tea-addict

Members

View Profile See their activity

Posts
3
Joined
September 16, 2009
Last visited
June 16, 2014

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by tea-addict

MBAM will not install - Code 2 Error

tea-addict posted a topic in Resolved Malware Removal Logs

Hello! I made a post here regarding my problem, and was redirected to open a topic in this forum. Here are the results from FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014 02Ran by Wayne (administrator) on JOSHUA-PC on 12-06-2014 16:31:40Running from C:\Users\Wayne\DesktopPlatform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe(AMD) C:\Windows\System32\atieclxx.exe(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE() C:\Windows\System32\srvany.exe() C:\Windows\KMService.exe(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\wuauclt.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [sDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)HKLM\...\Run: [New Value #1] => ctfmon=CTFMON.EXEWinlogon\Notify\ScCertProp: wlnotify.dll [X]Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]HKU\S-1-5-21-3782133768-1114020336-2861417493-1013\...\Policies\system: [LogonHoursAction] 2HKU\S-1-5-21-3782133768-1114020336-2861417493-1013\...\Policies\system: [DontDisplayLogonHoursWarnings] 1IFEO\AvastSvc.exe: [Debugger] nqij.exeIFEO\AvastUI.exe: [Debugger] nqij.exeIFEO\avcenter.exe: [Debugger] nqij.exeIFEO\avconfig.exe: [Debugger] nqij.exeIFEO\avgcsrvx.exe: [Debugger] nqij.exeIFEO\avgidsagent.exe: [Debugger] nqij.exeIFEO\avgnt.exe: [Debugger] nqij.exeIFEO\avgrsx.exe: [Debugger] nqij.exeIFEO\avguard.exe: [Debugger] nqij.exeIFEO\avgui.exe: [Debugger] nqij.exeIFEO\avgwdsvc.exe: [Debugger] nqij.exeIFEO\avp.exe: [Debugger] nqij.exeIFEO\avscan.exe: [Debugger] nqij.exeIFEO\bdagent.exe: [Debugger] nqij.exeIFEO\blindman.exe: [Debugger] nqij.exeIFEO\ccuac.exe: [Debugger] nqij.exeIFEO\ComboFix.exe: [Debugger] nqij.exeIFEO\egui.exe: [Debugger] nqij.exeIFEO\hijackthis.exe: [Debugger] nqij.exeIFEO\instup.exe: [Debugger] nqij.exeIFEO\keyscrambler.exe: [Debugger] nqij.exeIFEO\mbam.exe: [Debugger] nqij.exeIFEO\mbamgui.exe: [Debugger] nqij.exeIFEO\mbampt.exe: [Debugger] nqij.exeIFEO\mbamscheduler.exe: [Debugger] nqij.exeIFEO\mbamservice.exe: [Debugger] nqij.exeIFEO\MpCmdRun.exe: [Debugger] nqij.exeIFEO\MSASCui.exe: [Debugger] nqij.exeIFEO\MsMpEng.exe: [Debugger] nqij.exeIFEO\msseces.exe: [Debugger] nqij.exeIFEO\NisSrv.exe: [Debugger] nqij.exeIFEO\rstrui.exe: [Debugger] nqij.exeIFEO\SDFiles.exe: [Debugger] nqij.exeIFEO\SDMain.exe: [Debugger] nqij.exeIFEO\SDWinSec.exe: [Debugger] nqij.exeIFEO\spybotsd.exe: [Debugger] nqij.exeIFEO\wireshark.exe: [Debugger] nqij.exeIFEO\zlclient.exe: [Debugger] nqij.exeBootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Handler: kuwo - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0C} - No File Hosts: Hosts file not detected in the default directoryTcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @kingsfot.com/npkws - C:\Program Files\Kingsoft\kingsoft antivirus\npkws.dll No FileFF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin: @qq.com/TXSSO - C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.87\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: =======CHR HomePage: https://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=hxxp://mail.yahoo.comCHR StartupUrls: "https://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=hxxp://mail.yahoo.com"CHR Extension: (Google Docs) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-10]CHR Extension: (Google Drive) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-10]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-12]CHR Extension: (YouTube) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-10]CHR Extension: (Google Search) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-10]CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-05-23]CHR Extension: (AdBlock) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-23]CHR Extension: (Google Wallet) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-10]CHR Extension: (Gmail) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-10] ========================== Services (Whitelisted) ================= R2 KMService; C:\Windows\system32\srvany.exe [8192 2012-04-20] () [File not signed]R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) ==================== Drivers (Whitelisted) ==================== R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)S3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]S3 tsusbhub; system32\drivers\tsusbhub.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X]U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-12 16:31 - 2014-06-12 16:32 - 00009283 _____ () C:\Users\Wayne\Desktop\FRST.txt2014-06-12 16:31 - 2014-06-12 16:31 - 00000000 ____D () C:\FRST2014-06-12 16:30 - 2014-06-12 16:30 - 01073152 _____ (Farbar) C:\Users\Wayne\Desktop\FRST.exe2014-05-23 21:22 - 2014-05-23 21:22 - 00002963 _____ () C:\Users\Wayne\Desktop\HiJackThis.lnk2014-05-23 21:22 - 2014-05-23 21:22 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis2014-05-23 21:22 - 2014-05-23 21:22 - 00000000 ____D () C:\Program Files\Trend Micro2014-05-23 21:19 - 2014-05-23 21:19 - 01402880 _____ () C:\Users\Wayne\Desktop\HiJackThis.msi2014-05-23 20:45 - 2014-05-23 20:47 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-05-23 20:45 - 2014-05-23 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-23 20:45 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-05-23 20:45 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-05-23 20:45 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-05-23 20:42 - 2014-05-23 20:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Wayne\Desktop\mbam-setup-2.0.2.1012.exe2014-05-23 19:03 - 2014-05-23 19:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER2014-05-23 18:43 - 2014-05-05 20:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-05-23 18:43 - 2014-05-05 20:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-05-23 18:43 - 2014-05-05 19:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-05-23 16:24 - 2014-05-23 16:24 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job2014-05-23 16:24 - 2014-05-23 16:24 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job2014-05-23 16:24 - 2014-05-23 16:24 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job2014-05-23 16:23 - 2014-05-23 17:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-05-23 16:23 - 2014-05-23 16:33 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 22014-05-23 16:23 - 2014-05-23 16:23 - 00002135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2014-05-23 16:23 - 2014-05-23 16:23 - 00002123 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2014-05-23 16:23 - 2014-05-23 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22014-05-23 16:23 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe2014-05-23 15:48 - 2014-05-23 20:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-05-23 15:47 - 2014-05-23 15:47 - 00083212 _____ () C:\Users\Wayne\Documents\cc_20140523_154722.reg2014-05-23 15:46 - 2014-05-09 00:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-05-23 15:46 - 2014-05-09 00:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-05-23 15:45 - 2014-05-23 15:45 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-05-23 15:45 - 2014-05-23 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-05-23 15:45 - 2014-05-23 15:45 - 00000000 ____D () C:\Program Files\CCleaner2014-05-23 15:45 - 2014-04-11 19:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2014-05-23 15:45 - 2014-04-11 19:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2014-05-23 15:45 - 2014-04-11 19:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2014-05-23 15:45 - 2014-04-11 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2014-05-23 15:45 - 2014-04-11 19:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2014-05-23 15:45 - 2014-04-11 19:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-05-23 15:45 - 2014-04-11 19:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2014-05-23 15:45 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe2014-05-23 15:45 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2014-05-23 15:45 - 2014-03-04 02:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-05-23 15:45 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll2014-05-23 15:45 - 2014-03-04 02:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-05-23 15:45 - 2014-03-04 02:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2014-05-23 15:45 - 2014-03-04 02:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-05-23 15:45 - 2014-03-04 02:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-05-23 15:45 - 2014-03-04 02:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-05-23 15:45 - 2014-03-04 02:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-05-23 15:45 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll2014-05-23 15:45 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll2014-05-23 15:45 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll2014-05-23 15:45 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll2014-05-23 15:45 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll2014-05-23 15:45 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll2014-05-23 15:45 - 2014-03-04 02:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-05-23 15:42 - 2014-05-23 15:42 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-05-23 15:25 - 2014-05-23 15:25 - 141546674 _____ () C:\Users\Wayne\Desktop\backup.reg2014-05-23 15:08 - 2014-03-24 19:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll ==================== One Month Modified Files and Folders ======= 2014-06-12 16:33 - 2014-05-08 14:06 - 00000000 ____D () C:\Users\Wayne\AppData\Local\Temp2014-06-12 16:32 - 2014-06-12 16:31 - 00009283 _____ () C:\Users\Wayne\Desktop\FRST.txt2014-06-12 16:31 - 2014-06-12 16:31 - 00000000 ____D () C:\FRST2014-06-12 16:31 - 2012-04-06 09:37 - 01644408 _____ () C:\Windows\WindowsUpdate.log2014-06-12 16:30 - 2014-06-12 16:30 - 01073152 _____ (Farbar) C:\Users\Wayne\Desktop\FRST.exe2014-06-12 16:28 - 2009-07-13 21:34 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-06-12 16:28 - 2009-07-13 21:34 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-06-12 16:17 - 2014-05-08 14:19 - 00001154 _____ () C:\Windows\setupact.log2014-05-23 22:01 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET2014-05-23 21:22 - 2014-05-23 21:22 - 00002963 _____ () C:\Users\Wayne\Desktop\HiJackThis.lnk2014-05-23 21:22 - 2014-05-23 21:22 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis2014-05-23 21:22 - 2014-05-23 21:22 - 00000000 ____D () C:\Program Files\Trend Micro2014-05-23 21:19 - 2014-05-23 21:19 - 01402880 _____ () C:\Users\Wayne\Desktop\HiJackThis.msi2014-05-23 20:47 - 2014-05-23 20:45 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-05-23 20:47 - 2014-05-23 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-23 20:47 - 2014-05-23 15:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-05-23 20:44 - 2014-05-23 20:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Wayne\Desktop\mbam-setup-2.0.2.1012.exe2014-05-23 19:19 - 2012-04-06 10:18 - 00002135 _____ () C:\Windows\epplauncher.mif2014-05-23 19:11 - 2014-05-08 14:06 - 00000632 __RSH () C:\Users\Wayne\ntuser.pol2014-05-23 19:11 - 2014-05-08 14:06 - 00000000 ____D () C:\Users\Wayne2014-05-23 19:07 - 2014-05-10 21:39 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-05-23 19:07 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\zh-TW2014-05-23 19:07 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\zh-CN2014-05-23 19:06 - 2012-04-09 16:25 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-05-23 19:03 - 2014-05-23 19:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER2014-05-23 19:03 - 2013-11-02 12:09 - 00000000 ____D () C:\Windows\system32\MRT2014-05-23 19:00 - 2009-10-14 02:57 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-05-23 18:44 - 2014-05-10 21:43 - 00398640 _____ () C:\Windows\system32\prfh0404.dat2014-05-23 18:44 - 2014-05-10 21:43 - 00115416 _____ () C:\Windows\system32\prfc0404.dat2014-05-23 18:44 - 2012-04-09 18:02 - 00384248 _____ () C:\Windows\system32\prfh0804.dat2014-05-23 18:44 - 2012-04-09 18:02 - 00119918 _____ () C:\Windows\system32\prfc0804.dat2014-05-23 18:44 - 2012-04-06 09:47 - 01782764 _____ () C:\Windows\system32\PerfStringBackup.INI2014-05-23 18:12 - 2009-07-13 19:04 - 00002577 _____ () C:\Windows\system32\config.nt2014-05-23 17:13 - 2014-05-23 16:23 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-05-23 16:33 - 2014-05-23 16:23 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 22014-05-23 16:24 - 2014-05-23 16:24 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job2014-05-23 16:24 - 2014-05-23 16:24 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job2014-05-23 16:24 - 2014-05-23 16:24 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job2014-05-23 16:23 - 2014-05-23 16:23 - 00002135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2014-05-23 16:23 - 2014-05-23 16:23 - 00002123 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2014-05-23 16:23 - 2014-05-23 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22014-05-23 16:08 - 2012-04-09 11:54 - 00115594 _____ () C:\Windows\PFRO.log2014-05-23 15:47 - 2014-05-23 15:47 - 00083212 _____ () C:\Users\Wayne\Documents\cc_20140523_154722.reg2014-05-23 15:45 - 2014-05-23 15:45 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-05-23 15:45 - 2014-05-23 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-05-23 15:45 - 2014-05-23 15:45 - 00000000 ____D () C:\Program Files\CCleaner2014-05-23 15:42 - 2014-05-23 15:42 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-05-23 15:25 - 2014-05-23 15:25 - 141546674 _____ () C:\Users\Wayne\Desktop\backup.reg Some content of TEMP:====================C:\Users\Wayne\AppData\Local\Temp\iv_uninstall.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2013-07-03 17:12 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-06-2014 02Ran by Wayne at 2014-06-12 16:33:49Running from C:\Users\Wayne\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)AuthenTec TrueSuite (HKLM\...\{E6C44758-FF49-47D1-8182-65E3818ACE23}) (Version: 2.0.0.57 - AuthenTec, Inc.)CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version: - Microsoft)Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)Google Talk Plugin (HKLM\...\{2A83AD05-56E6-3FBD-8752-B4143162EF59}) (Version: 4.9.1.16010 - Google)Google Update Helper (Version: 1.3.24.7 - Google Inc.) HiddenHiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) HiddenMalwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) HiddenMicrosoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Remote Desktop Connection (HKLM\...\{60B9A48D-559E-43FA-8F28-D657190E4E52}) (Version: 5.1.2600.0 - Microsoft)RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.10.00.04 - RICOH)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) HiddenSpybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)谷歌拼音输入法 2.7 (HKLM\...\GooglePinyin2) (Version: - Google Inc.) ==================== Restore Points ========================= 08-05-2014 21:38:25 Configured Microsoft Office Professional Plus 201011-05-2014 03:44:13 Windows Update11-05-2014 05:07:07 Windows Update23-05-2014 21:44:01 Windows Modules Installer23-05-2014 21:47:34 Windows Update23-05-2014 22:11:33 Windows Update24-05-2014 01:42:34 Windows Update24-05-2014 01:54:49 Windows Update24-05-2014 04:21:59 Installed HiJackThis12-06-2014 23:28:16 Windows Update ==================== Scheduled Tasks (whitelisted) ============= Task: {107F97EF-108E-420B-AB07-0BB4710BEEE2} - System32\Tasks\Google Pinyin Daemon => C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe [2013-07-02] (Google Inc.)Task: {30A9AB94-7488-4540-BABC-3A348857A23D} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exeTask: {31BE37F1-C9AE-48E7-A47A-65A988C5B5EA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3782133768-1114020336-2861417493-1001Core => C:\Users\joshua\AppData\Local\Google\Update\GoogleUpdate.exeTask: {32B3AFD5-0F0B-42F9-A246-80D884B2BBDD} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)Task: {376A3F53-C5BE-4E10-BCB1-2C51AF713A2A} - \KwRunAsStdUser Task18670 No Task File <==== ATTENTIONTask: {39B9E42F-4396-48AC-94E4-B8A58C35C374} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)Task: {3C19009B-5087-474A-AC0E-47D6360CDBFF} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)Task: {82A002DD-BF52-4F7C-95E8-544377E90BC2} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exeTask: {86380B0F-2A55-436C-B7F3-ED751B54B09F} - System32\Tasks\{10271419-F9E2-4552-B2E6-9B349322BB5C} => Chrome.exe http://ui.skype.com/ui/0/6.2.0.106/en/abandoninstall?source=lightinstaller&page=tsInstallTask: {8899D02F-8BDE-43FF-953F-5AF41A706E34} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-02] (Adobe Systems Incorporated)Task: {A0F4E6BD-8F13-4B0B-A555-7288E8DCA4EA} - System32\Tasks\{201E101D-FE96-4648-89CC-A437E0E00A4B} => Chrome.exe http://ui.skype.com/ui/0/5.9.0.115/en/go/help.faq.installer?source=lightinstaller&LastError=1618Task: {BCBFB7C5-FBA0-40BE-BFC3-A7F7FA90255E} - System32\Tasks\KwRunAsStdUser Task21626 => C:\Program Files\kuwo\KWMUSIC\bin\kwmusic.exeTask: {C1D0DAF3-D6FB-4D55-B30D-C65961D4E3E9} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)Task: {CB2ABF07-8F77-4D68-BBDA-A5D1B085A612} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)Task: {D3E817B4-1A77-4501-B2C4-2D13A06BF304} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)Task: {F0048652-6995-402E-9C1F-41524864CB1B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3782133768-1114020336-2861417493-1001UA => C:\Users\joshua\AppData\Local\Google\Update\GoogleUpdate.exeTask: {F620ED71-C8A3-462E-9529-4361C28E2185} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6c9efa043022.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3782133768-1114020336-2861417493-1001Core.job => C:\Users\joshua\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3782133768-1114020336-2861417493-1001UA.job => C:\Users\joshua\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exeTask: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe ==================== Loaded Modules (whitelisted) ============= 2012-04-20 20:28 - 2012-04-20 20:27 - 00008192 _____ () C:\Windows\system32\srvany.exe2012-04-20 20:28 - 2012-04-20 20:27 - 00151552 _____ () C:\Windows\KMService.exe2014-05-23 16:23 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl2014-05-23 16:23 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl2014-05-23 16:23 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl2014-05-23 16:23 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll2014-05-23 16:23 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2014-05-23 21:32 - 2014-05-13 16:40 - 00716616 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\libglesv2.dll2014-05-23 21:32 - 2014-05-13 16:40 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\libegl.dll2014-05-23 21:32 - 2014-05-13 16:40 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll2014-05-23 21:32 - 2014-05-13 16:40 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll2014-05-23 21:32 - 2014-05-13 16:40 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll2014-05-23 21:32 - 2014-05-13 16:40 - 13695816 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (05/23/2014 07:19:32 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)Description: HRESULT:0x80070005Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied. Error: (05/23/2014 06:45:41 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)Description: HRESULT:0x8004FF0ADescription:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A. Error: (05/23/2014 06:43:28 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)Description: HRESULT:0x80070005Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied. Error: (05/23/2014 06:36:47 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)Description: HRESULT:0x80070005Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied. Error: (05/23/2014 06:25:45 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)Description: HRESULT:0x80070005Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied. Error: (05/23/2014 06:19:45 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)Description: HRESULT:0x80070005Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied. Error: (05/23/2014 05:58:47 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)Description: HRESULT:0x80070005Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied. Error: (05/23/2014 05:29:53 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)Description: HRESULT:0x80070005Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied. Error: (05/23/2014 02:43:51 PM) (Source: System Restore) (EventID: 8193) (User: )Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101). Error: (05/10/2014 10:05:37 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)Description: HRESULT:0x80070005Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied. System errors:=============Error: (06/12/2014 04:19:06 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)Description: There was an error while attempting to read the local hosts file. Error: (06/12/2014 04:19:06 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)Description: There was an error while attempting to read the local hosts file. Error: (06/12/2014 04:19:01 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)Description: There was an error while attempting to read the local hosts file. Error: (06/12/2014 04:19:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (06/12/2014 04:18:52 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)Description: There was an error while attempting to read the local hosts file. Error: (06/12/2014 04:18:51 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)Description: There was an error while attempting to read the local hosts file. Error: (06/12/2014 04:18:48 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)Description: There was an error while attempting to read the local hosts file. Error: (06/12/2014 04:18:02 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)Description: There was an error while attempting to read the local hosts file. Error: (06/12/2014 04:17:48 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)Description: There was an error while attempting to read the local hosts file. Error: (06/12/2014 04:17:47 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)Description: There was an error while attempting to read the local hosts file. Microsoft Office Sessions:=========================Error: (05/23/2014 07:19:32 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)Description: HRESULT:0x80070005Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied. Error: (05/23/2014 06:45:41 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)Description: HRESULT:0x8004FF0ADescription:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A. Error: (05/23/2014 06:43:28 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)Description: HRESULT:0x80070005Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied. Error: (05/23/2014 06:36:47 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)Description: HRESULT:0x80070005Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied. Error: (05/23/2014 06:25:45 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)Description: HRESULT:0x80070005Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied. Error: (05/23/2014 06:19:45 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)Description: HRESULT:0x80070005Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied. Error: (05/23/2014 05:58:47 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)Description: HRESULT:0x80070005Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied. Error: (05/23/2014 05:29:53 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)Description: HRESULT:0x80070005Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied. Error: (05/23/2014 02:43:51 PM) (Source: System Restore) (EventID: 8193) (User: )Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101 Error: (05/10/2014 10:05:37 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)Description: HRESULT:0x80070005Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied. ==================== Memory info =========================== Percentage of memory in use: 56%Total physical RAM: 3071.3 MBAvailable physical RAM: 1339.57 MBTotal Pagefile: 6140.9 MBAvailable Pagefile: 3903.15 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1897.77 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.69 GB) (Free:81.81 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: A7C04740)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS) ==================== End Of Log ============================
- June 12, 2014
- 2 replies
MBAM will not install - Code 2 Error

tea-addict posted a topic in Malwarebytes for Windows Support Forum

Hello! My dad was recently given an old laptop from his coworker, and I've been trying to install MBAM onto it. MBAM installs, but once I try to launch it, I get this message: "unable to execute file: C:\Program Files\Malwarebytes Anti-Malware\mbam.exe. CreateProcess failed; code 2. The system cannot find the file specified." I've read past posts from others who've had the same problem, so I'm aware that this is happening because there is likely some malware on the laptop. I've already tried the solution mentioned here, but it hasn't worked for me. The laptop itself is working fine, but I'm having various problems installing security programs such as MBAM and Microsoft Security Essentials; I'm guessing that my problem installing Microsoft Security Essentials is related to the malware too? I had planned to provide a log from HiJackThis with this post, but upon launching it, I get this message: "windows cannot find 'C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe.' Make sure you typed the name correctly, and then try again." I'm at a loss as to what to do now. xP Any help is much appreciated!! The laptop is running Windows 7 Ultimate, 32-bit. Service Pack 1.
- May 24, 2014
- 1 reply
Making Sure Everything Is Fine

tea-addict posted a topic in Resolved Malware Removal Logs

Hi! I was finally able to remove a virus from my computer, thanks to malwarebytes. =) I just wanted to make sure that everything else is fine and that there aren't any leftover problems. Thanks in advance! Here are the logs: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:21:39 PM, on 9/16/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Registry Mechanic\RegMech.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sbc.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O1 - Hosts: 94.232.248.66 antivguardian.com O1 - Hosts: 94.232.248.66 www.antivguardian.com O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.bat.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\SYSTEM32\Adobe\Shockwave 11\SwHelper_1100470.exe -Update -1103470 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 (.NET CLR 3.5.30729)" -"http://www.neopets.com/games/dgs/play_shockwave.phtml?va=&game_id=349&nc_referer=&age=1&hiscore=50505&sp=0&questionSet=&r=8704475&width=600&height=440&quality=high" O4 - HKUS\S-1-5-21-3301523579-4081195614-2526454901-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Wayne Lam') O4 - HKUS\S-1-5-21-3301523579-4081195614-2526454901-1008\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Wayne Lam') O4 - HKUS\S-1-5-21-3301523579-4081195614-2526454901-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Wayne Lam') O4 - HKUS\S-1-5-21-3301523579-4081195614-2526454901-1008\..\Run: [Aim6] (User 'Wayne Lam') O4 - HKUS\S-1-5-21-3301523579-4081195614-2526454901-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator') O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/...tiveXPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: jkhff - C:\WINDOWS\ O20 - Winlogon Notify: MCIW323 - MCIW323.dll (file missing) O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 9361 bytes Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 3 9/16/2009 3:01:09 PM mbam-log-2009-09-16 (15-01-08).txt Scan type: Quick Scan Objects scanned: 131038 Time elapsed: 18 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 5 Registry Values Infected: 0 Registry Data Items Infected: 4 Folders Infected: 0 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bf56a325-23f2-42ad-f4e4-00aac39caa53} (Trojan.Ertfor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\SYSTEM32\UACbevxgwkewq.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\UACfjoafqbfal.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\UACiqhepxtfqx.sys (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\UACjowbowbabd.dat (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\UACmrcffuengv.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\UACxubvpevxex.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
- September 16, 2009
- 2 replies

Sign In

tea-addict

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by tea-addict

MBAM will not install - Code 2 Error

MBAM will not install - Code 2 Error

Making Sure Everything Is Fine

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information