\KN\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-11-07 22:11 - 2013-11-08 15:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-07 22:10 - 2013-11-08 15:46 - 00000000 ____D C:\Users\KN\Desktop\mbar
2013-10-26 11:14 - 2013-10-26 11:14 - 00491648 _____ C:\Windows\Minidump\Mini102613-01.dmp

==================== One Month Modified Files and Folders =======

2013-11-10 07:04 - 2006-11-02 07:46 - 00703516 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-10 05:05 - 2013-07-15 15:18 - 00000680 _____ C:\Users\KN\AppData\Local\d3d9caps.dat
2013-11-10 05:01 - 2008-10-19 23:10 - 01212562 _____ C:\Windows\WindowsUpdate.log
2013-11-10 05:01 - 2006-11-02 10:42 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-10 05:01 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-10 05:01 - 2006-11-02 10:22 - 00004784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-10 05:01 - 2006-11-02 10:22 - 00004784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-10 04:35 - 2013-08-29 17:08 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-10 04:24 - 2013-05-21 15:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-10 01:18 - 2013-11-08 19:39 - 00003104 _____ C:\Windows\System32\Tasks\Malwarebytes Anti-Exploit
2013-11-10 01:18 - 2013-11-08 19:39 - 00000508 _____ C:\Windows\Tasks\Malwarebytes Anti-Exploit.job
2013-11-10 01:18 - 2013-08-29 17:08 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-09 17:03 - 2013-11-09 17:03 - 01957098 _____ (Farbar) C:\Users\Kathleen\Desktop\FRST64.exe
2013-11-09 14:00 - 2013-11-09 14:00 - 00000000 ____D C:\FRST
2013-11-09 13:59 - 2013-11-09 13:59 - 01957098 _____ (Farbar) C:\Users\Kathleen\Downloads\FRST64.exe
2013-11-09 12:08 - 2013-11-09 12:08 - 00017520 _____ C:\Users\KN\Desktop\DDS Attach file.txt
2013-11-09 12:07 - 2013-11-09 12:07 - 00016224 _____ C:\Users\KN\Desktop\DDS text file 2.txt
2013-11-09 12:02 - 2013-11-09 12:02 - 00016224 _____ C:\Users\KN\Desktop\DDS text file.txt
2013-11-09 11:58 - 2013-11-09 11:46 - 00017520 _____ C:\Users\KN\Desktop\attach.txt
2013-11-09 11:58 - 2013-11-09 11:46 - 00016224 _____ C:\Users\KN\Desktop\dds.txt
2013-11-09 11:50 - 2013-11-09 11:50 - 00016169 _____ C:\Users\KN\Desktop\DDS txt.txt
2013-11-09 11:50 - 2013-11-09 11:50 - 00010650 _____ C:\Users\KN\Desktop\DDS Attach.txt
2013-11-09 11:32 - 2013-11-09 11:32 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Kathleen\Desktop\tdsskiller.exe
2013-11-09 11:31 - 2013-11-09 11:31 - 00688992 ____R (Swearware) C:\Users\Kathleen\Desktop\dds.com
2013-11-09 11:18 - 2013-11-09 11:18 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Kathleen\Downloads\tdsskiller (1).exe
2013-11-09 11:17 - 2013-11-09 11:17 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Kathleen\Downloads\tdsskiller.exe
2013-11-09 00:49 - 2013-11-09 00:49 - 03538944 _____ C:\Users\Kathleen\Downloads\RogueKiller (1).exe
2013-11-09 00:47 - 2013-11-09 00:39 - 00000000 ____D C:\Users\KN\Desktop\RK_Quarantine
2013-11-09 00:42 - 2013-11-09 00:42 - 00002836 _____ C:\Users\KN\Desktop\RKreport[0]_S_11092013_004220.txt
2013-11-09 00:39 - 2013-11-09 00:39 - 03538944 _____ C:\Users\Kathleen\Downloads\RogueKiller.exe
2013-11-08 20:17 - 2013-11-08 19:39 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2013-11-08 19:39 - 2013-11-08 19:39 - 01793648 _____ (Malwarebytes                                                ) C:\Users\KN\Downloads\mbae-setup-0.09.4.2000.exe
2013-11-08 19:39 - 2013-11-08 19:39 - 00000857 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2013-11-08 15:46 - 2013-11-07 22:11 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-08 15:46 - 2013-11-07 22:10 - 00000000 ____D C:\Users\KN\Desktop\mbar
2013-11-08 15:12 - 2013-11-08 15:12 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-08 15:12 - 2013-11-08 15:11 - 12576792 _____ (Malwarebytes Corp.) C:\Users\KN\Downloads\mbar-1.07.0.1007 (2).exe
2013-11-08 14:35 - 2013-09-05 17:46 - 00016810 _____ C:\Windows\PFRO.log
2013-11-08 13:41 - 2012-08-15 08:48 - 00218184 _____ C:\Users\Kathleen\Desktop\winlogon.exe
2013-11-08 13:41 - 2012-08-15 08:48 - 00218184 _____ C:\Users\Kathleen\Desktop\svchost.exe
2013-11-08 13:41 - 2012-08-15 08:48 - 00218184 _____ C:\Users\Kathleen\Desktop\rundll32.exe
2013-11-08 13:41 - 2012-08-15 08:48 - 00218184 _____ C:\Users\Kathleen\Desktop\mbam-chameleon.scr
2013-11-08 13:41 - 2012-08-15 08:48 - 00218184 _____ C:\Users\Kathleen\Desktop\mbam-chameleon.pif
2013-11-08 13:41 - 2012-08-15 08:48 - 00218184 _____ C:\Users\Kathleen\Desktop\mbam-chameleon.exe
2013-11-08 13:41 - 2012-08-15 08:48 - 00218184 _____ C:\Users\Kathleen\Desktop\mbam-chameleon.com
2013-11-08 13:41 - 2012-08-15 08:48 - 00218184 _____ C:\Users\Kathleen\Desktop\iexplore.exe
2013-11-08 13:41 - 2012-08-15 08:48 - 00218184 _____ C:\Users\Kathleen\Desktop\firefox.scr
2013-11-08 13:41 - 2012-08-15 08:48 - 00218184 _____ C:\Users\Kathleen\Desktop\firefox.pif
2013-11-08 13:41 - 2012-08-15 08:48 - 00218184 _____ C:\Users\Kathleen\Desktop\firefox.exe
2013-11-08 13:41 - 2012-08-15 08:48 - 00218184 _____ C:\Users\Kathleen\Desktop\firefox.com
2013-11-08 13:41 - 2012-03-03 11:32 - 00186068 _____ C:\Users\Kathleen\Desktop\chameleon.chm
2013-11-08 13:39 - 2013-11-08 13:39 - 01440846 _____ C:\Users\Kathleen\Downloads\mbam-chameleon-1.62.1.1000 (1).zip
2013-11-08 13:30 - 2013-11-08 13:30 - 01440846 _____ C:\Users\Kathleen\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-11-08 13:29 - 2013-11-08 13:29 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Kathleen\Downloads\mbar-1.07.0.1007 (1).exe
2013-11-08 09:38 - 2010-04-11 19:50 - 00000000 ____D C:\Users\Kathleen\AppData\Local\CrashDumps
2013-11-08 07:21 - 2013-11-08 07:21 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Kathleen\Downloads\mbar-1.07.0.1007.exe
2013-11-08 06:12 - 2013-11-08 06:11 - 12576792 _____ (Malwarebytes Corp.) C:\Users\KN\Downloads\mbar-1.07.0.1007 (1).exe
2013-11-08 05:57 - 2013-11-08 05:57 - 12576792 _____ (Malwarebytes Corp.) C:\Users\KN\Downloads\mbar-1.07.0.1007.exe
2013-11-07 22:43 - 2013-11-07 22:43 - 00000896 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk
2013-11-07 22:43 - 2013-11-07 22:43 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN
2013-11-07 22:41 - 2013-11-07 22:41 - 01440846 _____ C:\Users\KN\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-11-07 18:32 - 2012-06-27 15:49 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-26 11:14 - 2013-10-26 11:14 - 00491648 _____ C:\Windows\Minidump\Mini102613-01.dmp
2013-10-26 11:14 - 2009-01-21 20:32 - 00000000 ____D C:\Windows\Minidump
2013-10-26 11:13 - 2013-09-06 09:48 - 1192292468 _____ C:\Windows\MEMORY.DMP
2013-10-24 17:20 - 2013-07-22 08:56 - 00054156 ____H C:\Windows\QTFont.qfn
2013-10-17 01:50 - 2013-08-29 17:08 - 00002027 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-12 09:30 - 2013-08-29 17:08 - 00003886 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-12 09:30 - 2013-08-29 17:08 - 00003634 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Files to move or delete:
====================
C:\Users\Kathleen\jagex_runescape_preferences.dat
C:\Users\Kathleen\lametritonus_en.dll
C:\Users\Kathleen\lame_enc_en.dll

Some content of TEMP:
====================
C:\Users\KN\AppData\Local\Temp\ntdll_dump.dll
C:\Users\KN\AppData\Local\Temp\{F5CF3B09-5625-4B92-8043-18A2EE1FD817}.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-10 07:18

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by KN at 2013-11-10 07:24:44
Running from C:\Users\Kathleen\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================

==================== Security Center ========================

AV: Norton 360 (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
64 Bit HP CIO Components Installer (Version: 7.2.4)
6800 (x32 Version: 82.0.242.000)
6800_Help (x32 Version: 82.0.242.000)
Acrobat.com (x32 Version: 2.0.0)
Acrobat.com (x32 Version: 2.0.0.0)
Acronis True Image Home 2011 (x32 Version: 14.0.6696)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Reader 9.5.5 (x32 Version: 9.5.5)
Agere Systems PCI-SV92EX Soft Modem
Autodesk DWF Viewer (x32 Version: 5.0)
AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.64.5 (x32 Version: 6.104.64.5)
BufferChm (x32 Version: 140.0.212.000)
C410 (x32 Version: 140.0.273.000)
CCleaner (Version: 4.05)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
Corel VideoStudio 12 (x32 Version: 12.0.0.0000)
Coupon Printer for Windows (x32 Version: 5.0.0.0)
Creative ALchemy (x32)
Creative MediaSource 5 (x32 Version: 5.00)
CyberLink LabelPrint (x32 Version: 2.0.3111)
CyberLink Power2Go (x32 Version: 5.5.4316)
Destinations (x32 Version: 140.0.77.000)
DeviceDiscovery (x32 Version: 140.0.212.000)
DeviceManagementQFolder (x32 Version: 1.00.0000)
DocProc (x32 Version: 140.0.99.000)
Driver Fusion (x32 Version: 1.7.0)
Driver Sweeper 2.1.0 (x32)
eSupportQFolder (x32 Version: 1.00.0000)
Fax (x32 Version: 140.0.212.000)
FileASSASSIN (x32 Version: 1.06)
Gateway Games (x32 Version: 1.0.0.52)
Gateway Recovery Management (x32 Version: 3.1.3003)
GEAR driver installer for x86 and x64 (x32 Version: 4.008.5)
GearDrvs (x32 Version: 1.00.0000)
Google Chrome (x32 Version: 30.0.1599.101)
Google Update Helper (x32 Version: 1.3.21.165)
GPBaseService2 (x32 Version: 140.0.211.000)
HP Deskjet Printer Driver Software. 8.0.B (Version: 8.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Photo Creations (x32 Version: 1.0.0.2024)
HP Photosmart Prem C410 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (x32 Version: 5.002.002.002)
HP_Network_UserGuide (x32 Version: 1.00.0000)
HPAppStudio (x32 Version: 140.0.95.000)
HPPhotoGadget (x32 Version: 140.0.524.000)
HPProductAssistant (x32 Version: 140.0.212.000)
Intel® Network Connections Drivers
Intel® Matrix Storage Manager
Java Auto Updater (x32 Version: 2.0.1.2)
Java 6 Update 18 (x32 Version: 6.0.180)
Java 6 Update 5 (x32 Version: 1.6.0.50)
KB0817 Keyboard Driver (x32 Version: 1.30.0000)
Legacy System Utility (C:\Program Files (x86)\Lionel\LSU\) (x32)
Legacy System Utility (x32)
Malwarebytes Anti-Exploit version 0.09.4.2000 (Version: 0.09.4.2000)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Money Essentials (x32 Version: 16)
Microsoft Money Shared Libraries (x32 Version: 16.0.0.705)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (x32 Version: 5.1.20913.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
MSXML 4.0 SP2 (KB927978) (x32 Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Napster (x32 Version: 4.1.0.4)
Napster Burn Engine (x32 Version: 3.5.0000)
NEF Codec (x32 Version: 1.00.0000)
Network64 (Version: 140.0.215.000)
Norton 360 (x32 Version: 20.4.0.40)
OCR Software by I.R.I.S. 14.0 (Version: 14.0)
Opanda IExif 2.3 (x32 Version: 2.3)
Opanda PowerExif 1.2 Professional Trial (x32 Version: 1.2)
PS_AIO_07_C410_SW_Min (x32 Version: 140.0.273.000)
QuickTime (x32 Version: 7.1.3.100)
QuickTransfer (x32 Version: 140.0.98.000)
Realtek Card Reader (x32 Version: 1.00.0000)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5704)
Rosetta Stone Version 3 (x32 Version: 3.3.7.0)
Scan (x32 Version: 140.0.80.000)
SF_CDB_ProductContext (x32 Version: 82.0.242.000)
SF_CDB_Software (x32 Version: 82.0.242.000)
SF_CDB_ToolboxIni64 (Version: 82.0.242.000)
SIW version 2010.03.10 (x32 Version: 2010.03.10)
SmartCopy (x32)
SmartLauncher (x32)
SmartSound Quicktracks Plugin (x32 Version: 3.0.5.0)
SmartWebPrinting (x32 Version: 140.0.186.000)
SolutionCenter (x32 Version: 140.0.214.000)
Sound Blaster X-Fi MB (x32 Version: 1.0)
Status (x32 Version: 140.0.256.000)
SUPERAntiSpyware (Version: 5.6.1040)
The Ultimate French Review and Practice CD-ROM (x32 Version: 1.00.0000)
TomTom HOME (x32 Version: 2.9.6)
TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2)
Toolbox (x32 Version: 140.0.428.000)
Toolbox (x32 Version: 82.0.173.000)
TrayApp (x32 Version: 140.0.212.000)
UnloadSupport (x32 Version: 1.00.0000)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
VideoStudio (x32 Version: 12.0.0.0000)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (x32 Version: 9.0.30729.01)
WD SmartWare (Version: 1.4.1.1)
WebReg (x32 Version: 140.0.212.017)
Windows Media Encoder 9 Series (x32 Version: 9.00.3374)
Windows Media Encoder 9 Series (x32)
WinRAR 4.00 beta 2 (32-bit) (x32 Version: 4.00.2)

==================== Restore Points  =========================

11-07-2013 23:08:19 Windows Update
12-07-2013 13:35:00 Installed TomTom HOME.
17-07-2013 02:20:36 Scheduled Checkpoint
27-07-2013 04:38:16 Scheduled Checkpoint
14-08-2013 01:05:22 Windows Update
24-08-2013 21:14:42 Scheduled Checkpoint
28-08-2013 21:13:50 Windows Update
28-08-2013 22:26:59 Installed Driver Detective.
28-08-2013 23:27:17 Device Driver Package Install: Advanced Micro Devices, Inc. Display adapters
28-08-2013 23:28:21 Device Driver Package Install: Advanced Micro Devices Sound, video and game controllers
29-08-2013 14:25:41 Norton 360 Registry Clean
30-08-2013 16:57:05 Scheduled Checkpoint
01-09-2013 16:30:47 Scheduled Checkpoint
02-09-2013 15:08:51 Scheduled Checkpoint
03-09-2013 14:03:25 Scheduled Checkpoint
04-09-2013 15:10:05 Scheduled Checkpoint
05-09-2013 21:01:17 Scheduled Checkpoint
06-09-2013 16:25:55 Scheduled Checkpoint
06-09-2013 20:36:11 Installed TomTom HOME.
07-09-2013 16:24:29 Scheduled Checkpoint
08-09-2013 13:50:26 Scheduled Checkpoint
09-09-2013 15:01:52 Scheduled Checkpoint
10-09-2013 16:54:43 Scheduled Checkpoint
11-09-2013 13:36:44 Scheduled Checkpoint
11-09-2013 16:12:05 Windows Update
12-09-2013 21:55:15 Scheduled Checkpoint
13-09-2013 04:00:06 Windows Update
13-09-2013 17:16:13 Scheduled Checkpoint
14-09-2013 06:33:07 Windows Update
14-09-2013 20:14:42 Scheduled Checkpoint
15-09-2013 20:19:17 Scheduled Checkpoint
16-09-2013 19:18:24 Scheduled Checkpoint
17-09-2013 19:04:50 Scheduled Checkpoint
18-09-2013 20:29:16 Scheduled Checkpoint
19-09-2013 13:04:27 Scheduled Checkpoint
20-09-2013 14:29:19 Scheduled Checkpoint
21-09-2013 17:04:21 Scheduled Checkpoint
22-09-2013 20:41:22 Scheduled Checkpoint
09-10-2013 14:53:40 Windows Update
08-11-2013 23:09:18 Scheduled Checkpoint

==================== Hosts content: ==========================

2006-11-02 07:34 - 2009-08-31 17:09 - 00325948 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 www.123moviedownload.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {0115BBA8-0327-4004-85DF-A05D19836F96} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\wscstub.exe [2013-06-03] (Symantec Corporation)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {10F4ECC3-F87C-4CAE-86DA-6E61E9E020F5} - System32\Tasks\Ad-Aware Update (Daily 3) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {29E3F4A9-7B1D-4734-95C7-C324359C9F4D} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: {3480B715-0CDC-40F2-B850-B3C326180C0D} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: {4432542B-1BDC-4C39-B74F-DE36031D1A6E} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {55E36784-536D-405D-83C8-07926161E2F7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated)
Task: {5F144F21-3E65-4B5D-AF09-CE8BDC965CF9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-29] (Google Inc.)
Task: {672503AD-7A59-46BA-A12F-F44F09465E3F} - System32\Tasks\MHotkey => C:\Windows\mHotkey.exe [2008-05-30] ()
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {7CB21DDF-3B96-49DD-84D2-07541DE46D6A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {8AC792CC-85C3-4515-8530-612B67926474} - System32\Tasks\Ad-Aware Update (Daily 2) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {C113E7BE-CC4B-4CE8-8CE8-7DEAD73331F8} - System32\Tasks\Ad-Aware Update (Daily 4) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {EA599440-5482-4E2A-97F7-C46DDF854F42} - System32\Tasks\Malwarebytes Anti-Exploit => C:\Program Files\Malwarebytes Anti-Exploit\mbae-loader.exe [2013-10-23] (Malwarebytes Corporation)
Task: {EB347617-FA57-4E63-9C18-B86C1F8AFAC7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-29] (Google Inc.)
Task: {FEF1A43A-6B0D-4502-84F6-58369A64CDE3} - System32\Tasks\Ad-Aware Update (Daily 1) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Malwarebytes Anti-Exploit.job => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe

==================== Loaded Modules (whitelisted) =============

2010-12-13 18:56 - 2010-12-13 22:40 - 00164352 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\14834897.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\14834897.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== Faulty Device Manager Devices =============

Name: Deskjet 6800
Description: Deskjet 6800
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart Prem C410 series
Description: Photosmart Prem C410 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet 6800
Description: Deskjet 6800
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Consumer IR Devices
Description: Consumer IR Devices
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: circlass
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (11/10/2013 07:01:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/10/2013 07:01:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/10/2013 07:01:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/10/2013 07:01:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/10/2013 07:01:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/10/2013 07:01:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/10/2013 07:01:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/10/2013 07:01:27 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2013 07:01:15 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (11/10/2013 05:04:28 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (11/10/2013 07:01:54 AM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (11/10/2013 07:01:53 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (11/10/2013 07:01:53 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/10/2013 07:01:53 AM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (11/10/2013 07:01:27 AM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (11/10/2013 07:01:27 AM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (11/10/2013 07:01:27 AM) (Source: Service Control Manager) (User: )
Description: AFD
BHDrvx64
ccSet_N360
DfsC
eeCtrl
ESProtectionDriver
IDSVia64
Lbd
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
SASDIFSV
SASKUTIL
Smb
spldr
SRTSPX
SymIRON
SYMTDIv
tdx
Wanarpv6

Error: (11/10/2013 07:01:27 AM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (11/10/2013 07:01:27 AM) (Source: Service Control Manager) (User: )
Description: Network Location AwarenessNetwork Store Interface Service%%1068

Error: (11/10/2013 07:01:27 AM) (Source: Service Control Manager) (User: )
Description: IP HelperNetwork Store Interface Service%%1068

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-11-10 07:24:25.535
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-10 07:24:25.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-10 07:24:25.253
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-10 07:24:25.097
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-10 07:24:24.956
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-10 07:24:24.800
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-10 07:24:24.660
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-10 07:24:24.503
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-10 07:24:10.238
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-10 07:24:10.081
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 6134.26 MB
Available physical RAM: 5047.08 MB
Total Pagefile: 12380.03 MB
Available Pagefile: 11514.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1377.73 GB) (Free:882.35 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397 GB) (Disk ID: 927016A6)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=-719698422272) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Either turn OFF or UNinstall Malwarebytes Anti-Exploit until we make progress. Also can you tell did you use System restore recently, if so was there any issues with Microsoft Office?

 

Next,

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

See if you can boot to normal mode, if so continue:

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware,

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log

 

fixlist.txt

Link to post
Share on other sites

Thanks for your continued help.

No, I did not do a system restore recently and I'm not sure if I have ever done one.

Microsoft Offfice is a program that I really don't use.

Do I keep Anti-exploit off all the time until the problems are resolved or just when doing each step that you direct me to do? 

 

Here is the Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2013
Ran by KN at 2013-11-11 14:50:13 Run:1
Running from C:\Users\KN\Desktop
Boot Mode: Safe Mode (minimal)
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Runonce: [{F5CF3B09-5625-4B92-8043-18A2EE1FD817}] - cmd.exe /C start /D "C:\Users\KN\AppData\Local\Temp" /B {F5CF3B09-5625-4B92-8043-18A2EE1FD817}.exe -accepteula -accepteulaksn -activeimages -postboot [x]
C:\Users\KN\AppData\Local\Temp" /B {F5CF3B09-5625-4B92-8043-18A2EE1FD817}.exe
MountPoints2: {1ed9d23f-9e5f-11dd-b727-806e6f6e6963} - H:\Start.exe
MountPoints2: {8d3b07d7-3b0b-11e0-8151-806e6f6e6963} - H:\Start.exe
C:\Users\Kathleen\jagex_runescape_preferences.dat
C:\Users\Kathleen\lametritonus_en.dll
C:\Users\Kathleen\lame_enc_en.dll
C:\Users\KN\AppData\Local\Temp\ntdll_dump.dll
C:\Users\KN\AppData\Local\Temp\{F5CF3B09-5625-4B92-8043-18A2EE1FD817}.exe
Task: {10F4ECC3-F87C-4CAE-86DA-6E61E9E020F5} - System32\Tasks\Ad-Aware Update (Daily 3) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {4432542B-1BDC-4C39-B74F-DE36031D1A6E} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {8AC792CC-85C3-4515-8530-612B67926474} - System32\Tasks\Ad-Aware Update (Daily 2) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {C113E7BE-CC4B-4CE8-8CE8-7DEAD73331F8} - System32\Tasks\Ad-Aware Update (Daily 4) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {FEF1A43A-6B0D-4502-84F6-58369A64CDE3} - System32\Tasks\Ad-Aware Update (Daily 1) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
End

 

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\{F5CF3B09-5625-4B92-8043-18A2EE1FD817} => Value not found.
"C:\Users\KN\AppData\Local\Temp /B {F5CF3B09-5625-4B92-8043-18A2EE1FD817}.exe" => File/Directory not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ed9d23f-9e5f-11dd-b727-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{1ed9d23f-9e5f-11dd-b727-806e6f6e6963} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d3b07d7-3b0b-11e0-8151-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{8d3b07d7-3b0b-11e0-8151-806e6f6e6963} => Key not found.
C:\Users\Kathleen\jagex_runescape_preferences.dat => Moved successfully.
C:\Users\Kathleen\lametritonus_en.dll => Moved successfully.
C:\Users\Kathleen\lame_enc_en.dll => Moved successfully.
C:\Users\KN\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\KN\AppData\Local\Temp\{F5CF3B09-5625-4B92-8043-18A2EE1FD817}.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10F4ECC3-F87C-4CAE-86DA-6E61E9E020F5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10F4ECC3-F87C-4CAE-86DA-6E61E9E020F5} => Key deleted successfully.
C:\Windows\System32\Tasks\Ad-Aware Update (Daily 3) => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Daily 3) => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4432542B-1BDC-4C39-B74F-DE36031D1A6E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4432542B-1BDC-4C39-B74F-DE36031D1A6E} => Key deleted successfully.
C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Weekly) => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8AC792CC-85C3-4515-8530-612B67926474} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AC792CC-85C3-4515-8530-612B67926474} => Key deleted successfully.
C:\Windows\System32\Tasks\Ad-Aware Update (Daily 2) => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Daily 2) => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C113E7BE-CC4B-4CE8-8CE8-7DEAD73331F8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C113E7BE-CC4B-4CE8-8CE8-7DEAD73331F8} => Key deleted successfully.
C:\Windows\System32\Tasks\Ad-Aware Update (Daily 4) => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Daily 4) => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FEF1A43A-6B0D-4502-84F6-58369A64CDE3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEF1A43A-6B0D-4502-84F6-58369A64CDE3} => Key deleted successfully.
C:\Windows\System32\Tasks\Ad-Aware Update (Daily 1) => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Daily 1) => Key deleted successfully.

==== End of Fixlog ====

Link to post
Share on other sites

I had forgotten to do that at first but here is the MWB quickscan log. Internet Explorer has changed in appearance since running the FRST scan.

What I mean is that my favorites bar which used to be visible has relocated itself, so that it is seen by pressing the star (favorites, feeds and history icon).

I'll be unavailable for the next couple of hours but will gladly complete any other steps that you tell me to do later on.

Malwarebytes' Anti-Malware 1.44
Database version: 3691
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

3/4/2011 6:43:52 PM
mbam-log-2011-03-04 (18-43-52).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|Z:\|)
Objects scanned: 777279
Time elapsed: 2 hour(s), 26 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Link to post
Share on other sites

For IE right click on a blank area on the Tab bar, you will see a window with options you can tick to have them show, or untick to remove. The one you mention will be there....

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report here

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see those logs, also give an update on any remaining issues or concerns...

Link to post
Share on other sites

Eset found a trojan.

This is the scan result:

 

C:\Users\Kathleen\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\036679E6D31B9965D9ABF557D26AC8037E75DC28\20080226\Support\NCO\NCO\APP\coVisPrx.exe a variant of Win32/Kryptik.AXGG trojan
 

Security check results are:

 

 Results of screen317's Security Check version 0.99.77 
 Windows Vista Service Pack 2 x64 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
Norton 360   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 6 Update 18 
 Java 6 Update 5 
 Java version out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
 

 

It looks as though some other handiwork still remains, in addition to the trojan.

Do all antivirus programs let trojans through?

Which programs do you suggest and how do I secure my computers to prevent future problems, once these are resolved?

I only ask because the tutorials may not be up to date, as many were written years ago.

For my other computers' problems, should I start new threads or continue this one?

Again, I so very much appreciate all of your help!

Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Filles

    :FilesC:\Users\Kathleen\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\036679E6D31B9965D9ABF557D26AC8037E75DC28\20080226\Support\NCO\NCO\APP\coVisPrx.exe:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Next,

 

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for any security scanner or toolbar if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

 

Make sure the following versions are removed after the update completes....

 

Java™ 6 Update 18 
Java™ 6 Update 5

 

Let me know if those steps complete, also if any remaining issues or concerns....

 

Regarding your question on Security, read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

This is my set up, would be identical for Vista....

 

Windows own Firewall, Microsoft Security Essentials and Malwarebytes Pro. Windows FW and MSE are free, MB does also have a free version, however I prefer the pro version as it provides auto updates and realtime protection. Cost is about £20 for a lifetime license.

 

As an extra layer I also use WinPatrol, the free version is adeqaute for general home use. Available here: http://www.winpatrol.com/download.html

 

For my browser I use Firefox with these addons: Web of Trust, Adblock Plus, Flash Block, NoScipt, Ghostery. When Firefox is open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons, use, start, stop or disable those features etc....

Before using NoScript read from this link http://noscript.net/ makes it easy to understand....

 

Understanding Windows Firewall - http://windows.microsoft.com/en-GB/windows7/Understanding-Windows-Firewall-settings

 

Understanding Microsoft Security Essentials - http://www.microsoft.com/en-gb/security/pc-security/mse.aspx

 

Understanding Malwarebytes, how to create an exclusion in MSE - http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=162100entry162100

 

Understanding WinPatrol - http://www.winpatrol.com/features.html

 

I also use the Professional version of Sandboxie, I believe there is also free version available. Visit this link http://www.sandboxie.com/ for access to d/l, also make sure to use the "Help and FAQ" option to understand its uses, specifically how to run your browser sandboxed!.

 

Kevin

Link to post
Share on other sites

The first time I tried to run OTM it stopped working completely with 2Windows popup windows 1 telling me that OTM stopped responding and the other asking if I wanted to send more info to Microsoft

It ran the second time I tried and required a prompted reboot.

Here are the results:

 

All processes killed
========== FILES ==========
File/Folder C:\Users\Kathleen\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\036679E6D31B9965D9ABF557D26AC8037E75DC28\20080226\Support\NCO\NCO\APP\coVisPrx.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kathleen
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 61893564 bytes
->Java cache emptied: 14614575 bytes
->Google Chrome cache emptied: 87412974 bytes
->Flash cache emptied: 62690 bytes

User: KN
->Temp folder emptied: 2481098 bytes
->Temporary Internet Files folder emptied: 44370570 bytes
->Java cache emptied: 7434964 bytes
->Flash cache emptied: 506 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1749788 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 213345 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 210.00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 11122013_070115

Files moved on Reboot...

Registry entries deleted on Reboot...

 

I then successfully updated Adobe Reader.

 

When I tried to update Java, I clicked on the "Do I have Java" link, the webpage failed to display , Windows tried to reload the page and that failed also, with IE stating that there continued to be a problem with the page.

I tried a second time with the same result.

What do I do now?

 

I also have a number of other questions:

 

When printing , the text is shifted to the right and fails to print the ends of sentences, etc.

I have tried different printer settings, such as shrink to fit, all to no avail.

 

On the Start menu, 2 IE icons appear--one for IE and the other for IE (64 Bit)

I am running Vista 64 bit but it seems strange that I now have 2 icons for IE.

Is it normal or is something amiss?

 

On the taskbar an icon appears, when the mouse pointer is moved over it,  it states that "Windows Media Player found MY-PC"

Is this something bad or normal (my children have Xbox and Playstation, so could one of those be it)?

 

Can a router become corrupted as a result of malware,trojans,etc,?

 

There is a 4 colored "shield" on numerous Desktop icons. What is that from?

 

Lastly, should I post my other computers' malware problems in this thread or start new threads?

 

I enjoy learning and will carefully peruse the linked pages. 

Thanks for all the info and help.

Link to post
Share on other sites

Earlier, with IE9 installed,  I was finally able to get the newest Java installed and the old ones uninstalled.

 

I uninstalled IE9 and it is worse. Now pages are much slower to load on top of the other have problems, plus IE now has a Norton search bar, so some settings seem to have changed, as well.

My harddrive sounded like an old typewriter with a frenzy of activity for about 15 minutes after I uninstalled IE9. Is that normal?

 

 

Something that I think may be unusual is that task manager shows 17 instances of svchost.exe running--7 local service, 7 system and 3 network service.

This is in addition to 1 instance of svchost.exe*32

 

There are also 2 instances of Dllhost.exe, plus dllhost.exe*32

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.