[MBAM will not install - Code 2 Error]

Hello! I made a post here regarding my problem, and was redirected to open a topic in this forum. 

 

Here are the results from FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014 02

Ran by Wayne (administrator) on JOSHUA-PC on 12-06-2014 16:31:40

Running from C:\Users\Wayne\Desktop

Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\System32\atiesrxx.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE

() C:\Windows\System32\srvany.exe

() C:\Windows\KMService.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [sDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)

HKLM\...\Run: [New Value #1] => ctfmon=CTFMON.EXE

Winlogon\Notify\ScCertProp: wlnotify.dll [X]

Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]

HKU\S-1-5-21-3782133768-1114020336-2861417493-1013\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-3782133768-1114020336-2861417493-1013\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

IFEO\AvastSvc.exe: [Debugger] nqij.exe

IFEO\AvastUI.exe: [Debugger] nqij.exe

IFEO\avcenter.exe: [Debugger] nqij.exe

IFEO\avconfig.exe: [Debugger] nqij.exe

IFEO\avgcsrvx.exe: [Debugger] nqij.exe

IFEO\avgidsagent.exe: [Debugger] nqij.exe

IFEO\avgnt.exe: [Debugger] nqij.exe

IFEO\avgrsx.exe: [Debugger] nqij.exe

IFEO\avguard.exe: [Debugger] nqij.exe

IFEO\avgui.exe: [Debugger] nqij.exe

IFEO\avgwdsvc.exe: [Debugger] nqij.exe

IFEO\avp.exe: [Debugger] nqij.exe

IFEO\avscan.exe: [Debugger] nqij.exe

IFEO\bdagent.exe: [Debugger] nqij.exe

IFEO\blindman.exe: [Debugger] nqij.exe

IFEO\ccuac.exe: [Debugger] nqij.exe

IFEO\ComboFix.exe: [Debugger] nqij.exe

IFEO\egui.exe: [Debugger] nqij.exe

IFEO\hijackthis.exe: [Debugger] nqij.exe

IFEO\instup.exe: [Debugger] nqij.exe

IFEO\keyscrambler.exe: [Debugger] nqij.exe

IFEO\mbam.exe: [Debugger] nqij.exe

IFEO\mbamgui.exe: [Debugger] nqij.exe

IFEO\mbampt.exe: [Debugger] nqij.exe

IFEO\mbamscheduler.exe: [Debugger] nqij.exe

IFEO\mbamservice.exe: [Debugger] nqij.exe

IFEO\MpCmdRun.exe: [Debugger] nqij.exe

IFEO\MSASCui.exe: [Debugger] nqij.exe

IFEO\MsMpEng.exe: [Debugger] nqij.exe

IFEO\msseces.exe: [Debugger] nqij.exe

IFEO\NisSrv.exe: [Debugger] nqij.exe

IFEO\rstrui.exe: [Debugger] nqij.exe

IFEO\SDFiles.exe: [Debugger] nqij.exe

IFEO\SDMain.exe: [Debugger] nqij.exe

IFEO\SDWinSec.exe: [Debugger] nqij.exe

IFEO\spybotsd.exe: [Debugger] nqij.exe

IFEO\wireshark.exe: [Debugger] nqij.exe

IFEO\zlclient.exe: [Debugger] nqij.exe

BootExecute: autocheck autochk * sdnclean.exe

 

==================== Internet (Whitelisted) ====================

 

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler: kuwo - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0C} -  No File

 

Hosts: Hosts file not detected in the default directory

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()

FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @kingsfot.com/npkws - C:\Program Files\Kingsoft\kingsoft antivirus\npkws.dll No File

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @qq.com/TXSSO - C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.87\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

Chrome: 

=======

CHR HomePage: https://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=hxxp://mail.yahoo.com

CHR StartupUrls: "https://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=hxxp://mail.yahoo.com"

CHR Extension: (Google Docs) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-10]

CHR Extension: (Google Drive) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-10]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-12]

CHR Extension: (YouTube) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-10]

CHR Extension: (Google Search) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-10]

CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-05-23]

CHR Extension: (AdBlock) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-23]

CHR Extension: (Google Wallet) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-10]

CHR Extension: (Gmail) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-10]

 

========================== Services (Whitelisted) =================

 

R2 KMService; C:\Windows\system32\srvany.exe [8192 2012-04-20] () [File not signed]

R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

 

==================== Drivers (Whitelisted) ====================

 

R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)

S3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)

R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-06-12 16:31 - 2014-06-12 16:32 - 00009283 _____ () C:\Users\Wayne\Desktop\FRST.txt

2014-06-12 16:31 - 2014-06-12 16:31 - 00000000 ____D () C:\FRST

2014-06-12 16:30 - 2014-06-12 16:30 - 01073152 _____ (Farbar) C:\Users\Wayne\Desktop\FRST.exe

2014-05-23 21:22 - 2014-05-23 21:22 - 00002963 _____ () C:\Users\Wayne\Desktop\HiJackThis.lnk

2014-05-23 21:22 - 2014-05-23 21:22 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

2014-05-23 21:22 - 2014-05-23 21:22 - 00000000 ____D () C:\Program Files\Trend Micro

2014-05-23 21:19 - 2014-05-23 21:19 - 01402880 _____ () C:\Users\Wayne\Desktop\HiJackThis.msi

2014-05-23 20:45 - 2014-05-23 20:47 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-23 20:45 - 2014-05-23 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-23 20:45 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-23 20:45 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-23 20:45 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-05-23 20:42 - 2014-05-23 20:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Wayne\Desktop\mbam-setup-2.0.2.1012.exe

2014-05-23 19:03 - 2014-05-23 19:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER

2014-05-23 18:43 - 2014-05-05 20:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-23 18:43 - 2014-05-05 20:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-23 18:43 - 2014-05-05 19:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-23 16:24 - 2014-05-23 16:24 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job

2014-05-23 16:24 - 2014-05-23 16:24 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

2014-05-23 16:24 - 2014-05-23 16:24 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job

2014-05-23 16:23 - 2014-05-23 17:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-05-23 16:23 - 2014-05-23 16:33 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2

2014-05-23 16:23 - 2014-05-23 16:23 - 00002135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2014-05-23 16:23 - 2014-05-23 16:23 - 00002123 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2014-05-23 16:23 - 2014-05-23 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

2014-05-23 16:23 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe

2014-05-23 15:48 - 2014-05-23 20:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-05-23 15:47 - 2014-05-23 15:47 - 00083212 _____ () C:\Users\Wayne\Documents\cc_20140523_154722.reg

2014-05-23 15:46 - 2014-05-09 00:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-05-23 15:46 - 2014-05-09 00:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-05-23 15:45 - 2014-05-23 15:45 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-05-23 15:45 - 2014-05-23 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2014-05-23 15:45 - 2014-05-23 15:45 - 00000000 ____D () C:\Program Files\CCleaner

2014-05-23 15:45 - 2014-04-11 19:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2014-05-23 15:45 - 2014-04-11 19:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2014-05-23 15:45 - 2014-04-11 19:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2014-05-23 15:45 - 2014-04-11 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2014-05-23 15:45 - 2014-04-11 19:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2014-05-23 15:45 - 2014-04-11 19:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-05-23 15:45 - 2014-04-11 19:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2014-05-23 15:45 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2014-05-23 15:45 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-05-23 15:45 - 2014-03-04 02:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-05-23 15:45 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll

2014-05-23 15:45 - 2014-03-04 02:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-05-23 15:45 - 2014-03-04 02:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2014-05-23 15:45 - 2014-03-04 02:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-05-23 15:45 - 2014-03-04 02:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-05-23 15:45 - 2014-03-04 02:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-05-23 15:45 - 2014-03-04 02:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-05-23 15:45 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll

2014-05-23 15:45 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll

2014-05-23 15:45 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll

2014-05-23 15:45 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll

2014-05-23 15:45 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll

2014-05-23 15:45 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll

2014-05-23 15:45 - 2014-03-04 02:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-05-23 15:42 - 2014-05-23 15:42 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-23 15:25 - 2014-05-23 15:25 - 141546674 _____ () C:\Users\Wayne\Desktop\backup.reg

2014-05-23 15:08 - 2014-03-24 19:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

 

==================== One Month Modified Files and Folders =======

 

2014-06-12 16:33 - 2014-05-08 14:06 - 00000000 ____D () C:\Users\Wayne\AppData\Local\Temp

2014-06-12 16:32 - 2014-06-12 16:31 - 00009283 _____ () C:\Users\Wayne\Desktop\FRST.txt

2014-06-12 16:31 - 2014-06-12 16:31 - 00000000 ____D () C:\FRST

2014-06-12 16:31 - 2012-04-06 09:37 - 01644408 _____ () C:\Windows\WindowsUpdate.log

2014-06-12 16:30 - 2014-06-12 16:30 - 01073152 _____ (Farbar) C:\Users\Wayne\Desktop\FRST.exe

2014-06-12 16:28 - 2009-07-13 21:34 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-12 16:28 - 2009-07-13 21:34 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-12 16:17 - 2014-05-08 14:19 - 00001154 _____ () C:\Windows\setupact.log

2014-05-23 22:01 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-05-23 21:22 - 2014-05-23 21:22 - 00002963 _____ () C:\Users\Wayne\Desktop\HiJackThis.lnk

2014-05-23 21:22 - 2014-05-23 21:22 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

2014-05-23 21:22 - 2014-05-23 21:22 - 00000000 ____D () C:\Program Files\Trend Micro

2014-05-23 21:19 - 2014-05-23 21:19 - 01402880 _____ () C:\Users\Wayne\Desktop\HiJackThis.msi

2014-05-23 20:47 - 2014-05-23 20:45 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-23 20:47 - 2014-05-23 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-23 20:47 - 2014-05-23 15:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-05-23 20:44 - 2014-05-23 20:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Wayne\Desktop\mbam-setup-2.0.2.1012.exe

2014-05-23 19:19 - 2012-04-06 10:18 - 00002135 _____ () C:\Windows\epplauncher.mif

2014-05-23 19:11 - 2014-05-08 14:06 - 00000632 __RSH () C:\Users\Wayne\ntuser.pol

2014-05-23 19:11 - 2014-05-08 14:06 - 00000000 ____D () C:\Users\Wayne

2014-05-23 19:07 - 2014-05-10 21:39 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-05-23 19:07 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\zh-TW

2014-05-23 19:07 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\zh-CN

2014-05-23 19:06 - 2012-04-09 16:25 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-05-23 19:03 - 2014-05-23 19:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER

2014-05-23 19:03 - 2013-11-02 12:09 - 00000000 ____D () C:\Windows\system32\MRT

2014-05-23 19:00 - 2009-10-14 02:57 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-05-23 18:44 - 2014-05-10 21:43 - 00398640 _____ () C:\Windows\system32\prfh0404.dat

2014-05-23 18:44 - 2014-05-10 21:43 - 00115416 _____ () C:\Windows\system32\prfc0404.dat

2014-05-23 18:44 - 2012-04-09 18:02 - 00384248 _____ () C:\Windows\system32\prfh0804.dat

2014-05-23 18:44 - 2012-04-09 18:02 - 00119918 _____ () C:\Windows\system32\prfc0804.dat

2014-05-23 18:44 - 2012-04-06 09:47 - 01782764 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-05-23 18:12 - 2009-07-13 19:04 - 00002577 _____ () C:\Windows\system32\config.nt

2014-05-23 17:13 - 2014-05-23 16:23 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-05-23 16:33 - 2014-05-23 16:23 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2

2014-05-23 16:24 - 2014-05-23 16:24 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job

2014-05-23 16:24 - 2014-05-23 16:24 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

2014-05-23 16:24 - 2014-05-23 16:24 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job

2014-05-23 16:23 - 2014-05-23 16:23 - 00002135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2014-05-23 16:23 - 2014-05-23 16:23 - 00002123 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2014-05-23 16:23 - 2014-05-23 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

2014-05-23 16:08 - 2012-04-09 11:54 - 00115594 _____ () C:\Windows\PFRO.log

2014-05-23 15:47 - 2014-05-23 15:47 - 00083212 _____ () C:\Users\Wayne\Documents\cc_20140523_154722.reg

2014-05-23 15:45 - 2014-05-23 15:45 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-05-23 15:45 - 2014-05-23 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2014-05-23 15:45 - 2014-05-23 15:45 - 00000000 ____D () C:\Program Files\CCleaner

2014-05-23 15:42 - 2014-05-23 15:42 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-23 15:25 - 2014-05-23 15:25 - 141546674 _____ () C:\Users\Wayne\Desktop\backup.reg

 

Some content of TEMP:

====================

C:\Users\Wayne\AppData\Local\Temp\iv_uninstall.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2013-07-03 17:12

 

==================== End Of Log ============================

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-06-2014 02

Ran by Wayne at 2014-06-12 16:33:49

Running from C:\Users\Wayne\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

 

==================== Installed Programs ======================

 

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)

Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)

AuthenTec TrueSuite (HKLM\...\{E6C44758-FF49-47D1-8182-65E3818ACE23}) (Version: 2.0.0.57 - AuthenTec, Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)

Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)

Google Talk Plugin (HKLM\...\{2A83AD05-56E6-3FBD-8752-B4143162EF59}) (Version: 4.9.1.16010 - Google)

Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden

HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)

Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)

Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)

Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Remote Desktop Connection (HKLM\...\{60B9A48D-559E-43FA-8F28-D657190E4E52}) (Version: 5.1.2600.0 - Microsoft)

RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.10.00.04 - RICOH)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden

Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)

VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)

谷歌拼音输入法 2.7 (HKLM\...\GooglePinyin2) (Version:  - Google Inc.)

 

==================== Restore Points  =========================

 

08-05-2014 21:38:25 Configured Microsoft Office Professional Plus 2010

11-05-2014 03:44:13 Windows Update

11-05-2014 05:07:07 Windows Update

23-05-2014 21:44:01 Windows Modules Installer

23-05-2014 21:47:34 Windows Update

23-05-2014 22:11:33 Windows Update

24-05-2014 01:42:34 Windows Update

24-05-2014 01:54:49 Windows Update

24-05-2014 04:21:59 Installed HiJackThis

12-06-2014 23:28:16 Windows Update

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {107F97EF-108E-420B-AB07-0BB4710BEEE2} - System32\Tasks\Google Pinyin Daemon => C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe [2013-07-02] (Google Inc.)

Task: {30A9AB94-7488-4540-BABC-3A348857A23D} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

Task: {31BE37F1-C9AE-48E7-A47A-65A988C5B5EA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3782133768-1114020336-2861417493-1001Core => C:\Users\joshua\AppData\Local\Google\Update\GoogleUpdate.exe

Task: {32B3AFD5-0F0B-42F9-A246-80D884B2BBDD} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)

Task: {376A3F53-C5BE-4E10-BCB1-2C51AF713A2A} - \KwRunAsStdUser Task18670 No Task File <==== ATTENTION

Task: {39B9E42F-4396-48AC-94E4-B8A58C35C374} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)

Task: {3C19009B-5087-474A-AC0E-47D6360CDBFF} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)

Task: {82A002DD-BF52-4F7C-95E8-544377E90BC2} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

Task: {86380B0F-2A55-436C-B7F3-ED751B54B09F} - System32\Tasks\{10271419-F9E2-4552-B2E6-9B349322BB5C} => Chrome.exe http://ui.skype.com/ui/0/6.2.0.106/en/abandoninstall?source=lightinstaller&page=tsInstall

Task: {8899D02F-8BDE-43FF-953F-5AF41A706E34} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-02] (Adobe Systems Incorporated)

Task: {A0F4E6BD-8F13-4B0B-A555-7288E8DCA4EA} - System32\Tasks\{201E101D-FE96-4648-89CC-A437E0E00A4B} => Chrome.exe http://ui.skype.com/ui/0/5.9.0.115/en/go/help.faq.installer?source=lightinstaller&LastError=1618

Task: {BCBFB7C5-FBA0-40BE-BFC3-A7F7FA90255E} - System32\Tasks\KwRunAsStdUser Task21626 => C:\Program Files\kuwo\KWMUSIC\bin\kwmusic.exe

Task: {C1D0DAF3-D6FB-4D55-B30D-C65961D4E3E9} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)

Task: {CB2ABF07-8F77-4D68-BBDA-A5D1B085A612} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)

Task: {D3E817B4-1A77-4501-B2C4-2D13A06BF304} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)

Task: {F0048652-6995-402E-9C1F-41524864CB1B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3782133768-1114020336-2861417493-1001UA => C:\Users\joshua\AppData\Local\Google\Update\GoogleUpdate.exe

Task: {F620ED71-C8A3-462E-9529-4361C28E2185} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6c9efa043022.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3782133768-1114020336-2861417493-1001Core.job => C:\Users\joshua\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3782133768-1114020336-2861417493-1001UA.job => C:\Users\joshua\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe

Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

 

==================== Loaded Modules (whitelisted) =============

 

2012-04-20 20:28 - 2012-04-20 20:27 - 00008192 _____ () C:\Windows\system32\srvany.exe

2012-04-20 20:28 - 2012-04-20 20:27 - 00151552 _____ () C:\Windows\KMService.exe

2014-05-23 16:23 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2014-05-23 16:23 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl

2014-05-23 16:23 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2014-05-23 16:23 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll

2014-05-23 16:23 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll

2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2014-05-23 21:32 - 2014-05-13 16:40 - 00716616 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\libglesv2.dll

2014-05-23 21:32 - 2014-05-13 16:40 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\libegl.dll

2014-05-23 21:32 - 2014-05-13 16:40 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll

2014-05-23 21:32 - 2014-05-13 16:40 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll

2014-05-23 21:32 - 2014-05-13 16:40 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll

2014-05-23 21:32 - 2014-05-13 16:40 - 13695816 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"

 

==================== EXE Association (whitelisted) =============

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (05/23/2014 07:19:32 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)

Description: HRESULT:0x80070005

Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied.

 

Error: (05/23/2014 06:45:41 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)

Description: HRESULT:0x8004FF0A

Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A.

 

Error: (05/23/2014 06:43:28 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)

Description: HRESULT:0x80070005

Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied.

 

Error: (05/23/2014 06:36:47 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)

Description: HRESULT:0x80070005

Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied.

 

Error: (05/23/2014 06:25:45 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)

Description: HRESULT:0x80070005

Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied.

 

Error: (05/23/2014 06:19:45 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)

Description: HRESULT:0x80070005

Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied.

 

Error: (05/23/2014 05:58:47 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)

Description: HRESULT:0x80070005

Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied.

 

Error: (05/23/2014 05:29:53 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)

Description: HRESULT:0x80070005

Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied.

 

Error: (05/23/2014 02:43:51 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

 

Error: (05/10/2014 10:05:37 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)

Description: HRESULT:0x80070005

Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied.

 

 

System errors:

=============

Error: (06/12/2014 04:19:06 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (06/12/2014 04:19:06 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (06/12/2014 04:19:01 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (06/12/2014 04:19:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (06/12/2014 04:18:52 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (06/12/2014 04:18:51 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (06/12/2014 04:18:48 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (06/12/2014 04:18:02 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (06/12/2014 04:17:48 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (06/12/2014 04:17:47 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

 

Microsoft Office Sessions:

=========================

Error: (05/23/2014 07:19:32 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)

Description: HRESULT:0x80070005

Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied.

 

Error: (05/23/2014 06:45:41 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)

Description: HRESULT:0x8004FF0A

Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A.

 

Error: (05/23/2014 06:43:28 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)

Description: HRESULT:0x80070005

Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied.

 

Error: (05/23/2014 06:36:47 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)

Description: HRESULT:0x80070005

Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied.

 

Error: (05/23/2014 06:25:45 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)

Description: HRESULT:0x80070005

Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied.

 

Error: (05/23/2014 06:19:45 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)

Description: HRESULT:0x80070005

Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied.

 

Error: (05/23/2014 05:58:47 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)

Description: HRESULT:0x80070005

Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied.

 

Error: (05/23/2014 05:29:53 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)

Description: HRESULT:0x80070005

Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied.

 

Error: (05/23/2014 02:43:51 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

 

Error: (05/10/2014 10:05:37 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: joshua-PC)

Description: HRESULT:0x80070005

Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070005. Access is denied.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 56%

Total physical RAM: 3071.3 MB

Available physical RAM: 1339.57 MB

Total Pagefile: 6140.9 MB

Available Pagefile: 3903.15 MB

Total Virtual: 2047.88 MB

Available Virtual: 1897.77 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:111.69 GB) (Free:81.81 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: A7C04740)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

 

[MBAM will not install - Code 2 Error]

Hello!

 

My dad was recently given an old laptop from his coworker, and I've been trying to install MBAM onto it. MBAM installs, but once I try to launch it, I get this message: "unable to execute file: C:\Program Files\Malwarebytes Anti-Malware\mbam.exe. CreateProcess failed; code 2. The system cannot find the file specified." I've read past posts from others who've had the same problem, so I'm aware that this is happening because there is likely some malware on the laptop. I've already tried the solution mentioned here, but it hasn't worked for me. The laptop itself is working fine, but I'm having various problems installing security programs such as MBAM and Microsoft Security Essentials; I'm guessing that my problem installing Microsoft Security Essentials is related to the malware too? 

 

I had planned to provide a log from HiJackThis with this post, but upon launching it, I get this message: "windows cannot find 'C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe.' Make sure you typed the name correctly, and then try again." I'm at a loss as to what to do now. xP Any help is much appreciated!!

 

The laptop is running Windows 7 Ultimate, 32-bit. Service Pack 1.

[Making Sure Everything Is Fine]

Hi! I was finally able to remove a virus from my computer, thanks to malwarebytes. =) I just wanted to make sure that everything else is fine and that there aren't any leftover problems. Thanks in advance!

Here are the logs:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:21:39 PM, on 9/16/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Registry Mechanic\RegMech.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sbc.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: ::1 localhost

O1 - Hosts: 94.232.248.66 antivguardian.com

O1 - Hosts: 94.232.248.66 www.antivguardian.com

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.bat.exe" /runcleanupscript

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\SYSTEM32\Adobe\Shockwave 11\SwHelper_1100470.exe -Update -1103470 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 (.NET CLR 3.5.30729)" -"http://www.neopets.com/games/dgs/play_shockwave.phtml?va=&game_id=349&nc_referer=&age=1&hiscore=50505&sp=0&questionSet=&r=8704475&width=600&height=440&quality=high"

O4 - HKUS\S-1-5-21-3301523579-4081195614-2526454901-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Wayne Lam')

O4 - HKUS\S-1-5-21-3301523579-4081195614-2526454901-1008\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Wayne Lam')

O4 - HKUS\S-1-5-21-3301523579-4081195614-2526454901-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Wayne Lam')

O4 - HKUS\S-1-5-21-3301523579-4081195614-2526454901-1008\..\Run: [Aim6] (User 'Wayne Lam')

O4 - HKUS\S-1-5-21-3301523579-4081195614-2526454901-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/...tiveXPlugin.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: jkhff - C:\WINDOWS\

O20 - Winlogon Notify: MCIW323 - MCIW323.dll (file missing)

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--

End of file - 9361 bytes

Malwarebytes' Anti-Malware 1.41

Database version: 2775

Windows 5.1.2600 Service Pack 3

9/16/2009 3:01:09 PM

mbam-log-2009-09-16 (15-01-08).txt

Scan type: Quick Scan

Objects scanned: 131038

Time elapsed: 18 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 5

Registry Values Infected: 0

Registry Data Items Infected: 4

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bf56a325-23f2-42ad-f4e4-00aac39caa53} (Trojan.Ertfor) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\SYSTEM32\UACbevxgwkewq.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\UACfjoafqbfal.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\DRIVERS\UACiqhepxtfqx.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\UACjowbowbabd.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\UACmrcffuengv.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\UACxubvpevxex.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.